Appendix A. Reference Material
A.1. Example wildfly-config.xml
The wildlfly-config.xml
file is one way for clients to use Elytron Client, which allows clients to use security information when making connections to JBoss EAP. For more details on using Elytron Client, see Configure Client Authentication with Elytron Client.
Example: custom-config.xml
<configuration> <authentication-client xmlns="urn:elytron:client:1.2"> <authentication-rules> <rule use-configuration="monitor"> <match-host name="127.0.0.1" /> </rule> <rule use-configuration="administrator"> <match-host name="localhost" /> </rule> </authentication-rules> <authentication-configurations> <configuration name="monitor"> <sasl-mechanism-selector selector="DIGEST-MD5" /> <providers> <use-service-loader /> </providers> <set-user-name name="monitor" /> <credentials> <clear-password password="password1!" /> </credentials> <set-mechanism-realm name="ManagementRealm" /> </configuration> <configuration name="administrator"> <sasl-mechanism-selector selector="DIGEST-MD5" /> <providers> <use-service-loader /> </providers> <set-user-name name="administrator" /> <credentials> <clear-password password="password1!" /> </credentials> <set-mechanism-realm name="ManagementRealm" /> </configuration> </authentication-configurations> <net-authenticator/> <!-- This decides which SSL context configuration to use --> <ssl-context-rules> <rule use-ssl-context="mycorp-client"> <match-host name="mycorp.com"/> </rule> </ssl-context-rules> <ssl-contexts> <default-ssl-context name="mycorp-context"/> <ssl-context name="mycorp-context"> <key-store-ssl-certificate key-store-name="store1" alias="mycorp-client-certificate"/> <!-- This is an OpenSSL-style cipher suite selection string; this example is the expanded form of DEFAULT to illustrate the format --> <cipher-suite selector="ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2"/> <protocol names="TLSv1.2"/> </ssl-context> </ssl-contexts> </authentication-client> </configuration>
For more information about how to configure clients using the wildfly-config.xml
file, see Client Configuration Using the wildfly-config.xml File in the Development Guide for JBoss EAP.
A.2. Reference for Single Sign-on Attributes
An SSO authentication mechanism configuration.
This is the reference for the setting=single-sign-on
resource of the application-security-domain
in the undertow
subsystem.
A.2.1. Single Sign-on
Attribute | Description |
---|---|
| The cookie domain to be used. |
| The cookie path. |
|
For setting cookie’s |
|
For setting cookie’s |
| The name of the cookie. |
| The reference to keystore containing a private key entry. |
| The alias of the private key entry used for signing and verifying back-channel logout connection. |
| The credential reference to decrypt the private key entry.
|
| The reference to the SSL context used to secure back-channel logout connection. |
A.3. Password Mappers
A password mapper constructs a password from multiple fields in a database using one of the following algorithm types:
- Clear text
- Simple digest
- Salted simple digest
- bcrypt
- SCRAM
- Modular crypt
A password mapper has the following attributes:
The index of the first column is 1
for all the mappers.
Mapper name | Attributes | Encryption method |
---|---|---|
|
| No encryption. |
|
| A simple hashing mechanism is used. |
|
| A simple hashing mechanism is used with a salt. |
|
| Blowfish algorithm used for hashing. |
|
| Salted Challenge Response Authentication mechanism is used for hashing. |
|
| The modular-crypt encoding allows for multiple pieces of information to be encoded in single string such as the password type, the hash or digest, the salt, and the iteration count. |
Revised on 2022-02-01 13:03:04 UTC