1

I seem to run into this error every time I try and get certificate logins working in JBoss, at work or at home I always run into it. Any advice appreciated.

Added to conf/jboss-service.xml:

<mbean code="org.jboss.security.plugins.JaasSecurityDomain" name="jboss.security:service=SecurityDomain"> <constructor> <arg type="java.lang.String" value="fizio"></arg> </constructor> <attribute name="KeyStoreURL">resource:server.keystore</attribute> <attribute name="KeyStorePass">password</attribute> <depends>jboss.security:service=JaasSecurityManager</depends> </mbean>

Added to conf/login-config.xml

<application-policy name="fizio"> <authentication> <login-module code="org.jboss.security.auth.spi.BaseCertLoginModule" flag="required"> <module-option name="password-stacking">useFirstPass</module-option> <module-option name="securityDomain">java:/jaas/fizio</module-option> </login-module> <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required"> <module-option name="dsJndiName">java:/FizioDS</module-option> <module-option name="principalsQuery">SELECT password FROM physio WHERE username=?</module-option> <module-option name="rolesQuery">SELECT role, 'Roles' FROM role WHERE username=?</module-option> </login-module> </authentication> </application-policy>

jboss-web.xml:

<?xml version="1.0" encoding="UTF-8"?> <jboss-web> <security-domain>java:/jaas/fizio</security-domain> <context-root>/jsf-web</context-root> </jboss-web>

Relevant output from server.log:

08:52:11,436 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(fizio), size=13 08:52:11,436 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(fizio), authInfo=AppConfigurationEntry[]: [0] LoginModule Class: org.jboss.security.auth.spi.BaseCertLoginModule ControlFlag: LoginModuleControlFlag: required Options: name=securityDomain, value=java:/jaas/fizio name=password-stacking, value=useFirstPass [1] LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule ControlFlag: LoginModuleControlFlag: required Options: name=principalsQuery, value=SELECT password FROM physio WHERE username=? name=dsJndiName, value=java:/FizioDS name=rolesQuery, value=SELECT role, 'Roles' FROM role WHERE username=? 08:52:11,442 TRACE [org.jboss.security.auth.spi.BaseCertLoginModule] initialize 08:52:11,442 TRACE [org.jboss.security.auth.spi.BaseCertLoginModule] Security domain: fizio 08:52:11,443 TRACE [org.jboss.security.auth.spi.BaseCertLoginModule] securityDomain=java:/jaas/fizio 08:52:11,444 TRACE [org.jboss.security.auth.spi.BaseCertLoginModule] found domain: org.jboss.security.plugins.JaasSecurityDomain 08:52:11,444 TRACE [org.jboss.security.auth.spi.BaseCertLoginModule] exit: initialize(Subject, CallbackHandler, Map, Map) 08:52:11,445 TRACE [org.jboss.security.auth.spi.BaseCertLoginModule] enter: login() 08:52:11,445 TRACE [org.jboss.security.auth.spi.BaseCertLoginModule] login 08:52:11,446 TRACE [org.jboss.security.auth.spi.BaseCertLoginModule] enter: getAliasAndCert() 08:52:11,447 WARN [org.jboss.security.auth.spi.BaseCertLoginModule] Don't know how to obtain X509Certificate from: class java.lang.String 08:52:11,458 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] initialize 08:52:11,461 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Security domain: fizio 08:52:11,462 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] DatabaseServerLoginModule, dsJndiName=java:/FizioDS 08:52:11,462 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] principalsQuery=SELECT password FROM physio WHERE username=? 08:52:11,462 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] rolesQuery=SELECT role, 'Roles' FROM role WHERE username=? 08:52:11,462 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] suspendResume=true 08:52:11,465 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] login 08:52:11,466 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] suspendAnyTransaction 08:52:11,503 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Excuting query: SELECT password FROM physio WHERE username=?, with username: rich 08:52:11,514 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Obtained user password 08:52:11,516 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] resumeAnyTransaction 08:52:11,516 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] User 'rich' authenticated, loginOk=true 08:52:11,517 TRACE [org.jboss.security.auth.spi.BaseCertLoginModule] abort 08:52:11,518 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] abort 08:52:11,518 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.fizio] Login failure: javax.security.auth.login.LoginException: Don't know how to obtain X509Certificate from: class java.lang.String
Improve this question

1 Answer 1

Reset to default
2

You have to turn on passwordstacking on the BaseCertLoginModule or else it will try to use the certificate as the user name as the login on the database:

<module-option name="password-stacking">useFirstPass</module-option>

Link: http://docs.jboss.org/jbossas/docs/Server_Configuration_Guide/4/html/Using_JBoss_Login_Modules-Password_Stacking.html

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I think it was - see my login-config.xml
@rich, you must add the the line at both your modules

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.