After some some struggling I configured my wildfly's standalone.xml to authenticate agains an LDAP-Server:
<security-domain name="LDAPAuth" cache-type="default">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
<module-option name="java.naming.provider.url" value="ldap://URL:389"/>
<module-option name="bindDN" value="username"/>
<module-option name="bindCredential" value="password"/>
<module-option name="baseCtxDN" value="OU=UsersDC=domain,DC=com"/>
<module-option name="baseFilter" value="(sAMAccountName={0})"/>
<module-option name="allowEmptyPasswords" value="false"/>
</login-module>
</authentication>
</security-domain>
I also configured my jboss-web:
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web xmlns:cr="http://www.jboss.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.jboss.com/xml/ns/javaee
http://www.jboss.org/j2ee/schema/jboss-web_5_1.xsd">
<cr:context-root>/projectName</cr:context-root>
<security-domain>LDAPAuth</security-domain>
<use-jboss-authorization>true</use-jboss-authorization>
</jboss-web>
and my web.xml:
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>LDAPAuth realm</realm-name>
<form-login-config>
<form-login-page>/login.xhtml</form-login-page>
<form-error-page>/error.xhtml</form-error-page>
</form-login-config>
</login-config>
...
and everything works fine.
The next step is to use PicketLink. But I can't find out how to configure PicketLink to use my security-domain.
I can find examples and tutorials for establish the LDAP connection programmatically and how I can set up PicketLink to work with Identity and Service Providers. But as I know my use case contains the Identity Provider and the Service Provider?!? So there is no dedicated server I want to connect with. The LDAP query is handled by my wildfly server. In every example I can find both servers are seperated machines. Did I understand something wrong? After hours of 'googleing' I'm getting more and more confused.
I added
<valve>
<class-name>org.picketlink.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve</class-name>
</valve>
But I don't know how to configurate the picketlink.xml. What's the URL of my Identity Provider? I believe there's just one part I understand wrong. Can someone help me? :-D
The URL will be the application which you have choosen to be the portal/IDP to manage the SAML SSO responses and requests and send them to the Applications. The IDP will contain a picketlink.xml file and each Application (in picketlink named SP) will also a picketlink.xml file (placed in WEB-INF-Folder).
There are so many examples for picketlink...
Picketlink Documentation (if you read through the chapters you will get the understanding of IDP and SP definition and config files): https://docs.jboss.org/author/display/PLINK/Identity+Provider+Configuration
Picketlink IDP - Simple Config:
For your project(s) you will have:
IDP /Portal App (war, ...)
SP / Some SSO enabled application