-
Language:
English
-
Language:
English
Red Hat Training
A Red Hat training course is available for JBoss Enterprise Application Platform Common Criteria Certification
2.5.4. Security Configuration
The following configuration steps must be performed to ensure security compliance with Common Criteria requirements.
2.5.4.1. JBoss SX
Custom Login Modules are not permitted; the only login modules allowed are the following:
org.jboss.security.auth.spi.UsersRolesLoginModule
org.jboss.security.auth.spi.LdapLoginModule
org.jboss.security.auth.spi.DatabaseServerLoginModule
org.jboss.security.auth.spi.BaseCertLoginModule
This restriction on login modules is also applicable to the DynamicLoginConfig service.
Only the following security managers are allowed to be configured and used for authentication purposes:
org.jboss.security.plugins.JaasSecurityManager
org.jboss.security.plugins.JaasSecurityDomain
Additional security-related modules that are permitted are the following:
org.jboss.security.authorization.modules.DelegatingAuthorizationModule
org.jboss.security.integration.JNDIBasedSecurityRegistration
org.jboss.security.auth.certs.SubjectDNMapping
Other modules, such as SRP module are not allowed.