Menu Close

Red Hat Training

A Red Hat training course is available for Red Hat JBoss Enterprise Application Platform

Chapter 1. Identity Management Overview

The basics behind identity management and identity stores are covered in the Single Sign On (SSO) section of the Red Hat JBoss Enterprise Application Platform Security Architecture Guide. These concepts can also be applied to providing security for the JBoss EAP management interfaces and web applications outside of SSO. More specifically, this document covers configuring different identity stores for identity management in JBoss EAP for securing the management interfaces (LDAP) as well with security domains (LDAP, Database, and Filesystem).

1.1. LDAP Overview

The basics of LDAP as well as a basic use case are described in the LDAP and Example Scenarios sections of the Red Hat JBoss Enterprise Application Platform Security Architecture Guide document. It also describes the LDAP-related login modules for security domains in the Security Subsystem section.

In general, LDAP, in the context of JBoss EAP, is used as an identity store for security domains and security realms. It can be used to make authentication decisions as well as serve as an authorization authority for JBoss EAP and applications deployed to it. Various role and access information about principals can be stored in an LDAP directory which may be used directly by JBoss EAP or mapped to existing JBoss EAP roles.


Similar to using a database or other external datastores to house identity information, performance of data access and data transport between the datastore and the JBoss EAP instance may have a performance impact on authenticating and authorizing principals.