Appendix A. Reference Material
A.1. Example wildfly-config.xml
The wildlfly-config.xml
file is one way for clients to use Elytron Client, which allows clients to use security information when making connections to JBoss EAP.
Example: custom-config.xml
<configuration> <authentication-client xmlns="urn:elytron:client:1.2"> <authentication-rules> <rule use-configuration="monitor"> <match-host name="127.0.0.1" /> </rule> <rule use-configuration="administrator"> <match-host name="localhost" /> </rule> </authentication-rules> <authentication-configurations> <configuration name="monitor"> <sasl-mechanism-selector selector="DIGEST-MD5" /> <providers> <use-service-loader /> </providers> <set-user-name name="monitor" /> <credentials> <clear-password password="password1!" /> </credentials> <set-mechanism-realm name="ManagementRealm" /> </configuration> <configuration name="administrator"> <sasl-mechanism-selector selector="DIGEST-MD5" /> <providers> <use-service-loader /> </providers> <set-user-name name="administrator" /> <credentials> <clear-password password="password1!" /> </credentials> <set-mechanism-realm name="ManagementRealm" /> </configuration> </authentication-configurations> <net-authenticator/> <!-- This decides which SSL context configuration to use --> <ssl-context-rules> <rule use-ssl-context="mycorp-client"> <match-host name="mycorp.com"/> </rule> </ssl-context-rules> <ssl-contexts> <default-ssl-context name="mycorp-context"/> <ssl-context name="mycorp-context"> <key-store-ssl-certificate key-store-name="store1" alias="mycorp-client-certificate"/> <!-- This is an OpenSSL-style cipher suite selection string; this example is the expanded form of DEFAULT to illustrate the format --> <cipher-suite selector="ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2"/> <protocol names="TLSv1.2"/> </ssl-context> </ssl-contexts> </authentication-client> </configuration>
Additional resources
- For more details on using Elytron Client, see Configure client authentication with Elytron Client.
-
For more information about how to configure clients using the
wildfly-config.xml
file, see Client Configuration Using the wildfly-config.xml File.
A.2. Single Sign-on attributes
A Single Sign-on (SSO) authentication mechanism configuration.
The following table provides attribute descriptions for the setting=single-sign-on
resource of the application-security-domain
in the undertow
subsystem.
A.2.1. Single Sign-on
Table A.1. single-sign-on
Attributes
Attribute | Description |
---|---|
| The reference to the SSL context used to secure back-channel logout connection. |
|
The name of the cookie. The default value is |
| The credential reference to decrypt the private key entry.
|
| The cookie domain to be used. |
|
For setting cookie’s |
| The alias of the private key entry used for signing and verifying back-channel logout connection. |
| The reference to keystore containing a private key entry. |
|
The cookie path. The default value is |
|
For setting cookie’s |
Additional resources
-
For more information about using a
client-ssl-context
, see Using a client-ssl-context. -
For more information about a
credential-store
, see Credential store in Elytron. -
For more information about how to create a
key-store
, see Create an Elytron Keystore.
A.3. Password mappers
A password mapper constructs a password from multiple fields in a database using one of the following algorithm types:
- Clear text
- Simple digest
- Salted simple digest
- bcrypt
- SCRAM
- Modular crypt
A password mapper has the following attributes:
The index of the first column is 1
for all the mappers.
Table A.2. password mapper attributes
Mapper name | Attributes | Encryption method |
---|---|---|
|
| No encryption. |
|
| A simple hashing mechanism is used. |
|
| A simple hashing mechanism is used with a salt. |
|
| Blowfish algorithm used for hashing. |
|
| Salted Challenge Response Authentication mechanism is used for hashing. |
|
| The modular-crypt encoding allows for multiple pieces of information to be encoded in single string such as the password type, the hash or digest, the salt, and the iteration count. |
Revised on 2024-01-17 05:25:08 UTC