Config Azure AD authentication on tomcat

Just made a simple demo project (not for production purposes) that shows you how you can use the Azure Active Directory as a REALM for your authentication. Nowadays you would use a framework that does 3rd party authentication for you…your custom authenticator will use a third party framework that federates the authentication to a (trusted) 3rd party like Facebook or Google.

Please note that this is NOT the way to use AAD in a production environment.
This is Demo code to show how you can (mis)use AAD as a LDAP solution.
In future I will create a federated authentication solution using AAD.

Here is the project: https://github.com/cvugrinec/microsoft/tree/master/java-webapp-tomcat-aad

Here you see the code in action: https://youtu.be/i61I3muADDA

Adding LDAP Authentication for JBoss EAP 6

A while ago I scribbled a piece about authentication with ldap on Weblogic, see:

http://datalinks.nl/wordpress/?p=1131

This article does the same for JBoss EAP 6.0. I am using apacheDS as opensource ldap server…
In the article mentioned earlier it shows you how to setup apacheDS (great tool 🙂 and how to create a ldap user…if you have another ldap server that contains your users…you can make an export of a user(s)…and import the ldiff file with the following command:

ldapmodify -h localhost -p 10389 -D “uid=admin,ou=system” -w secret -a -f someExportedLdifFilename.ldif

the command above contains the default values for the apachDS installation…

Configure JBOSS by adding the following sections to your config (default = standalone.xml )

<management>

   <security-realms>

        <security-realm name=”TestRealm”>
           <authentication>
              <ldap connection=”ldap_connection” base-dn=”ou=users,ou=system”>
                 <username-filter attribute=”uid” />
              </ldap>
           </authentication>
        </security-realm>

…..

   </security-realms>

……

     <management-interfaces>
          <native-interface security-realm=”TestRealm”>
             <socket-binding native=”management-native”/>
          </native-interface>
          <http-interface security-realm=”TestRealm”>
             <socket-binding http=”management-http”/>
          </http-interface>
       </management-interfaces>

……

      <outbound-connections>
         <ldap name=”ldap_connection” url=”ldap://127.0.0.1:10389″ search-dn=”uid=admin,ou=system” search-credential=”secret” />
      </outbound-connections>

</management> 

What you just did is defining in the management section a REALM (a collection of users)  and making sure that the interfaces for MGMT communication are using this newly defined security realm.