Config Azure AD authentication on tomcat

Just made a simple demo project (not for production purposes) that shows you how you can use the Azure Active Directory as a REALM for your authentication. Nowadays you would use a framework that does 3rd party authentication for you…your custom authenticator will use a third party framework that federates the authentication to a (trusted) 3rd party like Facebook or Google.

Please note that this is NOT the way to use AAD in a production environment.
This is Demo code to show how you can (mis)use AAD as a LDAP solution.
In future I will create a federated authentication solution using AAD.

Here is the project:

Here you see the code in action:

Adding LDAP Authentication for JBoss EAP 6

A while ago I scribbled a piece about authentication with ldap on Weblogic, see:

This article does the same for JBoss EAP 6.0. I am using apacheDS as opensource ldap server…
In the article mentioned earlier it shows you how to setup apacheDS (great tool 🙂 and how to create a ldap user…if you have another ldap server that contains your users…you can make an export of a user(s)…and import the ldiff file with the following command:

ldapmodify -h localhost -p 10389 -D “uid=admin,ou=system” -w secret -a -f someExportedLdifFilename.ldif

the command above contains the default values for the apachDS installation…

Configure JBOSS by adding the following sections to your config (default = standalone.xml )



        <security-realm name=”TestRealm”>
              <ldap connection=”ldap_connection” base-dn=”ou=users,ou=system”>
                 <username-filter attribute=”uid” />




          <native-interface security-realm=”TestRealm”>
             <socket-binding native=”management-native”/>
          <http-interface security-realm=”TestRealm”>
             <socket-binding http=”management-http”/>


         <ldap name=”ldap_connection” url=”ldap://″ search-dn=”uid=admin,ou=system” search-credential=”secret” />


What you just did is defining in the management section a REALM (a collection of users)  and making sure that the interfaces for MGMT communication are using this newly defined security realm.