How to encrypt bindCredential password in Wildfly?

Question

How to encrypt bindCredential password in Wildfly?

I am trying to configure a security domain in Wildfly (8.2.1) to bind to our Active Directory. I need to try to find a way to encrypt the bindCredential password. I can encrypt data source passwords using Picketbox. I can only find out how to do this for JBoss V6.x or earlier, and the method used seems to no longer exist in Wildfly. Someone did this and agreed to share how this can be done.

Here is my security domain:

    <security-domain name="ADDomain" cache-type="default">
            <authentication>
                    <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
                            <module-option name="java.naming.provider.url" value="ldap://ad.mycompany.com:389/"/>
                            <module-option name="bindDN" value="cn=myuserid"/>
                            <module-option name="bindCredential" value="mypassword"/> <--- I want to encrypt this. 
                            <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
                            <module-option name="java.naming.security.authentication" value="simple"/>
                            <module-option name="baseCtxDN" value="dc=mycompany,dc=com"/>
                            <module-option name="baseFilter" value="(uid={0})"/>
                            <module-option name="rolesCtxDN" value="dc=mycompany,dc=com"/>
                            <module-option name="roleFilter" value="(uniqueMember={1})"/>
                            <module-option name="roleAttributeID" value="cn"/>
                            <module-option name="roleNameAttributeID" value="cn"/>
                            <module-option name="roleRecursion" value="0"/>
                            <module-option name="throwValidateError" value="true"/>
                            <module-option name="java.naming.referral" value="follow"/>
                            <module-option name="referralUserAttributeIDToCheck" value="uniqueMember"/>
                    </login-module>
            </authentication>
    </security-domain>

+2

encryption wildfly active-directory

Gabriel Aug 24 '15 at 9:06

source share

1 answer

kwart · Accepted Answer · 2015-08-26T07:54:31+0000

-. JBoss EAP " " - WildFly.

, .

JCEKS

keytool -genseckey -alias vault -storetype jceks -keyalg AES -keysize 128 \
    -storepass vault22 -keypass vault22 \
    -dname "CN=vault, O=ACME, C=CZ" \
    -keystore /path/to/vault.keystore

, .

mkdir /path/to/vault-data-dir
${JBOSS_HOME}/bin/vault.sh -a passa -b LdapLogin \
    -e /path/to/vault-data-dir \
    -i 22 -k /path/to/vault.keystore -p vault22 -s 87654321 -v vault \
    -x mypassword

WildFly:

${JBOSS_HOME}/bin/jboss-cli.sh \
    -c '/core-service=vault:add(vault-options=[("KEYSTORE_URL" => "/path/to/vault.keystore"), ("KEYSTORE_PASSWORD" => "MASK-Ci5JS1kjxPX"), ("KEYSTORE_ALIAS" => "vault"), ("SALT" => "87654321"),("ITERATION_COUNT" => "22"), ("ENC_FILE_DIR" => "/path/to/vault-data-dir/")])'

<module-option name="bindCredential" value="${VAULT::LdapLogin::passa::1}"/>

How to encrypt bindCredential password in Wildfly?

More articles: