Method 1:
Modify your components.xml and add security:identity-manager element and security:ldap-identity-store element. Authenticator.Authenticate method WILL get called when your user logs in.
<security:rule-based-permission-resolver security-rules="#{securityRules}"/>
<security:identity authenticate-method="#{authenticator.authenticate}" remember-me="true"/>
<security:identity-manager identity-store="#{activeDirectory}"/>
<security:ldap-identity-store name="activeDirectory"
server-address="subdomain.active.directory.org"
server-port="389"
bind-DN="cn=Jacob Jerry,ou=Users,ou=Company,dc=ia,dc=com"
bind-credentials="password"
user-name-attribute="sAMAccountName"
first-name-attribute="givenName"
last-name-attribute="sn"
user-DN-prefix=""
user-DN-suffix="ia.com"
user-context-DN="OU=Users,ou=Company,dc=ia,dc=com"
role-context-DN="OU=Groups,ou=Company,dc=ia,dc=com"
user-role-attribute="memberOf"
role-name-attribute="sAMAccountName"
user-object-classes="person,user,organizationalPerson"
role-object-classes="group"/>
Inject IdentityManager in Authenticator.java
@In(“#{identityManager}”)
IdentityManager identMgr;
and authenticate the user
identMgr.authenticate( credentials.getUsername()+”@”, credentials.getPassword() ));
Why I appended ‘@’ after the username? The user-DN-suffix in my case is actually @ia.com. But it was giving an error in components.xml.
Method 2:
Modify your components.xml and add jaas-config-name attribute to security:identity element. Normally if you add this attribute authenticate-method attribute will have no effect. But adding a post authenticate event listener action could resolve this issue. Authenticator.Authenticate method WILL get called if you have the action listener specified in here.
<security:identity remember-me="true" jaas-config-name="activeDirectory"/>
<event type="org.jboss.seam.security.postAuthenticate">
<action execute="#{authenticator.authenticate}"/>
</event>
In this method, you will have to define your application policy in the server login-config.xml. You may find your local JBoss login-config.xml in the deployment folder \jboss-eap\jboss-as\server\default\conf. Here is my entry to this file
<application-policy name="activeDirectory">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
<module-option name="java.naming.provider.url">ldap://subdomain.active.directory.org:389</module-option>
<module-option name="bindDN">cn=Jacob\, Jerry,OU=Users,ou=Company,dc=ia,dc=com</module-option>
<module-option name="bindCredential">password</module-option>
<module-option name="baseCtxDN">OU=Users,ou=Company,dc=ia,dc=com</module-option>
<module-option name="baseFilter">(sAMAccountName={0})</module-option>
<module-option name="rolesCtxDN">OU=Groups,ou=Company,dc=ia,dc=com</module-option>
<module-option name="roleFilter">(sAMAccountName={0})</module-option>
<module-option name="roleAttributeID">memberOf</module-option>
<module-option name="roleAttributeIsDN">true</module-option>
<module-option name="roleNameAttributeID">cn</module-option>
<module-option name="searchScope">ONELEVEL_SCOPE</module-option>
<module-option name="allowEmptyPasswords">false</module-option>
</login-module>
</authentication>
</application-policy>
Jerry Jacob's Blog 