Method 1:
Modify your components.xml and add security:identity-manager element and security:ldap-identity-store element. Authenticator.Authenticate method WILL get called when your user logs in.
<security:rule-based-permission-resolver security-rules="#{securityRules}"/> <security:identity authenticate-method="#{authenticator.authenticate}" remember-me="true"/> <security:identity-manager identity-store="#{activeDirectory}"/> <security:ldap-identity-store name="activeDirectory" server-address="subdomain.active.directory.org" server-port="389" bind-DN="cn=Jacob Jerry,ou=Users,ou=Company,dc=ia,dc=com" bind-credentials="password" user-name-attribute="sAMAccountName" first-name-attribute="givenName" last-name-attribute="sn" user-DN-prefix="" user-DN-suffix="ia.com" user-context-DN="OU=Users,ou=Company,dc=ia,dc=com" role-context-DN="OU=Groups,ou=Company,dc=ia,dc=com" user-role-attribute="memberOf" role-name-attribute="sAMAccountName" user-object-classes="person,user,organizationalPerson" role-object-classes="group"/>
Inject IdentityManager in Authenticator.java
@In(“#{identityManager}”)
IdentityManager identMgr;
and authenticate the user
identMgr.authenticate( credentials.getUsername()+”@”, credentials.getPassword() ));
Why I appended ‘@’ after the username? The user-DN-suffix in my case is actually @ia.com. But it was giving an error in components.xml.
Method 2:
Modify your components.xml and add jaas-config-name attribute to security:identity element. Normally if you add this attribute authenticate-method attribute will have no effect. But adding a post authenticate event listener action could resolve this issue. Authenticator.Authenticate method WILL get called if you have the action listener specified in here.
<security:identity remember-me="true" jaas-config-name="activeDirectory"/> <event type="org.jboss.seam.security.postAuthenticate"> <action execute="#{authenticator.authenticate}"/> </event>
In this method, you will have to define your application policy in the server login-config.xml. You may find your local JBoss login-config.xml in the deployment folder \jboss-eap\jboss-as\server\default\conf. Here is my entry to this file
<application-policy name="activeDirectory"> <authentication> <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" > <module-option name="java.naming.provider.url">ldap://subdomain.active.directory.org:389</module-option> <module-option name="bindDN">cn=Jacob\, Jerry,OU=Users,ou=Company,dc=ia,dc=com</module-option> <module-option name="bindCredential">password</module-option> <module-option name="baseCtxDN">OU=Users,ou=Company,dc=ia,dc=com</module-option> <module-option name="baseFilter">(sAMAccountName={0})</module-option> <module-option name="rolesCtxDN">OU=Groups,ou=Company,dc=ia,dc=com</module-option> <module-option name="roleFilter">(sAMAccountName={0})</module-option> <module-option name="roleAttributeID">memberOf</module-option> <module-option name="roleAttributeIsDN">true</module-option> <module-option name="roleNameAttributeID">cn</module-option> <module-option name="searchScope">ONELEVEL_SCOPE</module-option> <module-option name="allowEmptyPasswords">false</module-option> </login-module> </authentication> </application-policy>