JBoss Portal 2.4 integration with OpenSSO
To have a more powerful authentication of the JBoss Portal 2.4 here is described how to configure it with the OpenSSO (build 20070209).
The interaction between the two systems have been made using the idea of Tokens.
JBoss Portal is configured with the JBoss AS at 8181 port (http://whiterussian.eposse.it:8181/portal).
Configuration of OpenSSO.
First of all the OpenSSO has been setup. It has been deployed on the Tomcat 6.0.7 .
(Tomcat is configured on the port: 8080)
Its configuration is made with the OpenDS 's (0.1-build017) support where the LDAP is used for both configuration repository and
data store repository of the OpenSSO.
+ Configure the OpenDS.+
In the installation of the OpenDS is lunched with :
OpenDS-0.1-build017> ./setup --cli
and configuring the Directory Server with:
port: 8389
and the root user DN as:
cn=Directory Manager
To use the Directory Sever as an OpenSSO repository we need to add a new schema's file under config/schema directory.
This schema file can be downloaded from:
http://blogs.sun.com/indira/resource/98-opends_user_schema.ldif
Some new entries must be added to the LDAP sever so it can be ready to be configured with the OpenSSO.
From the follow downloadable file is possible to see all the necessaries entries:
http://blogs.sun.com/indira/resource/ldapentries.
With the follow ldapmodify command is possible to add all the entries to the Directory Server.
ldapmodify -p 3389 -h slapd -D"cn=user manager" -w secret12 -c -a -f ldapentries
+adding new entry ou=agents,dc=sun,dc=com&8232;
adding new entry ou=groups,dc=sun,dc=com&8232;
adding new entry ou=dsame users,dc=sun,dc=com&8232;
adding new entry cn=dsameuser,ou=DSAME Users,dc=sun,dc=com
adding new entry cn=amldapuser,ou=DSAME Users,dc=sun,dc=com&8232;
modifying entry dc=sun,dc=com
modifying entry dc=sun,dc=com +
Now the OpenDS is ready to be used on the OpenSSO.
Configuration Repository
The first repository configured is the configuration repository. When the OpenSSO is run for the first time (by using the the address
http://localhost:8080/opensso) an configuration page is uploaded and the configuration store can be set choosing "Directory Server"
as configuration store type and so filling the forms with:
name: whiterussian.eposse.it
port: 8389
suffix: dc=eposse, dc=it
DN: cn=Directory Manager
password:
Now the OpenSSO is corretly configured with the Directory server. The access is possible as administrator user using the follow credentials:
username:+ amadmin+
password: password
Next step is to configure OpenDS as Data Store repository for OpenSSO.
From the OpenSSO main page of the administrator user (login with; username: amadmin password: password),
enter to the opensso realm and select the Tab Data Store.
Now start a new Data store and select Sun DS with AM schema and insert the name: opends-datastore, so click on next button.
Insert the LDAP organization DN:
dc=eposse, dc=it
(dc=eposse, dc=it is an example of some value, any name can be used, e.s. dc=example,dc=com)
In the
"LDAPv2 Plug-in Supported Types and Operations" -> Current Values
delete:
role=read,create,edit,delete and filteredrole=read,create,edit,delete.
Configuring the authentication.
The administrator user, amadmin, is stored on the flat file repository coming with the default configuration of OpenSSO.
It's important to add the amadmin user on the LDAP and it can be done under the Subject tab.
Then under the Authentication Tab is possible to modify the LDAP Module Instance. Here is necessary to add all information about OpenDS,
adding the base and the bind DN.
Now you can modify the ldapService in the Authentication Chaining adding LDAP as a new instance (criteria has be set REQUIRED).
You can check if it works loging in with the LDAP authentication.
Configuring the JBoss Portal 2.4
Now the OpenSSO is ready to be used with the OpenDS support.
The JBoss Portal has been compilated with the support of the opensso library ({FOOTNOTE DEF amclientsdk.jar}) usefull to
have a comunication between the systems. In the JBoss Portal must be copied the opensso configuration file AMconfig.properties.
Once the file is copied on the JBoss Portal directory it must be edited and change the boolean flag to false :
com.iplanet.am.serverMode=false
A new class TokenModule.java is created under the follow folder of the Jboss portal'source file :
jboss-portal-2.4-SVN/identity/src/main/org/jboss/portal/identity/
TokenModule can be download here
Next step is to adapt the authentication classes of Jboss so they can check if any token is valid.
here is the modifided files :
It's under:
/identity/src/main/org/jboss/portal/identity/auth/IdentityLoginModule.java
It's under:
/core/src/main/org/jboss/portal/core/aspects/server/UserInterceptor.java
It's under:
/core/src/main/org/jboss/portal/core/portlet/user/UserPortlet.java
It's under:
/core/src/main/org/jboss/portlet/JBossActionResponse.java
It's under:
/core/src/resources/portal-core-war/WEB-INF/jsp/user/login.jsp
Last step is to set OpenSSO with the users of Jboss Portal. So, under opensso realm select Subject and add new users.
e.i.:
id user: userA
password: password
Insert all the mendatory credentials of the user and click on save. From the subject's list click once again on the new user (userA) and in the "Success URL" add this address:
http://whiterussian.eposse.it:8181/portal/auth/portal/default/default/UserPortletWindow
click on "add" and then on "save".
We can log out from the opensso.
Now open all the system is ready to be used.
-
Next is the sequence of the steps you should follow:
1) Go to the JBoss portal -> http://whiterussian.eposse.it:8181/portal
2) On the welcome page of JBP click on the "Login"
3) Now a login page of openSSO is displayed.
4) Insert the right credentials: username: userA password: password
5) You are logged in as userA.
6) Any change on the portal is available.
7) The logout is possible anytime, just click on logout.
Comments