Version 4
Created by aamonten on Mar 13, 2009 10:45 AM. Last modified by aamonten on Jan 24, 2011 5:32 AM.

    This article explains how to build a single sign on (SSO) environment using the new JBoss Identity Federation Project. In the example there will be two Service Providers and one Identity Provider all running on one server (laptop in my case). The test application is the one normally used to test JBoss Federated Single Sign On (SSO), so most of the functionalities wont work, but is enough to test the SSO login.

     

    Start by downloading the JBoss Application Server 4.2.3 at

    http://www.jboss.org/downloading/?projectId=jbossas&url=https://sourceforge.net/project/showfiles.php?group_id=22866&package_id=16942&release_id=614346

     

    extract the downloaded file, the directory created will be the JBOSS_HOME.

     

    Then edit your /etc/hosts file (on linux) to resolve some domains for different local ip addresses

    127.0.1.1 node1.jboss.com
    127.0.2.1 node1.jboss.org
    127.0.3.1 fedserver.jboss.com

     

    Create profiles for each component of the Single Sign On environment.

    at $JBOSS_HOME/server
    cp -rf default idp  (Identity Provider)
    cp -rf default sp1 (Service Provider)
    cp -rf default sp2 (Service Provider)

     

    download the necessary libraries from the JBoss maven repository

    http://repository.jboss.org/maven2/org/jboss/identity/jboss-identity-platform-jbas/1.0.0.alpha2/jboss-identity-platform-jbas-1.0.0.alpha2.zip

     

     

    copy the libraries to the lib directory

    cp *.jar JBOSS_HOME/server/sp1/lib

    cp *.jar JBOSS_HOME/server/sp2/lib

    cp *.jar JBOSS_HOME/server/idp/lib

     

    Download and put the attached applications to the deploy directory

     

    cp test.war  JBOSS_HOME/server/sp1/deploy
    mv test.war  JBOSS_HOME/server/sp2/deploy
    mv idp.war JBOSS_HOME/server/idp/deploy

     

    modify the file:
    JBOSS_HOME/server/sp2/deploy/test.war/WEB-INF/jboss-idfed.xml

    changing line:

    <ServiceURL>http://node1.jboss.com:8080/test</ServiceURL>
    for:
    <ServiceURL>http://node1.jboss.org:8080/test</ServiceURL>

     

    modify the file:
    JBOSS_HOME/server/idp/conf/props/jmx-console-roles.properties

    changing line:

    admin=JBossAdmin,HttpInvoker
    for:

    admin=JBossAdmin,HttpInvoker,manager

     

    start each component of the environment
    JBOSS_HOME/bin/run.sh -c sp1 -b node1.jboss.com
    JBOSS_HOME/bin/run.sh -c sp2 -b node2.jboss.com
    JBOSS_HOME/bin/run.sh -c idp -b fedserver.jboss.com

     

    Access to http://node1.jboss.com:8080/ and make the login with credentials user: admin password: admin then switch to http://node1.jboss.org:8080 and try to do again a login, you will notice that you are already logged in.

     

    For information about the content and configuration of idp.war and test.war please take a look at the Identity Federation Documentation
    http://www.jboss.org/file-access/default/members/jbossidentity/freezone/guides/identity-fed/UserGuide/html/index.html