This article explains how to build a single sign on (SSO) environment using the new JBoss Identity Federation Project. In the example there will be two Service Providers and one Identity Provider all running on one server (laptop in my case). The test application is the one normally used to test JBoss Federated Single Sign On (SSO), so most of the functionalities wont work, but is enough to test the SSO login.
Start by downloading the JBoss Application Server 4.2.3 at
extract the downloaded file, the directory created will be the JBOSS_HOME.
Then edit your /etc/hosts file (on linux) to resolve some domains for different local ip addresses
127.0.1.1 node1.jboss.com
127.0.2.1 node1.jboss.org
127.0.3.1 fedserver.jboss.com
Create profiles for each component of the Single Sign On environment.
at $JBOSS_HOME/server
cp -rf default idp (Identity Provider)
cp -rf default sp1 (Service Provider)
cp -rf default sp2 (Service Provider)
download the necessary libraries from the JBoss maven repository
copy the libraries to the lib directory
cp *.jar JBOSS_HOME/server/sp1/lib
cp *.jar JBOSS_HOME/server/sp2/lib
cp *.jar JBOSS_HOME/server/idp/lib
Download and put the attached applications to the deploy directory
cp test.war JBOSS_HOME/server/sp1/deploy
mv test.war JBOSS_HOME/server/sp2/deploy
mv idp.war JBOSS_HOME/server/idp/deploy
modify the file:
JBOSS_HOME/server/sp2/deploy/test.war/WEB-INF/jboss-idfed.xml
changing line:
<ServiceURL>http://node1.jboss.com:8080/test</ServiceURL>
for:
<ServiceURL>http://node1.jboss.org:8080/test</ServiceURL>
modify the file:
JBOSS_HOME/server/idp/conf/props/jmx-console-roles.properties
changing line:
admin=JBossAdmin,HttpInvoker
for:
admin=JBossAdmin,HttpInvoker,manager
start each component of the environment
JBOSS_HOME/bin/run.sh -c sp1 -b node1.jboss.com
JBOSS_HOME/bin/run.sh -c sp2 -b node2.jboss.com
JBOSS_HOME/bin/run.sh -c idp -b fedserver.jboss.com
Access to http://node1.jboss.com:8080/ and make the login with credentials user: admin password: admin then switch to http://node1.jboss.org:8080 and try to do again a login, you will notice that you are already logged in.
For information about the content and configuration of idp.war and test.war please take a look at the Identity Federation Documentation
http://www.jboss.org/file-access/default/members/jbossidentity/freezone/guides/identity-fed/UserGuide/html/index.html
Comments