1 2 Previous Next 28 Replies Latest reply on Jan 21, 2004 2:42 AM by egilmont

    Single Sign On Support Between Multiple Web Apps Deployed On

    timarcher52

       

      "timarcher52" wrote:
      I've been looking around to see if I could perform a single sign on between two web applications deployed under the same server instance of JBoss, but have not found a way.

      I have two applications deployed, one is a simple intranet/information app deployed at:
      http://localhost:8080/intranet

      The other app is a project time tracking app deployed at:
      http://localhost:8080/drw

      For both apps, I use form based authentication, and it works greate. However, I now want to embed a link on the intranet app to the project tracking app. When the user clicks on the project tracking link after logging into the intranet, I would rather them not have to login to the time tracking app again.

      I tried setting both apps to have the same Realm and security role requirements for access to resources in t he web.xml, and they both use the same security manager, however I cannot get single sign on to happen.

      Has anyone out there done this?
      Thanks!


        • 1. Re: Single Sign On Support Between Multiple Web Apps Deploye
          dgood

           

          "dgood" wrote:
          You can do this by creating a modified version of org.jboss.web.catalina.EmbeddedCatalinaServiceSX MBean.

          Add the following line into the appropriate place in the initHttpConnector() and initWarpConnector() methods:

          ((Pipeline)catalinaHost).addValve(new SingleSignOn());

          The easiest way to deploy this is to cut and paste a new class from EmbeddedCatalinaServiceSX.java, jar up the resulting class files (3 in all), put the jar in jboss/lib/ext and change the catalina entry in jboss.jcml to point to your new MBean.

          SSO should now work.

          David


          • 2. Re: Single Sign On Support Between Multiple Web Apps Deploye
            dgood

             

            "dgood" wrote:
            I should point out that the solution in my previous post does only work with catalina.


            • 3. Re: Single Sign On Support Between Multiple Web Apps Deploye
              aroller

               

              "aroller" wrote:
              Thanx David. I did exactly what you said and I got it to work.



              • 4. Re: Single Sign On Support Between Multiple Web Apps Deploye
                dgood

                 

                "dgood" wrote:
                Just a quick update to this one for 3.0.0RC2.

                The current version of EmbeddedCatalinaServiceSX allows valves to be added in the service.xml. To enable SSO, add the following snippet to tomcat4-service.xml under the 'Host' tag:

                Valve className = "org.apache.catalina.authenticator.SingleSignOn"
                prefix = "SSO" suffix = ".log"
                pattern = "common" directory = "../server/default/log" />



                • 5. Re: Single Sign On Support Between Multiple Web Apps Deploye
                  biggav

                   

                  "biggav" wrote:
                  Does anyone know how to do this for Jetty rather than Tomcat ?

                  I'm trying to do exactly the same thing, but with the
                  standard JBoss 3.0.3 that includes Jetty...


                  • 6. Re: Single Sign On Support Between Multiple Web Apps Deploye
                    alexanderbenker

                     

                    "Alexander Benker" wrote:
                    Hello,

                    your valve-entry doesn't work for me - JBoss 3.0.3 + Tomcat 4.1.12.
                    Any ideas?

                    Regards
                    Alex


                    • 7. Re: Single Sign On Support Between Multiple Web Apps Deploye
                      aroller

                       

                      "aroller" wrote:
                      I did the valve job on JBoss3.0.2/Tomcat 4.0.4 that David explained and it works seamlessly. Thanx again David.


                      • 8. Re: Single Sign On Support Between Multiple Web Apps Deploye
                        cobraflow

                         

                        "CobraFlow" wrote:
                        This does not work for me either (consistently)...

                        I get intermittent 'Access Denied' messages on pages that I have accessed already in the session. I can't see a pattern.

                        Does Tomcat spawning new Http threads have any bearing on this?

                        Lewis


                        • 9. Re: Single Sign On Support Between Multiple Web Apps Deploye
                          cobraflow

                           

                          "CobraFlow" wrote:
                          ...I got it working!

                          Under IE6.0 (XP) - JBoss 3.0.3 Tomcat 4.1.12 - I was getting intermittent 'Access Denied' with the SingleSignOn valve added to my 'tomcat41-service.xml' descriptor.

                          All I did was to clear my IE cache (Temporary Internet Files (inc offline content))...and it started working reliably....so far!

                          Regards

                          Lewis


                          • 10. Re: Single Sign On Support Between Multiple Web Apps Deploye
                            cobraflow

                             

                            "CobraFlow" wrote:
                            ...now it's not!

                            Even clearing the browser cache (a long shot) does not solve my problem. Even going to a page in the same WAR gives me 'Access Denied'....

                            I'll have to leave this for now...


                            Lewis


                            • 11. Re: Single Sign On Support Between Multiple Web Apps Deploye
                              aroller

                               

                              "aroller" wrote:
                              Trying to migrate to 4.1.12 I wasn't able to use the SingleSignon Entry that worked in 4.0.5:
                              <Valve className="org.apache.catalina.authenticator.SingleSignOn" prefix="SSO" suffix=".log" pattern="common" directory="../server/default/log"/>

                              I now receive an error during JBoss startup:

                              08:37:23,515 ERROR [Digester] Begin event threw exception
                              java.lang.NullPointerException
                              at org.apache.catalina.authenticator.SingleSignOn.toString(SingleSignOn.java:414)
                              at java.lang.String.valueOf(String.java:1947)
                              at java.lang.StringBuffer.append(StringBuffer.java:370)
                              at org.apache.commons.beanutils.BeanUtils.populate(BeanUtils.java:710)
                              at org.apache.commons.digester.SetPropertiesRule.begin(SetPropertiesRule.java:259)
                              at org.apache.commons.digester.Digester.startElement(Digester.java:1237)
                              at org.jboss.web.catalina.LoggedXmlMapper.startElement(LoggedXmlMapper.java:60)
                              at org.apache.xalan.transformer.TransformerIdentityImpl.startElement(TransformerIdentityImpl.java:1017)
                              at org.apache.xml.utils.TreeWalker.startNode(TreeWalker.java:346)
                              at org.apache.xml.utils.TreeWalker.traverse(TreeWalker.java:167)

                              I am sticking to 4.0.5 since I am having many upgrade issues trying to migrate to 4.1.12


                              • 12. Re: Single Sign On Support Between Multiple Web Apps Deploye
                                linw88

                                 

                                "linw88@yahoo.com" wrote:
                                You have to remove SingleSignOn class's toString() method. This toString() method uses ValveBase's container field before the ValveBase.setContainer() function is called. This is why you see NullPointerException.

                                The only impact of this change is when you turn on the log, it will log class name instead of "SingleSignOn[container]... ".

                                Lin


                                • 13. Re: Single Sign On Support Between Multiple Web Apps Deploye

                                   

                                  "bstansberry" wrote:
                                  Much thanks to Lin for diagnosing the problem.

                                  For anyone else having NullPointer problem, attached is a simple class that implements Lin's suggestion. It subclasses org.apache.catalina.authenticator.SingleSignOn and overrides toString(). No need to edit the tomcat code and rebuild.

                                  Put this class in a valid package, jar it and put the jar in the JBoss /server/.../lib folder. The valve entry in the tomcat41-service.xml file then becomes:

                                  <Valve className="whatever.your.package.is.SingleSignOnValve" prefix="SSO" suffix=".log" pattern="common" directory="../server/default/log"/>

                                  I've put in a JBoss bug (#673669) suggesting they add a version of this to their distribution so you don't have to put your own jar in /server/.../lib. Also submitted a bug report (#16378) to Tomcat, as the real problem is w/ their code.

                                  Cheers!
                                  Brian


                                  • 14. Re: Single Sign On Support Between Multiple Web Apps Deploye
                                    xace

                                     

                                    "XACE" wrote:
                                    Thanks for your work.

                                    The valve doesn't involve NullPointer exceptions anymore but my browser still sends me "HTTP status 403" errors in reply to 95 % (at least!) of my requests.

                                    Does someone still have this issue? Is there any solution or do I need to give up the valve based sso solution and search for something else?

                                    Thanks.



                                    1 2 Previous Next