3 Replies Latest reply on Sep 16, 2004 7:06 AM by guigui

    SSO between Zope and JBoss

    guigui

      Hi,

      I've got a Zope server using CAS (Central Authentication Service) and
      LDAP authentification and a JBoss server.

      I want to use CAS with JBoss.

      The issue is to have a "single sign on" between the two applications.

      I have seen JAAS how to but I didn't find a clear answer. How can i configure JBoss to do such a thing ?

      Any idea how to solve this

      Thanks, Guigui

        • 1. Re: SSO between Zope and JBoss
          starksm64

          Its going to take a tomcat valve and possibly a custom tomcat authenticator. We have not looked at integrating with the Yale CAS stuff as yet so I can't say at this point. What do their docs say?

          • 2. Re: SSO between Zope and JBoss
            guigui

            Thanks for your answer !

            In their docs (http://www.yale.edu/tp/cas/caswithjava.html), they propose to create a filter in the web.xml file. So i'm trying this.

            In my application, I use a Realm (with queries) in a form authenticated method. If I use the CAS filter (if it works), how can i get users data (login , password, role) ?





            • 3. Re: SSO between Zope and JBoss
              guigui

              It's very easy to do :

              1)create a filter in \jbossweb-tomcat50.sar\web.xml like this one

              <filter-name>CAS Filter</filter-name>
              <filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>
              <init-param>
              <param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>
              <param-value>https://secure.its.yale.edu/cas/login</param-value>
              </init-param>
              <init-param>
              <param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
              <param-value>https://secure.its.yale.edu/cas/serviceValidate</param-value>
              </init-param>
              <init-param>
              <param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>
              <param-value>you server URL</param-value>
              </init-param>

              <filter-mapping>
              <filter-name>CAS Filter</filter-name>
              <url-pattern>/*</url-pattern>
              </filter-mapping>


              2) add the casclient.jar file in \server\default\lib

              Now your application is protected by the CAS. To log in your browser must contain a TGC (cookie).

              guigui