Cant get processManualLoginNotification() and getUserPrincip
njw Dec 13, 2006 11:51 AMI'm still struggling to figure out how to get SSO working and need some help please :-)
In a nutshell, I've written two web apps, one of which acts as a logon app and the other as a true application but the user from the logon app is not being propagated to the other app.
The logon app captures user and password details, then makes a call to processManualLoginNotification() as defined in the instructions on the WARConfiguration page in the Wiki (http://labs.jboss.com/wiki/WARConfiguration), in the section titled 'Instructions for web applications using their own authentication mechanism'.
After the call to processManualLoginNotification() it does a call to getUserPrincipal() and gets back the same user as was used to log on so that part appears to be working.
However, when I go into my second app and do a getUserPrincipal() call it returns null, so my user details are not being passed between sessions and this is what I need help with.
I've looked inthe FAQ but havent really found anything I can use. I know nothing about JAAS but as we need to implement our own specific logon system (as per my earlier post http://www.jboss.com/index.html?module=bb&op=viewtopic&t=96617) I'm not sure how it would help us.
I've previously implemented a LogonProvider object as per the instructions on the IdentityManagement page in the wiki (http://labs.jboss.com/wiki/IdentityManagement ). It's being called on server startup (it writes to the logs), but it doesnt appear to do anything after that.
Both apps have a context.xml file in their WEB-INF folder which mirrors that of the one on the WARConfiguration page, and uses the same provider id as used in my sso.cfg.xml file
context.xml example
<?xml version="1.0"?> <Context> <!-- logoutURL - URL for performing logout/signout function in your application --> <Valve className="org.jboss.security.valve.PlainSSOAutoLogout" logoutURL="/nicklogoff/nicklogoff.htm"/> <!-- assertingParty - this is the partnerId of this application as a part of a federation of multiple partner sites --> <Valve className="org.jboss.security.valve.PlainSSOTokenManager" assertingParty="nicktestapp"/> <!-- tomcat built-in AuthenticationTypes: FORM,BASIC,DIGEST,CLIENT-CERT --> <Valve className="org.jboss.security.valve.PlainSSOAutoLogin" authType="FORM" provider="si:njw-sso:njw:login" /> </Context>
sso.cfg.xml
<?xml version='1.0' encoding='ISO-8859-1'?> <jboss-sso> <!-- identity management related configuration, this is the LDAP based module Technically, this can be a provider that can integrate with thirdparty identity systems like SiteMinder etc --> <identity-management> <login> <provider id="si:njw-sso:njw:login" class="com.njw.NWLoginProvider"> </provider> </login> <provisioning> </provisioning> </identity-management> <!-- sso processor for SingleSignOn, the default JBossSingleSignOn processor uses OpenSAML-1.0, the next version of this processor will use the latest SAML specification --> <sso-processor> <processor class="org.jboss.security.saml.JBossSingleSignOn"> <property name="trustServer">http://a05300.vmoney.local:8080/federate/trust</property> </processor> </sso-processor> </jboss-sso>
I've also tried changing NWLoginProvider to extend ProvisioningProvider and added
<provider id="si:njw-sso:njw:provisioning" class="com.njw.NWLoginProvider">to the "provider" section of sso.cfg.xml but with no success, other than a few extra entries in the log file at startup.
The rest of this posting consists of examples from log files
My LoginProvider is being invoked when the server starts (I've also added some extra log.debug calls to SSOManager and PlainSSOAutoLogin to help me understand whats going on)
2006-12-13 15:34:34,471 DEBUG [org.jboss.system.ServiceCreator] About to create xmbean object: jboss.sso:service=SSOManager with code: org.jboss.security.saml.SSOManager with embedded descriptor 2006-12-13 15:34:34,627 DEBUG [org.jboss.system.ServiceCreator] Created bean: jboss.sso:service=SSOManager 2006-12-13 15:34:34,627 DEBUG [org.jboss.system.ServiceConfigurator] conf set to conf/sso.cfg.xml in jboss.sso:service=SSOManager 2006-12-13 15:34:34,627 DEBUG [org.jboss.system.ServiceController] Creating service jboss.sso:service=IdentityManager 2006-12-13 15:34:34,627 DEBUG [org.jboss.system.ServiceController] Creating dependent components for: jboss.sso:service=IdentityManager dependents are: [] 2006-12-13 15:34:34,627 DEBUG [org.jboss.system.ServiceController] Creating service jboss.sso:service=SSOManager 2006-12-13 15:34:34,627 DEBUG [org.jboss.system.ServiceController] Creating dependent components for: jboss.sso:service=SSOManager dependents are: [] 2006-12-13 15:34:34,627 DEBUG [org.jboss.deployment.MainDeployer] Done with create step of deploying jboss-sso.sar 2006-12-13 15:34:34,627 DEBUG [org.jboss.deployment.MainDeployer] Begin deployment start file:/C:/jboss-4.0.5.GA/server/default/deploy/jboss-sso.sar/ 2006-12-13 15:34:34,627 DEBUG [org.jboss.deployment.MainDeployer] Begin deployment start file:/C:/jboss-4.0.5.GA/server/default/deploy/jboss-sso.sar/NWFedSSO.jar 2006-12-13 15:34:34,627 DEBUG [org.jboss.deployment.MainDeployer] End deployment start on package: NWFedSSO.jar(lots of begin and end deployment logs for the various jar files removed for clarity)
2006-12-13 15:34:34,643 DEBUG [org.jboss.deployment.SARDeployer] Deploying SAR, start step: url file:/C:/jboss-4.0.5.GA/server/default/deploy/jboss-sso.sar/ 2006-12-13 15:34:34,643 DEBUG [org.jboss.system.ServiceController] starting service jboss.sso:service=IdentityManager 2006-12-13 15:34:34,721 DEBUG [com.njw.NWLoginProvider] Constructor 1 called 2006-12-13 15:34:34,721 DEBUG [com.njw.NWLoginProvider] setId() id=si:njw-sso:njw:login 2006-12-13 15:34:34,721 DEBUG [com.njw.NWLoginProvider] setProperties() properties={} [2006-12-13 15:34:34,721 DEBUG [com.njw.NWLoginProvider] getId() started - returning id="si:njw-sso:njw:login" 2006-12-13 15:34:34,721 DEBUG [com.njw.NWLoginProvider] getId() started - returning id="si:njw-sso:njw:login" 2006-12-13 15:34:34,721 DEBUG [com.njw.NWLoginProvider] getId() started - returning id="si:njw-sso:njw:login" 2006-12-13 15:34:34,721 INFO [org.jboss.security.idm.IdentityManager] Configuration successfully loaded for the IdentityManager........... 2006-12-13 15:34:34,721 DEBUG [org.jboss.system.ServiceController] Starting dependent components for: jboss.sso:service=IdentityManager dependent components: [] 2006-12-13 15:34:34,721 DEBUG [org.jboss.system.ServiceController] starting service jboss.sso:service=SSOManager 2006-12-13 15:34:34,783 INFO [org.jboss.security.saml.SSOManager] SSOProcessor org.jboss.security.saml.JBossSingleSignOn@be49e0 was successfully registered..... 2006-12-13 15:34:34,783 INFO [org.jboss.security.saml.SSOManager] SSOManager service successfully started........... 2006-12-13 15:34:34,783 DEBUG [org.jboss.system.ServiceController] Starting dependent components for: jboss.sso:service=SSOManager dependent components: []
server log from my logon app
server started
2006-12-13 15:35:13,424 INFO [org.apache.jk.common.ChannelSocket] JK: ajp13 listening on /0.0.0.0:8009 2006-12-13 15:35:13,471 INFO [org.apache.jk.server.JkMain] Jk running ID=0 time=0/156 config=null 2006-12-13 15:35:13,518 INFO [org.jboss.system.server.Server] JBoss (MX MicroKernel) [4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)] Started in 47s:594msopen http://localhost:8080/njwsecurity
2006-12-13 15:41:33,507 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() started 2006-12-13 15:41:33,507 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() activeSession.getTurnOff()=null 2006-12-13 15:41:33,507 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() performSSO=true 2006-12-13 15:41:33,507 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] performSSO() started 2006-12-13 15:41:33,507 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] performSSO() ssoCookieFound=false 2006-12-13 15:41:33,507 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] performSSO() returning wasSSOPerformed=false 2006-12-13 15:41:33,507 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() wasSSOPerformed=false 2006-12-13 15:41:33,507 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] calling this.getNext().invoke(request,response) 2006-12-13 15:41:33,507 DEBUG [com.njw.onlinesecurity.filters.UserInputFilter] doFilter request /njwsecurity/ 2006-12-13 15:41:33,523 DEBUG [com.njw.onlinesecurity.filters.CleanServletRequestWrapper] CleanServletRequestWrapper() finished 2006-12-13 15:41:33,804 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() called this.getNext().invoke(request,response) 2006-12-13 15:41:33,804 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() !wasSSOPerformed 2006-12-13 15:41:33,804 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() finishedkey in user and password, submit
2006-12-13 15:42:19,274 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() started 2006-12-13 15:42:19,274 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() activeSession.getTurnOff()=null 2006-12-13 15:42:19,274 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() performSSO=true 2006-12-13 15:42:19,274 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] performSSO() started 2006-12-13 15:42:19,274 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] performSSO() ssoCookieFound=false 2006-12-13 15:42:19,274 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] performSSO() returning wasSSOPerformed=false 2006-12-13 15:42:19,274 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() wasSSOPerformed=false 2006-12-13 15:42:19,274 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] calling this.getNext().invoke(request,response) 2006-12-13 15:42:19,274 DEBUG [com.njw.onlinesecurity.filters.UserInputFilter] doFilter request /njwsecurity/logon.do 2006-12-13 15:42:19,274 DEBUG [com.njw.onlinesecurity.filters.CleanServletRequestWrapper] CleanServletRequestWrapper() finished 2006-12-13 15:42:19,321 DEBUG [com.njw.onlinesecurity.filters.CleanServletRequestWrapper] getParameter org.apache.struts.taglib.html.CANCEL = null 2006-12-13 15:42:19,321 DEBUG [com.njw.onlinesecurity.filters.CleanServletRequestWrapper] getParameter org.apache.struts.taglib.html.CANCEL.x = null 2006-12-13 15:42:19,321 DEBUG [com.njw.onlinesecurity.presentation.forms.LogonForm] checking for errors 2006-12-13 15:42:19,352 DEBUG [com.njw.onlinesecurity.presentation.actions.LogonAction] ActionForward started 2006-12-13 15:42:19,352 DEBUG [com.njw.onlinesecurity.beans.LogonDetails] Created logon user=aaaaaaaaa 2006-12-13 15:42:19,352 DEBUG [com.njw.onlinesecurity.presentation.actions.LogonAction] ActionForward logonDetails=user=aaaaaaaaa 2006-12-13 15:42:19,367 DEBUG [com.njw.onlinesecurity.delegates.CustomerDelegate] CustomerDelegate() dao=com.njw.onlinesecurity.data.rdbms.RdbmsCustomerDAO@1590164 2006-12-13 15:42:19,367 DEBUG [com.njw.onlinesecurity.presentation.actions.LogonAction] ActionForward delegate=com.njw.onlinesecurity.delegates.CustomerDelegate@6a6484 2006-12-13 15:42:19,367 DEBUG [com.njw.onlinesecurity.data.rdbms.RdbmsCustomerDAO] Logon FUDGED - user=aaaaaaaaa 2006-12-13 15:42:19,383 DEBUG [com.njw.onlinesecurity.beans.Customer] Created customer user=aaaaaaaaa 2006-12-13 15:42:19,383 DEBUG [com.njw.onlinesecurity.presentation.actions.LogonAction] Customer details - user=aaaaaaaaa 2006-12-13 15:42:19,383 DEBUG [com.njw.onlinesecurity.presentation.actions.LogonAction] Saving as bean "customer"note call to processManualLoginNotification() and subsequent retrieval
2006-12-13 15:42:19,383 DEBUG [com.njw.onlinesecurity.presentation.actions.LogonAction] ActionForward calling org.jboss.security.saml.SSOManager.processManualLoginNotification 2006-12-13 15:42:19,383 DEBUG [org.jboss.security.saml.SSOManager] processManualLoginNotification() created ssoUser =org.jboss.security.saml.SSOUser@8edd79 2006-12-13 15:42:19,383 DEBUG [com.njw.onlinesecurity.presentation.actions.LogonAction] ActionForward called org.jboss.security.saml.SSOManager.processManualLoginNotification 2006-12-13 15:42:19,383 DEBUG [org.jboss.security.saml.SSOManager] getUserPrincipal() =org.jboss.security.saml.SSOUser@8edd79 2006-12-13 15:42:19,383 DEBUG [com.njw.onlinesecurity.presentation.actions.LogonAction] Principal (after logon) =aaaaaaaaa 2006-12-13 15:42:19,383 DEBUG [com.njw.onlinesecurity.presentation.actions.LogonAction] ssoUser = org.jboss.security.saml.SSOUser@8edd79 2006-12-13 15:42:19,602 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() called this.getNext().invoke(request,response) 2006-12-13 15:42:19,602 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() !wasSSOPerformed 2006-12-13 15:42:19,602 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() principal=aaaaaaaaa 2006-12-13 15:42:19,602 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() finished
server log from my second app
open http://localhost:8080/njwtest - note that PlainSSOAutoLogin is being invoked
2006-12-13 15:43:35,759 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() started 2006-12-13 15:43:35,759 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() activeSession.getTurnOff()=null 2006-12-13 15:43:35,759 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() performSSO=true 2006-12-13 15:43:35,759 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] performSSO() started 2006-12-13 15:43:35,759 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] performSSO() ssoCookieFound=false 2006-12-13 15:43:35,759 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] performSSO() returning wasSSOPerformed=false 2006-12-13 15:43:35,759 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() wasSSOPerformed=false 2006-12-13 15:43:35,759 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] calling this.getNext().invoke(request,response)
note that there is no Principal
2006-12-13 15:43:35,775 DEBUG [org.jboss.security.saml.SSOManager] getUserPrincipal() =null 2006-12-13 15:43:35,759 DEBUG [com.njw.nicktest.filters.UserInputFilter] doFilter request /nicktest/ 2006-12-13 15:43:35,775 DEBUG [com.njw.nicktest.filters.UserInputFilter] Principal (filter) =null 2006-12-13 15:43:35,775 DEBUG [com.njw.nicktest.filters.UserInputFilter] ssoUser = null 2006-12-13 15:43:35,775 DEBUG [com.njw.nicktest.filters.UserInputFilter] NOT LOGGED ON 2006-12-13 15:43:35,775 DEBUG [com.njw.nicktest.filters.UserInputFilter] URI=/nicktest/ 2006-12-13 15:43:35,775 DEBUG [com.njw.nicktest.filters.UserInputFilter] path=/nicktest 2006-12-13 15:43:35,775 DEBUG [com.njw.nicktest.filters.UserInputFilter] page=/not_logged_on.htm 2006-12-13 15:43:35,790 DEBUG [com.njw.nicktest.filters.CleanServletRequestWrapper] CleanServletRequestWrapper() finished 2006-12-13 15:43:36,025 DEBUG [org.jboss.web.tomcat.tc5.jasper.TagLibCache] Scanning for tlds in: file:/C:/jboss-4.0.5.GA/server/default/deploy/jbossweb-tomcat55.sar/jsf-libs/myfaces-impl.jar 2006-12-13 15:43:41,275 DEBUG [com.njw.nicktest.presentation.forms.CustomerDetailsForm] products=[, Motor, Travel, Pet] 2006-12-13 15:43:41,275 DEBUG [com.njw.nicktest.presentation.forms.CustomerDetailsForm] products=[, Motor, Travel, Pet] 2006-12-13 15:43:41,290 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() called this.getNext().invoke(request,response) 2006-12-13 15:43:41,290 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() !wasSSOPerformed 2006-12-13 15:43:41,290 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() finished 2006-12-13 15:44:23,353 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() started 2006-12-13 15:44:23,353 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() activeSession.getTurnOff()=null 2006-12-13 15:44:23,353 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() performSSO=true 2006-12-13 15:44:23,353 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] performSSO() started 2006-12-13 15:44:23,353 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] performSSO() ssoCookieFound=false 2006-12-13 15:44:23,353 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] performSSO() returning wasSSOPerformed=false 2006-12-13 15:44:23,353 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() wasSSOPerformed=false 2006-12-13 15:44:23,353 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] calling this.getNext().invoke(request,response) 2006-12-13 15:44:23,353 DEBUG [com.njw.nicktest.filters.UserInputFilter] doFilter request /nicktest/customerdetails.do 2006-12-13 15:44:23,353 DEBUG [org.jboss.security.saml.SSOManager] getUserPrincipal() =null 2006-12-13 15:44:23,353 DEBUG [com.njw.nicktest.filters.UserInputFilter] Principal (filter) =null 2006-12-13 15:44:23,353 DEBUG [com.njw.nicktest.filters.UserInputFilter] ssoUser = null 2006-12-13 15:44:23,353 DEBUG [com.njw.nicktest.filters.UserInputFilter] NOT LOGGED ON 2006-12-13 15:44:23,353 DEBUG [com.njw.nicktest.filters.UserInputFilter] URI=/nicktest/customerdetails.do 2006-12-13 15:44:23,353 DEBUG [com.njw.nicktest.filters.UserInputFilter] path=/nicktest 2006-12-13 15:44:23,353 DEBUG [com.njw.nicktest.filters.UserInputFilter] page=/not_logged_on.htm 2006-12-13 15:44:23,353 DEBUG [com.njw.nicktest.filters.CleanServletRequestWrapper] CleanServletRequestWrapper() finished 2006-12-13 15:44:23,385 DEBUG [com.njw.nicktest.filters.CleanServletRequestWrapper] getParameter org.apache.struts.taglib.html.CANCEL = null 2006-12-13 15:44:23,385 DEBUG [com.njw.nicktest.filters.CleanServletRequestWrapper] getParameter org.apache.struts.taglib.html.CANCEL.x = null 2006-12-13 15:44:23,400 DEBUG [com.njw.nicktest.presentation.forms.CustomerDetailsForm] checking for errors 2006-12-13 15:44:23,400 DEBUG [com.njw.nicktest.presentation.forms.CustomerDetailsForm] parsing dob string"11/12/1986" 2006-12-13 15:44:23,400 DEBUG [com.njw.nicktest.presentation.forms.CustomerDetailsForm] Forename="qwerty" Surname="uiop" Postcode="aa11aa" DOB="Thu Dec 11 00:00:00 GMT 1986" Product="Motor" 2006-12-13 15:44:23,400 DEBUG [com.njw.nicktest.presentation.forms.CustomerDetailsForm] errors={} 2006-12-13 15:44:23,416 DEBUG [com.njw.nicktest.presentation.actions.CustomerDetailsAction] ActionForward started 2006-12-13 15:44:23,416 DEBUG [org.jboss.security.saml.SSOManager] getUserPrincipal() =null 2006-12-13 15:44:23,416 DEBUG [com.njw.nicktest.presentation.actions.CustomerDetailsAction] Principal CustomerDetailsAction.execute() =null 2006-12-13 15:44:23,416 DEBUG [com.njw.nicktest.presentation.actions.CustomerDetailsAction] NOT LOGGED ON 2006-12-13 15:44:23,572 DEBUG [org.jboss.security.plugins.JaasSecurityManager.other] CallbackHandler: org.jboss.security.auth.callback.SecurityAssociationHandler@16b340a 2006-12-13 15:44:23,572 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Created securityMgr=org.jboss.security.plugins.JaasSecurityManager@125bbd3 2006-12-13 15:44:23,572 DEBUG [org.jboss.security.plugins.JaasSecurityManager.other] CachePolicy set to: org.jboss.util.TimedCachePolicy@4e37fb 2006-12-13 15:44:23,572 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] setCachePolicy, c=org.jboss.util.TimedCachePolicy@4e37fb 2006-12-13 15:44:23,572 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Added other, org.jboss.security.plugins.SecurityDomainContext@13d556f to map 2006-12-13 15:44:23,572 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() called this.getNext().invoke(request,response) 2006-12-13 15:44:23,572 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() !wasSSOPerformed 2006-12-13 15:44:23,572 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() finished