-
1. Re: Trying to Connect JBoss SSO to Oracle Federation Server
soshah Apr 30, 2008 1:29 PM (in response to breynolds)breynolds-
Can you briefly describe your setup. Here is what I am assuming you are trying to do, so correct me if I am wrong
1/ You have a JBoss Federation setup in your school domain using the JBoss Federation Server
2/ You have a university ("a partner") in a different domain whose Federation is running the Oracle Federation Server
3/ And you want your SSO tokens propagated/processes/validated between the two Federations?
If my assumption about this setup is correct, what you are looking for is the username and password that the OIF server will use to perform a "Trust Handshake" between the two servers to check if it can trust the SSO token it is receiving from your domain
However, if you are using the CR1 release, the "Trust Handshake" of JBoss Federation Server is non-customizable making it not able to interoperate with non-JBoss Federation Servers.
This feature to allow customization is still under development. I understand that interoperation between Federation Servers is an important feature and we have the base architecture to support it, but we still have to develop the feature to make it happen.
In fact we have a open JIRA to support Microsoft Federation Server as well once this feature is developed. http://jira.jboss.com/jira/browse/JBSSO-9
Thanks -
2. Re: Trying to Connect JBoss SSO to Oracle Federation Server
breynolds Apr 30, 2008 6:43 PM (in response to breynolds)Thanks for the response Sohil.
Yes you've described it pretty well. We're a service provider, we just want the students to be able to log into their institution and then be able to get into our web application.
If we don't have the ability to perform that trust handshake, does that mean we won't be able to connect those servers right now? So far they are not connecting and I'm wondering if that's the reason. -
3. Re: Trying to Connect JBoss SSO to Oracle Federation Server
soshah May 1, 2008 6:15 AM (in response to breynolds)breynolds-
If we don't have the ability to perform that trust handshake, does that mean we won't be able to connect those servers right now? So far they are not connecting and I'm wondering if that's the reason.
Yes in the CR1 release that you are using, this is the reason why they are not talking to each other.
The next release will improve the "Trust Handshake" pluggability using the concept of a "Trust Plugin" which can then interoperate with other Federation Servers. The functionality is in fact implement on the svn trunk. http://anonsvn.jboss.org/repos/jboss-sso/dev/trunk/
btw- do you know what is the purpose of the "username" and "password" that the Oracle Server needs to work with the JBoss Federation Server.
1/ Is it used while "pushing" the token to the JBoss Federation Server (in which case its not needed and you can leave it blank)
or
2/ While making a "Trust handshake" callback to the JBoss Server when JBoss Server pushes the token over to the Oracle server
Also, can you post the SAML token that is generated by the Oracle server and pushed to the JBoss Server?
I apologize for all the questions, but I am very interested by this usecase, and Federation Server interoperability is key to the usefulness of SAML and de-centralized SSO
Thanks