JBoss federated SSO setup
alllle Jun 30, 2008 8:50 PMHi,
I'm trying out the JBoss SSO and got stuck with cross domain SSO setup. I wonder if anyone can point out what I was doing wrong.
I am running two JBoss instances on the local box, with JBoss config name "sso-site1" and "sso-site2". For sso-site2, I've changed all the ports it uses by prefixing them with a 1 so they are in the 10000-19999 range. I am accessing the two sites using www.ssosite1.com:8080 and www.ssosite2.com:18080 after updating the Windows host file.
I also dropped the jboss-sso.sar and jboss-federation-server-exploded.ear to the deploy directory of both sites.
I then deployed ssoapp1 and ssoapp2 to sso-site1 and sso-site2, respectively. Below are the settings of various files. For ssoapp1, it uses "site1" in various places as mentioned below. For ssoapp2, it uses "site2" wherever "site1" is used in ssoapp1.
jboss-sso.sar/conf/sso.cfg.xml
<login> <provider id="si:myconmpany:site1:login" class="org.jboss.security.idm.demo.DemoLoginProvider"/> </login> <sso-processor> <processor class="org.jboss.security.saml.JBossSingleSignOn"> <property name="trustServer">http://www.ssosite1.com:8080/federate/trust</property> </processor> </sso-processor>
JBoss conf/login-config.xml
<application-policy name="ssodemo-site1"> <authentication> <login-module code="org.jboss.security.idm.UsernameAndPasswordLoginModule" flag="required"> <module-option name="unauthenticatedIdentity">guest</module-option> <module-option name="password-stacking">useFirstPass</module-option> <module-option name="authenticatedRoles">Authenticated,RegisteredUsers</module-option> <module-option name="provider">si:myconmpany:site1:login</module-option> </login-module> </authentication> </application-policy>
jboss-federation-server.sar/conf/server.cfg.xml
<federation-server> <partners> <partner domain="ssodemo-site1" server="http://www.ssosite1.com:8080/federate"/> <partner domain="ssodemo-site2" server="http://www.ssosite2.com:18080/federate"/> </partners> </federation-server>
WEB-INF/Context.xml
<Context> <!-- a federation routing valve --> <Valve className="org.jboss.security.valve.SSOFederationRouter" /> <Valve className="org.jboss.security.valve.SSOAutoLogout" logoutURL="/ssoapp1/close_session.jsp" /> <Valve className="org.jboss.security.valve.SSOTokenManager" assertingParty="ssodemo:site1" /> <Valve className="org.jboss.security.valve.SSOAutoLogin" authType="BASIC" provider="si:mycompany:site1:login" /> </Context>
WEB-INF/jboss-web.xml
<security-domain>java:/jaas/ssodemo-site1</security-domain>
WEB-INF/web.xml
<security-constraint> <display-name>protected resources</display-name> <web-resource-collection> <web-resource-name>protected contents</web-resource-name> <url-pattern>/protected/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>Authenticated</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>SSO Authentication App1 @ Site1</realm-name> </login-config> <security-role> <role-name>Authenticated</role-name> </security-role>
I think I've connected all the dots. The login worked okay. Once login, I can see the SAML token in the cookie. However, when I click a link to jump from site1 to site2 (or vise versa), the SAML token is not restored and therefore, I am getting the login prompt again.
Any idea what is missing?
Thanks in advance.