4 Replies Latest reply on Nov 4, 2007 1:01 PM by brian.stansberry

    SSO between several JBoss instances

    gmeroz Nov 4, 2007 10:01 AM

      I have several applications, each deployed on a seperate Jboss server. all of them are deployed on the same machine, using a different virtual IP addresses.

      i tried to configure jboss to enable SSO between them by:


      1. copy deploy/all directory for each instance.
      2. edit deploy\jbossweb-tomcat55.sar\server.xml & uncomment this line:
      <Valve className="org.jboss.web.tomcat.tc5.sso.ClusteredSingleSignOn"
 cookieDomain="192.168.10" debug="2"/>



      It didn't work. i tried to do it on the jmx-console application as well.

      what's missing?

      • 3726 Views
      • Tags:
        • 1. Re: SSO between several JBoss instances
          brian.stansberry
          brian.stansberry Nov 4, 2007 10:05 AM (in response to gmeroz)

          Please be more descriptive beyond "It didn't work". What exactly did you try and what happened?

            • Actions
          • 2. Re: SSO between several JBoss instances
            gmeroz Nov 4, 2007 10:14 AM (in response to gmeroz)

            i created a file, "test.html", under the jmx-console.war with the following code:

            <html>
<body>
<A href="http://192.168.10.106:8080/jmx-console/index.jsp">app 1</a>
<A href="http://192.168.10.222:8080/jmx-console/index.jsp">app 2</a>
</body>
</html>


            then i opened it from http://192.168.10.106:8080/jmx-console/test.html & when i clicked the "app 2" link, the basic authentication popup opened & asked for user/password.

              • Actions
            • 3. Re: SSO between several JBoss instances
              gmeroz Nov 4, 2007 10:15 AM (in response to gmeroz)

              didn't mentioned i'm using version 4.0.5GA...

                • Actions
              • 4. Re: SSO between several JBoss instances
                brian.stansberry
                brian.stansberry Nov 4, 2007 1:01 PM (in response to gmeroz)

                ClusteredSSO is cookie-based, and by default the browser will only present the cookie to the same hostname that issued it. In your case, you are trying to use two different host names.

                See "Limitations" discussion in http://wiki.jboss.org/wiki/Wiki.jsp?page=SingleSignOn and the bit following it about setting a cookie domain.

                A workaround is to assign host names to 192.168.10.106 and 192.168.10.222, with both hostnames under the same domain. Then set the cookie domain to that domain, and use the host names in your URLs.

                If you're just experimenting, you can try setting the cookie domain to "." (i.e. the whole internet) and then still use IP addresses in your URLs. Not sure if that would work or not. Of course you wouldn't want to configure a real system that way.

                  • Actions