14 Replies Latest reply on Jan 5, 2010 9:32 AM by artmunro

    SSO integration

    sviluppatorefico

      does it support SSO integration?

        • 1. Re: SSO integration
          theute

          It must :)

          It is being tested/documented, current efforts are going to OpenSSO, JOSSO and CAS

          Please let us know if you are testing one of those or a different one.

          • 2. Re: SSO integration
            sviluppatorefico

            of course....thanks Thomas

            • 3. Re: SSO integration
              artmunro

              We are also trying to migrate to the new platform and are using CAS and have been unable to get it configured/working. If anyone has example or can help point us in hte right direction that would help. Both Exo and Jboss had CAS so im hoping that the new Gatein can also work.

              PLEASE HELP :)

              Art

              • 4. Re: SSO integration
                theute

                You're on the edge but it's working.

                Doc is slightly behind, but if you build from trunk:
                https://svn.jboss.org/repos/gatein/portal/trunk/docs/reference-guide/

                You should see the SSO chapter

                The instructions will change as we don't plan to have people checking out http://anonsvn.jboss.org/repos/gatein/components/sso but the meat is there.

                • 5. Re: SSO integration
                  artmunro

                  How do I access the files? The link is not available How do I get an account and download ??

                  I cant find the content :(

                  https://svn.jboss.org/repos/gatein/portal/trunk/docs/reference-guide/

                  http://anonsvn.jboss.org/repos/gatein/components/sso

                  • 6. Re: SSO integration
                    theute

                    Sorry here is the anonymous link if you want to build the doc:
                    http://anonsvn.jboss.org/repos/gatein/portal/trunk/docs/reference-guide/

                    • 7. Re: SSO integration
                      artmunro

                      Still no success.. has anyone been able to complete?

                       

                      We are trying to configure on the Tomcat distro, has that been tested?  Is there any dependancy for what/how the LDAP server is configured?

                      • 8. Re: SSO integration
                        theute

                        I tried it personally. It works.

                         

                        You should go step by step, first install the server on Tomcat makes sure it works (the default dummy authentication is to have same username, same password). Then add GateIn into the mix configured as explained in the documentation, when you login it will redirect to CAS, then add the LDAP in the mix.

                        • 9. Re: SSO integration
                          artmunro

                          Gatein Tomcat install  All configurations are done.. see below... and after CAS login.. the following error...

                           

                          WARNING: Cannot find message associated with key jaasRealm.loginException
                          javax.security.auth.login.LoginException: Login failed for TestCoAMA1
                                  at org.exoplatform.services.security.jaas.SharedStateLoginModule.login(SharedStateLoginModule.java:80)
                                  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                                  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                                  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                                  at java.lang.reflect.Method.invoke(Method.java:597)

                           

                          Configs as follows:

                           

                          1.2 - install CAS plugin -
                          mvn -Pplugin-cas-install install
                          1.3 - configure CAS plugin - to connect to the p-spt-a1 Gatein server
                          cas.war/WEB-INF/deployerConfigContext.xml
                          file.
                          <bean class="org.gatein.sso.cas.plugin.AuthenticationPlugin">
                          <property name="gateInHost"><value>http://p-spt-a1.url.com</value></property>
                          <property name="gateInPort"><value>8080</value></property>
                          <property name="gateInContext"><value>portal</value></property>
                          </bean>
                            
                          Part 2 Configure Gatein SSO agent
                          ( needs to use tomcat distro - these are all Gatein settings and is the same on tomcat).
                          2.1 - modify login form
                          gatein.ear/02portal.war/groovy/portal/webui/UILoginForm.gtmpl
                          <script>
                          <%=uicomponent.event("Close");%>
                          window.location = 'http://p-ldap-a1.url.com:8888/cas/login?service=lhttp://p-spt-a1.url.com:8080/portal/
                          private/classic';
                          </script>
                          2.2 - login jsp
                          gatein.ear/02portal.war/login/jsp/login.jsp
                          <head>
                          <script type="text/javascript">
                          window.location = 'http://p-ldap-a1.url.com:8888/cas/login?service=lhttp://p-spt-a1.url.com:8080/portal/private/classic';
                          </script>
                          2.3 Web xml
                          gatein.ear/02portal.war/WEB-INF/web.xml
                          <servlet>
                          <servlet-name>InitiateLoginServlet</servlet-name>
                          <servlet-class>org.gatein.sso.agent.GenericSSOAgent</servlet-class>
                          <init-param>
                          <param-name>casServerUrl</param-name>
                          <param-value>'http://p-ldap-a1.url.com:8888/cas</param-value>
                          </init-param>
                          </servlet>
                          • 10. Re: SSO integration
                            artmunro

                            Is there a way we can verify the install of the CAS plugin AND the Gatein SSO agent?  For example after instal WHAT files should exist and what configurations are done that we can verify?

                             

                            We are getting the following error BUT this is the same cas that is configured for our JBoss Portal and ALL users can authenticate for that application.

                             

                            WARNING: Cannot find message associated with key jaasRealm.loginException
                            javax.security.auth.login.LoginException: Login failed for TestCoAMA1
                                    at org.exoplatform.services.security.jaas.SharedStateLoginModule.login(SharedStateLoginModule.java:80)
                                    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                                    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                                    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                                    at java.lang.reflect.Method.invoke(Method.java:597)v

                             

                             

                            We are running Ubuntu and Java 1.6 sp 13.

                            • 11. Re: SSO integration
                              artmunro

                              further investigation shows error...

                               

                              I test cas config in jboss on local, there is a error.
                              [10:09:45 PM] renyou: java.net.ConnectException: Connection refused: connect
                                      at java.net.PlainSocketImpl.socketConnect(Native Method)
                                      at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)
                                      at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195)
                                      at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182)
                                      at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
                                      at java.net.Socket.connect(Socket.java:519)
                                      at java.net.Socket.connect(Socket.java:469)
                                      at sun.net.NetworkClient.doConnect(NetworkClient.java:163)
                                      at sun.net.www.http.HttpClient.openServer(HttpClient.java:394)
                                      at sun.net.www.http.HttpClient.openServer(HttpClient.java:529)
                                      at sun.net.www.http.HttpClient.<init>(HttpClient.java:233)
                                      at sun.net.www.http.HttpClient.New(HttpClient.java:306)
                                      at sun.net.www.http.HttpClient.New(HttpClient.java:323)
                                      at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:852)

                              • 12. Re: SSO integration
                                artmunro

                                1 month and still no success

                                 

                                Is there anyone have this configured with CAS and Beta 4 on tomcat that could shed some light on what is going on here??

                                 

                                Art

                                • 13. Re: SSO integration
                                  theute

                                  As I said it's working for Sohil who implemented this and myself, also the configuration isn't easy, we are still trying to figure out the best way, please bare with us. Again you should go step by step to find out where the issue is, the stacktraces don't mention enough here.

                                   

                                  I see a lot of typos in your extracts and it looks like just a connection issue (such as a wrong URL ?)

                                   

                                  Look into your post:

                                  Here:

                                  <param-value>'http://p-ldap-a1.url.com:8888/cas</param-value>

                                  Here twice:

                                  window.location = 'http://p-ldap-a1.url.com:8888/cas/login?service=lhttp://p-spt-a1.url.com:8080/portal/private/classic';

                                  Can you confirm that it's only Copy/Paste issue ?

                                  • 14. Re: SSO integration
                                    artmunro

                                    that was a copy paste issue.  I wanted to just replace url's to show the different servers/address to make sure we were clear on the proper addresses.  Is there someone/way we can pay for help to configure this?  My project is way behind because we cant login to our applications to do proper testing.

                                     

                                    can you point me to who i can talk to?

                                     

                                    oh btw,

                                    thanks for all the help,

                                     

                                    Art