6 Replies Latest reply on Oct 24, 2007 4:24 PM by anil.saldhana

    Generate SSOID in WebAuthentication

    sguilhen

      As stated on issue http://jira.jboss.com/jira/browse/JBAS-4424, the org.jboss.web.tomcat.security.login.WebAuthentication class should be capable of generating a ssoid and setting it on the session when the user has configured the SingleSignOn valve.

      The idea is to get a reference to the SingleSignOn valve and invoke its methods to associate the authenticated Principal to the ssoid, just like the AuthenticatorBase does. However, the methods that we need to call are protected (register, associate, update, etc), so we can't simply delegate the SSO functionality to the SingleSignOn valve unless we relax the method's access to public in JBossWeb. Can we do that?

        • 1. Re: Generate SSOID in WebAuthentication
          anil.saldhana

          We are attempting to do Programmatic Web Authentication to the container. So there is no question of a valve.

          I am guessing from looking at the code that we either have to drop the idea of sso stuff for prog.web.auth or duplicate the code in these protected methods of valvebase, in our WebAuth class.

          • 2. Re: Generate SSOID in WebAuthentication
            anil.saldhana

            SSO behavior with prog.web.auth is not a high priority IMO. If it can be done, good. If not, we can drop it.

            • 3. Re: Generate SSOID in WebAuthentication
              cristant

              I've been tracking this issue for a couple weeks now, since having SSO int he programmatic web login classes would make the facility I wrote to pass user authentication over from a legacy portal application a lot easier.

              Obviously I can implement something like CAS instead, but what we have now will work perfectly as long as the SSO tokens get set.

              Thanks,
              ~Matt

              • 4. Re: Generate SSOID in WebAuthentication
                anil.saldhana

                 

                "cristant@fstrf.org" wrote:
                I've been tracking this issue for a couple weeks now, since having SSO int he programmatic web login classes would make the facility I wrote to pass user authentication over from a legacy portal application a lot easier.

                Obviously I can implement something like CAS instead, but what we have now will work perfectly as long as the SSO tokens get set.

                Thanks,
                ~Matt

                Matt, this issue is still in the back of my mind. So it is not dead yet. It will not make into the 4.2.2 release (as that is coming out soon). But will be part of 4.2.3 I guess.

                • 5. Re: Generate SSOID in WebAuthentication
                  cristant

                  OK, that makes sense. How long is it usually between the point releases like 4.2.1 to 4.2.2? Just trying to get a sense as to whether 4.2.3 will be out before we need to have this issue resolved since I can probably work around it.

                  Thanks,
                  ~Matt

                  • 6. Re: Generate SSOID in WebAuthentication
                    anil.saldhana

                    Remy, thanks for making the visibility access changes needed for bringing in the SingleSignOn aspect into Programmatic Web Authentication.