4 Replies Latest reply on Jun 20, 2007 12:27 PM by ch33zm0ng3r

    JOSSO and JBoss Portal

    richmlpdx
    richmlpdx May 3, 2006 2:13 PM

      Does anyone have insight into how to integrate JOSSO in to JBoss Portal to use our exsting dabase of users and roles for authentication? I understand how to setup JOSSO, just not how to get the JBOSS User portlet to use a different method for authentication...

      Thanks in advance,
      Matt

      • 3364 Views
      • Tags:
        • 1. Re: JOSSO and JBoss Portal
          richmlpdx
          richmlpdx May 3, 2006 8:15 PM (in response to richmlpdx)

          Actually, any guidance on setting up a SSO solution that will work across servlets and the portals would be nice. JAAS or something else?

          Thoughts?

          Thanks,
          matt

            • Actions
          • 2. Re: JOSSO and JBoss Portal
            schnelzer
            schnelzer May 4, 2006 12:17 PM (in response to richmlpdx)

            You can create a separate web application just for authentication (assign it to the root context if you want) that has a JAAS login module.

            In the login webapp specify your security domain in jboss-web.xml

            <?xml version="1.0"?>
<jboss-web>
 <security-domain>java:jaas/yourJaasDomain</security-domain>
 <context>/</context>
</jboss-web>

            Then modify the JBoss Portal's Jaas Security Domain to yourJaasDomain by edtiting deploy\jboss-portal.sar\portal-server.war\WEB-INF\jboss-web.xml.

            In our case we modified the Portal Security constraint so that all portal content is secure. You can do that by modifying the security-constraint in deploy\jboss-portal.sar\portal-server.war\WEB-INF\web.xml to something like this. 
            <security-constraint>
 <web-resource-collection>
 <web-resource-name>Secure+Authenticated</web-resource-name>
 <url-pattern>/*</url-pattern>
 </web-resource-collection>
 <auth-constraint>
 <role-name>Authenticated</role-name>
 </auth-constraint>
 <user-data-constraint>
 <transport-guarantee>CONFIDENTIAL</transport-guarantee>
 </user-data-constraint>
 </security-constraint>



            Use this same security domain in all of your portlets too.

            You may be able to use this type of approach with JOSSO as well. Let us know what you find out.



              • Actions
            • 3. Re: JOSSO and JBoss Portal
              julien1 May 6, 2006 6:33 PM (in response to richmlpdx)

              Hi Rich,

              jboss portal uses servlet container authentication so you can use whatever SSO solution that works with tomcat. Let me know if you make it work with it.

                • Actions
              • 4. Re: JOSSO and JBoss Portal
                ch33zm0ng3r
                ch33zm0ng3r Jun 20, 2007 12:27 PM (in response to richmlpdx)

                I am attempting to get portal to authenticate against a JOSSO configuration as well, using jboss-portal-2.4.1. I haven't seen much info about doing this so far. It seems like this should have a straightforward solution, much like connecting to an LDAP identity/credential store. My first thought was to include an entry in portal's login-config.xml much like the one in jboss' login-config.xml

                <login-module code = "org.josso.jb4.agent.JBossSSOGatewayLoginModule"
 flag = "required">
 <module-option name="debug">true</module-option>
 </login-module>


                Under the Portal application policy. This caused a null pointer exception when attempting to authenticate users with the user portlet. I really feel that this has an easy solution, but i'm lost in the XML jungle that jboss and portal carry with them. Any clues?

                Nick

                  • Actions