4 Replies Latest reply on May 6, 2008 4:21 PM by viggo.navarsete

    Configuring external SSO solution (LDAP)

    nm-156
    nm-156 Sep 10, 2007 3:50 PM

      I would like to plug in a custom, java based SSO solution to the JBoss Portal that authenticates against LDAP and retrieves roles from a database after authentication is successful (these classes are already developed, and I want to reuse them).

      I am looking for a hook into the portal that will allow me to plug in my custom classes to authenticate a user and retrieve roles. Is there a configuration file that will allow me to plug in a custom implementation (wrapper class/interface api) for user authentication and role processing?

      From what I have been able to see, the identity configuration files underneath the jboss-portal.sar/conf/identity directory have something to do with this approach, but I do not understand how to configure the custom classes.

      Can somebody explain how to do this?

      Thank you.

      • 2580 Views
      • Tags:
        • 1. Re: Configuring external SSO solution (LDAP)
          bdaw
          bdaw Sep 10, 2007 5:16 PM (in response to nm-156)

          Implement your own JAAS LoginModule like this one:

          http://docs.jboss.com/jbportal/v2.6/referenceGuide/html/authentication.html#authentication.synchronizing_login_module

          Source code is quite simple so you can alter existing one.

            • Actions
          • 2. Re: Configuring external SSO solution (LDAP)
            nm-156
            nm-156 Sep 11, 2007 9:55 AM (in response to nm-156)

            Thanks for replying, Boleslaw. I was doing some research based on the link that you provided. I was looking at this page:

            http://wiki.jboss.org/wiki/Wiki.jsp?page=LoginModule

            and also, the associated link "Creating a custom login module".

            The custom SSO utility classes that I would like to reuse do the following:

            1. Authenticate against the LDAP server
            2. Retrieve application specific roles from the database

            So can you tell me: Will I be able to extend one of the LoginModule classes that are listed in the link above and then configure my new class in /conf/login-config.xml? If I am conceptualizing what needs to be done correctly, I need to configure my own login module class whose implementation will more or less function like a hybrid. That is, one set of custom SSO utility classes will take user credentials and authenticate against the LDAP server. Once authentication is successful, I will use another set of custom classes to query the roles from the database.

            Can I entend one of the existing LoginModule classes to accomplish this? Which methods would I have to override in the LoginModule class in order to plug in the authentication/role retrieval logic?

            Thanks so much.

              • Actions
            • 3. Re: Configuring external SSO solution (LDAP)
              nm-156
              nm-156 Sep 12, 2007 12:04 PM (in response to nm-156)

              After some additional fact finding, I have a different need as it pertains to a pluggable SSO solution. We have a central SSO web application (servlet) that handles sign on requests. The servlet already communicates with a JAAS login module, but does some additional processing during sign on that other applications are dependent on, so the servlet cannot be removed.

              Is there a way to plug in an SSO servlet to the JBoss portal so that it can handle the initial authentication to the JBoss portal? I should be able to move the JAAS login module to the portal if necessary, but I need the central login page to be hosted by the servlet.

              Thanks.

                • Actions
              • 4. Re: Configuring external SSO solution (LDAP)
                viggo.navarsete
                viggo.navarsete May 6, 2008 4:21 PM (in response to nm-156)

                any updates?

                  • Actions