2 Replies Latest reply on Feb 27, 2008 3:58 PM by dcollodel

    Help with portlet authentication

    dcollodel

      Hi,

      I am currently deploying Documentum portlets to Jboss portal. I've been successful in getting them to work with a separate login, but not using the Portal's security principal. The documentation is leaving me hanging on the Jboss configuration side, so any help would be greatly appreciated.

      I've configured the portlet application on the backend for "trusted authentication", but it seems that the security principal is not being passed from Jboss to the WDK portlet applications.

      The portlet documentation states:


      Set up J2EE principals in the application deployment description web.xml and in application server-specific files...

      To set up J2EE principals:
      To enable J2EE principals to log in to repositories (single login), you must modify the deployment descriptor file (/WEB-INF/web.xml) and follow the procedures that are specific to your portal server.

      1. In /WEB-INF/web.xml, remove the comments around the security constraints element. This sets up a user role called "œeveryone"�. The web-resource-name value should match the context name of the Web application. For example:
       <security-constraint>
       <web-resource-collection>
       <web-resource-name></web-resource-name>
       <url-pattern>/*</url-pattern>
       <http-method>POST</http-method>
       <http-method>GET</http-method>
       </web-resource-collection>
       <auth-constraint>
       <role-name>everyone</role-name>
       </auth-constraint>
       </security-constraint>
       <login-config>
       <auth-method>BASIC</auth-method>
       </login-config>
      


      2. Follow the portal server procedure for setting up J2EE principals. Each portal server has its own procedure for enabling single login.

      For Step 1, it's referring to the web.xml of the Documentum portlets. I'm unsure what the context name should be.

      Step 2 seems to be where the real trouble is though. If I can get J2EE principals set up, I think I can get the above XML correctly configured.

        • 1. Re: Help with portlet authentication
          bvogt

          That's quite interesting to me what you are expected to do, because I had to manage a documentum migration onto a solaris cluster in the past (I guess in 2001).

          Your login within the documentum portlet provides a session on the documentum side, what you need to have is a session on the portal side too.

          In order to setup a portal session it needs access to the users and roles - ideally they are the same as used by documentum (ldap?). If that's not possible may be the synchronizing modules as mentioned in chapter 18 may help you?

          http://docs.jboss.com/jbportal/v2.6.4/referenceGuide/html/authentication.html

          • 2. Re: Help with portlet authentication
            dcollodel

            On the Documentum side, the portlet is configured as "trusted". A Documentum superuser makes the initial connection, and compares the Jboss-supplied user principal with the users in Documentum. Assuming the principal authenticates with Jboss, and matches a Documentum user, the Documentum module creates a session for that user.

            The trouble is that I don't know how to set up the authentication to pass the logged-in principal to Documentum.

            I'll peruse that link though. Thanks.