5 Replies Latest reply on Sep 18, 2008 2:31 AM by deepchandraharbola

    JOSSO1.7 and JBoss Portal 2.6.4 - Authorization

      Hi all,

      I tried to integrate JOSSO to JBoss Portal 2.6.4 (ha deployment on JBoss 4.2.2.GA all-config). I followed first the instructions at josso.org (http://josso.org/confluence/display/JOSSO1/JBoss+4.2.html) and after that, I changed the integration like I'm supposed to do it from chapter 20.4. (JOSSO - Java Open Single SignOn) of the reference docs.

      I have to mention, that I still have a "sso-session-manager", a "sso-session-store", "sso-session-id-generator", "sso-audit-manager" and a "sso-event-manager" in my josso-gateway-config.xml (as described at josso.org). Additionally, I have two valves in tomcat's server.xml, one for JBoss Portal SSO and one for JOSSO.

      Now, after that, I can logon through JOSSO (the redirect in logon.jsp points me to a JOSSO logon form) and after typeing user : user, I'm logged on as "user" ("User portlet" and "Current users"-portlet says so, too). But I don't have access to those portlets that are configured to used by users with the role "User" (same as if I log on as admin:admin, then I have no admin area). So, it seams that the JAAS-Subject has no roles added.

      Do I have to configure something else to have authorization with JOSSO, or does this not work at all? Or do I have to remove the stuff from josso-gateway-config.xml?

      Thanks for help!
      Carsten