1 Reply Latest reply on May 5, 2008 2:00 AM by carstenrudat

    OpenSSO - how to login via login-link?

    carstenrudat Apr 30, 2008 11:51 AM

      Hi all,

      I still have problems with OpenSSO. I'm running JBoss Portal 2.6.4 (clustered) on JBoss 4.2.2.GA (all config).

      I followed the instructions on http://blog.jboss-portal.org/2007/10/jboss-portal-with-opensso-and-opends.html and installed OpenSSO V1 Build 4 and OpenDS.
      I had to add following to the users stored in OpenDS:

      dn: uid=user.0,ou=People,dc=opensso,dc=java,dc=net
changetype: modify
add: objectclass
objectclass: sunFMSAML2NameIdentifier



      Now, I'm forwarded to the OpenSSO-Login-page as soon as I call http://myjbossserver.com:8080/portal without clicking on the login-link. I really would like to see the first portal-page without being logged in, and I don't know how to do that...




      My config changes are as follows:

      server/all/jboss-web.deployer/server.xml: 
      <Valve className="org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn" />


      server/all/portal-server.war/WEB-INF/context.xml: 
      <Valve className="org.jboss.portal.identity.sso.opensso.OpenSSOAuthenticationValve"
 loginURL="http://myjbossserver.com:8080/opensso"
 logoutURL="http://myjbossserver.com:8080/opensso/UI/Logout"
 appendLoginGoto="true"
 appendLogoutGoto="true"
 authType="FORM"
/>


      server/all/conf/AMConfig.properties: 
      com.iplanet.services.debug.level=message
com.iplanet.services.debug.directory=/tmp
com.iplanet.am.serverMode=false
com.iplanet.am.sdk.caching.enabled=false
com.sun.identity.idm.cache.enabled=false
com.sun.identity.sm.cache.enabled=true
com.sun.identity.sm.sms_object_class_name=com.sun.identity.sm.jaxrpc.SMSJAXRPCObject
com.iplanet.am.naming.url=http://myjbossserver.com:8080/opensso/namingservice
com.iplanet.am.notification.url=@NOTIFICATION_URL@
com.sun.identity.agents.app.username=amadmin
com.iplanet.am.service.password=
com.iplanet.am.service.secret=AQIC5wM2LY4SfcyImS3T1DzgtBnOSHf5p9Ab
am.encryption.pwd=
com.sun.identity.client.encryptionKey=
com.iplanet.security.encryptor=com.iplanet.services.util.JCEEncryption
com.sun.identity.idm.remote.notification.enabled=true
com.iplanet.am.sdk.remote.pollingTime=1
com.sun.identity.sm.notification.enabled=true
com.sun.identity.sm.cacheTime=1
com.iplanet.am.server.protocol=http
com.iplanet.am.server.host=myjbossserver.com
com.iplanet.am.server.port=8080
com.iplanet.am.services.deploymentDescriptor=/opensso
com.iplanet.am.console.protocol=@CONSOLE_PROTOCOL@
com.iplanet.am.console.host=@CONSOLE_HOST@
com.iplanet.am.console.port=@CONSOLE_PORT@
com.iplanet.am.console.deploymentDescriptor=@CONSOLE_DEPLOY_URI@
com.iplanet.am.console.remote=@CONSOLE_REMOTE@
com.iplanet.am.cookie.name=iPlanetDirectoryPro
com.iplanet.am.session.client.polling.enable=true
com.iplanet.am.session.client.polling.period=180
com.iplanet.am.admin.cli.certdb.dir=@CONTAINER_CERTDB_DIR@
com.iplanet.am.admin.cli.certdb.prefix=@CONTAINER_CERTDB_PREFIX@
com.iplanet.am.admin.cli.certdb.passfile=@BASEDIR@/@PRODUCT_DIR@/config/.wtpass
com.iplanet.am.jssproxy.trustAllServerCerts=false
com.iplanet.am.jssproxy.checkSubjectAltName=false
com.iplanet.am.jssproxy.resolveIPAddress=false
com.iplanet.am.jssproxy.SSLTrustHostList=false
com.sun.identity.agents.server.log.file.name=amRemotePolicyLog
com.sun.identity.agents.logging.level=NONE
com.sun.identity.agents.notification.enabled=false
com.sun.identity.agents.notification.url=@NOTIFICATION_URL@
com.sun.identity.agents.polling.interval=3
com.sun.identity.policy.client.cacheMode=subtree
com.sun.identity.policy.client.clockSkew=10
com.sun.identity.monitoring=off
com.sun.identity.urlconnection.useCache=false
com.sun.identity.plugin.configuration.class=com.sun.identity.plugin.configuration.impl.ConfigurationInstanceImpl
com.sun.identity.plugin.datastore.class.default=com.sun.identity.plugin.datastore.impl.IdRepoDataStoreProvider
com.sun.identity.plugin.session.class=com.sun.identity.plugin.session.impl.FMSessionProvider
com.sun.identity.saml.xmlsig.signatureprovider.class=com.sun.identity.saml.xmlsig.AMSignatureProvider
com.sun.identity.saml.xmlsig.keyprovider.class=com.sun.identity.saml.xmlsig.JKSKeyProvider
com.sun.identity.saml.xmlsig.keystore=/Users/carsten/Documents/workspace3/Genloop.generator/lib/runtime/dist-lib/jboss-4.2.2.GA_Genloop_Portal/server/all/deploy/fam-client-jdk15-exp.war/keystore.jks
com.sun.identity.saml.xmlsig.storepass=/Users/carsten/Documents/workspace3/Genloop.generator/lib/runtime/dist-lib/jboss-4.2.2.GA_Genloop_Portal/server/all/deploy/fam-client-jdk15-exp.war/.storepass
com.sun.identity.saml.xmlsig.keypass=/Users/carsten/Documents/workspace3/Genloop.generator/lib/runtime/dist-lib/jboss-4.2.2.GA_Genloop_Portal/server/all/deploy/fam-client-jdk15-exp.war/.keypass
com.sun.identity.saml.xmlsig.certalias=test
com.sun.identity.saml.checkcert=on
com.sun.identity.saml.xmlsig.c14nMethod=http://www.w3.org/2001/10/xml-exc-c14n#
com.sun.identity.saml.xmlsig.xmlSigAlgorithm=
com.sun.identity.saml.xmlsig.transformAlg=http://www.w3.org/2001/10/xml-exc-c14n#
com.sun.identity.saml2.xmlenc.EncryptionProvider=com.sun.identity.saml2.xmlenc.FMEncProvider
com.sun.identity.saml2.xmlsig.SignatureProvider=com.sun.identity.saml2.xmlsig.FMSigProvider
com.sun.identity.saml2.crl.check=false
com.sun.identity.saml2.crl.check.ca=false
com.sun.identity.liberty.ws.soap.certalias=
com.sun.identity.liberty.ws.soap.staleTimeLimit=300000
com.sun.identity.liberty.ws.soap.messageIDCacheCleanupInterval=60000
com.sun.identity.liberty.ws.soap.supportedActors=http://schemas.xmlsoap.org/soap/actor/next
com.sun.identity.liberty.ws.jaxb.namespacePrefixMappingList=S=http://schemas.xmlsoap.org/soap/envelope/|sb=urn:liberty:sb:2003-08|pp=urn:liberty:id-sis-pp:2003-08|ispp=http://www.sun.com/identity/liberty/pp|is=urn:liberty:is:2003-08
com.sun.identity.liberty.ws.jaxb.packageList=
com.sun.identity.liberty.ws.wsc.certalias=
com.sun.identity.liberty.ws.ta.certalias=
com.sun.identity.liberty.ws.trustedca.certaliases=
com.sun.identity.liberty.ws.security.TokenProviderImpl=com.sun.identity.liberty.ws.security.LibSecurityTokenProvider
com.sun.identity.liberty.interaction.wspRedirectHandler=http://myjbossserver.com:8080/opensso/WSPRedirectHandler
com.sun.identity.liberty.interaction.wscSpecifiedInteractionChoice=interactIfNeeded
com.sun.identity.liberty.interaction.wscWillInlcudeUserInteractionHeader=yes
com.sun.identity.liberty.interaction.wscWillRedirect=yes
com.sun.identity.liberty.interaction.wscSpecifiedMaxInteractionTime=80
com.sun.identity.liberty.interaction.wscWillEnforceHttpsCheck=no
com.sun.identity.loginurl=http://myjbossserver.com:8080/opensso/UI/Login
com.sun.identity.liberty.authnsvc.url=http://myjbossserver.com:8080/opensso/Liberty/authnsvc


      • 2435 Views
      • Tags:
        • 1. Re: OpenSSO - how to login via login-link?
          carstenrudat May 5, 2008 2:00 AM (in response to carstenrudat)

          Hi,

          just to test other configurations, I have installed jboss-portal-2.6.4-bundle and a new fresh jboss-4.2.2.GA with jboss-portal-2.6.4.GA (non clustering/default configuration).
          On both configurations I have the same problem: I'm automatically redirected to OpenSSO-Login as soon as I call the first portal-page (myserver:8080/portal).

          Is this a bug (in OpenSSO or JBoss Portal 2.6.4 or in the corresponding OpenSSO/Tomcat-valve)? Or is this a configuration problem?

          Thanks for any help.
          Carsten

            • Actions