This content has been marked as final.
Show 2 replies
-
1. Re: GenericHeaderAuthenticator / SiteMinder Authentication
longbeach Apr 12, 2010 9:31 PM (in response to edk9)Hi,
have you been able to fix your problem ?
If yes, I would be interested to know how since I too need to authenticate my user through Siteminder SSO.
Thanks.
-
2. Re: GenericHeaderAuthenticator / SiteMinder Authentication
madanosliw Apr 13, 2010 12:58 AM (in response to longbeach)We got this working in JBoss 5 and added some custom stuff, but this is the basics:
In JBoss 5, the configuration's going to have to go in the war deployers jboss-beans.xml:{jboss.home}/server/{configuration}/deployers/jbossweb.deployer/META-INF/war-deployers-jboss-beans.xml:<property name="authenticators"> <map keyClass="java.lang.String" valueClass="java.lang.String"> ... <entry> <key>HEADER</key> <value>org.jboss.web.tomcat.security.GenericHeaderAuthenticator</value> </entry> </map> </property>
The httpHeaderForSSOAuth (HTTP Header names carrying the principal from the Siteminder proxy) and sessionCookieForSSOAuth fields also go in the bean tag named "WarDeployer" in the same file:<bean name="WarDeployer"> ... <property name="httpHeaderForSSOAuth">SITEMINDER_AUTH_HEADER</property> ... </bean>
We actually wrote a custom authenticator based on the GenericHeaderAuthenticator. If choosing to do this, a tip that will save you some time is that the attributes are capitalized when retrieving them:mserver.getAttribute(new ObjectName("jboss.web:service=WebServer"), "HttpHeaderForSSOAuth");
When you've got the authenticator set up, you can refer to the type in your web.xml or jboss.xml:<auth-method>HEADER</auth-method>
If using the siteminder header as a trusted authentication, you might need to write a custom login module to accept any username/empty password (I'm not sure about this, you might be able to not specify a login module and have the authentication work).