6 Replies Latest reply on Jun 16, 2010 3:30 AM by jfclere

    Apache-SSO Integration Issue

    friendrss
    friendrss May 27, 2010 9:29 AM

      We are currently implemention Single Sign On for our application. This implementation is using approach of 2 Sun AIM setup, 1st to authenticate intranet, and 2nd to authenticate internet access.

       

      We are facing issue while implementing multiple SSO with JBOSS. Here is the details to scenario;

       

      1. In the 1st setup of SSO, we have used Apache Tomcat to HOST SSO, and JBOSS is integrated with this SSO using tomcat authetication volve. This is working fine.

      2. In the 2nd setup SSO, we have Apache HTTP server with Sun Policy Web Agent protecting resource hosted on JBOSS by authenticating web users. In this scenario, once the users are authenticated, the request is forwarded to Portal. But portal is not able to identify SSOKTokenID in session.

       

      Ideally Portal needs to be configured in such a way that if request are directly hit to portal then it needs to authenticate users from 1st SSO setup. And for web users, requests are forwarded to portal from apache post authication from 2nd SSO setup, then Portal shall identify token to mark the same as valid user sessions.

       

      Any help in this regard is appreciated.

       

      Ramendra

      • 9803 Views
      • Tags:
        • 1. Re: Apache-SSO Integration Issue
          jfclere
          jfclere May 28, 2010 2:58 AM (in response to friendrss)

          hm I seems to me you have 2 different sessionids or do you want the Apache httpd user forwarded to jboss?

            • Actions
          • 2. Re: Apache-SSO Integration Issue
            friendrss
            friendrss May 28, 2010 7:43 AM (in response to jfclere)

            Hi Jean,

            As I have mentinoned that we have 2 SSO setup. one is for intranet and one is for internet application. When we hit the applcaition from internet link at that time once user get authenticated with Sun Access Manager it redirects control to portal but there is no user seesion available, means portal shows that user is not logged in and if we click on Login then it redirects applcaition to the intranet SSO authetication.

             

            Ramendra

              • Actions
            • 3. Re: Apache-SSO Integration Issue
              friendrss
              friendrss Jun 1, 2010 12:23 PM (in response to friendrss)
              while doing this I am getting this message in catalina logs

               

              May 31, 2010 10:09:58 AM org.apache.catalina.startup.HostConfig deployDirectory
              INFO: Deploying web application directory examples
              May 31, 2010 10:10:01 AM org.apache.catalina.startup.HostConfig deployDirectory
              INFO: Deploying web application directory ROOT
              May 31, 2010 10:10:02 AM org.apache.catalina.startup.HostConfig deployWAR
              INFO: Deploying web application archive amserver.war
              May 31, 2010 10:10:50 AM org.apache.coyote.http11.Http11Protocol start
              INFO: Starting Coyote HTTP/1.1 on http-8082
              May 31, 2010 10:10:50 AM org.apache.catalina.startup.Catalina start
              INFO: Server startup in 49286 ms
              May 31, 2010 10:18:47 AM org.apache.catalina.core.StandardWrapperValve invoke
              SEVERE: Servlet.service() for servlet pllservice threw exception
              java.lang.NullPointerException
              at com.iplanet.services.naming.service.NamingService.processRequest(NamingService.java:361)
              at com.iplanet.services.naming.service.NamingService.process(NamingService.java:351)
              at com.iplanet.services.comm.server.PLLRequestServlet.handleRequest(PLLRequestServlet.java:196)
              at com.iplanet.services.comm.server.PLLRequestServlet.doPost(PLLRequestServlet.java:148)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
              at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:86)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
              at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
              at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
              at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
              at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
              at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
              at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
              at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852)
              at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
              at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
              at java.lang.Thread.run(Unknown Source)
              May 31, 2010 10:23:51 AM org.apache.coyote.http11.Http11Protocol pause
              INFO: Pausing Coyote HTTP/1.1 on http-8082
              May 31, 2010 10:23:52 AM org.apache.catalina.core.StandardService stop
              INFO: Stopping service Catalina
              May 31, 2010 10:24:25 AM org.apache.catalina.loader.WebappClassLoader clearReferencesThreads
              SEVERE: A web application appears to have started a thread named [LDAPConnThread-3 ldap://ldapweb.mydomain.com:6389] but has failed to stop it. This is very likely to create a memory leak.
              May 31, 2010 10:24:25 AM org.apache.catalina.loader.WebappClassLoader clearReferencesThreads
              SEVERE: A web application appears to have started a thread named [LDAPConnThread-4 ldap://ldapweb.mydomain.com:6389] but has failed to stop it. This is very likely to create a memory leak.
              May 31, 2010 10:24:25 AM org.apache.catalina.loader.WebappClassLoader clearReferencesThreads
              SEVERE: A web application appears to have started a thread named [amStats] but has failed to stop it. This is very likely to create a memory leak.
              May 31, 2010 10:24:25 AM org.apache.catalina.loader.WebappClassLoader clearReferencesThreads
              SEVERE: A web application appears to have started a thread named [amSession[0]] but has failed to stop it. This is very likely to create a memory leak.
              May 31, 2010 10:24:25 AM org.apache.catalina.loader.WebappClassLoader clearReferencesThreads
              SEVERE: A web application appears to have started a thread named [amSession[1]] but has failed to stop it. This is very likely to create a memory leak.
              May 31, 2010 10:24:25 AM org.apache.catalina.loader.WebappClassLoader clearReferencesThreads

               

               


              If anybody has any idea please help...
                • Actions
              • 4. Re: Apache-SSO Integration Issue
                jfclere
                jfclere Jun 7, 2010 2:34 AM (in response to friendrss)

                PLLRequestServlet.java is not is jboss code hard to help.

                But the problem is you need to export your httpd environmernt and have a valve set the corresponding user.

                  • Actions
                • 5. Re: Apache-SSO Integration Issue
                  friendrss
                  friendrss Jun 16, 2010 1:11 AM (in response to jfclere)

                  Can we open multiple valves in one JBOSS instance ? if yes then how ? Please provide some example for that as it is becoming very critical for us now.

                   

                  Thanks.

                  Ramendra

                    • Actions
                  • 6. Re: Apache-SSO Integration Issue
                    jfclere
                    jfclere Jun 16, 2010 3:30 AM (in response to friendrss)

                    You can have as many as valves as you need (declared in server.xml). There are several valves in jbossweb look in http://anonsvn.jboss.org/repos/jbossweb/trunk/java/org/apache/catalina/valves/

                      • Actions