Problem with JBoss Federated SSO
mluisa Sep 3, 2010 4:33 AMSorry for any mistakes, but I am new to the community and in JBossAS.
I have made the following installation and configuration. On a machine i have installed 2 JBoss instances:
1) JBoss 4.0.5 on which I must deploy Oracle ADF applications developed with Oracle JDeveloper;
2) JBoss 5.0.1 on which I will deploy all the other application (Web Service, JSF applications, etc.).
To distribuite the incoming request between the 2 instance I use Apache 2.0.13 and mod_jk.
I need to implement a SSO solution among the ADF applications (i.e. among the different ear) and among the 2 JBoss installations.
I'm testing JBoss Federated SSO 1.0CR1 . I'm using as identity repository OpenLdap, as authentication meccanism JAAS and the authentication method is based on a custom form login page.
I'm able to login successful on each ADF application, but i'm not able to propagate the user credential from one ear to another ear. If I login to a page of application A and then from this i call a page that is on application B (then another ear), i'm redirect to the login page.
Below lists the file configuration changed:
1)C:\JBoss\jboss-4.0.5.GA\server\default\conf\login-config.xml
<application-policy name="jboss-sso">
<authentication>
<login-module code="org.jboss.security.idm.UsernameAndPasswordLoginModule" flag="required">
<module-option name="unauthenticatedIdentity">guest</module-option>
<module-option name="password-stacking">useFirstPass</module-option>
<!--module-option name="hashAlgorithm">SHA-1</module-option-->
<module-option name="hashUserPassword">false</module-option>
<module-option name="hashStorePassword">false</module-option>
<module-option name="authenticatedRoles">JBossAdmin,AuthenticatedUsers</module-option>
<module-option name="provider">si:jboss-sso:ldap:login</module-option>
</login-module>
</authentication>
</application-policy>
2)C:\JBoss\jboss-4.0.5.GA\server\default\deploy\jboss-sso.sar\conf\sso.cfg.xml
<jboss-sso>
<identity-management>
<login>
<provider id="si:jboss-sso:ldap:login" class="org.jboss.security.idm.ldap.LDAPIdentityProvider">
<property name="connectionURL">
jdbc:ldap://vm-middle-test:389/dc=liav,dc=it?SEARCH_SCOPE:=subTreeScope&secure:=false&concat_atts:=true&size_limit:=10000000
</property>
<property name="username">cn=liavadmin,dc=liav,dc=it</property>
<property name="password">allugi00</property>
<property name="identityOu">users</property>
<property name="roleOu">Roles</property>
</provider>
</login>
</identity-management>
<sso-processor>
<processor class="org.jboss.security.saml.JBossSingleSignOn">
<property name="trustServer">http://node1.jboss.com:8080/federate/trust</property>
</processor>
</sso-processor>
</jboss-sso>
3) In the WEB-INF directory of each ear file i have added the attached files.
Is there some errors in the configuration?
Thank you,
mluisa
-
login.jspx.zip 863 bytes
-
sso.zip 1.7 KB