6 Replies Latest reply on Jun 1, 2013 8:08 PM by richfaces_ahop

    How to implement Single Sign On

    nille
    nille Feb 15, 2010 4:57 PM

      Hi everybody,


      I have the following problem. My current application is using a simple Login page with login form and an Authenticator implementaion (@Name(authenticator) for actual authentication logic. Any request for a page is redirected to the Login page if the user is not logged in (#{identity.loggedIn}). That's working fine.


      Now I want to add the possibility to use a Single-Sign On solution. I thought the best approach would be to implement a filter which intercepts the request to the Login.page and calls the authentication method  before the user gets the login page. I tried it that way:




      @Startup
@Scope(ScopeType.APPLICATION)
@Name("SSOFilter")
@BypassInterceptors
@Filter(within="org.jboss.seam.web.IdentityRequestWrapper")
public class SSOFilter extends AbstractFilter {
     private static final long serialVersionUID = 1L;
       
     @Override
     public void destroy() {
          System.out.println("Destroy filter...");
     }

     @Override
     public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException {
          System.out.println("doFilter...");
          Identity identity = Identity.instance();
          identity.getCredentials().setUsername("abcd");
          identity.getCredentials().setPassword("dcba");
          identity.login();
          
          chain.doFilter(req, resp);
          
     }

     @Override
     public void init(FilterConfig arg0) throws ServletException {
          System.out.println("Init filter...");
     }
}



      But I get an exception in line identity = Identity.instance();  of this type: java.lang.IllegalStateException: No active session context. If that's the correct approach, how can I make sure that all needed Contexts are there and how can I use the provided Identity? If that's not the way one should do it: what's the suggested way if I want to keep the possibility of the login with the Login page?


      Best regards and thanks a lot in advance :),


      pete

      • 552 Views
      • Tags:
        • 1. Re: How to implement Single Sign On
          nille
          nille Feb 16, 2010 3:00 PM (in response to nille)

          I found the method org.jboss.seam.contexts.Lifecycle.beginCall();. After calling that I have access to the needed Context objects, eg. Identity. But the question still is: is that the preferred approach for implementing SSO? Keeping the Login page / Login form described above is not longer a must if that simplifies the whole thing.


          Any hint is highly appreciated :-)


          Kind Regards,
          Pete

            • Actions
          • 2. Re: How to implement Single Sign On
            nille
            nille Feb 18, 2010 10:48 AM (in response to nille)

            For anyone who wants to know: I implemented the SSO funcionality by an Authenticator and used some navigation rules.


            Kind Regards,
            Pete

              • Actions
            • 3. Re: How to implement Single Sign On
              jgunvaldson
              jgunvaldson Mar 22, 2010 8:15 PM (in response to nille)

              Facing the same SSO issues pretty much.


              Thank you for the above details, I am still testing various scenarios. I have success with good logins, having to deal with bad logins is becoming more difficult.


              1. where is the initial call made to identity.login in your setup?
              2. how do you handle failed authentication, (pages.xml call to send to the logout page) without causing the automated login to kick in again, and start a loop?
              3. are you still using filter (like above)?, interceptor? overrides?


              Thanks for any additional insight.


              Regards,


              John



                • Actions
              • 4. Re: How to implement Single Sign On
                gil.gilbertalghazal.hotmail.com
                gil.gilbertalghazal.hotmail.com May 24, 2011 5:10 AM (in response to nille)

                hey Pete,
                can u please explain more how did u call the org.jboss.seam.contexts.Lifecycle.beginCall(); function? coz i'm having the same issue here. and also if possible the changes in the web.xml and pages.xml if any.
                thanks in advance

                  • Actions
                • 5. Re: How to implement Single Sign On
                  gil.gilbertalghazal.hotmail.com
                  gil.gilbertalghazal.hotmail.com May 24, 2011 8:38 AM (in response to nille)
                  never mind i figured out how to use the beginCall method but i'm stuck with how to bypass the following navigation rule in the login.page.xml:
                  <navigation from-action="#{identity.login}">
                        <rule if="#{identity.loggedIn}">
                           <redirect view-id="/pages/interfaceSummay.xhtml"/>
                        </rule>
                     </navigation>
                    • Actions
                  • 6. Re: How to implement Single Sign On
                    richfaces_ahop
                    richfaces_ahop Jun 1, 2013 8:08 PM (in response to gil.gilbertalghazal.hotmail.com)

                    Hey guys, it's two years later and I am running into the same problem.  Can someone please share with me what navigation rules I need to implement to get the SSO capability to work?  I have my authenticator already working for a single user login. 

                      • Actions