Enable SSO?
bigman921 Mar 6, 2013 1:22 AMI've written a custom ServletFilter that does SSO with a reverse proxy. The filter its self works and when I specify a password when creating the credential I'm able to login to GateIn without an issue:
This code works:
//after this code, username = "root" String username = attr.getValues().get(0); Credentials credentials = new Credentials(username, "gtn"); ServletContainer container = ServletContainerFactory.getServletContainer(); // This will login or send an AuthenticationException try { container.login(request, response, credentials); } catch (AuthenticationException e) { log.debug("User authentication failed"); if (log.isTraceEnabled()) { log.trace(e.getMessage(), e); } }
However, when I replace the "gtn" with "" (since I don't have a password) and set "gatein.sso.enabled" = true in standalone/configuration/gatein/configuration.properties and restart JBoss I am getting a failed login.
Here's the stack trace:
01:15:33,065 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--192.168.122.219-8080-1) Login failure: javax.security.auth.login.LoginException: Login failed for root
at org.exoplatform.services.security.jaas.DefaultLoginModule.login(DefaultLoginModule.java:136) [exo.core.component.security.core-2.5.0-GA.jar:2.5.0-GA]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_09-icedtea]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_09-icedtea]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_09-icedtea]
at java.lang.reflect.Method.invoke(Method.java:601) [rt.jar:1.7.0_09-icedtea]
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784) [rt.jar:1.7.0_09-icedtea]
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) [rt.jar:1.7.0_09-icedtea]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698) [rt.jar:1.7.0_09-icedtea]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696) [rt.jar:1.7.0_09-icedtea]
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_09-icedtea]
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695) [rt.jar:1.7.0_09-icedtea]
at javax.security.auth.login.LoginContext.login(LoginContext.java:594) [rt.jar:1.7.0_09-icedtea]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:449) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:383) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:371) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:160) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:214) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
at org.apache.catalina.authenticator.AuthenticatorBase.login(AuthenticatorBase.java:324) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.connector.Request.login(Request.java:3252) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.connector.RequestFacade.login(RequestFacade.java:1082) [jbossweb-7.0.13.Final.jar:]
at org.gatein.wci.jboss.JB7ServletContainerContext.login(JB7ServletContainerContext.java:131) [wci-jboss7-2.3.0.Final.jar:2.3.0.Final]
at org.gatein.wci.ServletContainer.login(ServletContainer.java:171) [wci-wci-2.3.0.Final.jar:2.3.0.Final]
at com.tremolosecurity.jboss.login.GateInLastMile.postValidate(GateInLastMile.java:87) [jboss-plugins.jar:]
at com.tremolosecurity.filter.AutoIDMFilter.doFilter(AutoIDMFilter.java:143) [tremolo.jar:]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:397) [jbossweb-7.0.13.Final.jar:]
at org.gatein.sso.integration.SSODelegateValve.invoke(SSODelegateValve.java:159) [sso-integration-1.3.0.Final.jar:1.3.0.Final]
at org.exoplatform.web.login.PortalClusteredSSOSupportValve.invoke(PortalClusteredSSOSupportValve.java:89) [exo.portal.component.web.security-3.5.0.Final.jar:3.5.0.Final]
at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:]
at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_09-icedtea]
Am I missing something? Looking at the code for the SSO module org.gatein.sso.agent.login.SSOLoginModule it clearly isn't loading the password so I don't think its actually executing.
Thanks
Marc