-
15. Re: WildFly support Single-Sign-On (SSO)?
javashawn May 23, 2014 11:09 AM (in response to hai_feng)Hello all,
I'm trying to get SSO configured for my Wildfly server and the .wars. The SSO documentation seems to be lacking and/or unclear; an end-to-end example to include web.xml, jboss-web.xml for each .war and the standalone.xml (or domain.xml) configurations required to enable SSO. The configuration for the standalone.xml to add the <single-sign-on path="/" /> does the trick for getting the JSESSIONIDSSO cookie to get returned but I have the following questions:
- Can I use the <auth-method>FORM</auth-method> with WIldfly SSO functionality? Can I also expect SSO to work if I were to switch to DIGEST auth-method?
- Must I add a new <security-domain> to the standalone.xml? My existing FORM login successfully authenticates/authorizes using the $WILDFLY_HOME/standalone/configuration/application-users.properties and application-roles.properties.
- The changes required for jboss-web.xml seem to be a mystery and confusing:
- most examples that I've seen mention that you simply need to add <valve><class-name>org.apache.catalina.authenticator.SingleSignOn</class-name></valve>. However, the valve element is commented out in the jboss-web_8_0.xsd which implies that it's no longer used?
- are there any other configuration changes required in the jboss-web.xml to support SSO?
The following use case is where I'm trying to get SSO enabled:
- war-with-REST-services.war is a .war that handles REST calls. The REST services use Stateless session EJBs to work with Hibernate JPA entities. We would like to enable role-based access for the REST resources and EJBs (via @RolesAllowed, etc). We've setup FORM login auth-method at the moment but will likely need to switch to DIGEST or another approach to support system-to-system service calls.
- front-end-UI.war is a .war that has our web frontend that uses the REST services in the war-with-REST-services.war to essentially use the REST services to perform CRUD operations within the webapp. It's setup to use FORM auth-method.
- Both .wars are deployed to the server. The goal is to login to the front-end-UI and then have that login session (assume via the JSESSIONIDSSO cookie) span across to the war-with-REST-services.war.
I'm running Wildfly 8.1.0.CR2
Thanks,
Shawn
-
16. Re: WildFly support Single-Sign-On (SSO)?
cookwareinc Sep 4, 2014 9:35 AM (in response to javashawn)Hey Shawn, trying to get the same thing setup and running into the same lack of documentation that you did. I was just wondering if you were able to get it working? Any pointers or examples would be helpful.
Thanks,
- Mike
-
17. Re: WildFly support Single-Sign-On (SSO)?
vithun.v Nov 24, 2014 6:52 AM (in response to cookwareinc)Did any of you have any luck finding the documentation? I tied this config for a single node setup and it worked successfully. Could someone comment the steps how to acheive a Clustered SSO.
-
18. Re: WildFly support Single-Sign-On (SSO)?
pferraro Nov 24, 2014 2:33 PM (in response to vithun.v)Clustered SSO has no additional configuration (other than what you've already done for your single node setup), but you'll need to use one of the ha profiles (e.g. standalone-ha.xml).
-
19. Re: WildFly support Single-Sign-On (SSO)?
vamshi_appala Oct 6, 2015 10:27 AM (in response to pferraro)Does widfly support cluster SSO, in JBOSS7.1 we need to define cache-container and cache-name, Do we need to define anything for SSO cluster replication?
I am not able to use the SSO across cluster server. When One node dies, JSessionidSSO is returning null