-
15. Re: WildFly support Single-Sign-On (SSO)?
Hello all,
I'm trying to get SSO configured for my Wildfly server and the .wars. The SSO documentation seems to be lacking and/or unclear; an end-to-end example to include web.xml, jboss-web.xml for each .war and the standalone.xml (or domain.xml) configurations required to enable SSO. The configuration for the standalone.xml to add the <single-sign-on path="/" /> does the trick for getting the JSESSIONIDSSO cookie to get returned but I have the following questions:
- Can I use the <auth-method>FORM</auth-method> with WIldfly SSO functionality? Can I also expect SSO to work if I were to switch to DIGEST auth-method?
- Must I add a new <security-domain> to the standalone.xml? My existing FORM login successfully authenticates/authorizes using the $WILDFLY_HOME/standalone/configuration/application-users.properties and application-roles.properties.
- The changes required for jboss-web.xml seem to be a mystery and confusing:
- most examples that I've seen mention that you simply need to add <valve><class-name>org.apache.catalina.authenticator.SingleSignOn</class-name></valve>. However, the valve element is commented out in the jboss-web_8_0.xsd which implies that it's no longer used?
- are there any other configuration changes required in the jboss-web.xml to support SSO?
The following use case is where I'm trying to get SSO enabled:
- war-with-REST-services.war is a .war that handles REST calls. The REST services use Stateless session EJBs to work with Hibernate JPA entities. We would like to enable role-based access for the REST resources and EJBs (via @RolesAllowed, etc). We've setup FORM login auth-method at the moment but will likely need to switch to DIGEST or another approach to support system-to-system service calls.
- front-end-UI.war is a .war that has our web frontend that uses the REST services in the war-with-REST-services.war to essentially use the REST services to perform CRUD operations within the webapp. It's setup to use FORM auth-method.
- Both .wars are deployed to the server. The goal is to login to the front-end-UI and then have that login session (assume via the JSESSIONIDSSO cookie) span across to the war-with-REST-services.war.
I'm running Wildfly 8.1.0.CR2
Thanks,
Shawn
-
16. Re: WildFly support Single-Sign-On (SSO)?
Hey Shawn, trying to get the same thing setup and running into the same lack of documentation that you did. I was just wondering if you were able to get it working? Any pointers or examples would be helpful.
Thanks,
- Mike
-
17. Re: WildFly support Single-Sign-On (SSO)?
Did any of you have any luck finding the documentation? I tied this config for a single node setup and it worked successfully. Could someone comment the steps how to acheive a Clustered SSO.
-
18. Re: WildFly support Single-Sign-On (SSO)?
Clustered SSO has no additional configuration (other than what you've already done for your single node setup), but you'll need to use one of the ha profiles (e.g. standalone-ha.xml).
-
19. Re: WildFly support Single-Sign-On (SSO)?
Does widfly support cluster SSO, in JBOSS7.1 we need to define cache-container and cache-name, Do we need to define anything for SSO cluster replication?
I am not able to use the SSO across cluster server. When One node dies, JSessionidSSO is returning null