Actually, any guidance on setting up a SSO solution that will work across servlets and the portals would be nice. JAAS or something else?
You can create a separate web application just for authentication (assign it to the root context if you want) that has a JAAS login module.
In the login webapp specify your security domain in jboss-web.xml
<?xml version="1.0"?> <jboss-web> <security-domain>java:jaas/yourJaasDomain</security-domain> <context>/</context> </jboss-web>
Then modify the JBoss Portal's Jaas Security Domain to yourJaasDomain by edtiting deploy\jboss-portal.sar\portal-server.war\WEB-INF\jboss-web.xml.
In our case we modified the Portal Security constraint so that all portal content is secure. You can do that by modifying the security-constraint in deploy\jboss-portal.sar\portal-server.war\WEB-INF\web.xml to something like this.
<security-constraint> <web-resource-collection> <web-resource-name>Secure+Authenticated</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>Authenticated</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
Use this same security domain in all of your portlets too.
You may be able to use this type of approach with JOSSO as well. Let us know what you find out.
jboss portal uses servlet container authentication so you can use whatever SSO solution that works with tomcat. Let me know if you make it work with it.
I am attempting to get portal to authenticate against a JOSSO configuration as well, using jboss-portal-2.4.1. I haven't seen much info about doing this so far. It seems like this should have a straightforward solution, much like connecting to an LDAP identity/credential store. My first thought was to include an entry in portal's login-config.xml much like the one in jboss' login-config.xml
<login-module code = "org.josso.jb4.agent.JBossSSOGatewayLoginModule" flag = "required"> <module-option name="debug">true</module-option> </login-module>
Under the Portal application policy. This caused a null pointer exception when attempting to authenticate users with the user portlet. I really feel that this has an easy solution, but i'm lost in the XML jungle that jboss and portal carry with them. Any clues?