4 Replies Latest reply on Jun 20, 2007 12:27 PM by Nicholas Iffrig

    JOSSO and JBoss Portal

    Matthew Richardson Newbie

      Does anyone have insight into how to integrate JOSSO in to JBoss Portal to use our exsting dabase of users and roles for authentication? I understand how to setup JOSSO, just not how to get the JBOSS User portlet to use a different method for authentication...

      Thanks in advance,
      Matt

        • 1. Re: JOSSO and JBoss Portal
          Matthew Richardson Newbie

          Actually, any guidance on setting up a SSO solution that will work across servlets and the portals would be nice. JAAS or something else?

          Thoughts?

          Thanks,
          matt

          • 2. Re: JOSSO and JBoss Portal
            Doug Schnelzer Newbie

            You can create a separate web application just for authentication (assign it to the root context if you want) that has a JAAS login module.

            In the login webapp specify your security domain in jboss-web.xml

            <?xml version="1.0"?>
            <jboss-web>
             <security-domain>java:jaas/yourJaasDomain</security-domain>
             <context>/</context>
            </jboss-web>
            

            Then modify the JBoss Portal's Jaas Security Domain to yourJaasDomain by edtiting deploy\jboss-portal.sar\portal-server.war\WEB-INF\jboss-web.xml.

            In our case we modified the Portal Security constraint so that all portal content is secure. You can do that by modifying the security-constraint in deploy\jboss-portal.sar\portal-server.war\WEB-INF\web.xml to something like this.
            <security-constraint>
             <web-resource-collection>
             <web-resource-name>Secure+Authenticated</web-resource-name>
             <url-pattern>/*</url-pattern>
             </web-resource-collection>
             <auth-constraint>
             <role-name>Authenticated</role-name>
             </auth-constraint>
             <user-data-constraint>
             <transport-guarantee>CONFIDENTIAL</transport-guarantee>
             </user-data-constraint>
             </security-constraint>



            Use this same security domain in all of your portlets too.

            You may be able to use this type of approach with JOSSO as well. Let us know what you find out.



            • 3. Re: JOSSO and JBoss Portal
              Viet Master

              Hi Rich,

              jboss portal uses servlet container authentication so you can use whatever SSO solution that works with tomcat. Let me know if you make it work with it.

              • 4. Re: JOSSO and JBoss Portal
                Nicholas Iffrig Newbie

                I am attempting to get portal to authenticate against a JOSSO configuration as well, using jboss-portal-2.4.1. I haven't seen much info about doing this so far. It seems like this should have a straightforward solution, much like connecting to an LDAP identity/credential store. My first thought was to include an entry in portal's login-config.xml much like the one in jboss' login-config.xml

                <login-module code = "org.josso.jb4.agent.JBossSSOGatewayLoginModule"
                 flag = "required">
                 <module-option name="debug">true</module-option>
                 </login-module>


                Under the Portal application policy. This caused a null pointer exception when attempting to authenticate users with the user portlet. I really feel that this has an easy solution, but i'm lost in the XML jungle that jboss and portal carry with them. Any clues?

                Nick