I am new to JBOSS Portal and need your help to resolve my problem. We are using Jboss Portal 2.4 for portal and using opensso product for the security layer (for user authentication and authorization).
portal url with /auth/* is protected by opensso product. Now when ever user clicks on the protected url i.e url that contains "/auth" string opensso redirects the user to a loginscreen for authentication and after sucessful authentication it redirects to the user requested page. During this redirection opensso sends the userid that was authenticated as the request header attribute.
Now my question here is,
In the request header I have a userid that is already authenticated by the opensso security product but for the portal the user is still unauthenticated. How can I authenticate the user into the portal without asking the portal user to submit the portal login screen.
Can any one provide solution or hooks available in jboss portal to resolve this problem.
JBoss Portal uses JAAS based authentication to create an authenticated session.
You will need to process your header(which has the userid) and programmatically perform a JAAS login by injecting a custom Tomcat valve.
For details on JAAS: http://wiki.jboss.org/wiki/Wiki.jsp?page=JBossSX