OpenSSO - how to login via login-link?
carstenrudat Apr 30, 2008 11:51 AMHi all,
I still have problems with OpenSSO. I'm running JBoss Portal 2.6.4 (clustered) on JBoss 4.2.2.GA (all config).
I followed the instructions on http://blog.jboss-portal.org/2007/10/jboss-portal-with-opensso-and-opends.html and installed OpenSSO V1 Build 4 and OpenDS.
I had to add following to the users stored in OpenDS:
dn: uid=user.0,ou=People,dc=opensso,dc=java,dc=net changetype: modify add: objectclass objectclass: sunFMSAML2NameIdentifier
Now, I'm forwarded to the OpenSSO-Login-page as soon as I call http://myjbossserver.com:8080/portal without clicking on the login-link. I really would like to see the first portal-page without being logged in, and I don't know how to do that...
My config changes are as follows:
server/all/jboss-web.deployer/server.xml:
<Valve className="org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn" />
server/all/portal-server.war/WEB-INF/context.xml:
<Valve className="org.jboss.portal.identity.sso.opensso.OpenSSOAuthenticationValve" loginURL="http://myjbossserver.com:8080/opensso" logoutURL="http://myjbossserver.com:8080/opensso/UI/Logout" appendLoginGoto="true" appendLogoutGoto="true" authType="FORM" />
server/all/conf/AMConfig.properties:
com.iplanet.services.debug.level=message com.iplanet.services.debug.directory=/tmp com.iplanet.am.serverMode=false com.iplanet.am.sdk.caching.enabled=false com.sun.identity.idm.cache.enabled=false com.sun.identity.sm.cache.enabled=true com.sun.identity.sm.sms_object_class_name=com.sun.identity.sm.jaxrpc.SMSJAXRPCObject com.iplanet.am.naming.url=http://myjbossserver.com:8080/opensso/namingservice com.iplanet.am.notification.url=@NOTIFICATION_URL@ com.sun.identity.agents.app.username=amadmin com.iplanet.am.service.password= com.iplanet.am.service.secret=AQIC5wM2LY4SfcyImS3T1DzgtBnOSHf5p9Ab am.encryption.pwd= com.sun.identity.client.encryptionKey= com.iplanet.security.encryptor=com.iplanet.services.util.JCEEncryption com.sun.identity.idm.remote.notification.enabled=true com.iplanet.am.sdk.remote.pollingTime=1 com.sun.identity.sm.notification.enabled=true com.sun.identity.sm.cacheTime=1 com.iplanet.am.server.protocol=http com.iplanet.am.server.host=myjbossserver.com com.iplanet.am.server.port=8080 com.iplanet.am.services.deploymentDescriptor=/opensso com.iplanet.am.console.protocol=@CONSOLE_PROTOCOL@ com.iplanet.am.console.host=@CONSOLE_HOST@ com.iplanet.am.console.port=@CONSOLE_PORT@ com.iplanet.am.console.deploymentDescriptor=@CONSOLE_DEPLOY_URI@ com.iplanet.am.console.remote=@CONSOLE_REMOTE@ com.iplanet.am.cookie.name=iPlanetDirectoryPro com.iplanet.am.session.client.polling.enable=true com.iplanet.am.session.client.polling.period=180 com.iplanet.am.admin.cli.certdb.dir=@CONTAINER_CERTDB_DIR@ com.iplanet.am.admin.cli.certdb.prefix=@CONTAINER_CERTDB_PREFIX@ com.iplanet.am.admin.cli.certdb.passfile=@BASEDIR@/@PRODUCT_DIR@/config/.wtpass com.iplanet.am.jssproxy.trustAllServerCerts=false com.iplanet.am.jssproxy.checkSubjectAltName=false com.iplanet.am.jssproxy.resolveIPAddress=false com.iplanet.am.jssproxy.SSLTrustHostList=false com.sun.identity.agents.server.log.file.name=amRemotePolicyLog com.sun.identity.agents.logging.level=NONE com.sun.identity.agents.notification.enabled=false com.sun.identity.agents.notification.url=@NOTIFICATION_URL@ com.sun.identity.agents.polling.interval=3 com.sun.identity.policy.client.cacheMode=subtree com.sun.identity.policy.client.clockSkew=10 com.sun.identity.monitoring=off com.sun.identity.urlconnection.useCache=false com.sun.identity.plugin.configuration.class=com.sun.identity.plugin.configuration.impl.ConfigurationInstanceImpl com.sun.identity.plugin.datastore.class.default=com.sun.identity.plugin.datastore.impl.IdRepoDataStoreProvider com.sun.identity.plugin.session.class=com.sun.identity.plugin.session.impl.FMSessionProvider com.sun.identity.saml.xmlsig.signatureprovider.class=com.sun.identity.saml.xmlsig.AMSignatureProvider com.sun.identity.saml.xmlsig.keyprovider.class=com.sun.identity.saml.xmlsig.JKSKeyProvider com.sun.identity.saml.xmlsig.keystore=/Users/carsten/Documents/workspace3/Genloop.generator/lib/runtime/dist-lib/jboss-4.2.2.GA_Genloop_Portal/server/all/deploy/fam-client-jdk15-exp.war/keystore.jks com.sun.identity.saml.xmlsig.storepass=/Users/carsten/Documents/workspace3/Genloop.generator/lib/runtime/dist-lib/jboss-4.2.2.GA_Genloop_Portal/server/all/deploy/fam-client-jdk15-exp.war/.storepass com.sun.identity.saml.xmlsig.keypass=/Users/carsten/Documents/workspace3/Genloop.generator/lib/runtime/dist-lib/jboss-4.2.2.GA_Genloop_Portal/server/all/deploy/fam-client-jdk15-exp.war/.keypass com.sun.identity.saml.xmlsig.certalias=test com.sun.identity.saml.checkcert=on com.sun.identity.saml.xmlsig.c14nMethod=http://www.w3.org/2001/10/xml-exc-c14n# com.sun.identity.saml.xmlsig.xmlSigAlgorithm= com.sun.identity.saml.xmlsig.transformAlg=http://www.w3.org/2001/10/xml-exc-c14n# com.sun.identity.saml2.xmlenc.EncryptionProvider=com.sun.identity.saml2.xmlenc.FMEncProvider com.sun.identity.saml2.xmlsig.SignatureProvider=com.sun.identity.saml2.xmlsig.FMSigProvider com.sun.identity.saml2.crl.check=false com.sun.identity.saml2.crl.check.ca=false com.sun.identity.liberty.ws.soap.certalias= com.sun.identity.liberty.ws.soap.staleTimeLimit=300000 com.sun.identity.liberty.ws.soap.messageIDCacheCleanupInterval=60000 com.sun.identity.liberty.ws.soap.supportedActors=http://schemas.xmlsoap.org/soap/actor/next com.sun.identity.liberty.ws.jaxb.namespacePrefixMappingList=S=http://schemas.xmlsoap.org/soap/envelope/|sb=urn:liberty:sb:2003-08|pp=urn:liberty:id-sis-pp:2003-08|ispp=http://www.sun.com/identity/liberty/pp|is=urn:liberty:is:2003-08 com.sun.identity.liberty.ws.jaxb.packageList= com.sun.identity.liberty.ws.wsc.certalias= com.sun.identity.liberty.ws.ta.certalias= com.sun.identity.liberty.ws.trustedca.certaliases= com.sun.identity.liberty.ws.security.TokenProviderImpl=com.sun.identity.liberty.ws.security.LibSecurityTokenProvider com.sun.identity.liberty.interaction.wspRedirectHandler=http://myjbossserver.com:8080/opensso/WSPRedirectHandler com.sun.identity.liberty.interaction.wscSpecifiedInteractionChoice=interactIfNeeded com.sun.identity.liberty.interaction.wscWillInlcudeUserInteractionHeader=yes com.sun.identity.liberty.interaction.wscWillRedirect=yes com.sun.identity.liberty.interaction.wscSpecifiedMaxInteractionTime=80 com.sun.identity.liberty.interaction.wscWillEnforceHttpsCheck=no com.sun.identity.loginurl=http://myjbossserver.com:8080/opensso/UI/Login com.sun.identity.liberty.authnsvc.url=http://myjbossserver.com:8080/opensso/Liberty/authnsvc