1 Reply Latest reply on May 5, 2008 2:00 AM by Carsten Rudat

    OpenSSO - how to login via login-link?

    Carsten Rudat Novice

      Hi all,

      I still have problems with OpenSSO. I'm running JBoss Portal 2.6.4 (clustered) on JBoss 4.2.2.GA (all config).

      I followed the instructions on http://blog.jboss-portal.org/2007/10/jboss-portal-with-opensso-and-opends.html and installed OpenSSO V1 Build 4 and OpenDS.
      I had to add following to the users stored in OpenDS:

      dn: uid=user.0,ou=People,dc=opensso,dc=java,dc=net
      changetype: modify
      add: objectclass
      objectclass: sunFMSAML2NameIdentifier
      



      Now, I'm forwarded to the OpenSSO-Login-page as soon as I call http://myjbossserver.com:8080/portal without clicking on the login-link. I really would like to see the first portal-page without being logged in, and I don't know how to do that...




      My config changes are as follows:

      server/all/jboss-web.deployer/server.xml:
      <Valve className="org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn" />
      


      server/all/portal-server.war/WEB-INF/context.xml:
      <Valve className="org.jboss.portal.identity.sso.opensso.OpenSSOAuthenticationValve"
       loginURL="http://myjbossserver.com:8080/opensso"
       logoutURL="http://myjbossserver.com:8080/opensso/UI/Logout"
       appendLoginGoto="true"
       appendLogoutGoto="true"
       authType="FORM"
      />
      


      server/all/conf/AMConfig.properties:
      com.iplanet.services.debug.level=message
      com.iplanet.services.debug.directory=/tmp
      com.iplanet.am.serverMode=false
      com.iplanet.am.sdk.caching.enabled=false
      com.sun.identity.idm.cache.enabled=false
      com.sun.identity.sm.cache.enabled=true
      com.sun.identity.sm.sms_object_class_name=com.sun.identity.sm.jaxrpc.SMSJAXRPCObject
      com.iplanet.am.naming.url=http://myjbossserver.com:8080/opensso/namingservice
      com.iplanet.am.notification.url=@NOTIFICATION_URL@
      com.sun.identity.agents.app.username=amadmin
      com.iplanet.am.service.password=
      com.iplanet.am.service.secret=AQIC5wM2LY4SfcyImS3T1DzgtBnOSHf5p9Ab
      am.encryption.pwd=
      com.sun.identity.client.encryptionKey=
      com.iplanet.security.encryptor=com.iplanet.services.util.JCEEncryption
      com.sun.identity.idm.remote.notification.enabled=true
      com.iplanet.am.sdk.remote.pollingTime=1
      com.sun.identity.sm.notification.enabled=true
      com.sun.identity.sm.cacheTime=1
      com.iplanet.am.server.protocol=http
      com.iplanet.am.server.host=myjbossserver.com
      com.iplanet.am.server.port=8080
      com.iplanet.am.services.deploymentDescriptor=/opensso
      com.iplanet.am.console.protocol=@CONSOLE_PROTOCOL@
      com.iplanet.am.console.host=@CONSOLE_HOST@
      com.iplanet.am.console.port=@CONSOLE_PORT@
      com.iplanet.am.console.deploymentDescriptor=@CONSOLE_DEPLOY_URI@
      com.iplanet.am.console.remote=@CONSOLE_REMOTE@
      com.iplanet.am.cookie.name=iPlanetDirectoryPro
      com.iplanet.am.session.client.polling.enable=true
      com.iplanet.am.session.client.polling.period=180
      com.iplanet.am.admin.cli.certdb.dir=@CONTAINER_CERTDB_DIR@
      com.iplanet.am.admin.cli.certdb.prefix=@CONTAINER_CERTDB_PREFIX@
      com.iplanet.am.admin.cli.certdb.passfile=@BASEDIR@/@PRODUCT_DIR@/config/.wtpass
      com.iplanet.am.jssproxy.trustAllServerCerts=false
      com.iplanet.am.jssproxy.checkSubjectAltName=false
      com.iplanet.am.jssproxy.resolveIPAddress=false
      com.iplanet.am.jssproxy.SSLTrustHostList=false
      com.sun.identity.agents.server.log.file.name=amRemotePolicyLog
      com.sun.identity.agents.logging.level=NONE
      com.sun.identity.agents.notification.enabled=false
      com.sun.identity.agents.notification.url=@NOTIFICATION_URL@
      com.sun.identity.agents.polling.interval=3
      com.sun.identity.policy.client.cacheMode=subtree
      com.sun.identity.policy.client.clockSkew=10
      com.sun.identity.monitoring=off
      com.sun.identity.urlconnection.useCache=false
      com.sun.identity.plugin.configuration.class=com.sun.identity.plugin.configuration.impl.ConfigurationInstanceImpl
      com.sun.identity.plugin.datastore.class.default=com.sun.identity.plugin.datastore.impl.IdRepoDataStoreProvider
      com.sun.identity.plugin.session.class=com.sun.identity.plugin.session.impl.FMSessionProvider
      com.sun.identity.saml.xmlsig.signatureprovider.class=com.sun.identity.saml.xmlsig.AMSignatureProvider
      com.sun.identity.saml.xmlsig.keyprovider.class=com.sun.identity.saml.xmlsig.JKSKeyProvider
      com.sun.identity.saml.xmlsig.keystore=/Users/carsten/Documents/workspace3/Genloop.generator/lib/runtime/dist-lib/jboss-4.2.2.GA_Genloop_Portal/server/all/deploy/fam-client-jdk15-exp.war/keystore.jks
      com.sun.identity.saml.xmlsig.storepass=/Users/carsten/Documents/workspace3/Genloop.generator/lib/runtime/dist-lib/jboss-4.2.2.GA_Genloop_Portal/server/all/deploy/fam-client-jdk15-exp.war/.storepass
      com.sun.identity.saml.xmlsig.keypass=/Users/carsten/Documents/workspace3/Genloop.generator/lib/runtime/dist-lib/jboss-4.2.2.GA_Genloop_Portal/server/all/deploy/fam-client-jdk15-exp.war/.keypass
      com.sun.identity.saml.xmlsig.certalias=test
      com.sun.identity.saml.checkcert=on
      com.sun.identity.saml.xmlsig.c14nMethod=http://www.w3.org/2001/10/xml-exc-c14n#
      com.sun.identity.saml.xmlsig.xmlSigAlgorithm=
      com.sun.identity.saml.xmlsig.transformAlg=http://www.w3.org/2001/10/xml-exc-c14n#
      com.sun.identity.saml2.xmlenc.EncryptionProvider=com.sun.identity.saml2.xmlenc.FMEncProvider
      com.sun.identity.saml2.xmlsig.SignatureProvider=com.sun.identity.saml2.xmlsig.FMSigProvider
      com.sun.identity.saml2.crl.check=false
      com.sun.identity.saml2.crl.check.ca=false
      com.sun.identity.liberty.ws.soap.certalias=
      com.sun.identity.liberty.ws.soap.staleTimeLimit=300000
      com.sun.identity.liberty.ws.soap.messageIDCacheCleanupInterval=60000
      com.sun.identity.liberty.ws.soap.supportedActors=http://schemas.xmlsoap.org/soap/actor/next
      com.sun.identity.liberty.ws.jaxb.namespacePrefixMappingList=S=http://schemas.xmlsoap.org/soap/envelope/|sb=urn:liberty:sb:2003-08|pp=urn:liberty:id-sis-pp:2003-08|ispp=http://www.sun.com/identity/liberty/pp|is=urn:liberty:is:2003-08
      com.sun.identity.liberty.ws.jaxb.packageList=
      com.sun.identity.liberty.ws.wsc.certalias=
      com.sun.identity.liberty.ws.ta.certalias=
      com.sun.identity.liberty.ws.trustedca.certaliases=
      com.sun.identity.liberty.ws.security.TokenProviderImpl=com.sun.identity.liberty.ws.security.LibSecurityTokenProvider
      com.sun.identity.liberty.interaction.wspRedirectHandler=http://myjbossserver.com:8080/opensso/WSPRedirectHandler
      com.sun.identity.liberty.interaction.wscSpecifiedInteractionChoice=interactIfNeeded
      com.sun.identity.liberty.interaction.wscWillInlcudeUserInteractionHeader=yes
      com.sun.identity.liberty.interaction.wscWillRedirect=yes
      com.sun.identity.liberty.interaction.wscSpecifiedMaxInteractionTime=80
      com.sun.identity.liberty.interaction.wscWillEnforceHttpsCheck=no
      com.sun.identity.loginurl=http://myjbossserver.com:8080/opensso/UI/Login
      com.sun.identity.liberty.authnsvc.url=http://myjbossserver.com:8080/opensso/Liberty/authnsvc
      


        • 1. Re: OpenSSO - how to login via login-link?
          Carsten Rudat Novice

          Hi,

          just to test other configurations, I have installed jboss-portal-2.6.4-bundle and a new fresh jboss-4.2.2.GA with jboss-portal-2.6.4.GA (non clustering/default configuration).
          On both configurations I have the same problem: I'm automatically redirected to OpenSSO-Login as soon as I call the first portal-page (myserver:8080/portal).

          Is this a bug (in OpenSSO or JBoss Portal 2.6.4 or in the corresponding OpenSSO/Tomcat-valve)? Or is this a configuration problem?

          Thanks for any help.
          Carsten