6 Replies Latest reply on Aug 24, 2009 10:13 PM by teddy liu

    problem about cas  sso:DBIdentityLoginModule can not get pas

    Kobye Novice

      Now I find out,there are twice authentication for jboss portal with cas sso.
      The first:
      CAS authentication uses CASAuthenticationHandler,which call a MBean(name="portal:service=Module,type=CASAuthenticationService") to authenticate.

      The second:
      Jboss portal use \jboss-portal.sar\conf\login-config.xml to do another authentication.
      It use the loginmodule defined in the <application-policy name="portal">.

      Now I write my own classes for the 2 step authentication.
      The first step has successed.
      In the second step,I can get the value of username,but can not get the password value ,either from sharedState.get("javax.security.auth.login.password") nor from the getUsernameAndPassword method.

      I have check the api and source code and docments,but nothing helpful found.

      It makes me puzzled.


        • 1. Re: problem about cas  sso:DBIdentityLoginModule can not get
          Sohil Shah Master

          Are you following the CAS integration instructions here:

          http://docs.jboss.com/jbportal/v2.6.6/referenceGuide/html/sso.html#d0e13189

          If not, please do this as a baseline for success, and then customize whatever you need to on your end

          Note, make sure you are using CAS 3.0.7. I think the higher versions of CAS are incompatible with this approach of integration, since their App Server integration have changed

          Thanks
          Sohil

          • 2. Re: problem about cas  sso:DBIdentityLoginModule can not get
            Kobye Novice

            thanks Sohil.
            yes.
            I have read the articles I can find about cas sso for jboss portal and successed.
            Now,what I want to do is use our db instead of portal db as the user data of sso.
            because our user password is custom encrypted ,so org.jboss.portal.identity.crm.DBIdentityLoginModule
            can not authenticate successfully,
            so should be decrypted it before authentication.

            I have do a test:
            write a sub class of IdentityLoginModule and DBIdentityLoginModule,just override the validatepassword(String inputpassword,String expectedpassword) method ,log the value of the parameters.
            In the validatepassword method,the value of input password parameter is null.

            But with the IdentityLoginModule provided by portal,it still ahtenticates successfully.

            I have downloaded the jboss-4.23-src,
            try to trace the login method and see what happened .

            • 3. Re: problem about cas  sso:DBIdentityLoginModule can not get
              Kobye Novice

              the class I write:

              
              import javax.security.auth.login.LoginException;
              
              import org.apache.log4j.Logger;
              import org.jboss.portal.identity.auth.IdentityLoginModule;
              
              public class CRMIdentityLoginModule extends IdentityLoginModule{
               private static final Logger logger = Logger.getLogger(CRMIdentityLoginModule.class);
               @Override
               protected boolean validatePassword(String inputPassword, String expectedPassword) {
               logger.info("inputPassword="+inputPassword+",expectedPassword="+expectedPassword);
               return super.validatePassword(inputPassword, expectedPassword);
               }
               @Override
               protected String[] getUsernameAndPassword() throws LoginException {
               String [] strs = super.getUsernameAndPassword();
               for(String str:strs){
               logger.info("str==="+str);
               }
               return strs;
               }
               @Override
               protected String createPasswordHash(String username, String password, String arg2)
               throws LoginException {
               logger.info("arg0==="+username);
               logger.info("arg1==="+password);
               logger.info("arg2==="+arg2);
               return super.createPasswordHash(username, password, arg2);
               }
              }
              



              result:
              
              10:55:15,765 INFO [CRMIdentityLoginModule] str===029
              10:55:15,765 INFO [CRMIdentityLoginModule] str===null
              10:55:15,765 INFO [CRMIdentityLoginModule] inputPassword=null,expectedPassword=
              


              • 4. Re: problem about cas  sso:DBIdentityLoginModule can not get
                Kobye Novice

                In IdentityLoginModule,

                 protected boolean validatePassword(final String inputPassword, String expectedPassword)
                 {
                 HttpServletRequest request = null;
                 try
                 {
                 request = (HttpServletRequest) PolicyContext.getContext("javax.servlet.http.HttpServletRequest");
                 }
                 catch(Exception e)
                 {
                 log.error(this,e);
                 throw new RuntimeException(e);
                 }
                
                 Object ssoSuccess = request.getAttribute("ssoSuccess");
                 if(ssoSuccess != null)
                 {
                 return true;
                 }
                
                


                I think I find it.

                If sso,just return true.
                So I can do the same in the DBIdentityLoginModule.

                yes or no?

                • 5. Re: problem about cas  sso:DBIdentityLoginModule can not get
                  Kobye Novice

                   

                  import javax.security.auth.login.LoginException;
                  import javax.security.jacc.PolicyContext;
                  import javax.servlet.http.HttpServletRequest;
                  import org.jboss.portal.identity.auth.DBIdentityLoginModule;
                  
                  public class CRMDBIdentityLoginModule extends DBIdentityLoginModule {
                  
                   @Override
                   protected boolean validatePassword(String inputPassword,
                   String expectedPassword) {
                  // logger.info("inputPassword=="+inputPassword);
                  // logger.info("expectedPassword=="+expectedPassword);
                   HttpServletRequest request = null;
                   try {
                   request = (HttpServletRequest) PolicyContext
                   .getContext("javax.servlet.http.HttpServletRequest");
                   } catch (Exception e) {
                   log.error(this, e);
                   throw new RuntimeException(e);
                   }
                   Object ssoSuccess = request.getAttribute("ssoSuccess");
                  // logger.info("ssoSuccess=="+ssoSuccess);
                   if (ssoSuccess != null) {
                   return true;
                   }
                   return super.validatePassword(inputPassword, expectedPassword);
                   }
                  
                  
                   @Override
                   protected String createPasswordHash(String username, String password,
                   String arg2) throws LoginException {
                   return password;
                   }
                  }
                  


                  • 6. Re: problem about cas  sso:DBIdentityLoginModule can not get
                    teddy liu Newbie

                    I have the exactly same problem with you. have you resolved the it. I really want know how to deel with this.