2 Replies Latest reply on Apr 13, 2010 12:58 AM by madanosliw

    GenericHeaderAuthenticator / SiteMinder Authentication

    Edward Kujawski Newbie

      I have been studying how to receive the header authentication from SiteMinder into JBoss. I have been following the instructions from http://community.jboss.org/wiki/GenericHeaderBasedAuthentication but with limited sucess.


      What I've done:











      <?xml version="1.0" encoding="UTF-8"?>

      <deployment xmlns="urn:jboss:bean-deployer:2.0">

            <application-policy xmlns="urn:jboss:security-beans:1.0" name="WebServiceTestDomain">

                  <login-module code="org.jboss.web.tomcat.security.GenericHeaderAuthenticator"
                          <!-- <module-option name="HttpHeaderForSSOAuth">SITEMINDER_AUTH</module-option> -->




          <Valve className="org.jboss.web.tomcat.security.GenericHeaderAuthenticator"


      This results in the following error when loading the page:

           java.lang.IllegalStateException: Http headers configuration in tomcat service missing

      ...FYI: which is an error from the following source code



      My question is, how do I set the HttpHeaderForSSOAuth parameter?



        • 1. Re: GenericHeaderAuthenticator / SiteMinder Authentication
          Celinio Fernandes Novice


          have you been able to fix your problem ?

          If yes, I would be interested to know how since I too need to authenticate my user through Siteminder SSO.


          • 2. Re: GenericHeaderAuthenticator / SiteMinder Authentication
            madanosliw Newbie

            We got this working in JBoss 5 and added some custom stuff, but this is the basics:


            In JBoss 5, the configuration's going to have to go in the war deployers jboss-beans.xml:
            <property name="authenticators">
                 <map keyClass="java.lang.String" valueClass="java.lang.String">
            The httpHeaderForSSOAuth (HTTP Header names carrying the principal from the Siteminder proxy) and sessionCookieForSSOAuth fields also go in the bean tag named "WarDeployer" in the same file:  
            <bean name="WarDeployer">
                 <property name="httpHeaderForSSOAuth">SITEMINDER_AUTH_HEADER</property>
            We actually wrote a custom authenticator based on the GenericHeaderAuthenticator.  If choosing to do this, a tip that will save you some time is that the attributes are capitalized when retrieving them:
            mserver.getAttribute(new ObjectName("jboss.web:service=WebServer"), "HttpHeaderForSSOAuth");
            When you've got the authenticator set up, you can refer to the type in your web.xml or jboss.xml:
            If using the siteminder header as a trusted authentication, you might need to write a custom login module to accept any username/empty password (I'm not sure about this, you might be able to not specify a login module and have the authentication work).