0 Replies Latest reply on Sep 3, 2010 4:33 AM by luisa occhipinti

    Problem with JBoss Federated SSO

    luisa occhipinti Newbie

      Sorry for any mistakes, but I am new to the community and in JBossAS.

      I have made the following installation and configuration. On a machine i have installed 2 JBoss instances:

      1) JBoss 4.0.5 on which I must deploy Oracle ADF applications developed with Oracle JDeveloper;

      2) JBoss 5.0.1 on which I will deploy all the other application (Web Service, JSF applications, etc.).

      To distribuite the incoming request between the 2 instance I use Apache 2.0.13 and mod_jk.

      I need to implement a SSO solution among the ADF applications (i.e. among the different ear) and among the 2 JBoss installations.

      I'm testing JBoss Federated SSO 1.0CR1 . I'm using as identity repository OpenLdap, as authentication meccanism JAAS and the authentication method is based on a custom form login page.

      I'm able to login successful on each ADF application, but i'm not able to propagate the user credential from one ear to another ear. If I login to a page of application A and then from this i call a page that is on application B (then another ear), i'm redirect to the login page.

      Below lists the file configuration changed:


         <application-policy name="jboss-sso">      
               <login-module code="org.jboss.security.idm.UsernameAndPasswordLoginModule" flag="required">
                 <module-option name="unauthenticatedIdentity">guest</module-option>
                 <module-option name="password-stacking">useFirstPass</module-option>
                 <!--module-option name="hashAlgorithm">SHA-1</module-option-->
                 <module-option name="hashUserPassword">false</module-option>
                 <module-option name="hashStorePassword">false</module-option>
                 <module-option name="authenticatedRoles">JBossAdmin,AuthenticatedUsers</module-option>
                 <module-option name="provider">si:jboss-sso:ldap:login</module-option>            



                  <provider id="si:jboss-sso:ldap:login" class="org.jboss.security.idm.ldap.LDAPIdentityProvider">
                      <property name="connectionURL">
                      <property name="username">cn=liavadmin,dc=liav,dc=it</property>
                      <property name="password">allugi00</property>
                      <property name="identityOu">users</property>
                      <property name="roleOu">Roles</property>
              <processor class="org.jboss.security.saml.JBossSingleSignOn">
                  <property name="trustServer">http://node1.jboss.com:8080/federate/trust</property>

      3) In the WEB-INF directory of each ear file  i have added the attached files.


      Is there some errors in the configuration?


      Thank you,