0 Replies Latest reply on Sep 3, 2010 4:33 AM by luisa occhipinti

    Problem with JBoss Federated SSO

    luisa occhipinti Newbie

      Sorry for any mistakes, but I am new to the community and in JBossAS.

      I have made the following installation and configuration. On a machine i have installed 2 JBoss instances:

      1) JBoss 4.0.5 on which I must deploy Oracle ADF applications developed with Oracle JDeveloper;

      2) JBoss 5.0.1 on which I will deploy all the other application (Web Service, JSF applications, etc.).

      To distribuite the incoming request between the 2 instance I use Apache 2.0.13 and mod_jk.

      I need to implement a SSO solution among the ADF applications (i.e. among the different ear) and among the 2 JBoss installations.

      I'm testing JBoss Federated SSO 1.0CR1 . I'm using as identity repository OpenLdap, as authentication meccanism JAAS and the authentication method is based on a custom form login page.

      I'm able to login successful on each ADF application, but i'm not able to propagate the user credential from one ear to another ear. If I login to a page of application A and then from this i call a page that is on application B (then another ear), i'm redirect to the login page.

      Below lists the file configuration changed:

      1)C:\JBoss\jboss-4.0.5.GA\server\default\conf\login-config.xml

         <application-policy name="jboss-sso">      
             <authentication>
               <login-module code="org.jboss.security.idm.UsernameAndPasswordLoginModule" flag="required">
                 <module-option name="unauthenticatedIdentity">guest</module-option>
                 <module-option name="password-stacking">useFirstPass</module-option>
                 <!--module-option name="hashAlgorithm">SHA-1</module-option-->
                 <module-option name="hashUserPassword">false</module-option>
                 <module-option name="hashStorePassword">false</module-option>
                 <module-option name="authenticatedRoles">JBossAdmin,AuthenticatedUsers</module-option>
                 <module-option name="provider">si:jboss-sso:ldap:login</module-option>            
               </login-module>
            </authentication>

          </application-policy>

      2)C:\JBoss\jboss-4.0.5.GA\server\default\deploy\jboss-sso.sar\conf\sso.cfg.xml

      <jboss-sso>
           <identity-management>         
              <login>
                  <provider id="si:jboss-sso:ldap:login" class="org.jboss.security.idm.ldap.LDAPIdentityProvider">
                      <property name="connectionURL">
                          jdbc:ldap://vm-middle-test:389/dc=liav,dc=it?SEARCH_SCOPE:=subTreeScope&amp;secure:=false&amp;concat_atts:=true&amp;size_limit:=10000000
                      </property>
                      <property name="username">cn=liavadmin,dc=liav,dc=it</property>
                      <property name="password">allugi00</property>
                      <property name="identityOu">users</property>
                      <property name="roleOu">Roles</property>
                  </provider>
              </login>       
          </identity-management>
             
          <sso-processor>
              <processor class="org.jboss.security.saml.JBossSingleSignOn">
                  <property name="trustServer">http://node1.jboss.com:8080/federate/trust</property>
              </processor>
          </sso-processor>
      </jboss-sso>

      3) In the WEB-INF directory of each ear file  i have added the attached files.

       

      Is there some errors in the configuration?

       

      Thank you,

      mluisa