JBossDeveloper

Hi Steve, Hi Prabhat,

I've tried this way :

-> GateIn version Tomcat on a PC (gatein.vauban.com ==> a first IP),

-> OpenAM9.5.2 version Tomcat on a PC (openam.vauban.com ==> a different IP),

I verify the c66encode is true and the encode cookie true too. (I tried too false for the encode cookie and it's the same result)

The domain of the cookies is : .vauban.com

in my gatein.properties, i write :

host=gatein.vauban.com

port=8080

context=portal

And I've the same problem.... The user is successfully logged but when he's redirected, the blanck page is still loading like an infinite loop.

And no errors in the logs...

I think my last chance to use gatein with openam is to test the jboss version... ?

EDIT : We have posted at the same time, I'm currently reading your post

[ANSWER]

For me, it's the next step to integrate all the roles and the users of my ldap with gatein.Because we have to choose a portal solution and my work for the moment is to verify the good working with openam for each portal solution

For you problem, To my mind, it might have a matter with the matching of your LDAP role with the GateIn role ???

And I don't know for the jar, no result in google :/

[/ANSWER]

François.

+edit

Hi,

So i'm at home with an Ubuntu PC, it's better to work

I've tried Jboss version.

It's okay it works directly without effort

The only thing is when you are redirected by OpenAM server, the url is :

http://localhost:8080/portal/private/j_security_check?j_username=root&j_password=rememberme-1252495752

It's quite strange ? because the password is gtn.... ???? So at this moment i've the login screen of gatein... but if i put gtn it's okay.

(It's the same problem for all users of the demonstration version).

I've tried again the Tomcat version and I've the same problem like at my work.

Just because Ubuntu is powerful I've logs and more information about the problem.

On this OS the url of redirection is ; http://localhost:8080/portal/private/j_security_check?j_username=root&j_password=rememberme132279768

And if i change the url with the password is okay... it works perfectly....

Please, what's the problem...????? do you have any idea ?

More question, why Ubuntu tells me different URL that windows and why I've more logs on Ubutun ????

When the url is wrong i've this kind of log but it's normal :

7 avr. 2011 20:58:16 org.apache.catalina.realm.

JAASRealm authenticate
ATTENTION: Cannot find message associated with key jaasRealm.loginException
javax.security.auth.login.LoginException: Login failed for root
    at org.exoplatform.services.security.jaas.SharedStateLoginModule.login(SharedStateLoginModule.java:80)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

Since the password is wrong???? or bad encoded ???

To have this result, I had to correct jaas.conf with this syntax :

gatein-domain {

  org.exoplatform.web.security.PortalLoginModule required;

  org.exoplatform.services.security.jaas.SharedStateLoginModule required;

  org.exoplatform.services.security.j2ee.TomcatLoginModule required;

  // Uncomment the following part (and comment the other part for CAS integration

  org.gatein.sso.agent.login.SSOLoginModule required;

  org.exoplatform.services.security.j2ee.TomcatLoginModule required

      portalContainerName="portal"

      realmName="gatein-domain";

};

EDIT : http://community.jboss.org/message/588824 ???

Thanks again for your help,

François.

Thanks Marek,

It works on my Personnal Tomcat with this syntax :

gatein-domain {

  // Uncomment the following part (and comment the other part for CAS integration

  org.gatein.sso.agent.login.SSOLoginModule required;

  org.exoplatform.services.security.j2ee.TomcatLoginModule required

      portalContainerName="portal"

      realmName="gatein-domain";

};

Notice the "="

Wonderful !!! I just have to look for jboss but it seems it's the same kind of problem !

Thanks everybody, I've just to try at work this correction !

Big lol,

This way doesn't work at work

And I still have no log on windows... and no parameter on my URLs....

And if I use this kind of url :

http://localhost:8080/portal/private/j_security_check?j_username=root&j_password=rememberme-1252495752

and replace the password by gtn it works...

So the same question :/ Please, what's the problem...????? do you have any idea ?

François.

May be not

I'm trying again the jboss version on my work PC... if you have an idea for the tricky problem of URLs, don't hesitate to share it

Do you fix your group LDAP problem?

(some links for you :

http://community.jboss.org/wiki/GateInwithLDAPasadefaultuserandgroupstore

http://community.jboss.org/wiki/GateInwithLDAPinreadonlymode)

Steve,

For JBoss could you show me your : D:\projects\workspace\portail\GateIn-3.1.0-GA-jboss\server\default\deploy\gatein.ear\META-IN\gatein-jboss-beans.xml in order to compare and be sure ?

Thanks!

Hi Steve,

Thanks for all

At home, JBoss and Tomcat work...

At work, nothing... I don't know what I've to think....

F.

Hi Steve, Hi All,

Thanks for helping me during this aventure,

So, I did some tests :

On ubuntu (@Home || @Work on a VM) :

• OpenAM (default configuration) + GateIn Tomcat : OK
• OpenAM (default configuration) + GateIn JBoss : OK
• OpenAM (default configuration) + ExoPlatform : OK
• OpenAM (manual configuration) + GateIn Tomcat : OK
• OpenAM (manual configuration) + GateIn JBoss : OK
• OpenAM (manual configuration) + ExoPlatform : OK

On Windows :

• OpenAM (default configuration) : Impossible to install it, there is an existing GIRA for this point.
• OpenAM (manual configuration) + GateIn Tomcat : KO, cf. point 4.
• OpenAM (manual configuration) + GateIn JBoss : KO, cf. point 4.
• OpenAM (manual configuration) + ExoPlatform : KO, cf. point 4.

Note : 1) The difference between the manual and the default configuration is the domain name. All my tests are on a local machine. In the default configuration, OpenAM use the domain name "localhost" contrary to the manual configuration where you can't choose the domain name. In this case, I've chosen a domain name that points on the localhost (in Windows, I modified the hosts file for example and added a domain name for 127.0.0.1)

2) I tested ExoPlatform because GateIn have some similar codes since GateIn comes from ExoPlatform and JBoss Portal.

3) In the documentation, the syntax of the jaas.conf file is false, the right way to write it is :

gatein-domain {

  // org.exoplatform.web.security.PortalLoginModule required;

  // org.exoplatform.services.security.jaas.SharedStateLoginModule required;

  // org.exoplatform.services.security.j2ee.TomcatLoginModule required;

  // Uncomment the following part (and comment the other part for CAS integration

  org.gatein.sso.agent.login.SSOLoginModule required;

  org.exoplatform.services.security.j2ee.TomcatLoginModule required

      portalContainerName="portal"

      realmName="gatein-domain";

};

4) When the result is KO, it's appears the bug is the blank plage or the loop on the blank page that I described earlier. OpenAM, after a successful authentification, redirects you to the portal and in the portal something fails... May be the validation of the cookie or something like that, if you have any idea, please share it.

5) For the manual configuration, the chosen domain is : .vauban.com but in the cookies the domain writen in the cookie is localhost... Not strange because in the /etc/hosts or /Windows/system32/drivers/etcs/hosts/ 127.0.0.1 refers to localhost and/or openam.vauban.com.But when it's KO, the cookie has the domain .vauban.com in the cookie.

Conclusion ???? : I need some helps to "understand" why in Windows, it's so impossible....

Steve, Which OS do you use, plz ???

Ce message a été modifié par: francois descamps

Hi,

I permit myself to up this subject.

Thanks by advance,

F.

For information, the bug is really tricky in Windows Dev mode.

For Exo, the solution is :

Please remove 127.0.0.1 address in your hosts file and try again.

The contents of your hosts file must be:

@IP(your IP address)  openam.vauban.com

 

+

This is the right scenario to use in order to check that openAM works fine with your eXoPlatform bundle:

• Go to /portal instead of /portal/sso in order to create cookies in the browser, because if we go directly to /portal/sso we get this exception and there is always an opened jboss portal issue for this problem https://issues.jboss.org/browse/GTNPORTAL-1908.
• Go to /portal/sso.
• You will be redirect to the openAM login screen.
• Connect as root/gtn.
• You will be redirect to /portal/private with a login page.

Moreover I would like to add for OpenAM, be careful on the domain you use. Because if you use two different servers on two different domains you have to change the value of the domain cookie in OpenAM.

Then, you have to change the ErrorLoginServlet and the PortalLoginServlet (web.xml of portal) because they use the bad servlet to manage the login part of exo.

Macois