2 Replies Latest reply on Dec 14, 2006 9:03 AM by Sohil Shah

    Cant get processManualLoginNotification() and getUserPrincip

    Nick Woods Newbie

      I'm still struggling to figure out how to get SSO working and need some help please :-)

      In a nutshell, I've written two web apps, one of which acts as a logon app and the other as a true application but the user from the logon app is not being propagated to the other app.

      The logon app captures user and password details, then makes a call to processManualLoginNotification() as defined in the instructions on the WARConfiguration page in the Wiki (http://labs.jboss.com/wiki/WARConfiguration), in the section titled 'Instructions for web applications using their own authentication mechanism'.

      After the call to processManualLoginNotification() it does a call to getUserPrincipal() and gets back the same user as was used to log on so that part appears to be working.

      However, when I go into my second app and do a getUserPrincipal() call it returns null, so my user details are not being passed between sessions and this is what I need help with.

      I've looked inthe FAQ but havent really found anything I can use. I know nothing about JAAS but as we need to implement our own specific logon system (as per my earlier post http://www.jboss.com/index.html?module=bb&op=viewtopic&t=96617) I'm not sure how it would help us.

      I've previously implemented a LogonProvider object as per the instructions on the IdentityManagement page in the wiki (http://labs.jboss.com/wiki/IdentityManagement ). It's being called on server startup (it writes to the logs), but it doesnt appear to do anything after that.

      Both apps have a context.xml file in their WEB-INF folder which mirrors that of the one on the WARConfiguration page, and uses the same provider id as used in my sso.cfg.xml file

      context.xml example

      <?xml version="1.0"?>
       <Context>
       <!--
       logoutURL - URL for performing logout/signout function in your application
       -->
       <Valve className="org.jboss.security.valve.PlainSSOAutoLogout"
       logoutURL="/nicklogoff/nicklogoff.htm"/>
      
       <!--
       assertingParty - this is the partnerId of this application as a part of a federation of multiple partner sites
       -->
       <Valve className="org.jboss.security.valve.PlainSSOTokenManager"
       assertingParty="nicktestapp"/>
      
       <!--
       tomcat built-in AuthenticationTypes: FORM,BASIC,DIGEST,CLIENT-CERT
       -->
       <Valve className="org.jboss.security.valve.PlainSSOAutoLogin"
       authType="FORM"
       provider="si:njw-sso:njw:login"
       />
       </Context>
      


      sso.cfg.xml
      <?xml version='1.0' encoding='ISO-8859-1'?>
      
      <jboss-sso>
       <!--
       identity management related configuration, this is the LDAP based module
       Technically, this can be a provider that can integrate with thirdparty identity systems like SiteMinder etc
       -->
       <identity-management>
       <login>
       <provider id="si:njw-sso:njw:login" class="com.njw.NWLoginProvider">
       </provider>
       </login>
       <provisioning>
       </provisioning>
       </identity-management>
      
      
       <!-- sso processor for SingleSignOn, the default JBossSingleSignOn processor uses OpenSAML-1.0,
       the next version of this processor will use the latest SAML specification
       -->
       <sso-processor>
       <processor class="org.jboss.security.saml.JBossSingleSignOn">
       <property name="trustServer">http://a05300.vmoney.local:8080/federate/trust</property>
       </processor>
       </sso-processor>
      </jboss-sso>
      


      I've also tried changing NWLoginProvider to extend ProvisioningProvider and added
      <provider id="si:njw-sso:njw:provisioning" class="com.njw.NWLoginProvider">
      to the "provider" section of sso.cfg.xml but with no success, other than a few extra entries in the log file at startup.

      The rest of this posting consists of examples from log files


      My LoginProvider is being invoked when the server starts (I've also added some extra log.debug calls to SSOManager and PlainSSOAutoLogin to help me understand whats going on)
      2006-12-13 15:34:34,471 DEBUG [org.jboss.system.ServiceCreator] About to create xmbean object: jboss.sso:service=SSOManager with code: org.jboss.security.saml.SSOManager with embedded descriptor
      2006-12-13 15:34:34,627 DEBUG [org.jboss.system.ServiceCreator] Created bean: jboss.sso:service=SSOManager
      2006-12-13 15:34:34,627 DEBUG [org.jboss.system.ServiceConfigurator] conf set to conf/sso.cfg.xml in jboss.sso:service=SSOManager
      2006-12-13 15:34:34,627 DEBUG [org.jboss.system.ServiceController] Creating service jboss.sso:service=IdentityManager
      2006-12-13 15:34:34,627 DEBUG [org.jboss.system.ServiceController] Creating dependent components for: jboss.sso:service=IdentityManager dependents are: []
      2006-12-13 15:34:34,627 DEBUG [org.jboss.system.ServiceController] Creating service jboss.sso:service=SSOManager
      2006-12-13 15:34:34,627 DEBUG [org.jboss.system.ServiceController] Creating dependent components for: jboss.sso:service=SSOManager dependents are: []
      2006-12-13 15:34:34,627 DEBUG [org.jboss.deployment.MainDeployer] Done with create step of deploying jboss-sso.sar
      2006-12-13 15:34:34,627 DEBUG [org.jboss.deployment.MainDeployer] Begin deployment start file:/C:/jboss-4.0.5.GA/server/default/deploy/jboss-sso.sar/
      2006-12-13 15:34:34,627 DEBUG [org.jboss.deployment.MainDeployer] Begin deployment start file:/C:/jboss-4.0.5.GA/server/default/deploy/jboss-sso.sar/NWFedSSO.jar
      2006-12-13 15:34:34,627 DEBUG [org.jboss.deployment.MainDeployer] End deployment start on package: NWFedSSO.jar
      
      (lots of begin and end deployment logs for the various jar files removed for clarity)
      2006-12-13 15:34:34,643 DEBUG [org.jboss.deployment.SARDeployer] Deploying SAR, start step: url file:/C:/jboss-4.0.5.GA/server/default/deploy/jboss-sso.sar/
      2006-12-13 15:34:34,643 DEBUG [org.jboss.system.ServiceController] starting service jboss.sso:service=IdentityManager
      2006-12-13 15:34:34,721 DEBUG [com.njw.NWLoginProvider] Constructor 1 called
      2006-12-13 15:34:34,721 DEBUG [com.njw.NWLoginProvider] setId() id=si:njw-sso:njw:login
      2006-12-13 15:34:34,721 DEBUG [com.njw.NWLoginProvider] setProperties() properties={}
      [2006-12-13 15:34:34,721 DEBUG [com.njw.NWLoginProvider] getId() started - returning id="si:njw-sso:njw:login"
      2006-12-13 15:34:34,721 DEBUG [com.njw.NWLoginProvider] getId() started - returning id="si:njw-sso:njw:login"
      2006-12-13 15:34:34,721 DEBUG [com.njw.NWLoginProvider] getId() started - returning id="si:njw-sso:njw:login"
      2006-12-13 15:34:34,721 INFO [org.jboss.security.idm.IdentityManager] Configuration successfully loaded for the IdentityManager...........
      2006-12-13 15:34:34,721 DEBUG [org.jboss.system.ServiceController] Starting dependent components for: jboss.sso:service=IdentityManager dependent components: []
      2006-12-13 15:34:34,721 DEBUG [org.jboss.system.ServiceController] starting service jboss.sso:service=SSOManager
      2006-12-13 15:34:34,783 INFO [org.jboss.security.saml.SSOManager] SSOProcessor org.jboss.security.saml.JBossSingleSignOn@be49e0 was successfully registered.....
      2006-12-13 15:34:34,783 INFO [org.jboss.security.saml.SSOManager] SSOManager service successfully started...........
      2006-12-13 15:34:34,783 DEBUG [org.jboss.system.ServiceController] Starting dependent components for: jboss.sso:service=SSOManager dependent components: []
      


      server log from my logon app
      server started
      2006-12-13 15:35:13,424 INFO [org.apache.jk.common.ChannelSocket] JK: ajp13 listening on /0.0.0.0:8009
      2006-12-13 15:35:13,471 INFO [org.apache.jk.server.JkMain] Jk running ID=0 time=0/156 config=null
      2006-12-13 15:35:13,518 INFO [org.jboss.system.server.Server] JBoss (MX MicroKernel) [4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)] Started in 47s:594ms
      
      open http://localhost:8080/njwsecurity
      2006-12-13 15:41:33,507 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() started
      2006-12-13 15:41:33,507 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() activeSession.getTurnOff()=null
      2006-12-13 15:41:33,507 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() performSSO=true
      2006-12-13 15:41:33,507 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] performSSO() started
      2006-12-13 15:41:33,507 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] performSSO() ssoCookieFound=false
      2006-12-13 15:41:33,507 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] performSSO() returning wasSSOPerformed=false
      2006-12-13 15:41:33,507 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() wasSSOPerformed=false
      2006-12-13 15:41:33,507 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] calling this.getNext().invoke(request,response)
      2006-12-13 15:41:33,507 DEBUG [com.njw.onlinesecurity.filters.UserInputFilter] doFilter request /njwsecurity/
      2006-12-13 15:41:33,523 DEBUG [com.njw.onlinesecurity.filters.CleanServletRequestWrapper] CleanServletRequestWrapper() finished
      2006-12-13 15:41:33,804 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() called this.getNext().invoke(request,response)
      2006-12-13 15:41:33,804 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() !wasSSOPerformed
      2006-12-13 15:41:33,804 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() finished
      
      key in user and password, submit
      2006-12-13 15:42:19,274 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() started
      2006-12-13 15:42:19,274 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() activeSession.getTurnOff()=null
      2006-12-13 15:42:19,274 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() performSSO=true
      2006-12-13 15:42:19,274 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] performSSO() started
      2006-12-13 15:42:19,274 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] performSSO() ssoCookieFound=false
      2006-12-13 15:42:19,274 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] performSSO() returning wasSSOPerformed=false
      2006-12-13 15:42:19,274 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() wasSSOPerformed=false
      2006-12-13 15:42:19,274 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] calling this.getNext().invoke(request,response)
      2006-12-13 15:42:19,274 DEBUG [com.njw.onlinesecurity.filters.UserInputFilter] doFilter request /njwsecurity/logon.do
      2006-12-13 15:42:19,274 DEBUG [com.njw.onlinesecurity.filters.CleanServletRequestWrapper] CleanServletRequestWrapper() finished
      2006-12-13 15:42:19,321 DEBUG [com.njw.onlinesecurity.filters.CleanServletRequestWrapper] getParameter org.apache.struts.taglib.html.CANCEL = null
      2006-12-13 15:42:19,321 DEBUG [com.njw.onlinesecurity.filters.CleanServletRequestWrapper] getParameter org.apache.struts.taglib.html.CANCEL.x = null
      2006-12-13 15:42:19,321 DEBUG [com.njw.onlinesecurity.presentation.forms.LogonForm] checking for errors
      2006-12-13 15:42:19,352 DEBUG [com.njw.onlinesecurity.presentation.actions.LogonAction] ActionForward started
      2006-12-13 15:42:19,352 DEBUG [com.njw.onlinesecurity.beans.LogonDetails] Created logon user=aaaaaaaaa
      2006-12-13 15:42:19,352 DEBUG [com.njw.onlinesecurity.presentation.actions.LogonAction] ActionForward logonDetails=user=aaaaaaaaa
      2006-12-13 15:42:19,367 DEBUG [com.njw.onlinesecurity.delegates.CustomerDelegate] CustomerDelegate() dao=com.njw.onlinesecurity.data.rdbms.RdbmsCustomerDAO@1590164
      2006-12-13 15:42:19,367 DEBUG [com.njw.onlinesecurity.presentation.actions.LogonAction] ActionForward delegate=com.njw.onlinesecurity.delegates.CustomerDelegate@6a6484
      2006-12-13 15:42:19,367 DEBUG [com.njw.onlinesecurity.data.rdbms.RdbmsCustomerDAO] Logon FUDGED - user=aaaaaaaaa
      2006-12-13 15:42:19,383 DEBUG [com.njw.onlinesecurity.beans.Customer] Created customer user=aaaaaaaaa
      2006-12-13 15:42:19,383 DEBUG [com.njw.onlinesecurity.presentation.actions.LogonAction] Customer details - user=aaaaaaaaa
      2006-12-13 15:42:19,383 DEBUG [com.njw.onlinesecurity.presentation.actions.LogonAction] Saving as bean "customer"
      
      note call to processManualLoginNotification() and subsequent retrieval
      2006-12-13 15:42:19,383 DEBUG [com.njw.onlinesecurity.presentation.actions.LogonAction] ActionForward calling org.jboss.security.saml.SSOManager.processManualLoginNotification
      2006-12-13 15:42:19,383 DEBUG [org.jboss.security.saml.SSOManager] processManualLoginNotification() created ssoUser =org.jboss.security.saml.SSOUser@8edd79
      2006-12-13 15:42:19,383 DEBUG [com.njw.onlinesecurity.presentation.actions.LogonAction] ActionForward called org.jboss.security.saml.SSOManager.processManualLoginNotification
      2006-12-13 15:42:19,383 DEBUG [org.jboss.security.saml.SSOManager] getUserPrincipal() =org.jboss.security.saml.SSOUser@8edd79
      2006-12-13 15:42:19,383 DEBUG [com.njw.onlinesecurity.presentation.actions.LogonAction] Principal (after logon) =aaaaaaaaa
      2006-12-13 15:42:19,383 DEBUG [com.njw.onlinesecurity.presentation.actions.LogonAction] ssoUser = org.jboss.security.saml.SSOUser@8edd79
      2006-12-13 15:42:19,602 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() called this.getNext().invoke(request,response)
      2006-12-13 15:42:19,602 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() !wasSSOPerformed
      2006-12-13 15:42:19,602 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() principal=aaaaaaaaa
      2006-12-13 15:42:19,602 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() finished
      


      server log from my second app
      open http://localhost:8080/njwtest - note that PlainSSOAutoLogin is being invoked
      2006-12-13 15:43:35,759 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() started
      2006-12-13 15:43:35,759 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() activeSession.getTurnOff()=null
      2006-12-13 15:43:35,759 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() performSSO=true
      2006-12-13 15:43:35,759 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] performSSO() started
      2006-12-13 15:43:35,759 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] performSSO() ssoCookieFound=false
      2006-12-13 15:43:35,759 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] performSSO() returning wasSSOPerformed=false
      2006-12-13 15:43:35,759 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() wasSSOPerformed=false
      2006-12-13 15:43:35,759 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] calling this.getNext().invoke(request,response)
      

      note that there is no Principal
      2006-12-13 15:43:35,775 DEBUG [org.jboss.security.saml.SSOManager] getUserPrincipal() =null
      2006-12-13 15:43:35,759 DEBUG [com.njw.nicktest.filters.UserInputFilter] doFilter request /nicktest/
      2006-12-13 15:43:35,775 DEBUG [com.njw.nicktest.filters.UserInputFilter] Principal (filter) =null
      2006-12-13 15:43:35,775 DEBUG [com.njw.nicktest.filters.UserInputFilter] ssoUser = null
      2006-12-13 15:43:35,775 DEBUG [com.njw.nicktest.filters.UserInputFilter] NOT LOGGED ON
      2006-12-13 15:43:35,775 DEBUG [com.njw.nicktest.filters.UserInputFilter] URI=/nicktest/
      2006-12-13 15:43:35,775 DEBUG [com.njw.nicktest.filters.UserInputFilter] path=/nicktest
      2006-12-13 15:43:35,775 DEBUG [com.njw.nicktest.filters.UserInputFilter] page=/not_logged_on.htm
      2006-12-13 15:43:35,790 DEBUG [com.njw.nicktest.filters.CleanServletRequestWrapper] CleanServletRequestWrapper() finished
      2006-12-13 15:43:36,025 DEBUG [org.jboss.web.tomcat.tc5.jasper.TagLibCache] Scanning for tlds
      in: file:/C:/jboss-4.0.5.GA/server/default/deploy/jbossweb-tomcat55.sar/jsf-libs/myfaces-impl.jar
      2006-12-13 15:43:41,275 DEBUG [com.njw.nicktest.presentation.forms.CustomerDetailsForm] products=[, Motor, Travel, Pet]
      2006-12-13 15:43:41,275 DEBUG [com.njw.nicktest.presentation.forms.CustomerDetailsForm] products=[, Motor, Travel, Pet]
      2006-12-13 15:43:41,290 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() called this.getNext().invoke(request,response)
      2006-12-13 15:43:41,290 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() !wasSSOPerformed
      2006-12-13 15:43:41,290 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() finished
      2006-12-13 15:44:23,353 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() started
      2006-12-13 15:44:23,353 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() activeSession.getTurnOff()=null
      2006-12-13 15:44:23,353 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() performSSO=true
      2006-12-13 15:44:23,353 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] performSSO() started
      2006-12-13 15:44:23,353 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] performSSO() ssoCookieFound=false
      2006-12-13 15:44:23,353 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] performSSO() returning wasSSOPerformed=false
      2006-12-13 15:44:23,353 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() wasSSOPerformed=false
      2006-12-13 15:44:23,353 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] calling this.getNext().invoke(request,response)
      2006-12-13 15:44:23,353 DEBUG [com.njw.nicktest.filters.UserInputFilter] doFilter request /nicktest/customerdetails.do
      2006-12-13 15:44:23,353 DEBUG [org.jboss.security.saml.SSOManager] getUserPrincipal() =null
      2006-12-13 15:44:23,353 DEBUG [com.njw.nicktest.filters.UserInputFilter] Principal (filter) =null
      2006-12-13 15:44:23,353 DEBUG [com.njw.nicktest.filters.UserInputFilter] ssoUser = null
      2006-12-13 15:44:23,353 DEBUG [com.njw.nicktest.filters.UserInputFilter] NOT LOGGED ON
      2006-12-13 15:44:23,353 DEBUG [com.njw.nicktest.filters.UserInputFilter] URI=/nicktest/customerdetails.do
      2006-12-13 15:44:23,353 DEBUG [com.njw.nicktest.filters.UserInputFilter] path=/nicktest
      2006-12-13 15:44:23,353 DEBUG [com.njw.nicktest.filters.UserInputFilter] page=/not_logged_on.htm
      2006-12-13 15:44:23,353 DEBUG [com.njw.nicktest.filters.CleanServletRequestWrapper] CleanServletRequestWrapper() finished
      2006-12-13 15:44:23,385 DEBUG [com.njw.nicktest.filters.CleanServletRequestWrapper] getParameter org.apache.struts.taglib.html.CANCEL = null
      2006-12-13 15:44:23,385 DEBUG [com.njw.nicktest.filters.CleanServletRequestWrapper] getParameter org.apache.struts.taglib.html.CANCEL.x = null
      2006-12-13 15:44:23,400 DEBUG [com.njw.nicktest.presentation.forms.CustomerDetailsForm] checking for errors
      2006-12-13 15:44:23,400 DEBUG [com.njw.nicktest.presentation.forms.CustomerDetailsForm] parsing dob string"11/12/1986"
      2006-12-13 15:44:23,400 DEBUG [com.njw.nicktest.presentation.forms.CustomerDetailsForm] Forename="qwerty"
      Surname="uiop" Postcode="aa11aa" DOB="Thu Dec 11 00:00:00 GMT 1986" Product="Motor"
      2006-12-13 15:44:23,400 DEBUG [com.njw.nicktest.presentation.forms.CustomerDetailsForm] errors={}
      2006-12-13 15:44:23,416 DEBUG [com.njw.nicktest.presentation.actions.CustomerDetailsAction] ActionForward started
      2006-12-13 15:44:23,416 DEBUG [org.jboss.security.saml.SSOManager] getUserPrincipal() =null
      2006-12-13 15:44:23,416 DEBUG [com.njw.nicktest.presentation.actions.CustomerDetailsAction] Principal CustomerDetailsAction.execute() =null
      2006-12-13 15:44:23,416 DEBUG [com.njw.nicktest.presentation.actions.CustomerDetailsAction] NOT LOGGED ON
      2006-12-13 15:44:23,572 DEBUG [org.jboss.security.plugins.JaasSecurityManager.other] CallbackHandler: org.jboss.security.auth.callback.SecurityAssociationHandler@16b340a
      2006-12-13 15:44:23,572 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Created securityMgr=org.jboss.security.plugins.JaasSecurityManager@125bbd3
      2006-12-13 15:44:23,572 DEBUG [org.jboss.security.plugins.JaasSecurityManager.other] CachePolicy set to: org.jboss.util.TimedCachePolicy@4e37fb
      2006-12-13 15:44:23,572 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] setCachePolicy, c=org.jboss.util.TimedCachePolicy@4e37fb
      2006-12-13 15:44:23,572 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Added other, org.jboss.security.plugins.SecurityDomainContext@13d556f to map
      2006-12-13 15:44:23,572 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() called this.getNext().invoke(request,response)
      2006-12-13 15:44:23,572 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() !wasSSOPerformed
      2006-12-13 15:44:23,572 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() finished