2 Replies Latest reply on Oct 29, 2008 12:46 PM by Micah Cleveland

    single signe-on configuration with JAAS

    Ahmad Elhadidy Newbie

      hi all
      i want to integrate sso with JAAS i read tutorial that help for that and do the following

      add file context.xml under WEB-INF for each .war i want to share in sso
      this is it's


      <?xml version="1.0" encoding="UTF-8"?>
      <Context path="/projectA1" docBase="./deploy/clusteredservlet.war">
       <!--
       logoutURL - URL for performing logout/signout function in your application
       -->
       <Valve className="org.jboss.security.valve.SSOAutoLogout"
       logoutURL="{logoutURL of your application}"/>
      
       <!--
       assertingParty - this is the partnerId of this application as a part of a federation of multiple partner sites
       -->
       <Valve className="org.jboss.security.valve.SSOTokenManager"
       assertingParty="1"/>
      
       <!--
       tomcat built-in AuthenticationTypes: FORM,BASIC,DIGEST,CLIENT-CERT
       -->
       <Valve className="org.jboss.security.valve.SSOAutoLogin"
       authType="FORM" provider="si:jboss-sso:ldap:login"/>
      
      </Context>
      


      this is the jboss-web.xml file in each war

      
      <?xml version="1.0" encoding="UTF-8"?>
      <jboss-web>
       <security-domain>java:/jaas/$webConsoleDomain</security-domain>
      </jboss-web>
      


      and this is login module defined in login-config.xml in
      [jboss Home]\server\default\conf

      
       <application-policy name = "$webConsoleDomain">
       <authentication>
       <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
       flag = "required">
       <module-option name="usersProperties">web-console-users.properties</module-option>
       <module-option name="rolesProperties">web-console-roles.properties</module-option>
       <module-option name="provider">si:jboss-sso:ldap:login</module-option>
       </login-module>
       </authentication>
       </application-policy>
      
      

      in previous file i add this line
      <name="provider">si:jboss-sso:ldap:login</module-option>
      as i understand from tutorial to make login module use
      this provider to get user login data
      after all that the sso dont work where second application require login data
      after i login in first application
      what is wrong ? or what is missing?

      thanks in advance