6 Replies Latest reply on Oct 24, 2007 4:24 PM by anil.saldhana

    Generate SSOID in WebAuthentication

    sguilhen
    sguilhen Oct 11, 2007 6:52 PM

      As stated on issue http://jira.jboss.com/jira/browse/JBAS-4424, the org.jboss.web.tomcat.security.login.WebAuthentication class should be capable of generating a ssoid and setting it on the session when the user has configured the SingleSignOn valve.

      The idea is to get a reference to the SingleSignOn valve and invoke its methods to associate the authenticated Principal to the ssoid, just like the AuthenticatorBase does. However, the methods that we need to call are protected (register, associate, update, etc), so we can't simply delegate the SSO functionality to the SingleSignOn valve unless we relax the method's access to public in JBossWeb. Can we do that?

      • 11329 Views
      • Tags:
        • 1. Re: Generate SSOID in WebAuthentication
          anil.saldhana
          anil.saldhana Oct 12, 2007 1:54 AM (in response to sguilhen)

          We are attempting to do Programmatic Web Authentication to the container. So there is no question of a valve.

          I am guessing from looking at the code that we either have to drop the idea of sso stuff for prog.web.auth or duplicate the code in these protected methods of valvebase, in our WebAuth class.

            • Actions
          • 2. Re: Generate SSOID in WebAuthentication
            anil.saldhana
            anil.saldhana Oct 12, 2007 1:56 AM (in response to sguilhen)

            SSO behavior with prog.web.auth is not a high priority IMO. If it can be done, good. If not, we can drop it.

              • Actions
            • 3. Re: Generate SSOID in WebAuthentication
              cristant
              cristant Oct 17, 2007 9:47 AM (in response to sguilhen)

              I've been tracking this issue for a couple weeks now, since having SSO int he programmatic web login classes would make the facility I wrote to pass user authentication over from a legacy portal application a lot easier.

              Obviously I can implement something like CAS instead, but what we have now will work perfectly as long as the SSO tokens get set.

              Thanks,
              ~Matt

                • Actions
              • 4. Re: Generate SSOID in WebAuthentication
                anil.saldhana
                anil.saldhana Oct 17, 2007 10:13 AM (in response to sguilhen)

                 

                "cristant@fstrf.org" wrote:
                I've been tracking this issue for a couple weeks now, since having SSO int he programmatic web login classes would make the facility I wrote to pass user authentication over from a legacy portal application a lot easier.

                Obviously I can implement something like CAS instead, but what we have now will work perfectly as long as the SSO tokens get set.

                Thanks,
                ~Matt

                Matt, this issue is still in the back of my mind. So it is not dead yet. It will not make into the 4.2.2 release (as that is coming out soon). But will be part of 4.2.3 I guess.

                  • Actions
                • 5. Re: Generate SSOID in WebAuthentication
                  cristant
                  cristant Oct 17, 2007 12:27 PM (in response to sguilhen)

                  OK, that makes sense. How long is it usually between the point releases like 4.2.1 to 4.2.2? Just trying to get a sense as to whether 4.2.3 will be out before we need to have this issue resolved since I can probably work around it.

                  Thanks,
                  ~Matt

                    • Actions
                  • 6. Re: Generate SSOID in WebAuthentication
                    anil.saldhana
                    anil.saldhana Oct 24, 2007 4:24 PM (in response to sguilhen)

                    Remy, thanks for making the visibility access changes needed for bringing in the SingleSignOn aspect into Programmatic Web Authentication.

                      • Actions