[gatein-commits] gatein SVN: r1638 - in portal/trunk/docs/reference-guide/en: modules and 1 other directory.
do-not-reply at jboss.org
do-not-reply at jboss.org
Thu Feb 11 09:58:53 EST 2010
Author: thomas.heute at jboss.com
Date: 2010-02-11 09:58:52 -0500 (Thu, 11 Feb 2010)
New Revision: 1638
Added:
portal/trunk/docs/reference-guide/en/images/cas.png
portal/trunk/docs/reference-guide/en/images/opensso.png
Modified:
portal/trunk/docs/reference-guide/en/modules/SSO.xml
Log:
Minor
Copied: portal/trunk/docs/reference-guide/en/images/cas.png (from rev 1588, portal/trunk/docs/reference-guide/en/images/sso.png)
===================================================================
(Binary files differ)
Property changes on: portal/trunk/docs/reference-guide/en/images/cas.png
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: portal/trunk/docs/reference-guide/en/images/opensso.png
===================================================================
(Binary files differ)
Property changes on: portal/trunk/docs/reference-guide/en/images/opensso.png
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Modified: portal/trunk/docs/reference-guide/en/modules/SSO.xml
===================================================================
--- portal/trunk/docs/reference-guide/en/modules/SSO.xml 2010-02-11 14:33:30 UTC (rev 1637)
+++ portal/trunk/docs/reference-guide/en/modules/SSO.xml 2010-02-11 14:58:52 UTC (rev 1638)
@@ -17,6 +17,24 @@
systems. There are many different Identity Management solutions on the
market. In most cases each SSO framework provides its own way to plug into
Java EE application.</para>
+
+ <section>
+ <title>Prerequisite</title>
+
+ <para>In this tutorial, the SSO server is installed in a Tomcat
+ installation, you can obtain Tomcat from:
+ http://tomcat.apache.org</para>
+
+ <para>Various files are required to setup the integration, all the
+ packages can be found in a zip file located at:
+ http://repository.jboss.org/maven2/org/gatein/sso/sso-packaging</para>
+
+ <para>As we are manipulating gatein.ear directly it's better to not run
+ any portal extension that could override some of the data, make sure you
+ remove $JBOSS_HOME/server/default/deploy/gatein-sample-extension.ear and
+ $JBOSS_HOME/server/default/deploy/gatein-sample-portal.ear as they ship
+ by default with GateIn.</para>
+ </section>
</section>
<section>
@@ -75,7 +93,7 @@
<listitem>
<para>Replace: <programlisting> <!--
| Whereas CredentialsToPrincipalResolvers identify who it is some Credentials might authenticate,
- | AuthenticationHandlers actually authenticate credentials. Here we declare the AuthenticationHandlers that
+ | AuthenticationHandlers actually authenticate credentials. Here e declare the AuthenticationHandlers that
| authenticate the Principals that the CredentialsToPrincipalResolvers identified. CAS will try these handlers in turn
| until it finds one that both supports the Credentials presented and succeeds in authenticating.
+-->
@@ -102,7 +120,9 @@
<listitem>
<para>With the following (Make sure to set the host, port and
- context with the values corresponding to your portal)</para>
+ context with the values corresponding to your portal). Also
+ available in
+ $GATEIN_SSO/cas/plugin/WEB-INF/deployerConfigContext.xml</para>
<para><programlisting><!--
| Whereas CredentialsToPrincipalResolvers identify who it is some Credentials might authenticate,
@@ -140,9 +160,11 @@
</listitem>
<listitem>
- <para>Copy gatein-cas-plugin-<VERSION>.jar and
- commons-httpclient-<VERSION>.jar into the newly created
- directory
+ <para>Copy
+ $GATEIN_SSO/cas/plugin/WEB-INF/lib/sso-cas-plugin-<VERSION>.jar
+ and
+ $GATEIN_SSO/cas/plugin/WEB-INF/lib/commons-httpclient-<VERSION>.jar
+ into the newly created directory
$CAS_HOME/cas-server-webapp/src/main/webapp/WEB-INF/lib</para>
</listitem>
@@ -170,31 +192,32 @@
<para>Now you should be able to start Tomcat and access
http://localhost:8888/cas but at this stage you won't be able to
login.</para>
+
<mediaobject>
- <imageobject>
- <imagedata fileref="images/sso.png" format="PNG" />
- </imageobject>
+ <imageobject>
+ <imagedata fileref="images/cas.png" format="PNG" />
+ </imageobject>
</mediaobject>
</listitem>
</orderedlist>
</section>
-</section>
- <section>
- <title>Setup the CAS client</title>
+ </section>
- <orderedlist>
- <listitem>
- <para>Copy the CAS client core
- ($CAS_HOME/cas-server-webapp/target/cas-server-webapp-<VERSION>/WEB-INF/lib/cas-client-core-<VERSION>.jar
- into gatein.ear/lib (Or if you are running GateIn in Tomcat, in
- $GATEIN_HOME/lib)</para>
- </listitem>
+ <section>
+ <title>Setup the CAS client</title>
- <listitem>
- <para>In JBoss AS, edit gatein.ear/META-INF/gatein-jboss-beans.xml
- and uncomment the section for CAS</para>
+ <orderedlist>
+ <listitem>
+ <para>Copy all libraries from $GATEIN_SSO/cas/gatein.ear/lib into
+ $JBOSS_HOME/server/default/deploy/gatein.ear/lib (Or if you are
+ running GateIn in Tomcat, in $GATEIN_HOME/lib)</para>
+ </listitem>
- <para><programlisting><authentication>
+ <listitem>
+ <para>In JBoss AS, edit gatein.ear/META-INF/gatein-jboss-beans.xml
+ and uncomment this section</para>
+
+ <para><programlisting><authentication>
<login-module code="org.gatein.sso.agent.login.SSOLoginModule" flag="required">
</login-module>
<login-module code="org.exoplatform.services.security.j2ee.JbossLoginModule" flag="required">
@@ -203,51 +226,49 @@
</login-module>
</authentication></programlisting></para>
- <para>If you are running GateIn in Tomcat, edit
- $GATEIN_HOME/conf/jaas.conf and uncomment the secion for
- CAS</para>
+ <para>If you are running GateIn in Tomcat, edit
+ $GATEIN_HOME/conf/jaas.conf and uncomment this section</para>
- <para><programlisting>org.gatein.sso.agent.login.SSOLoginModule required
+ <para><programlisting>org.gatein.sso.agent.login.SSOLoginModule required
org.exoplatform.services.security.j2ee.JbossLoginModule required
portalContainerName=portal
realmName=gatein-domain</programlisting>At this point, you can test the
- installation, start GateIn (assuming that the CAS server using
- Tomcat is still running) by going to http://localhost:8888/cas you
- should be able to login with username 'root' and password 'gtn' or
- any account created through the portal.</para>
- </listitem>
- </orderedlist>
- </section>
+ installation, start GateIn (assuming that the CAS server using
+ Tomcat is still running) by going to http://localhost:8888/cas you
+ should be able to login with username 'root' and password 'gtn' or
+ any account created through the portal.</para>
+ </listitem>
+ </orderedlist>
+ </section>
- <section>
- <title>Setup the portal to redirect to CAS</title>
+ <section>
+ <title>Setup the portal to redirect to CAS</title>
- <para>Now we want to tell GateIn to redirect all user authentication
- to the CAS server.</para>
+ <para>Now we want to tell GateIn to redirect all user authentication to
+ the CAS server.</para>
- <para>The CAS server can be located anywhere on the Internet, and this
- information must be properly configured within the GateIn instance.
- This configuration needs to be done in 3 files <itemizedlist>
- <listitem>
- <emphasis>In
- gatein.ear/02portal.war/groovy/portal/webui/UILoginForm.gtmpl
- replace the javascript at the bottom by:</emphasis>
+ <para>The CAS server can be located anywhere on the Internet, and this
+ information must be properly configured within the GateIn instance. This
+ configuration needs to be done in 3 files <itemizedlist>
+ <listitem>
+ <emphasis>In
+ gatein.ear/02portal.war/groovy/portal/webui/UILoginForm.gtmpl
+ replace the javascript at the bottom by:</emphasis>
- <para>
- <programlisting><script>
+ <para>
+ <programlisting><script>
<%=uicomponent.event("Close");%>
window.location = 'http://localhost:8888/cas/login?service=http://localhost:8080/portal/private/classic';
-</script>
-</programlisting>
- </para>
- </listitem>
+</script></programlisting>
+ </para>
+ </listitem>
- <listitem>
- <emphasis>In gatein.ear/02portal.war/login/jsp/login.jsp replace
- everything by:</emphasis>
+ <listitem>
+ <emphasis>In gatein.ear/02portal.war/login/jsp/login.jsp replace
+ everything by:</emphasis>
- <para>
- <programlisting><html>
+ <para>
+ <programlisting><html>
<head>
<script type="text/javascript">
window.location = 'http://localhost:8888/cas/login?service=http://localhost:8080/portal/private/classic';
@@ -255,17 +276,16 @@
</head>
<body>
</body>
-</html>
-</programlisting>
- </para>
- </listitem>
+</html></programlisting>
+ </para>
+ </listitem>
- <listitem>
- <emphasis>In gatein.ear/02portal.war/WEB-INF/web.xml replace the
- InitiateLoginServlet declaration by:</emphasis>
+ <listitem>
+ <emphasis>In gatein.ear/02portal.war/WEB-INF/web.xml replace the
+ InitiateLoginServlet declaration by:</emphasis>
- <para>
- <programlisting><servlet>
+ <para>
+ <programlisting><servlet>
<servlet-name>InitiateLoginServlet</servlet-name>
<servlet-class>org.gatein.sso.agent.GenericSSOAgent</servlet-class>
<init-param>
@@ -273,17 +293,190 @@
<param-value>http://localhost:8888/cas</param-value>
</init-param>
</servlet></programlisting>
- </para>
- </listitem>
- </itemizedlist></para>
+ </para>
+ </listitem>
+ </itemizedlist></para>
- <para>From now on, all links redirecting to the user authentication
- pages will redirect to the CAS centralized authentication form.</para>
+ <para>From now on, all links redirecting to the user authentication
+ pages will redirect to the CAS centralized authentication form.</para>
+ </section>
+ </section>
+
+ <section>
+ <title>JOSSO</title>
+
+ <para>This Single Sign On plugin enables seamless integration between
+ GateIn Portal and the JOSSO Single Sign On Framework. Details about
+ OpenSSO can be found <ulink
+ url="http://www.ja-sig.org/products/cas/">here.</ulink></para>
+
+ <para>The integration consitsts in two parts, the first part consists of
+ installing or configuring a JOSSO server, the second part consists of
+ setting up the portal to use the JOSSO server.</para>
+
+ <section>
+ <title>JOSSO server</title>
+
+ <para>First we will set up the server to authenticate against the portal
+ login module. You can find more information about setting up the server
+ by reading the official JOSSO documentation, here we will install the
+ JOSSO server on Tomcat</para>
+
+ <section>
+ <title>Obtaining JOSSO</title>
+
+ <para>You can download JOSSO from
+ http://sourceforge.net/projects/josso/files/ We will use the package
+ that embeds Apache Tomcat.</para>
+
+ <para>Once downloaded extract it in what we will call $JOSSO_HOME from
+ now.</para>
</section>
+
+ <section>
+ <title>Modifying JOSSO server</title>
+
+ <orderedlist>
+ <listitem>
+ <para>Copy the files from $GATEIN_SSO/josso/plugin into the Tomcat
+ directory ($JOSSO_HOME).</para>
+
+ <para>It should replace or add
+ $JOSSO_HOME/lib/josso-gateway-config.xml
+ $JOSSO_HOME/lib/josso-gateway-gatein-stores.xml
+ $JOSSO_HOME/webapps/josso/WEB-INF/classes/gatein.properties and
+ add required jars into
+ $JOSSO_HOME/webapps/josso/WEB-INF/lib</para>
+ </listitem>
+
+ <listitem>
+ <para>Change the default Tomcat ports to avoid a conflict with the
+ default GateIn (for testing purposes). Edit
+ $TOMCAT_HOME/conf/server.xml and replace the 8080 port to
+ 8888.<note>
+ <para>If you are running GateIn with Tomcat on the same
+ machine you will also need to change other ports to something
+ else to avoid port conflicts.</para>
+ </note></para>
+ </listitem>
+
+ <listitem>
+ <para>Now you should be able to start Tomcat and access
+ http://localhost:8888/josso/signon/login.do but at this stage you
+ won't be able to login.</para>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/opensso.png" format="PNG" />
+ </imageobject>
+ </mediaobject>
+ </listitem>
+ </orderedlist>
+ </section>
</section>
+
<section>
- <title>Open SSO</title>
+ <title>Setup the JOSSO client</title>
- <para></para>
+ <orderedlist>
+ <listitem>
+ <para>Copy the libs from $GATEIN_SS)/josso/gatein.ear/lib into
+ gatein.ear/lib (Or if you are running GateIn in Tomcat, in
+ $GATEIN_HOME/lib)</para>
+ </listitem>
+
+ <listitem>
+ <para>In JBoss AS, edit gatein.ear/META-INF/gatein-jboss-beans.xml
+ and uncomment this section</para>
+
+ <para><programlisting><authentication>
+ <login-module code="org.gatein.sso.agent.login.SSOLoginModule" flag="required">
+ </login-module>
+ <login-module code="org.exoplatform.services.security.j2ee.JbossLoginModule" flag="required">
+ <module-option name="portalContainerName">portal</module-option>
+ <module-option name="realmName">gatein-domain</module-option>
+ </login-module>
+</authentication></programlisting></para>
+
+ <para>If you are running GateIn in Tomcat, edit
+ $GATEIN_HOME/conf/jaas.conf and uncomment this section</para>
+
+ <para><programlisting>org.gatein.sso.agent.login.SSOLoginModule required
+org.exoplatform.services.security.j2ee.JbossLoginModule required
+portalContainerName=portal
+realmName=gatein-domain</programlisting>At this point, you can test the
+ installation, start GateIn (assuming that the JOSSO server using
+ Tomcat is still running) by going to
+ http://localhost:8888/josso/signon/login.do you should be able to
+ login with username 'root' and password 'gtn' or any account created
+ through the portal.</para>
+ </listitem>
+ </orderedlist>
+ </section>
+
+ <section>
+ <title>Setup the portal to redirect to JOSSO</title>
+
+ <para>Now we want to tell GateIn to redirect all user authentication to
+ the CAS server.</para>
+
+ <para>The CAS server can be located anywhere on the Internet, and this
+ information must be properly configured within the GateIn instance. This
+ configuration needs to be done in 3 files <itemizedlist>
+ <listitem>
+ <emphasis>In
+ gatein.ear/02portal.war/groovy/portal/webui/UILoginForm.gtmpl
+ replace the javascript at the bottom by:</emphasis>
+
+ <para>
+ <programlisting><script>
+ <%=uicomponent.event("Close");%>
+ window.location = 'http://localhost:8888/josso/signon/login.do?josso_back_to=http://localhost:8080/portal/private/classic';
+</script></programlisting>
+ </para>
+ </listitem>
+
+ <listitem>
+ <emphasis>In gatein.ear/02portal.war/login/jsp/login.jsp replace
+ everything by:</emphasis>
+
+ <para>
+ <programlisting><html>
+ <head>
+ <script type="text/javascript">
+ window.location = 'http://localhost:8888/josso/signon/login.do?josso_back_to=http://localhost:8080/portal/private/classic';
+ </script>
+ </head>
+ <body>
+ </body>
+</html></programlisting>
+ </para>
+ </listitem>
+
+ <listitem>
+ <emphasis>In gatein.ear/02portal.war/WEB-INF/web.xml replace the
+ InitiateLoginServlet declaration by:</emphasis>
+
+ <para>
+ <programlisting><servlet>
+ <servlet-name>InitiateLoginServlet</servlet-name>
+ <servlet-class>org.gatein.sso.agent.GenericSSOAgent</servlet-class>
+ <init-param>
+ <param-name>ssoServerUrl</param-name>
+ <param-value>http://localhost:8888/cas</param-value>
+ </init-param>
+</servlet></programlisting>
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>In gatein.ear/02portal.war/WEB-INF/web.xml remove the
+ PortalLoginController servlet declaration and mapping</para>
+ </listitem>
+ </itemizedlist></para>
+
+ <para>From now on, all links redirecting to the user authentication
+ pages will redirect to the JOSSO centralized authentication form.</para>
+ </section>
</section>
</chapter>
More information about the gatein-commits
mailing list