[gatein-issues] [JBoss JIRA] Resolved: (GTNPORTAL-995) OpenSSO integration issues

Thomas Heute (JIRA) jira-events at lists.jboss.org
Tue May 4 06:07:05 EDT 2010 

     [ https://jira.jboss.org/jira/browse/GTNPORTAL-995?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Thomas Heute resolved GTNPORTAL-995.
------------------------------------

    Resolution: Done
      Assignee: Sohil Shah  (was: Luc Texier)


Was already resolved by Sohil

> OpenSSO integration issues
> --------------------------
>
>                 Key: GTNPORTAL-995
>                 URL: https://jira.jboss.org/jira/browse/GTNPORTAL-995
>             Project: GateIn Portal
>          Issue Type: Sub-task
>      Security Level: Public(Everyone can see) 
>          Components: Documentation
>    Affects Versions: 3.0.0-GA
>         Environment: GateIn-3.0.0-GA + JBoss 5.1 bundle,
> OpenSSO 8.0 on Tomcat 6.0.18, OpenSSO 8.0-Update1 on Tomcat 6.0.18 ( I tried both),
>            Reporter: Marek Posolda
>            Assignee: Sohil Shah
>
> OpenSSO integration was most problematic and I was not able to integrate without doing any additional steps in my environment. 
> So here it is. I did this in clean environment: 
> - I deployed OpenSSO 8.0-update1 to Tomcat 6.0.18, 
> - I did all instructions in reference guide - section 3.4 
> - I created "Default configuration" when I first accessed http://localhost:8888/opensso 
> Even if I did this I didn't have gatein realm in my OpenSSO and I was not able to use authentication module called „AuthenticationPlugin" which is  used to GateIn authentication. So I also did these steps: 
> 1) Login to OpenSSO as amadmin and then go to tab "Configuration" -> tab "Authentication" -> link "Core" -> add new value and I fill the class "org.gatein.sso.opensso.plugin.AuthenticationPlugin". This step is really important. Without it is AuthenticationPlugin not available among other OpenSSO authentication modules. 
> 2)  Go to tab "Access control" and create new realm called "gatein". 
> 3) Go to my gatein realm and click to tab "Authentication". And click to "ldapService" at the bottom of the page in section Authentication chaining. Then I change "Datastore", which is default module in authentication chain, to "AuthenticationPlugin". This enable authentication of realm "gatein" with GateIn REST service and not with OpenSSO LDAP server. 
> 4) In authentication of realm "gatein" - I went to "Advanced properties" and I changed UserProfile from "Required" to "Dynamic". This step is needed because gatein users are not in OpenSSO Datastore (LDAP server) and so their profile can't be obtained if "Required" is active. With using of "Dynamic" are all authenticated users automatically created to OpenSSO datastore after successfull authentication. 
> 5) User privileges needs to be increased in OpenSSO. Otherwise method org.gatein.sso.agent.opensso.OpenSSOAgent.getSubject will fail in GateIn when obtaining data from OpenSSO RESTful interface due to insufficient privileges. 
> So in OpenSSO console, I went to "Access control" -> Top level realm -> "Privileges" tab -> All authenticated users -> Check last two checkboxes: 
> - Read and write access only for policy properties 
> - Read and write access to all realm and policy properties 
> I did the same for both top level realm and gatein realm.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the gatein-issues mailing list