[jboss-user] [Security & JAAS/JBoss] - Configuring Single Sign On (SSO) in JBoss
SinghK
do-not-reply at jboss.com
Thu Jul 16 10:30:47 EDT 2009
Hi All,
I am trying to configure SSO in JBoss . I have my custom LoginModules which I have configured in login-config.xml
| <application-policy name="LoginModule1">
| <authentication>
| <login-module code="com.MyLoginModule" flag="required">
| </login-module>
| </authentication>
| </application-policy>
|
| <application-policy name="LoginModule2">
| <authentication>
| <login-module code="com.MyLoginModule" flag="required">
| <module-option name="useSharedState">true</module-option>
| </login-module>
| </authentication>
| </application-policy>
|
|
The name of my web applications are sso1 and sso2 . Both of them use the same instance of JBoss .
I have also configured auth.conf
| sso1 {
| com.MyLoginModule required;
| };
|
| sso2 {
| com.MyLoginModule required useSharedState=true;
| };
|
I am logging in to sso1 and their I am checking if user is logged in , if not then user is presented with login page . The username and passwords are checked and then user is forwaded to next page .
The MyLoginModule code is :
| if ("true".equalsIgnoreCase((String)this.options.get("useSharedState")))
| {
| userName = (String)this.sharedState.get("javax.security.auth.login.name");
| password = (String)this.sharedState.get("javax.security.auth.login.password");
| } else {
| userName = request.getParameter("userName");
| password = request.getParameter("password");
|
| //save the username and password into the shared state
| this.sharedState.put("javax.security.auth.login.name",userName);
| this.sharedState.put("javax.security.auth.login.password",password);
|
| }
when user logs in for the first time the username and password is put into sharedstate . Now when I fwd the user to sso2 application , MyLoginModule again comes into action , the 'if' part of the code is executed but the
this.sharedState.get("javax.security.auth.login.name") or this.sharedState.get("javax.security.auth.login.password") returns null .
I have configured the jboss-web.xml also in respective webapps.
| <jboss-web>
| <security-domain>java:/jaas/LoginModule1</security-domain>
| <context-root>/sso1</context-root>
| </jboss-web
|
| <jboss-web>
| <security-domain>java:/jaas/LoginModule2</security-domain>
| <context-root>/sso2</context-root>
| </jboss-web
Also server.xml is configured properly
| <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
Any idea whats failing ?
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4244101#4244101
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4244101
More information about the jboss-user
mailing list