Author: thomas.heute(a)jboss.com
Date: 2009-11-30 16:09:55 -0500 (Mon, 30 Nov 2009)
New Revision: 875
Added:
portal/trunk/docs/reference-guide/en/modules/SSO.xml
Removed:
portal/trunk/docs/reference-guide/en/modules/_archive/
portal/trunk/docs/reference-guide/en/modules/_orphans/
portal/trunk/docs/reference-guide/en/modules/account/
portal/trunk/docs/reference-guide/en/modules/gadgetsAdmin/
portal/trunk/docs/reference-guide/en/modules/language/
portal/trunk/docs/reference-guide/en/modules/portal/
portal/trunk/docs/reference-guide/en/modules/portletsUser/
portal/trunk/docs/reference-guide/en/modules/security/
portal/trunk/docs/reference-guide/en/modules/terms/
Log:
oups
Added: portal/trunk/docs/reference-guide/en/modules/SSO.xml
===================================================================
--- portal/trunk/docs/reference-guide/en/modules/SSO.xml (rev 0)
+++ portal/trunk/docs/reference-guide/en/modules/SSO.xml 2009-11-30 21:09:55 UTC (rev
875)
@@ -0,0 +1,173 @@
+<!--
+
+ Copyright (C) 2009 eXo Platform SAS.
+
+ This is free software; you can redistribute it and/or modify it
+ under the terms of the GNU Lesser General Public License as
+ published by the Free Software Foundation; either version 2.1 of
+ the License, or (at your option) any later version.
+
+ This software is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this software; if not, write to the Free
+ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+
+-->
+
+<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook V4.4//EN"
"http://www.oasis-open.org/docbook/sgml/4.4/docbookx.dtd">
+<chapter>
+<title>Single Sign On</title>
+
+ <section>
+ <title>Overview of SSO</title>
+ <para>Portal as an integration and aggregation platform provides some form
of SSO by itself. When you log into
+ the portal you gain access to many systems through portlets using a single
identity. Still in many cases you
+ need to integrate the portal infrastructure with other SSO enabled systems. There
are many different Identity Management
+ solutions on the market. In most cases each SSO framework provides its own way to
plug into Java EE application.
+ </para>
+ </section>
+
+ <section>
+ <title>CAS - Central Authentication Service</title>
+ <para>This Single Sign On plugin enables seamless integration between GateIn
Portal and the CAS Single Sign On Framework.
+ Details about CAS can be found <ulink
url="http://www.ja-sig.org/products/cas/">here</ulink>
+ </para>
+ <section>
+ <title>Integration</title>
+ <section>
+ <title>From source</title>
+ <itemizedlist>
+ <listitem>
+ <para>
+ Check out the GateIn SSO component from SVN using the following command:
+ <programlisting>
+ <![CDATA[
+svn co
http://anonsvn.jboss.org/repos/gatein/components/sso/tags/<appropriate sso
component version>
+ ]]>
+ </programlisting>
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Update <emphasis>packaging/profiles.xml</emphasis> to reflect
the directories where your local JBoss AS 5.1.0.GA and Tomcat 6.0.2 are installed
+ </para>
+ </listitem>
+ </itemizedlist>
+ </section>
+ <section>
+ <title>Install CAS plugin into a designated CAS (3.3.4)
server</title>
+ <itemizedlist>
+ <listitem>
+ <para>
+ <programlisting>
+ <![CDATA[
+ mvn -Pplugin-cas-install install
+ ]]>
+ </programlisting>
+ </para>
+ </listitem>
+ </itemizedlist>
+ </section>
+ <section>
+ <title>Install CAS GateIn Agent into the designated GateIn
server</title>
+ <itemizedlist>
+ <listitem>
+ <para>
+ <programlisting>
+ <![CDATA[
+ mvn -Pgatein-cas-install install
+ ]]>
+ </programlisting>
+ </para>
+ </listitem>
+ </itemizedlist>
+ </section>
+ </section>
+ <section>
+ <title>CAS Server Plugin Configuration</title>
+ <para>
+ The CAS Server Plugin makes secure authentication callbacks to a RESTful service
installed on the remote GateIn server in order to authenticate a user.
+ In order for the plugin to function correctly, it needs to be properly
configured to connect to this service. This configuration is done via the
+ <emphasis>cas.war/WEB-INF/deployerConfigContext.xml</emphasis>
file.
+ </para>
+ <para>
+ <programlisting>
+ <![CDATA[
+ <!--
+ Note: Modify the Plugin Configuration based on the actual information of a GateIn
instance.
+ The instance can be anywhere on the internet...Not on localhost where CAS is
running
+ -->
+ <bean class="org.gatein.sso.cas.plugin.AuthenticationPlugin">
+ <property
name="gateInHost"><value>localhost</value></property>
+ <property
name="gateInPort"><value>8080</value></property>
+ <property
name="gateInContext"><value>portal</value></property>
+ </bean>
+ ]]>
+ </programlisting>
+ </para>
+ </section>
+ <section>
+ <title>GateIn Agent Configuration</title>
+ <para>
+ In a Single Sign On usecase, the GateIn server re-directs all
"private" resource requests to the CAS server for authentication first. The CAS
server can be
+ located anywhere on the Internet, and this information must be properly
configured within the GateIn instance. This configuration needs to be done in 3 files
+ <itemizedlist>
+ <listitem>
+
<emphasis>gatein.ear/02portal.war/groovy/portal/webui/UILoginForm.gtmpl</emphasis>
+ <para>
+ <programlisting>
+ <![CDATA[
+ <script>
+ <%=uicomponent.event("Close");%>
+ window.location =
'http://localhost:8888/cas/login?service=http://localhost:8080/portal/private/classic';
+ </script>
+ ]]>
+ </programlisting>
+ </para>
+ </listitem>
+ <listitem>
+ <emphasis>gatein.ear/02portal.war/login/jsp/login.jsp</emphasis>
+ <para>
+ <programlisting>
+ <![CDATA[
+ <html>
+ <head>
+ <script type="text/javascript">
+ window.location =
'http://localhost:8888/cas/login?service=http://localhost:8080/portal/private/classic';
+ </script>
+ </head>
+ <body>
+ </body>
+ </html>
+ ]]>
+ </programlisting>
+ </para>
+ </listitem>
+ <listitem>
+ <emphasis>gatein.ear/02portal.war/WEB-INF/web.xml</emphasis>
+ <para>
+ <programlisting>
+ <![CDATA[
+ <servlet>
+ <servlet-name>InitiateLoginServlet</servlet-name>
+ <servlet-class>org.gatein.sso.agent.GenericSSOAgent</servlet-class>
+ <init-param>
+ <param-name>casServerUrl</param-name>
+ <param-value>http://localhost:8888/cas</param-value>
+ </init-param>
+ </servlet>
+ ]]>
+ </programlisting>
+ </para>
+ </listitem>
+ </itemizedlist>
+ </para>
+
+ </section>
+ </section>
+</chapter>
\ No newline at end of file