Author: sohil.shah(a)jboss.com Date: 2009-11-19 13:14:17 -0500 (Thu, 19 Nov 2009) New Revision: 693 Added: portal/trunk/docs/user-guide/en/modules/SSO.xml Modified: portal/trunk/docs/user-guide/ portal/trunk/docs/user-guide/en/master.xml Log: adding sso component chapter Property changes on: portal/trunk/docs/user-guide ___________________________________________________________________ Name: svn:ignore - *.iml .idea + *.iml .idea target Modified: portal/trunk/docs/user-guide/en/master.xml =================================================================== --- portal/trunk/docs/user-guide/en/master.xml 2009-11-19 17:33:42 UTC (rev 692) +++ portal/trunk/docs/user-guide/en/master.xml 2009-11-19 18:14:17 UTC (rev 693) @@ -118,6 +118,9 @@ <!-- Gadgets --> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="modules/Gadgets.xml" /> + + <!-- Single Sign On --> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="modules/SSO.xml" /> <!-- Added: portal/trunk/docs/user-guide/en/modules/SSO.xml =================================================================== --- portal/trunk/docs/user-guide/en/modules/SSO.xml (rev 0) +++ portal/trunk/docs/user-guide/en/modules/SSO.xml 2009-11-19 18:14:17 UTC (rev 693) @@ -0,0 +1,173 @@ +<!-- + + Copyright (C) 2009 eXo Platform SAS. + + This is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as + published by the Free Software Foundation; either version 2.1 of + the License, or (at your option) any later version. + + This software is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this software; if not, write to the Free + Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + 02110-1301 USA, or see the FSF site: http://www.fsf.org. + +--> + +<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook V4.4//EN" "http://www.oasis-open.org/docbook/sgml/4.4/docbookx.dtd"> +<chapter> +<title>Single Sign On</title> + + <section> + <title>Overview of SSO</title> + <para>Portal as an integration and aggregation platform provides some form of SSO by itself. When you log into + the portal you gain access to many systems through portlets using a single identity. Still in many cases you + need to integrate the portal infrastructure with other SSO enabled systems. There are many different Identity Management + solutions on the market. In most cases each SSO framework provides its own way to plug into Java EE application. + </para> + </section> + + <section> + <title>CAS - Central Authentication Service</title> + <para>This Single Sign On plugin enables seamless integration between GateIn Portal and the CAS Single Sign On Framework. + Details about CAS can be found <ulink url="http://www.ja-sig.org/products/cas/">here</ulink> + </para> + <section> + <title>Integration</title> + <section> + <title>From source</title> + <itemizedlist> + <listitem> + <para> + Check out the GateIn SSO component from SVN using the following command: + <programlisting> + <![CDATA[ +svn co http://anonsvn.jboss.org/repos/gatein/components/sso/tags/<appropriate sso component version> + ]]> + </programlisting> + </para> + </listitem> + <listitem> + <para> + Update <emphasis>packaging/profiles.xml</emphasis> to reflect the directories where your local JBoss AS 5.1.0.GA and Tomcat 6.0.2 are installed + </para> + </listitem> + </itemizedlist> + </section> + <section> + <title>Install CAS plugin into a designated CAS (3.3.4) server</title> + <itemizedlist> + <listitem> + <para> + <programlisting> + <![CDATA[ + mvn -Pplugin-cas-install install + ]]> + </programlisting> + </para> + </listitem> + </itemizedlist> + </section> + <section> + <title>Install CAS GateIn Agent into the designated GateIn server</title> + <itemizedlist> + <listitem> + <para> + <programlisting> + <![CDATA[ + mvn -Pgatein-cas-install install + ]]> + </programlisting> + </para> + </listitem> + </itemizedlist> + </section> + </section> + <section> + <title>CAS Server Plugin Configuration</title> + <para> + The CAS Server Plugin makes secure authentication callbacks to a RESTful service installed on the remote GateIn server in order to authenticate a user. + In order for the plugin to function correctly, it needs to be properly configured to connect to this service. This configuration is done via the + <emphasis>cas.war/WEB-INF/deployerConfigContext.xml</emphasis> file. + </para> + <para> + <programlisting> + <![CDATA[ + <!-- + Note: Modify the Plugin Configuration based on the actual information of a GateIn instance. + The instance can be anywhere on the internet...Not on localhost where CAS is running + --> + <bean class="org.gatein.sso.cas.plugin.AuthenticationPlugin"> + <property name="gateInHost"><value>localhost</value></property> + <property name="gateInPort"><value>8080</value></property> + <property name="gateInContext"><value>portal</value></property> + </bean> + ]]> + </programlisting> + </para> + </section> + <section> + <title>GateIn Agent Configuration</title> + <para> + In a Single Sign On usecase, the GateIn server re-directs all "private" resource requests to the CAS server for authentication first. The CAS server can be + located anywhere on the Internet, and this information must be properly configured within the GateIn instance. This configuration needs to be done in 3 files + <itemizedlist> + <listitem> + <emphasis>gatein.ear/02portal.war/groovy/portal/webui/UILoginForm.gtmpl</emphasis> + <para> + <programlisting> + <![CDATA[ + <script> + <%=uicomponent.event("Close");%> + window.location = 'http://localhost:8888/cas/login?service=http://localhost:8080/portal/private/classic'; + </script> + ]]> + </programlisting> + </para> + </listitem> + <listitem> + <emphasis>gatein.ear/02portal.war/login/jsp/login.jsp</emphasis> + <para> + <programlisting> + <![CDATA[ + <html> + <head> + <script type="text/javascript"> + window.location = 'http://localhost:8888/cas/login?service=http://localhost:8080/portal/private/classic'; + </script> + </head> + <body> + </body> + </html> + ]]> + </programlisting> + </para> + </listitem> + <listitem> + <emphasis>gatein.ear/02portal.war/WEB-INF/web.xml</emphasis> + <para> + <programlisting> + <![CDATA[ + <servlet> + <servlet-name>InitiateLoginServlet</servlet-name> + <servlet-class>org.gatein.sso.agent.GenericSSOAgent</servlet-class> + <init-param> + <param-name>casServerUrl</param-name> + <param-value>http://localhost:8888/cas</param-value> + </init-param> + </servlet> + ]]> + </programlisting> + </para> + </listitem> + </itemizedlist> + </para> + + </section> + </section> +</chapter> \ No newline at end of file