Impersonation in GateIn Portal
by Marek Posolda
Hi all,
We've been requested several times by our users/customers to add
"impersonation" feature.
It may be useful for portal administrator to have possibility to
temporary login as another user without knowing his password. For
example: User /root/ wants to verify that user /mary/ really doesn't
have permission to see page X or portlet Y on page Z.
I've added specification page here
https://community.jboss.org/wiki/ImpersonationInGateInPortal . Feel free
to provide feedback here or in comments of specification.
Have a nice weekend!
Marek
11 years, 7 months
problem when config SAML2 with google and saleforce
by Tuyen The Nguyen
Hi all,
I'm configuring SSO for gatein 3.5 with google and salefore use SAML2
protocol.
I follow by three docs:
https://docs.jboss.org/author/display/GTNPORTAL35/SAML2
https://docs.jboss.org/author/display/PLINK/Picketlink+as+IDP,+Salesforce...
https://docs.jboss.org/author/display/PLINK/Picketlink+as+IDP,+Google+App...
When i try to login to google, it redirect to IDP (use gatein) and login
success, but when redirect back to google, i meet error "google could not
parse the login request" and i can't login.
I see an exception on console of gatein:
16:26:01,844 ERROR [org.picketlink.identity.federation]
(http-www.idp.com-127.0.0.1-8080-7) PLFED000253: Exception in processing
request: java.lang.IllegalStateException: PLFED000058: KeyStoreKeyManager :
Domain Alias missing for : 127.0.0.1
at
org.picketlink.identity.federation.PicketLinkLoggerImpl.keyStoreMissingDomainAlias(PicketLinkLoggerImpl.java:183)
at
org.picketlink.identity.federation.core.impl.KeyStoreKeyManager.getValidatingKey(KeyStoreKeyManager.java:196)
at
org.picketlink.identity.federation.core.util.CoreConfigUtil.getValidatingKey(CoreConfigUtil.java:140)
at
org.picketlink.identity.federation.bindings.tomcat.idp.AbstractIDPValve.getIssuerPublicKey(AbstractIDPValve.java:683)
at
org.picketlink.identity.federation.bindings.tomcat.idp.AbstractIDPValve.processSAMLRequestMessage(AbstractIDPValve.java:545)
at
org.gatein.sso.saml.plugin.valve.PortalIDPWebBrowserSSOValve.invoke(PortalIDPWebBrowserSSOValve.java:255)
[sso-saml-plugin-1.3.1.Final.jar:1.3.1.Final]
at
org.gatein.sso.integration.SSODelegateValve.invoke(SSODelegateValve.java:155)
[sso-integration-1.3.1.Final.jar:1.3.1.Final]
at
org.gatein.portal.security.jboss.PortalClusteredSSOSupportValve.invoke(PortalClusteredSSOSupportValve.java:88)
[exo.portal.component.web.security-jboss-3.5.7.Final-SNAPSHOT.jar:3.5.7.Final-SNAPSHOT]
at
org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153)
[jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)
[jbossweb-7.0.13.Final.jar:]
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
[jbossweb-7.0.13.Final.jar:]
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
[jbossweb-7.0.13.Final.jar:]
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)
[jbossweb-7.0.13.Final.jar:]
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877)
[jbossweb-7.0.13.Final.jar:]
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671)
[jbossweb-7.0.13.Final.jar:]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930)
[jbossweb-7.0.13.Final.jar:]
at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_45]
*Is there any one know how to fix this problem?*
Tuyen Nguyen The.
11 years, 11 months
Picket Link and Org Service TCK alignment
by Julien Viet
Hi,
recently we worked on making the eXo Core OrganizationService TCK implemented for the picket link implementation. (I think it was not implemented because the TCK came after the PL implementation and then nobody was aware that it was kind of existing, anyway better late than never…)
We came through a few conflicting behavior between what the TCK defines and the original PL implementation testsuite:
1/ testRemoveGroup(org.exoplatform.services.tck.organization.TestGroupHandler)
conflict between TCK and PL test when removing a group having at least 1 child
+ TCK assumes an exception is thrown
+ PL assumes this group will be removed and its children will be removed too
2/ testFindUserProfileByName(org.exoplatform.services.tck.organization.TestUserProfileHandler): Expected: <null> but was: org.exoplatform.services.organization.impl.UserProfileImpl@40773f4b
conflict between TCK and PL test when a non existing user profile of existing user is searched via find:
+ TCK suppose null is returned
+ PL suppose an empty profile is returned
3/
- testFindUsersByQuery(org.exoplatform.services.tck.organization.TestUserHandler): expected:<1> but was:<0>
- testFindUsers(org.exoplatform.services.tck.organization.TestUserHandler): expected:<1> but was:<0>
In method: UserHandler#findUsersByQuery(Query query)
TCK suppose that case sensitivity does not matter in a search user but PicketLink implementation is case sensitive
somehow we need to make this consistent.
Our take is that we should align Picket Link with the TCK.
Comments are open.
cheers
Julien
11 years, 11 months
GateIn 4 on Wildfly / AS
by Julien Viet
Hi All,
we plan to release the first GateIn 4 milestone within a couple of months and it would be awesome to release a Wildfly version as well as the Tomcat version.
I think such integration needs less work than the current GateIn 3.x integration as:
1/ the whole portal and classes is contained within a single war file
2/ the only shared jars are the portlet.jar and perhaps the wci jar
3/ portlet deployment is achieved through wci
Is there someone volunteering for doing this ?
11 years, 11 months
Any pending changes for gatein_objects XSD?
by Peter Palaga
Hi *,
I need to create a new version of gatein_objects XSD because of
GTNPORTAL-3263 "Restricted" page editor.
Does anybody have any changes that should go there so that we do not
make more public versions of gatein_objects than necessary?
Thanks,
Peter
11 years, 12 months
