[JBoss JIRA] Created: (GTNPORTAL-1048) GateIn+SSO integration: IdentityException thrown in special case when HTTP session expire
by Marek Posolda (JIRA)
GateIn+SSO integration: IdentityException thrown in special case when HTTP session expire
-----------------------------------------------------------------------------------------
Key: GTNPORTAL-1048
URL: https://jira.jboss.org/jira/browse/GTNPORTAL-1048
Project: GateIn Portal
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Identity integration
Affects Versions: 3.0.0-GA
Environment: GateIn trunk (revision 2479) with JBoss 5.1.0,
Picketlink IDM version: 1.1.2.CR01,
JOSSO 1.8.1 +Tomcat bundle integrated with GateIn and running on localhost:8888,
Reporter: Marek Posolda
I have GateIn configured with OpenSSO according to instructions in reference guide. And going throught this scenario:
1) Go to http://localhist:8080/portal
2) Click to "sign in" and login as root with OpenSSO console. User is redirected back to GateIn and correctly logged
3) Wait 5 minutes (Assumption is that session expiration is configured to be 1 minute in gatein.ear/02portal.war/WEB-INF/web.xml)
4) Go to http://localhost:8080/portal/private/classic . Now I should be logged directly into GateIn because of SSO cookie. And I am really is logged but I am not seeing user full name (see attached screenshot). And exception is in server log (IdentityObjectType[USER] not present in the store. Caused by: org.hibernate.HibernateException: createCriteria is not valid without active transaction) Full exception is in server log.
I tried to debug and I founded that Hibernate transaction is not started when calling orgService.getUserHandler().findUserByName(state.getIdentity().getUserId() from CacheUserProfileFilter. It doesn't occur during normal user login because User object is cached in PersistenceManagerImpl.findUser(). But problem occur when User is not cached when findUserByName is called from CacheUserProfileFilter.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
14 years, 1 month
[JBoss JIRA] Created: (GTNPORTAL-991) GateIn+SSO integration: Documentation issues
by Marek Posolda (JIRA)
GateIn+SSO integration: Documentation issues
--------------------------------------------
Key: GTNPORTAL-991
URL: https://jira.jboss.org/jira/browse/GTNPORTAL-991
Project: GateIn Portal
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Documentation
Affects Versions: 3.0.0-GA
Environment: GateIn-3.0.0-GA with JBoss 5.1.0,
Reference guide - chapter 3 (SSO - Single Sign On). I used reference guide built from trunk (revision 2305)
Reporter: Marek Posolda
Assignee: Luc Texier
After some fight, I did successfull manual integration of GateIn-3.0.0-GA with CAS, JOSSO and OpenSSO. I did integration with GateIn+JBoss 5.1 and particular SSO framework on Tomcat 6.0.18.
I used instructions in reference guide but I need to do couple of additional steps to complete successfull integration (I mean that all things are not mentioned in referemce guide). I also founded some other problems in reference guide so I am attaching all founded problems and potential confusions in document in attachement.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
14 years, 2 months
[JBoss JIRA] Created: (GTNPORTAL-995) OpenSSO integration issues
by Marek Posolda (JIRA)
OpenSSO integration issues
--------------------------
Key: GTNPORTAL-995
URL: https://jira.jboss.org/jira/browse/GTNPORTAL-995
Project: GateIn Portal
Issue Type: Sub-task
Security Level: Public (Everyone can see)
Components: Documentation
Affects Versions: 3.0.0-GA
Environment: GateIn-3.0.0-GA + JBoss 5.1 bundle,
OpenSSO 8.0 on Tomcat 6.0.18, OpenSSO 8.0-Update1 on Tomcat 6.0.18 ( I tried both),
Reporter: Marek Posolda
Assignee: Luc Texier
OpenSSO integration was most problematic and I was not able to integrate without doing any additional steps in my environment.
So here it is. I did this in clean environment:
- I deployed OpenSSO 8.0-update1 to Tomcat 6.0.18,
- I did all instructions in reference guide - section 3.4
- I created "Default configuration" when I first accessed http://localhost:8888/opensso
Even if I did this I didn't have gatein realm in my OpenSSO and I was not able to use authentication module called „AuthenticationPlugin" which is used to GateIn authentication. So I also did these steps:
1) Login to OpenSSO as amadmin and then go to tab "Configuration" -> tab "Authentication" -> link "Core" -> add new value and I fill the class "org.gatein.sso.opensso.plugin.AuthenticationPlugin". This step is really important. Without it is AuthenticationPlugin not available among other OpenSSO authentication modules.
2) Go to tab "Access control" and create new realm called "gatein".
3) Go to my gatein realm and click to tab "Authentication". And click to "ldapService" at the bottom of the page in section Authentication chaining. Then I change "Datastore", which is default module in authentication chain, to "AuthenticationPlugin". This enable authentication of realm "gatein" with GateIn REST service and not with OpenSSO LDAP server.
4) In authentication of realm "gatein" - I went to "Advanced properties" and I changed UserProfile from "Required" to "Dynamic". This step is needed because gatein users are not in OpenSSO Datastore (LDAP server) and so their profile can't be obtained if "Required" is active. With using of "Dynamic" are all authenticated users automatically created to OpenSSO datastore after successfull authentication.
5) User privileges needs to be increased in OpenSSO. Otherwise method org.gatein.sso.agent.opensso.OpenSSOAgent.getSubject will fail in GateIn when obtaining data from OpenSSO RESTful interface due to insufficient privileges.
So in OpenSSO console, I went to "Access control" -> Top level realm -> "Privileges" tab -> All authenticated users -> Check last two checkboxes:
- Read and write access only for policy properties
- Read and write access to all realm and policy properties
I did the same for both top level realm and gatein realm.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
14 years, 2 months