[JBoss JIRA] (GTNSSO-9) [OpenAM] Cannot login in real practice (deploy GateIn and OpenAM server on 2 different machine)
9:43 p.m.
Khoi Nguyen created GTNSSO-9:
--------------------------------
Summary: [OpenAM] Cannot login in real practice (deploy GateIn and OpenAM
server on 2 different machine)
Key: GTNSSO-9
URL: https://issues.jboss.org/browse/GTNSSO-9
Project: GateIn SSO
Issue Type: Bug
Reporter: Khoi Nguyen
OpenAM integration is successful if OpenAM and Portal Server are same IP Address
(localhost with different port such mentioned in document), however, when I deployed them
on 2 server, integration couldn't work.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
9:58 p.m.
[
https://issues.jboss.org/browse/GTNSSO-9?page=com.atlassian.jira.plugin.s...
]
Khoi Nguyen commented on GTNSSO-9:
----------------------------------
If I understand well, authentication workflow will be as following:
# I have 2 servers A (IP a.a.a.a.) and B (IP b.b.b.b), setup OpenAM on A and Portal on B
# Go to portal by http://b.b.b.b/portal/sso, it should be redirect me to OpenAm
authentication page at http://a.a.a.a/openam
# After login on OpenAM server successfully, OpenAM put a cookie named iPlanetDirectoryPro
into browser with domain is openam server name (a.a.a.a in this case)
# OpenAM redirect authenticated user to Portal login process endpoint
(http://b.b.b.b/portal/initiatessologin in this case), this endpoint validates the ticket
sent by OpenAM server (see OpenSSOAgent#validateTicket) and get token from cookie ==>
*PROBLEM IS FOUND AT HERE*
All cookies in request have domain b.b.b.b (Portal domain), while iPlanetDirectoryPro has
a.a.a.a domain, that mean the filter is unable to obtain the token set by OpenAM, and
authentication process is stopped here
[OpenAM] Cannot login in real practice (deploy GateIn and OpenAM
server on 2 different machine)
-----------------------------------------------------------------------------------------------
Key: GTNSSO-9
URL: https://issues.jboss.org/browse/GTNSSO-9
Project: GateIn SSO
Issue Type: Bug
Reporter: Khoi Nguyen
OpenAM integration is successful if OpenAM and Portal Server are same IP Address
(localhost with different port such mentioned in document), however, when I deployed them
on 2 server, integration couldn't work.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
5:28 a.m.
[
https://issues.jboss.org/browse/GTNSSO-9?page=com.atlassian.jira.plugin.s...
]
Marek Posolda reassigned GTNSSO-9:
----------------------------------
Assignee: Marek Posolda
[OpenAM] Cannot login in real practice (deploy GateIn and OpenAM
server on 2 different machine)
-----------------------------------------------------------------------------------------------
Key: GTNSSO-9
URL: https://issues.jboss.org/browse/GTNSSO-9
Project: GateIn SSO
Issue Type: Bug
Reporter: Khoi Nguyen
Assignee: Marek Posolda
OpenAM integration is successful if OpenAM and Portal Server are same IP Address
(localhost with different port such mentioned in document), however, when I deployed them
on 2 server, integration couldn't work.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
4:23 a.m.
[
https://issues.jboss.org/browse/GTNSSO-9?page=com.atlassian.jira.plugin.s...
]
Marek Posolda updated GTNSSO-9:
-------------------------------
Fix Version/s: 1.1.2-Beta01
Affects Version/s: 1.1.1-GA
[OpenAM] Cannot login in real practice (deploy GateIn and OpenAM
server on 2 different machine)
-----------------------------------------------------------------------------------------------
Key: GTNSSO-9
URL: https://issues.jboss.org/browse/GTNSSO-9
Project: GateIn SSO
Issue Type: Bug
Affects Versions: 1.1.1-GA
Reporter: Khoi Nguyen
Assignee: Marek Posolda
Fix For: 1.1.2-Beta01
OpenAM integration is successful if OpenAM and Portal Server are same IP Address
(localhost with different port such mentioned in document), however, when I deployed them
on 2 server, integration couldn't work.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
4:27 a.m.
[
https://issues.jboss.org/browse/GTNSSO-9?page=com.atlassian.jira.plugin.s...
]
Marek Posolda updated GTNSSO-9:
-------------------------------
Attachment: openam_cdc_doc.txt
[OpenAM] Cannot login in real practice (deploy GateIn and OpenAM
server on 2 different machine)
-----------------------------------------------------------------------------------------------
Key: GTNSSO-9
URL: https://issues.jboss.org/browse/GTNSSO-9
Project: GateIn SSO
Issue Type: Bug
Affects Versions: 1.1.1-GA
Reporter: Khoi Nguyen
Assignee: Marek Posolda
Fix For: 1.1.2-Beta01
Attachments: openam_cdc_doc.txt
OpenAM integration is successful if OpenAM and Portal Server are same IP Address
(localhost with different port such mentioned in document), however, when I deployed them
on 2 server, integration couldn't work.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
4:29 a.m.
[
https://issues.jboss.org/browse/GTNSSO-9?page=com.atlassian.jira.plugin.s...
]
Marek Posolda resolved GTNSSO-9.
--------------------------------
Resolution: Done
Issue is resolved and fix is available in SSO 1.1.2-Beta01 released today. Please look at
instructions in attached file and verify if it works correctly for you. I am going to add
instructions into GateIn Reference Guide as well.
[OpenAM] Cannot login in real practice (deploy GateIn and OpenAM
server on 2 different machine)
-----------------------------------------------------------------------------------------------
Key: GTNSSO-9
URL: https://issues.jboss.org/browse/GTNSSO-9
Project: GateIn SSO
Issue Type: Bug
Affects Versions: 1.1.1-GA
Reporter: Khoi Nguyen
Assignee: Marek Posolda
Fix For: 1.1.2-Beta01
Attachments: openam_cdc_doc.txt
OpenAM integration is successful if OpenAM and Portal Server are same IP Address
(localhost with different port such mentioned in document), however, when I deployed them
on 2 server, integration couldn't work.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
4466
days inactive
4477
days old
5 comments
2 participants
participants (2)
-
Khoi Nguyen (JIRA) -
Marek Posolda (JIRA)