12:40 p.m.
WebAuthentication:Generate a SSOID
----------------------------------
Key: JBAS-4424
URL: http://jira.jboss.com/jira/browse/JBAS-4424
Project: JBoss Application Server
Issue Type: Task
Security Level: Public (Everyone can see)
Components: Security, Web (Tomcat) service
Affects Versions: JBossAS-4.2.0.GA
Reporter: Anil Saldhana
Assigned To: Anil Saldhana
Fix For: JBossAS-4.2.1.CR1
http://wiki.jboss.org/wiki/Wiki.jsp?page=WebAuthentication
The feature needs to implement the sso stuff if it is desired by the user. At the least,
ssoid needs to be generated and set on the session.
The ssoid generation logic exists in AuthenticatorBase.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
10:09 a.m.
New subject: [JBoss JIRA] Assigned: (JBAS-4424) WebAuthentication:Generate a SSOID
[ http://jira.jboss.com/jira/browse/JBAS-4424?page=all ]
Anil Saldhana reassigned JBAS-4424:
-----------------------------------
Assignee: Stefan Guilhen (was: Anil Saldhana)
WebAuthentication:Generate a SSOID
----------------------------------
Key: JBAS-4424
URL: http://jira.jboss.com/jira/browse/JBAS-4424
Project: JBoss Application Server
Issue Type: Task
Security Level: Public(Everyone can see)
Components: Web (Tomcat) service, Security
Affects Versions: JBossAS-4.2.0.GA
Reporter: Anil Saldhana
Assigned To: Stefan Guilhen
http://wiki.jboss.org/wiki/Wiki.jsp?page=WebAuthentication
The feature needs to implement the sso stuff if it is desired by the user. At the least,
ssoid needs to be generated and set on the session.
The ssoid generation logic exists in AuthenticatorBase.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
6:09 p.m.
New subject: [JBoss JIRA] Commented: (JBAS-4424) WebAuthentication:Generate a SSOID
[ http://jira.jboss.com/jira/browse/JBAS-4424?page=comments#action_12381884 ]
Stefan Guilhen commented on JBAS-4424:
--------------------------------------
I'm implementing the SSO functionality pretty much like the AuthenticatorBase, by
delegating the SSO operations to the SingleSignOn valve. However, the methods that we must
invoke (register, update, associate) are protected in the SingleSignOn class. I've
started a discussion on the forums
(http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4094309#...), and my
first idea is to relax the SingleSignOn method's access to public in JBossWeb.
WebAuthentication:Generate a SSOID
----------------------------------
Key: JBAS-4424
URL: http://jira.jboss.com/jira/browse/JBAS-4424
Project: JBoss Application Server
Issue Type: Task
Security Level: Public(Everyone can see)
Components: Web (Tomcat) service, Security
Affects Versions: JBossAS-4.2.0.GA
Reporter: Anil Saldhana
Assigned To: Stefan Guilhen
http://wiki.jboss.org/wiki/Wiki.jsp?page=WebAuthentication
The feature needs to implement the sso stuff if it is desired by the user. At the least,
ssoid needs to be generated and set on the session.
The ssoid generation logic exists in AuthenticatorBase.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
2:50 p.m.
New subject: [JBoss JIRA] Commented: (JBAS-4424) WebAuthentication:Generate a SSOID
[ http://jira.jboss.com/jira/browse/JBAS-4424?page=comments#action_12385404 ]
Stefan Guilhen commented on JBAS-4424:
--------------------------------------
The SSO cookie is now generated by the WebAuthentication class as part of the login
process when a SSO valve has been set in the jboss-web.deployer/server.xml. On Branch_4_2,
the org.jboss.web.tomcat.security.ExtendedSingleSignOn valve has to be used instead of the
standard SingleSignOn valve, because the ExtendedSSO valve exposes some of the SSO methods
as public, allowing the WebAuthentication to delegate sso behaviour to the proper valve.
As no upgrade of the jbossweb is planned for Branch_4_2, we had to come up with this
workaround. The SSO behaviour of the WebAuthentication has been tested on Branch_4_2, and
the code has already been commited.
This new valve is not necessary on Trunk, as Remy is setting the necessary methods to
public on SingleSignOn valve. Version 2.1.0.CR7 of jbossweb already sets some of the
methods to public but one of them (update) still needs to be changed. As soon as we have
the changes we need, I'll test this implementation on Trunk using the standard SSO
valve, commit, and resolve the issue.
WebAuthentication:Generate a SSOID
----------------------------------
Key: JBAS-4424
URL: http://jira.jboss.com/jira/browse/JBAS-4424
Project: JBoss Application Server
Issue Type: Task
Security Level: Public(Everyone can see)
Components: Web (Tomcat) service, Security
Affects Versions: JBossAS-4.2.0.GA
Reporter: Anil Saldhana
Assigned To: Stefan Guilhen
http://wiki.jboss.org/wiki/Wiki.jsp?page=WebAuthentication
The feature needs to implement the sso stuff if it is desired by the user. At the least,
ssoid needs to be generated and set on the session.
The ssoid generation logic exists in AuthenticatorBase.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
2:09 p.m.
New subject: [JBoss JIRA] Closed: (JBAS-4424) WebAuthentication:Generate a SSOID
[ http://jira.jboss.com/jira/browse/JBAS-4424?page=all ]
Stefan Guilhen closed JBAS-4424.
--------------------------------
Fix Version/s: JBossAS-5.0.0.Beta3
JBossAS-4.2.3.GA
Resolution: Done
The necessary coded has been added to WebAuthentication, and the wiki page has been
updated to show how to make use of the SSO token generation capabilities.
WebAuthentication:Generate a SSOID
----------------------------------
Key: JBAS-4424
URL: http://jira.jboss.com/jira/browse/JBAS-4424
Project: JBoss Application Server
Issue Type: Task
Security Level: Public(Everyone can see)
Components: Web (Tomcat) service, Security
Affects Versions: JBossAS-4.2.0.GA
Reporter: Anil Saldhana
Assigned To: Stefan Guilhen
Fix For: JBossAS-5.0.0.Beta3, JBossAS-4.2.3.GA
http://wiki.jboss.org/wiki/Wiki.jsp?page=WebAuthentication
The feature needs to implement the sso stuff if it is desired by the user. At the least,
ssoid needs to be generated and set on the session.
The ssoid generation logic exists in AuthenticatorBase.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
6241
days inactive
6450
days old
4 comments
2 participants
participants (2)
-
Anil Saldhana (JIRA) -
Stefan Guilhen (JIRA)