[Security & JAAS/JBoss] - Re: Jboss SSO Web Application
by sohil.shahï¼ jboss.com
Basically, when a user is authenticated on WebApplication A, the only way WebApplication B can tell is through what we call a SAML token that is propagated in the form of a http cookie.
Now, if you wish to do authentication in a non-JAAS way still using the LoginProvider, you will have to write the plumbing for creating/processing this SSO SAML token in your web application, without which SSO wont happen between apps.
If you use the JAAS module, this token management is automatically provided by the framework so your application does not even know that its part of a SSO Federation. SSO happens automagically.
This is done using the SSO valves that you configure in your context.xml found in components/jboss_sso_tomcat5.
The valves obviuosly cannot be written to accomodate custom authentication usecases, hence they have to stick to the J2EE authentication standard which is JAAS.
I am sure you can look at the code in the valves and replicate it at the application level for your custom login mechanism.
Thanks
Sohil
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3982556#3982556
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3982556
19Â years, 6Â months
[JNDI/Naming/Network] - NameNotFoundException:(jndi name) not bound
by kalaimathi
hi,
im using jboss4.0.1 with MyEclipse3.0.8.
im trying to configure jboss with db2 and also looking up jndi name..
for this i did some of the procedures.
in db2-ds.xml i mapped as
<local-tx-datasource>
<jndi-name>DB2DS</jndi-name>
<connection-url>jdbc:db2://thapovan1:50000/EMPLOYEE</connection-url>
<driver-class>COM.ibm.db2.jdbc.DB2Driver</driver-class>
<user-name>administrator</user-name>
thapovan
<min-pool-size>0</min-pool-size>
<type-mapping>DB2</type-mapping>
</local-tx-datasource>
In login-config.xml file i mapped as
<application-policy name = "DB2DbRealm">
<login-module code ="org.jboss.resource.security.ConfiguredIdentityLoginModule"
flag = "required">
<module-option name = "principal"></module-option>
<module-option name = "userName"></module-option>
<module-option name = "password"></module-option>
<module-option name ="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DB2DS
</module-option>
</login-module>
</application-policy>
In jboss-web.xml i mapped as
<jboss-web>
<resource-ref>
<res-ref-name>DB2DS</res-ref-name>
<jndi-name>java:DB2DS</jndi-name>
</resource-ref>
</jboss-web>
In web.xml
<web-app>
<resource-ref>
DB Connection
<res-ref-name>DB2DS</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
</web-app>
and finally in my java code im looking up jndi name as
java.util.Properties pro=new java.util.Properties();
pro.put(Context.INITIAL_CONTEXT_FACTORY,"org.jnp.interfaces.NamingContextFactory");
pro.put("java.naming.factory.url.pkgs","org.jboss.naming:org.jnp.interfaces");
pro.put(Context.PROVIDER_URL, "localhost:1099");
ctxt=new InitialContext(pro);
System.out.println("context "+ctxt);
DataSource ds = (DataSource)ctxt.lookup("java:DB2DS");
DB2DS is my jndi name.i dont know where am i making mistake..will you please give me the solution for this..
thanks and regards,
kalaimathi
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3982555#3982555
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3982555
19Â years, 6Â months
[JNDI/Naming/Network] - NameNotFoundException:(jndi name) not bound
by kalaimathi
hi,
im using jboss4.0.1 with MyEclipse3.0.8.
im trying to configure jboss with db2 and also looking up jndi name..
for this i did some of the procedures.
in db2-ds.xml i mapped as
<local-tx-datasource>
<jndi-name>DB2DS</jndi-name>
<connection-url>jdbc:db2://thapovan1:50000/EMPLOYEE</connection-url>
<driver-class>COM.ibm.db2.jdbc.DB2Driver</driver-class>
<user-name>administrator</user-name>
thapovan
<min-pool-size>0</min-pool-size>
<type-mapping>DB2</type-mapping>
</local-tx-datasource>
In login-config.xml file i mapped as
<application-policy name = "DB2DbRealm">
<login-module code ="org.jboss.resource.security.ConfiguredIdentityLoginModule"
flag = "required">
<module-option name = "principal"></module-option>
<module-option name = "userName"></module-option>
<module-option name = "password"></module-option>
<module-option name ="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DB2DS
</module-option>
</login-module>
</application-policy>
In jboss-web.xml i mapped as
<jboss-web>
<resource-ref>
<res-ref-name>DB2DS</res-ref-name>
<jndi-name>java:DB2DS</jndi-name>
</resource-ref>
</jboss-web>
In web.xml
<web-app>
<resource-ref>
DB Connection
<res-ref-name>DB2DS</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
</web-app>
and finally in my java code im looking up jndi name as
java.util.Properties pro=new java.util.Properties();
pro.put(Context.INITIAL_CONTEXT_FACTORY,"org.jnp.interfaces.NamingContextFactory");
pro.put("java.naming.factory.url.pkgs","org.jboss.naming:org.jnp.interfaces");
pro.put(Context.PROVIDER_URL, "localhost:1099");
ctxt=new InitialContext(pro);
System.out.println("context "+ctxt);
DataSource ds = (DataSource)ctxt.lookup("java:DB2DS");
DB2DS is my jndi name.i dont know where am i making mistake..will you please give me the solution for this..
thanks and regards,
kalaimathi
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3982554#3982554
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3982554
19Â years, 6Â months
[Security & JAAS/JBoss] - Re: Jboss SSO Web Application
by nipunbatra
Hi Sohil
I agree with you it makes regarding own LoginProvider on each machine.
Again I am really sorry for my ignorance though I looked at jboss_sso_test directory what I am not able to figure out is this. I still need some clarifications, I hope I am not annoying you.
Let say suppose I have Web Application 'WA' at server A in whcih I go to login page and Authenticate user. Now this Authentication is done using LoginProvider whcih I wrote, NOT on the basis of any JAAS module. I call login method of LoginProvider and user logs in.
After this I go to other web application 'WB' hosted on remote Server B (remote server B has jboss-sso.sar deployed) from the same browser. Now on the index/welcome page of web application WB, I should be able to find out that this user has already logged in and this user is 'Nipun'. How can I find this information on second web application WB?
Thanks again for your help, really appreciate it
Nipun
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3982552#3982552
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3982552
19Â years, 6Â months
[Tomcat, HTTPD, Servlets & JSP] - how to limit or kill http connections?
by berkgypsy
Using Jboss-4.0.1...
We are serving up a straight xml (actually a wsdl) file in our production system. Some of our client applications are misbehaving (probably because behind a firewall), thinking they are repeatedly failing, retrying and hanging on to our connections for what seems to be up to 30 minutes. I have changed all the connector timeout and session timeout values I can find to 5 minutes, but that seems to have no effect, I'm assuming because when I look at the "status" of each request processor on the Tomcat status page, it is "S" or "servicing."
Is there something for tomcat like apache's "mod_ip_count"? That way I could limit how many connections our badly behaving client applications consume.
And/or, is there a way to set a hard timeout for each Connector?
Here is my connector configuration:
Thanks.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3982551#3982551
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3982551
19Â years, 6Â months
[Security & JAAS/JBoss] - Re: Jboss SSO Web Application
by sohil.shahï¼ jboss.com
Also to add to the logic behind Identity Manager abstraction.
Not all Federation setups can have partners sharing the same Identity Store. Typical examples being, legacy applications that are islands in themselves, or integration with external systems like business partners etc.
In that case each one can have their own implementation of LoginProvider hooking into their respective store, but still be able to perform SSO with each other.
Ofcourse, ideal setup is when all partners share the data store.
For this requirement one of our roadmap items is Federated Provisioning so that Identity data can be synched between partners that don't share the same Identity Store.
I have looked at SSO systems that absolutely require you to share the same Identity Server to the point that they even have to share the same login screen. That architecture is a bit primitive now ;)
Can you imagine telling someone like SalesForce.com to share your login screen to enable SSO ;)
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3982544#3982544
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3982544
19Â years, 6Â months