Author: thomas.heute(a)jboss.com
Date: 2009-07-30 08:25:26 -0400 (Thu, 30 Jul 2009)
New Revision: 13637
Modified:
docs/enterprise/trunk/Reference_Guide/en-US/SSO.xml
Log:
Missing modification for josso
Modified: docs/enterprise/trunk/Reference_Guide/en-US/SSO.xml
===================================================================
--- docs/enterprise/trunk/Reference_Guide/en-US/SSO.xml 2009-07-30 11:53:49 UTC (rev
13636)
+++ docs/enterprise/trunk/Reference_Guide/en-US/SSO.xml 2009-07-30 12:25:26 UTC (rev
13637)
@@ -278,7 +278,7 @@
</section>
<section>
<title><trademark class="trade">Java</trademark> Open
Single Sign-On (JOSSO)</title>
- <para>JBoss Portal enables seamless integration with JOSSO server. More
details on JOSSO can be found
+ <para>JBoss Portal enables seamless integration with JOSSO server version
1.8. More details on JOSSO can be found
<ulink
url="http://www.josso.org/">here</ulink></para>
<note><title>Note</title><para>The steps below assume that JOSS
server and JBoss Portal will be deployed on the same JBoss Application Server instance.
JOSSO will be configured to leverage identity services exposed by JBoss Portal
to perform authentication. Procedure may be
@@ -308,43 +308,99 @@
</listitem>
<listitem>
<para>Edit
<emphasis>$JBOSS_HOME/server/default/config/josso-agent-config.xml</emphasis>
and mapping for portal web application:
+ <programlisting>
+ <![CDATA[
+.........
+<configuration>
+ <agent:agent-configuration>
+ <agent:partner-apps>
+ <agent:partner-app id="jboss_portal"
context="/portal"/>
+ </agent:partner-apps>
+ </agent:agent-configuration>
+<configuration>
+...........
+ ]]>
+ </programlisting>
+ Complete config file can look as follows:
<programlisting>
<![CDATA[
-<partner-apps>
+<?xml version="1.0" encoding="UTF-8" ?>
+<!--
+ ~ JOSSO: Java Open Single Sign-On
+ ~
+ ~ Copyright 2004-2009, Atricore, Inc.
+ ~
+ ~ This is free software; you can redistribute it and/or modify it
+ ~ under the terms of the GNU Lesser General Public License as
+ ~ published by the Free Software Foundation; either version 2.1 of
+ ~ the License, or (at your option) any later version.
+ ~
+ ~ This software is distributed in the hope that it will be useful,
+ ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ ~ Lesser General Public License for more details.
+ ~
+ ~ You should have received a copy of the GNU Lesser General Public
+ ~ License along with this software; if not, write to the Free
+ ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ ~ 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ ~
+ -->
- ...
+<s:beans
xmlns:s="http://www.springframework.org/schema/beans"
+ xmlns:jb42="urn:org:josso:agent:jboss42"
+ xmlns:agent="urn:org:josso:agent:core"
+ xmlns:protocol="urn:org:josso:protocol:client"
+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
+ urn:org:josso:agent:jboss42
http://www.josso.org/schema/josso-jboss42-agent.xsd
+ urn:org:josso:agent:core
http://www.josso.org/schema/josso-agent.xsd
+ urn:org:josso:protocol:client
http://www.josso.org/schema/josso-protocol-client.xsd">
- <partner-app>
- <context>/portal</context>
- </partner-app>
+ <jb42:agent name="josso-jboss42-agent"
sessionAccessMinInterval="1000" >
- ...
+ <!-- Gateway LOGIN and LOGOUT URLs -->
+
<gatewayLoginUrl>http://josso-01:8080/josso/signon/login.do</gatewayLoginUrl>
+
<gatewayLogoutUrl>http://josso-01:8080/josso/signon/logout.do</gatewayLogoutUrl>
- </partner-apps>
+ <!-- Gateway service locator -->
+ <gatewayServiceLocator>
+ <!-- Other properties for ws-service-locator :
+ username, password, servicesWebContext, transportSecurity
+ -->
+ <protocol:ws-service-locator endpoint="josso-01:8080" />
+ </gatewayServiceLocator>
+
+ <configuration>
+ <agent:agent-configuration>
+
+ <!--
============================================================================= -->
+ <!--
-->
+ <!-- JOSSO Parnter application definicions :
-->
+ <!--
-->
+ <!-- Configure all web applications that should be a josso partner
application -->
+ <!-- within this server.
-->
+ <!-- For each partner application you have to define the proper
web-context. -->
+ <!--
============================================================================= -->
+ <agent:partner-apps>
+ <agent:partner-app id="jboss_portal"
context="/portal"/>
+
+ </agent:partner-apps>
+ </agent:agent-configuration>
+ </configuration>
+ <!-- Only useful when configuring multiple security domains -->
+ <!-- You can configure your own parameter builder to send parameters to your
SecurityDomainMatcher -->
+ <!--
+ <parametersBuilders>
+ <agent:vhost-parameters-builder/>
+ <agent:appctx-parameters-builder/>
+ </parametersBuilders>
+ -->
+
+ </jb42:agent>
+
+</s:beans>
]]>
- </programlisting>
- Complete config file can look as follows:
- <programlisting>
- <![CDATA[
-<?xml version="1.0" encoding="ISO-8859-1" ?>
-<agent>
- <class>org.josso.jb4.agent.JBossCatalinaSSOAgent</class>
-
<gatewayLoginUrl>http://localhost:8080/josso/signon/login.do</gatewayLoginUrl>
-
<gatewayLogoutUrl>http://localhost:8080/josso/signon/logout.do</gatewayLogoutUrl>
- <service-locator>
- <class>org.josso.gateway.WebserviceGatewayServiceLocator</class>
- <endpoint>localhost:8080</endpoint>
- </service-locator>
- <partner-apps>
- <partner-app>
- <context>/partnerapp</context>
- </partner-app>
- <partner-app>
- <context>/portal</context>
- </partner-app>
- </partner-apps>
-</agent>
- ]]>
</programlisting></para>
</listitem>
<listitem>
@@ -376,66 +432,162 @@
This will expose a special service in JBoss Portal that can be leveraged
by JOSSO Credential and Identity Stores if the server is deployed on the same
application server instance.</para>
</listitem>
- <listitem>
- <para> Edit
<emphasis>$JBOSS_HOME/server/default/deploy/josso.ear/josso.war/WEB-INF/classes/josso-gateway-config.xml</emphasis>
and configure following elements:
- <itemizedlist>
- <listitem>
- <para> <emphasis>Credential Store: </emphasis>
+ <listitem>
+ <para>
+ Activate <emphasis>JAAS based Login Module</emphasis> by
configuring the following:
+ <itemizedlist>
+ <listitem>
+ <para>
+
<emphasis>$JBOSS_HOME/server/default/deploy/conf/login-config.xml</emphasis>
<programlisting>
<![CDATA[
-<!-- Basic Authentication Scheme -->
-<authentication-scheme>
- <name>basic-authentication</name>
- <class>org.josso.auth.scheme.BindUsernamePasswordAuthScheme</class>
+<application-policy name="josso">
+ <authentication>
+ <login-module
code="org.jboss.portal.identity.sso.josso.JOSSOLoginModule"
flag="required">
+ <module-option name="debug">true</module-option>
+ </login-module>
+ </authentication>
+</application-policy>
+ ]]>
+ </programlisting>
+ </para>
+ </listitem>
+ <listitem>
+
<para><emphasis>$JBOSS_HOME/server/default/deploy/jboss-portal.sar/portal-server.war/WEB-INF/jboss-web.xml</emphasis>
+ <programlisting>
+ <![CDATA[
+<jboss-web>
+<security-domain>java:jaas/josso</security-domain>
+.........
+ ]]>
+ </programlisting>
+ </para>
+ </listitem>
+ </itemizedlist>
+ </para>
+ </listitem>
+ <listitem>
+ <para>Register the JBoss Portal Identity and Credential Store by
configuring the following:
+ <itemizedlist>
+ <listitem>
+ <para>Add the
file<emphasis>$JBOSS_HOME/server/default/deploy/conf/josso-gateway-portal-stores.xml</emphasis>
+ <programlisting>
+ <![CDATA[
+<s:beans
xmlns:s="http://www.springframework.org/schema/beans"
+ xmlns:portal-istore="urn:org:jboss:portal:josso:identitystore"
+ xmlns:memory-sstore="urn:org:josso:memory:sessionstore"
+ xmlns:memory-astore="urn:org:josso:memory:assertionstore"
+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="
+
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
+ urn:org:josso:memory:sessionstore
http://www.josso.org/schema/josso-memory-sessionstore.xsd
+ urn:org:josso:memory:assertionstore
http://www.josso.org/schema/josso-memory-assertionstore.xsd
+ ">
+ <!-- ===================================================================== -->
+ <!-- JOSSO Identity Store, the id is very important because it is -->
+ <!-- referenced by the identity manager, auth schemes and who knows where -->
+ <!-- else. -->
+ <!-- ===================================================================== -->
+ <portal-istore:portal-store id="josso-identity-store"
s:scope="singleton"/>
- <!-- ================================================= -->
- <!-- JBoss Portal Credential Store -->
- <!-- ================================================= -->
- <credential-store>
- <class>org.jboss.portal.identity.sso.josso.JOSSOIdentityStore</class>
- </credential-store>
+ <!-- ===================================================================== -->
+ <!-- JOSSO Session Store, the id is very important because it is -->
+ <!-- referenced by the session manager and who knows where else -->
+ <!-- ===================================================================== -->
+ <memory-sstore:memory-store id="josso-session-store"/>
-
- <!-- ================================================= -->
- <!-- Credential Store Key adapter -->
- <!-- ================================================= -->
- <credential-store-key-adapter>
-
<class>org.josso.gateway.identity.service.store.SimpleIdentityStoreKeyAdapter</class>
- </credential-store-key-adapter>
-
-</authentication-scheme>
+ <!-- ===================================================================== -->
+ <!-- JOSSO Assertion Store, the id is very important because it is -->
+ <!-- referenced by the assertion manager and who knows where elese -->
+ <!-- ===================================================================== -->
+ <memory-astore:memory-store id="josso-assertion-store"/>
+</s:beans>
]]>
</programlisting></para>
- </listitem>
- <listitem>
- <para> <emphasis>SSO Identity Store: </emphasis>
- <programlisting>
+ </listitem>
+ <listitem>
+ <para>Register the Portal Identity Store with the file
<emphasis>$JBOSS_HOME/server/default/deploy/conf/josso-gateway-config.xml</emphasis>
+ <programlisting>
<![CDATA[
-<sso-identity-manager>
+............
+<!-- Identity, Session and Assertion Stores configuration -->
+ <s:import resource="josso-gateway-portal-stores.xml" />
+ <!--
+ <s:import resource="josso-gateway-memory-stores.xml" />
+ <s:import resource="josso-gateway-db-stores.xml" />
+ <s:import resource="josso-gateway-ldap-stores.xml" />
+ -->
+............
+ ]]>
+ </programlisting>
+ </para>
+ </listitem>
+ </itemizedlist>
+ </para>
+ </listitem>
+ <listitem>
+ <para>Enable BIND Authentication Scheme by configuring the
following:
+ <itemizedlist>
+ <listitem>
+ <para>Uncomment the BIND Authentication Scheme in
<emphasis>$JBOSS_HOME/server/default/deploy/conf/josso-gateway-auth.xml</emphasis>
+ <programlisting>
+ <![CDATA[
+............
+<!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
+ <!-- BIND Authentication Scheme (normally LDAP) -->
+ <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
+ <!-- Requires a be a bindalble credential store ! -->
+ <!-- name attribute is important and must not be changed -->
+ <bind-authscheme:bind-auth-scheme
+ id="josso-bind-authentication"
+ name="basic-authentication"
+ hashAlgorithm="MD5"
+ hashEncoding="HEX"
+ ignorePasswordCase="false"
+ ignoreUserCase="false">
- <class>org.josso.gateway.identity.service.SSOIdentityManagerImpl</class>
+ <bind-authscheme:credentialStore>
+ <s:ref bean="josso-identity-store"/>
+ </bind-authscheme:credentialStore>
- <!-- ================================================= -->
- <!-- JBoss Portal Credential Store -->
- <!-- ================================================= -->
- <sso-identity-store>
- <class>org.jboss.portal.identity.sso.josso.JOSSOIdentityStore</class>
- </sso-identity-store>
-
- <!-- ================================================= -->
- <!-- Identity Store Key adapter -->
- <!-- ================================================= -->
- <sso-identity-store-key-adapter>
-
<class>org.josso.gateway.identity.service.store.SimpleIdentityStoreKeyAdapter</class>
- </sso-identity-store-key-adapter>
-
-</sso-identity-manager>
+ <bind-authscheme:credentialStoreKeyAdapter>
+ <s:ref bean="josso-simple-key-adapter"/>
+ </bind-authscheme:credentialStoreKeyAdapter>
+ </bind-authscheme:bind-auth-scheme>
+............
]]>
</programlisting></para>
- </listitem>
- </itemizedlist>
- </para>
</listitem>
+ <listitem>
+ <para>Register BIND Authentication Scheme with the JOSSO
Authenticator in
<emphasis>$JBOSS_HOME/server/default/deploy/conf/josso-gateway-config.xml</emphasis>
+ <programlisting>
+ <![CDATA[
+............
+<!-- ===================================================================== -->
+<!-- SSO Authenticator, all authentication schemes must be configured here -->
+<!-- ===================================================================== -->
+ <def-auth:authenticator id="josso-authenticator">
+ <def-auth:schemes>
+ <s:ref bean="josso-bind-authentication"/>
+ <!--
+ <s:ref bean="josso-basic-authentication"/>
+ <s:ref bean="josso-strong-authentication"/>
+ <s:ref bean="josso-rememberme-authentication"/>
+ -->
+ <!-- Others like NTLM and BIND go here -->
+ <!--
+ <s:ref bean="josso-bind-authentication"/>
+ -->
+ </def-auth:schemes>
+ </def-auth:authenticator>
+............
+ ]]>
+ </programlisting>
+ </para>
+ </listitem>
+ </itemizedlist>
+ </para>
+ </listitem>
</orderedlist>
</para>
<para>