[jboss-user] [JBoss Portal] - OpenSSO - how to login via login-link?
CarstenRudat
do-not-reply at jboss.com
Wed Apr 30 11:51:46 EDT 2008
Hi all,
I still have problems with OpenSSO. I'm running JBoss Portal 2.6.4 (clustered) on JBoss 4.2.2.GA (all config).
I followed the instructions on http://blog.jboss-portal.org/2007/10/jboss-portal-with-opensso-and-opends.html and installed OpenSSO V1 Build 4 and OpenDS.
I had to add following to the users stored in OpenDS:
| dn: uid=user.0,ou=People,dc=opensso,dc=java,dc=net
| changetype: modify
| add: objectclass
| objectclass: sunFMSAML2NameIdentifier
|
Now, I'm forwarded to the OpenSSO-Login-page as soon as I call http://myjbossserver.com:8080/portal without clicking on the login-link. I really would like to see the first portal-page without being logged in, and I don't know how to do that...
My config changes are as follows:
server/all/jboss-web.deployer/server.xml:
| <Valve className="org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn" />
|
server/all/portal-server.war/WEB-INF/context.xml:
| <Valve className="org.jboss.portal.identity.sso.opensso.OpenSSOAuthenticationValve"
| loginURL="http://myjbossserver.com:8080/opensso"
| logoutURL="http://myjbossserver.com:8080/opensso/UI/Logout"
| appendLoginGoto="true"
| appendLogoutGoto="true"
| authType="FORM"
| />
|
server/all/conf/AMConfig.properties:
| com.iplanet.services.debug.level=message
| com.iplanet.services.debug.directory=/tmp
| com.iplanet.am.serverMode=false
| com.iplanet.am.sdk.caching.enabled=false
| com.sun.identity.idm.cache.enabled=false
| com.sun.identity.sm.cache.enabled=true
| com.sun.identity.sm.sms_object_class_name=com.sun.identity.sm.jaxrpc.SMSJAXRPCObject
| com.iplanet.am.naming.url=http://myjbossserver.com:8080/opensso/namingservice
| com.iplanet.am.notification.url=@NOTIFICATION_URL@
| com.sun.identity.agents.app.username=amadmin
| com.iplanet.am.service.password=
| com.iplanet.am.service.secret=AQIC5wM2LY4SfcyImS3T1DzgtBnOSHf5p9Ab
| am.encryption.pwd=
| com.sun.identity.client.encryptionKey=
| com.iplanet.security.encryptor=com.iplanet.services.util.JCEEncryption
| com.sun.identity.idm.remote.notification.enabled=true
| com.iplanet.am.sdk.remote.pollingTime=1
| com.sun.identity.sm.notification.enabled=true
| com.sun.identity.sm.cacheTime=1
| com.iplanet.am.server.protocol=http
| com.iplanet.am.server.host=myjbossserver.com
| com.iplanet.am.server.port=8080
| com.iplanet.am.services.deploymentDescriptor=/opensso
| com.iplanet.am.console.protocol=@CONSOLE_PROTOCOL@
| com.iplanet.am.console.host=@CONSOLE_HOST@
| com.iplanet.am.console.port=@CONSOLE_PORT@
| com.iplanet.am.console.deploymentDescriptor=@CONSOLE_DEPLOY_URI@
| com.iplanet.am.console.remote=@CONSOLE_REMOTE@
| com.iplanet.am.cookie.name=iPlanetDirectoryPro
| com.iplanet.am.session.client.polling.enable=true
| com.iplanet.am.session.client.polling.period=180
| com.iplanet.am.admin.cli.certdb.dir=@CONTAINER_CERTDB_DIR@
| com.iplanet.am.admin.cli.certdb.prefix=@CONTAINER_CERTDB_PREFIX@
| com.iplanet.am.admin.cli.certdb.passfile=@BASEDIR@/@PRODUCT_DIR@/config/.wtpass
| com.iplanet.am.jssproxy.trustAllServerCerts=false
| com.iplanet.am.jssproxy.checkSubjectAltName=false
| com.iplanet.am.jssproxy.resolveIPAddress=false
| com.iplanet.am.jssproxy.SSLTrustHostList=false
| com.sun.identity.agents.server.log.file.name=amRemotePolicyLog
| com.sun.identity.agents.logging.level=NONE
| com.sun.identity.agents.notification.enabled=false
| com.sun.identity.agents.notification.url=@NOTIFICATION_URL@
| com.sun.identity.agents.polling.interval=3
| com.sun.identity.policy.client.cacheMode=subtree
| com.sun.identity.policy.client.clockSkew=10
| com.sun.identity.monitoring=off
| com.sun.identity.urlconnection.useCache=false
| com.sun.identity.plugin.configuration.class=com.sun.identity.plugin.configuration.impl.ConfigurationInstanceImpl
| com.sun.identity.plugin.datastore.class.default=com.sun.identity.plugin.datastore.impl.IdRepoDataStoreProvider
| com.sun.identity.plugin.session.class=com.sun.identity.plugin.session.impl.FMSessionProvider
| com.sun.identity.saml.xmlsig.signatureprovider.class=com.sun.identity.saml.xmlsig.AMSignatureProvider
| com.sun.identity.saml.xmlsig.keyprovider.class=com.sun.identity.saml.xmlsig.JKSKeyProvider
| com.sun.identity.saml.xmlsig.keystore=/Users/carsten/Documents/workspace3/Genloop.generator/lib/runtime/dist-lib/jboss-4.2.2.GA_Genloop_Portal/server/all/deploy/fam-client-jdk15-exp.war/keystore.jks
| com.sun.identity.saml.xmlsig.storepass=/Users/carsten/Documents/workspace3/Genloop.generator/lib/runtime/dist-lib/jboss-4.2.2.GA_Genloop_Portal/server/all/deploy/fam-client-jdk15-exp.war/.storepass
| com.sun.identity.saml.xmlsig.keypass=/Users/carsten/Documents/workspace3/Genloop.generator/lib/runtime/dist-lib/jboss-4.2.2.GA_Genloop_Portal/server/all/deploy/fam-client-jdk15-exp.war/.keypass
| com.sun.identity.saml.xmlsig.certalias=test
| com.sun.identity.saml.checkcert=on
| com.sun.identity.saml.xmlsig.c14nMethod=http://www.w3.org/2001/10/xml-exc-c14n#
| com.sun.identity.saml.xmlsig.xmlSigAlgorithm=
| com.sun.identity.saml.xmlsig.transformAlg=http://www.w3.org/2001/10/xml-exc-c14n#
| com.sun.identity.saml2.xmlenc.EncryptionProvider=com.sun.identity.saml2.xmlenc.FMEncProvider
| com.sun.identity.saml2.xmlsig.SignatureProvider=com.sun.identity.saml2.xmlsig.FMSigProvider
| com.sun.identity.saml2.crl.check=false
| com.sun.identity.saml2.crl.check.ca=false
| com.sun.identity.liberty.ws.soap.certalias=
| com.sun.identity.liberty.ws.soap.staleTimeLimit=300000
| com.sun.identity.liberty.ws.soap.messageIDCacheCleanupInterval=60000
| com.sun.identity.liberty.ws.soap.supportedActors=http://schemas.xmlsoap.org/soap/actor/next
| com.sun.identity.liberty.ws.jaxb.namespacePrefixMappingList=S=http://schemas.xmlsoap.org/soap/envelope/|sb=urn:liberty:sb:2003-08|pp=urn:liberty:id-sis-pp:2003-08|ispp=http://www.sun.com/identity/liberty/pp|is=urn:liberty:is:2003-08
| com.sun.identity.liberty.ws.jaxb.packageList=
| com.sun.identity.liberty.ws.wsc.certalias=
| com.sun.identity.liberty.ws.ta.certalias=
| com.sun.identity.liberty.ws.trustedca.certaliases=
| com.sun.identity.liberty.ws.security.TokenProviderImpl=com.sun.identity.liberty.ws.security.LibSecurityTokenProvider
| com.sun.identity.liberty.interaction.wspRedirectHandler=http://myjbossserver.com:8080/opensso/WSPRedirectHandler
| com.sun.identity.liberty.interaction.wscSpecifiedInteractionChoice=interactIfNeeded
| com.sun.identity.liberty.interaction.wscWillInlcudeUserInteractionHeader=yes
| com.sun.identity.liberty.interaction.wscWillRedirect=yes
| com.sun.identity.liberty.interaction.wscSpecifiedMaxInteractionTime=80
| com.sun.identity.liberty.interaction.wscWillEnforceHttpsCheck=no
| com.sun.identity.loginurl=http://myjbossserver.com:8080/opensso/UI/Login
| com.sun.identity.liberty.authnsvc.url=http://myjbossserver.com:8080/opensso/Liberty/authnsvc
|
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4147908#4147908
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4147908
More information about the jboss-user
mailing list