[jboss-user] [Security & JAAS/JBoss] - Re: JBoss federated SSO setup
do-not-reply at jboss.com
Tue Jul 1 08:30:42 EDT 2008
Just to be clear, the values in server.cfg.xml should be ssosite1.com and ssosite2.com and not just ssosite1, and ssosite2.
If that is in place, looks like you need to do some debugging on your end to see whats happening. Here are some tips for debugging
1/ Use the LiveHeaders or something like that to see the sequence of requests that happen when going from ssosite1 to ssosite2. Expected behavior would be, when hitting ssosite2, the SSOFederationRouter valve on ssosite2 must redirect back through ssosite1's federation server (redirect). This is based on the partner federation server value specified in server.cfg.xml file. Debug and see if this redirecting occurs to move the SAML token from one domain to another
2/ If from step2, you are seeing that the SAML token is in fact propagated from ssosite1 to ssosite2, then debug the SSOAutoLogin valve to see if the AutoLogin is actually getting processed correspondingly calling your LoginModule, and the login is actually occuring successfully.
The missing link is somewhere here
Hope this provides some clues
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4161754#4161754
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4161754
More information about the jboss-user