[jboss-user] [Security & JAAS/JBoss] - Re: JBoss federated SSO setup

sohil.shah@jboss.com do-not-reply at jboss.com
Tue Jul 1 08:30:42 EDT 2008

Just to be clear, the values in server.cfg.xml should be ssosite1.com and ssosite2.com and not just ssosite1, and ssosite2.

If that is in place, looks like you need to do some debugging on your end to see whats happening. Here are some tips for debugging

1/ Use the LiveHeaders or something like that to see the sequence of requests that happen when going from ssosite1 to ssosite2. Expected behavior would be, when hitting ssosite2, the SSOFederationRouter valve on ssosite2 must redirect back through ssosite1's federation server (redirect). This is based on the partner federation server value specified in server.cfg.xml file. Debug and see if this redirecting occurs to move the SAML token from one domain to another

2/ If from step2, you are seeing that the SAML token is in fact propagated from ssosite1 to ssosite2, then debug the SSOAutoLogin valve to see if the AutoLogin is actually getting processed correspondingly calling your LoginModule, and the login is actually occuring successfully.

The missing link is somewhere here

Hope this provides some clues


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4161754#4161754

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4161754

More information about the jboss-user mailing list