[jboss-user] [Security & JAAS/JBoss] - single signe-on configuration with JAAS

prog_hd do-not-reply at jboss.com
Wed Sep 24 04:49:50 EDT 2008 

hi all
i want to integrate  sso with JAAS i read tutorial that help for that and do the following 

add file context.xml under WEB-INF for each .war i want to share in sso
this is  it's 

 

  | <?xml version="1.0" encoding="UTF-8"?>
  | <Context path="/projectA1" docBase="./deploy/clusteredservlet.war"> 
  |    <!-- 
  |    		logoutURL - URL for performing logout/signout function in your application
  |         -->	   
  |        <Valve className="org.jboss.security.valve.SSOAutoLogout" 
  | 	logoutURL="{logoutURL of your application}"/>
  | 	
  |        <!-- 
  |    		assertingParty - this is the partnerId of this application as a part of a federation of multiple partner sites
  |        -->
  |        <Valve className="org.jboss.security.valve.SSOTokenManager" 
  |        assertingParty="1"/>
  |    
  |        <!-- 
  | 		tomcat built-in AuthenticationTypes: FORM,BASIC,DIGEST,CLIENT-CERT
  |        -->
  |        <Valve className="org.jboss.security.valve.SSOAutoLogin" 
  |        authType="FORM" provider="si:jboss-sso:ldap:login"/>
  |        
  | </Context>
  | 

this is the jboss-web.xml file in each war


  | 
  | <?xml version="1.0" encoding="UTF-8"?>
  | <jboss-web>
  |   <security-domain>java:/jaas/$webConsoleDomain</security-domain> 
  | </jboss-web>
  | 

and this is login module defined in login-config.xml in  
[jboss Home]\server\default\conf


  | 
  |  <application-policy name = "$webConsoleDomain">
  |        <authentication>
  |           <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
  |              flag = "required">
  |              <module-option name="usersProperties">web-console-users.properties</module-option>
  |              <module-option name="rolesProperties">web-console-roles.properties</module-option>
  |               <module-option name="provider">si:jboss-sso:ldap:login</module-option>
  |           </login-module>
  |        </authentication>
  |     </application-policy>
  | 
  | 
in previous file i add this line
<name="provider">si:jboss-sso:ldap:login</module-option>
as i understand from tutorial to make login module use 
this provider to get user login data
after all that the sso dont work  where second application require login data 
after i login in first application
what is wrong ? or what is missing?  

thanks in advance

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4178499#4178499

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4178499

More information about the jboss-user mailing list