[jboss-user] [Security & JAAS/JBoss] - single signe-on configuration with JAAS
prog_hd
do-not-reply at jboss.com
Wed Sep 24 04:49:50 EDT 2008
hi all
i want to integrate sso with JAAS i read tutorial that help for that and do the following
add file context.xml under WEB-INF for each .war i want to share in sso
this is it's
| <?xml version="1.0" encoding="UTF-8"?>
| <Context path="/projectA1" docBase="./deploy/clusteredservlet.war">
| <!--
| logoutURL - URL for performing logout/signout function in your application
| -->
| <Valve className="org.jboss.security.valve.SSOAutoLogout"
| logoutURL="{logoutURL of your application}"/>
|
| <!--
| assertingParty - this is the partnerId of this application as a part of a federation of multiple partner sites
| -->
| <Valve className="org.jboss.security.valve.SSOTokenManager"
| assertingParty="1"/>
|
| <!--
| tomcat built-in AuthenticationTypes: FORM,BASIC,DIGEST,CLIENT-CERT
| -->
| <Valve className="org.jboss.security.valve.SSOAutoLogin"
| authType="FORM" provider="si:jboss-sso:ldap:login"/>
|
| </Context>
|
this is the jboss-web.xml file in each war
|
| <?xml version="1.0" encoding="UTF-8"?>
| <jboss-web>
| <security-domain>java:/jaas/$webConsoleDomain</security-domain>
| </jboss-web>
|
and this is login module defined in login-config.xml in
[jboss Home]\server\default\conf
|
| <application-policy name = "$webConsoleDomain">
| <authentication>
| <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
| flag = "required">
| <module-option name="usersProperties">web-console-users.properties</module-option>
| <module-option name="rolesProperties">web-console-roles.properties</module-option>
| <module-option name="provider">si:jboss-sso:ldap:login</module-option>
| </login-module>
| </authentication>
| </application-policy>
|
|
in previous file i add this line
<name="provider">si:jboss-sso:ldap:login</module-option>
as i understand from tutorial to make login module use
this provider to get user login data
after all that the sso dont work where second application require login data
after i login in first application
what is wrong ? or what is missing?
thanks in advance
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4178499#4178499
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4178499
More information about the jboss-user
mailing list