-
1. Re: SSO integration
theute Nov 9, 2009 6:10 AM (in response to sviluppatorefico)It must :)
It is being tested/documented, current efforts are going to OpenSSO, JOSSO and CAS
Please let us know if you are testing one of those or a different one. -
2. Re: SSO integration
sviluppatorefico Nov 9, 2009 6:33 AM (in response to sviluppatorefico)of course....thanks Thomas
-
3. Re: SSO integration
artmunro Dec 9, 2009 10:37 AM (in response to sviluppatorefico)We are also trying to migrate to the new platform and are using CAS and have been unable to get it configured/working. If anyone has example or can help point us in hte right direction that would help. Both Exo and Jboss had CAS so im hoping that the new Gatein can also work.
PLEASE HELP :)
Art -
4. Re: SSO integration
theute Dec 9, 2009 11:34 AM (in response to sviluppatorefico)You're on the edge but it's working.
Doc is slightly behind, but if you build from trunk:
https://svn.jboss.org/repos/gatein/portal/trunk/docs/reference-guide/
You should see the SSO chapter
The instructions will change as we don't plan to have people checking out http://anonsvn.jboss.org/repos/gatein/components/sso but the meat is there. -
5. Re: SSO integration
artmunro Dec 10, 2009 10:51 PM (in response to sviluppatorefico)How do I access the files? The link is not available How do I get an account and download ??
I cant find the content :(
https://svn.jboss.org/repos/gatein/portal/trunk/docs/reference-guide/
http://anonsvn.jboss.org/repos/gatein/components/sso -
6. Re: SSO integration
theute Dec 11, 2009 2:10 AM (in response to sviluppatorefico)Sorry here is the anonymous link if you want to build the doc:
http://anonsvn.jboss.org/repos/gatein/portal/trunk/docs/reference-guide/ -
7. Re: SSO integration
artmunro Dec 15, 2009 5:40 AM (in response to theute)Still no success.. has anyone been able to complete?
We are trying to configure on the Tomcat distro, has that been tested? Is there any dependancy for what/how the LDAP server is configured?
-
8. Re: SSO integration
theute Dec 15, 2009 5:50 AM (in response to artmunro)I tried it personally. It works.
You should go step by step, first install the server on Tomcat makes sure it works (the default dummy authentication is to have same username, same password). Then add GateIn into the mix configured as explained in the documentation, when you login it will redirect to CAS, then add the LDAP in the mix.
-
9. Re: SSO integration
artmunro Dec 16, 2009 2:15 AM (in response to theute)Gatein Tomcat install All configurations are done.. see below... and after CAS login.. the following error...
WARNING: Cannot find message associated with key jaasRealm.loginException
javax.security.auth.login.LoginException: Login failed for TestCoAMA1
at org.exoplatform.services.security.jaas.SharedStateLoginModule.login(SharedStateLoginModule.java:80)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)Configs as follows:
1.2 - install CAS plugin -mvn -Pplugin-cas-install install1.3 - configure CAS plugin - to connect to the p-spt-a1 Gatein servercas.war/WEB-INF/deployerConfigContext.xml<bean class="org.gatein.sso.cas.plugin.AuthenticationPlugin"><property name="gateInHost"><value>http://p-spt-a1.url.com</value></property><property name="gateInPort"><value>8080</value></property><property name="gateInContext"><value>portal</value></property></bean>Part 2 Configure Gatein SSO agent( needs to use tomcat distro - these are all Gatein settings and is the same on tomcat).2.1 - modify login form•gatein.ear/02portal.war/groovy/portal/webui/UILoginForm.gtmpl<script><%=uicomponent.event("Close");%>window.location = 'http://p-ldap-a1.url.com:8888/cas/login?service=lhttp://p-spt-a1.url.com:8080/portal/private/classic';</script>2.2 - login jsp•gatein.ear/02portal.war/login/jsp/login.jsp<head><script type="text/javascript">window.location = 'http://p-ldap-a1.url.com:8888/cas/login?service=lhttp://p-spt-a1.url.com:8080/portal/private/classic';</script>2.3 Web xml•gatein.ear/02portal.war/WEB-INF/web.xml<servlet><servlet-name>InitiateLoginServlet</servlet-name><servlet-class>org.gatein.sso.agent.GenericSSOAgent</servlet-class><init-param><param-name>casServerUrl</param-name><param-value>'http://p-ldap-a1.url.com:8888/cas</param-value></init-param></servlet> -
10. Re: SSO integration
artmunro Dec 16, 2009 10:08 AM (in response to artmunro)Is there a way we can verify the install of the CAS plugin AND the Gatein SSO agent? For example after instal WHAT files should exist and what configurations are done that we can verify?
We are getting the following error BUT this is the same cas that is configured for our JBoss Portal and ALL users can authenticate for that application.
WARNING: Cannot find message associated with key jaasRealm.loginException
javax.security.auth.login.LoginException: Login failed for TestCoAMA1
at org.exoplatform.services.security.jaas.SharedStateLoginModule.login(SharedStateLoginModule.java:80)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)vWe are running Ubuntu and Java 1.6 sp 13.
-
11. Re: SSO integration
artmunro Dec 16, 2009 10:22 PM (in response to artmunro)further investigation shows error...
I test cas config in jboss on local, there is a error.
[10:09:45 PM] renyou: java.net.ConnectException: Connection refused: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
at java.net.Socket.connect(Socket.java:519)
at java.net.Socket.connect(Socket.java:469)
at sun.net.NetworkClient.doConnect(NetworkClient.java:163)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:394)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:529)
at sun.net.www.http.HttpClient.<init>(HttpClient.java:233)
at sun.net.www.http.HttpClient.New(HttpClient.java:306)
at sun.net.www.http.HttpClient.New(HttpClient.java:323)
at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:852) -
12. Re: SSO integration
artmunro Jan 4, 2010 3:12 PM (in response to artmunro)1 month and still no success
Is there anyone have this configured with CAS and Beta 4 on tomcat that could shed some light on what is going on here??
Art
-
13. Re: SSO integration
theute Jan 5, 2010 7:46 AM (in response to artmunro)As I said it's working for Sohil who implemented this and myself, also the configuration isn't easy, we are still trying to figure out the best way, please bare with us. Again you should go step by step to find out where the issue is, the stacktraces don't mention enough here.
I see a lot of typos in your extracts and it looks like just a connection issue (such as a wrong URL ?)
Look into your post:
Here:
<param-value>'http://p-ldap-a1.url.com:8888/cas</param-value>
Here twice:
window.location = 'http://p-ldap-a1.url.com:8888/cas/login?service=lhttp://p-spt-a1.url.com:8080/portal/private/classic';
Can you confirm that it's only Copy/Paste issue ? -
14. Re: SSO integration
artmunro Jan 5, 2010 9:32 AM (in response to theute)that was a copy paste issue. I wanted to just replace url's to show the different servers/address to make sure we were clear on the proper addresses. Is there someone/way we can pay for help to configure this? My project is way behind because we cant login to our applications to do proper testing.
can you point me to who i can talk to?
oh btw,
thanks for all the help,
Art