Version 4

    JBoss Portal 2.4 integration with OpenSSO

     

     

    To have a more powerful authentication of the JBoss Portal 2.4 here is described how to configure it with the OpenSSO (build 20070209).

    The interaction between  the two systems have been made using the idea of Tokens.

    JBoss Portal is configured with the JBoss AS at 8181 port (http://whiterussian.eposse.it:8181/portal).

     

    Configuration of OpenSSO.

     

     

    First of all the OpenSSO has been setup. It has been deployed on the Tomcat 6.0.7 .

    (Tomcat is configured on the port: 8080)

     

    Its configuration is made with the OpenDS 's (0.1-build017) support where the LDAP is used for both configuration repository and

    data store repository of the OpenSSO.

     

        + Configure the OpenDS.+

     

     

         In the installation of the OpenDS is lunched with :

     

          

    OpenDS-0.1-build017> ./setup --cli

     

         and configuring the Directory Server with:

     

           port: 8389

     

          and the root user DN as:

           cn=Directory Manager

     

          To use the Directory Sever as an OpenSSO repository we need to add a new schema's file under config/schema directory.

          This schema file can be downloaded from:

           http://blogs.sun.com/indira/resource/98-opends_user_schema.ldif

     

     

         Some new entries must be added to the LDAP sever so it can be ready to be configured with the OpenSSO.

     

         From the follow downloadable file is possible to see all the necessaries entries:

          

         http://blogs.sun.com/indira/resource/ldapentries.

     

         With the follow  ldapmodify command is possible to add all the entries to the Directory Server.

     

         ldapmodify -p 3389  -h slapd -D"cn=user manager" -w secret12 -c -a -f ldapentries

     

     

     

         +adding new entry ou=agents,dc=sun,dc=com&8232;     

     

    adding new entry ou=groups,dc=sun,dc=com&8232;     

     

    adding new entry ou=dsame users,dc=sun,dc=com&8232;     

     

    adding new entry cn=dsameuser,ou=DSAME Users,dc=sun,dc=com

     

    adding new entry cn=amldapuser,ou=DSAME Users,dc=sun,dc=com&8232;     

     

    modifying entry dc=sun,dc=com

     

    modifying entry dc=sun,dc=com +

     

         Now the OpenDS is ready to be used on the OpenSSO.

     

     

     

    Configuration Repository

     

    The first repository configured is the configuration repository. When the OpenSSO is run for the first time (by using the the address

    http://localhost:8080/opensso) an configuration page is uploaded and the configuration store can be set choosing "Directory Server"

    as configuration store type and so filling the forms with:

     

     

     

    name: whiterussian.eposse.it

     

    port: 8389

     

    suffix: dc=eposse, dc=it

     

    DN: cn=Directory Manager

     

    password:

     

    Now the OpenSSO is corretly configured with the Directory server. The access is possible as administrator user using the follow credentials:

     

    username:+ amadmin+

     

    password: password

     

     

     

    Next step is to configure OpenDS as Data Store repository for OpenSSO.

     

    From the OpenSSO main page of the administrator user (login with;   username: amadmin  password: password),

    enter to the opensso realm and select the Tab  Data Store.

    Now start a new Data store and select Sun DS with AM schema and insert the name: opends-datastore, so click on next button.

     

    Insert the LDAP organization DN:

     

    dc=eposse, dc=it

     

     

     

    (dc=eposse, dc=it is an example of some value, any name can be used, e.s. dc=example,dc=com)

     

    In the

     

    "LDAPv2 Plug-in Supported Types and Operations" -> Current Values   

     

    delete: 

     

    role=read,create,edit,delete    and filteredrole=read,create,edit,delete.

     

    Configuring the authentication.

     

     

    The administrator user, amadmin, is stored on the flat file repository coming with the default configuration of OpenSSO.

    It's important to add the amadmin user on the LDAP and it can be done under the Subject tab.

     

    Then under the Authentication Tab is possible to modify the LDAP Module Instance. Here is necessary to add all information about OpenDS,

    adding the base and the bind DN.

     

    Now you can modify the ldapService in the Authentication Chaining adding LDAP as a new instance (criteria has be set REQUIRED).

     

    You can check if it works loging in with the LDAP authentication.

     

     

     

     

    Configuring the JBoss Portal 2.4

     

     

     

    Now the OpenSSO is ready to be used with the OpenDS support.

     

    The JBoss Portal has been compilated with the support of the opensso library ({FOOTNOTE DEF  amclientsdk.jar}) usefull to

    have a comunication between the systems.  In the JBoss Portal must be copied the opensso configuration file AMconfig.properties.

    Once the file is copied on the JBoss Portal directory it must be edited and change the  boolean flag to false :

     

    com.iplanet.am.serverMode=false

     

     

     

    A new class TokenModule.java is created under the follow folder of the Jboss portal'source file :

     

    jboss-portal-2.4-SVN/identity/src/main/org/jboss/portal/identity/

     

    TokenModule can be download here

     

     

     

    Next step is to adapt the authentication classes of Jboss so they can check if any token is valid.

    here is the modifided files  :

     

     

     

    IdentityLoginModule.java

     

    It's under:

     

    /identity/src/main/org/jboss/portal/identity/auth/IdentityLoginModule.java

     

     

    UserInterceptor.java

     

    It's under:

     

    /core/src/main/org/jboss/portal/core/aspects/server/UserInterceptor.java

     

     

    UserPortlet.java

     

    It's under:

     

    /core/src/main/org/jboss/portal/core/portlet/user/UserPortlet.java

     

     

    JBossActionResponse.java

     

    It's under:

     

    /core/src/main/org/jboss/portlet/JBossActionResponse.java

     

     

    login.jsp

     

    It's under:

     

    /core/src/resources/portal-core-war/WEB-INF/jsp/user/login.jsp

     

     

     

    Last step is to set OpenSSO with the users of Jboss Portal. So, under opensso realm select Subject and add  new users.

    e.i.: 

    id user: userA

     

    password: password

     

    Insert all the mendatory credentials of the user and click on save. From the subject's list click once again on the new user (userA) and in the "Success URL" add this address:

    http://whiterussian.eposse.it:8181/portal/auth/portal/default/default/UserPortletWindow

    click on "add" and then on "save".

    We can log out from the opensso.

     

     

    Now open all the system is ready to be used.

     

    -


    Next is the sequence of the steps you should follow:

     

    1) Go to the JBoss portal   ->    http://whiterussian.eposse.it:8181/portal

     

    2) On the welcome page of  JBP click on the "Login"

     

    3) Now a login page of openSSO is displayed.

     

    4) Insert the right credentials:    username: userA  password: password

     

    5) You are logged in as userA.

     

    6) Any change on the portal is available.

     

    7) The logout is possible anytime, just click on logout.