1 2 Previous Next 21 Replies Latest reply on Jun 8, 2012 5:26 PM by mvecera Go to original post
      • 15. Re: AS7 PicketLink ejbContext propagation
        michael.harper

        Anil,

         

        Thanks for explaining the process. I understand partially the hurdles you face because I've run development teams on large projects (in 3 countries), although they were full time employees. Actually what you describe is right at the opposite end of 'commercially' well run software houses as I'm sure you know. Ask the users to find faults! suicide :-) (Unless your Microsoft of course) I guess the open source world needs to operate like that, or is it just a question of how much you put on the end user, what's acceptable for free software, for that matter what is acceptable from the originators in the way of support for free software? I have no answers! If I knew picketlink for jboss 7 which isn't likely in the short term I would gladly write documentation for the community. It's a bit of a chicken and egg situation.

        • 16. Re: AS7 PicketLink ejbContext propagation
          anil.saldhana

          Michael Harper wrote:

           

          Anil,

           

          Thanks for explaining the process. I understand partially the hurdles you face because I've run development teams on large projects (in 3 countries), although they were full time employees. Actually what you describe is right at the opposite end of 'commercially' well run software houses as I'm sure you know. Ask the users to find faults! suicide :-) (Unless your Microsoft of course) I guess the open source world needs to operate like that, or is it just a question of how much you put on the end user, what's acceptable for free software, for that matter what is acceptable from the originators in the way of support for free software? I have no answers! If I knew picketlink for jboss 7 which isn't likely in the short term I would gladly write documentation for the community. It's a bit of a chicken and egg situation.

          With closed source/commercial world, typically you have product mgrs/Business Analysts,  who work to gather the requirements/feedback.  In this case, the documentation becomes critical for the end product.

           

          Open Source Communities are a bit different.  There is collaboration b/w developers and users along with a fair bit of open ego,venom and spit.

           

          The biggest challenge PicketLink faces is that Security, as a field, is pretty complex and any attempts to make it simple (and understandable) is just a futile attempt.  Either you will introduce security holes or will lose the person.  (Please see slides 5,6,7 in http://www.slideshare.net/anilsaldhana/secure-middleware-with-jboss-as-5)

           

          One of the aims behind PL is to keep things simple. We have reasonably achieved our goals but with the matrix of possible tech/platforms/servers, it is getting difficult.

           

          Pedro just told me that he will try to help you get the example working.  So go ahead and use this thread until you are satisfied with your use case.

          • 17. Re: AS7 PicketLink ejbContext propagation
            michael.harper

            Hi Pedro, Anil,

             

            Sorry, I answered to the noreply address from my email client!

             

            Pedro, the use case example is as follows;

             

            Web Archives warA and warB can be used separately but use the same Database Login Module which is already set up.

            if you login to warA then open up a link to warB then you should be automatically logged in.

            warA and warB are in an enterprise archive archive share business logic in bl.jar.

            bl.jar beans are secured using the same security domain as the wars'.

            I need to be able to use dependency injection on the beans in bl.jar regardless of which war I've logged into using @Inject.

             

            Thanks for you help. I'll try to maintain a level head in future and will write this up once I understand how it works

            • 18. Re: AS7 PicketLink ejbContext propagation
              pcraveiro

              Hi Michael,

               

                   I think we can start running the example previously attached. It can be a good start point. Did you get it working ? If no, can you tell me the problems ?

              • 19. Re: AS7 PicketLink ejbContext propagation
                michael.harper

                Hi Pedro,

                 

                No I didn't and I've had to leave it for a couple of weeks to meet some deadlines.

                 

                I'll carry on with what we were looking at before. I've noticed quite a lot more documentation that looks useful so I'm more confident in getting a result.

                 

                Will post back results.

                • 20. Re: AS7 PicketLink ejbContext propagation
                  pcraveiro

                  Ok,

                   

                    The example have just one WAR inside the EAR, but we can add another one and make all the SSO (web and business layers) stuff. I think is just a matter of configuring a new WAR as a SP.

                   

                    Some important things to care about when working with the STS and the IDP together are the SAML configurations (core-sts.xml). It is important that your IDP and STS share the same configurations (token timeout, attribute managers, clock skew, etc) and the time is syncronized between the servers.

                  • 21. Re: AS7 PicketLink ejbContext propagation
                    mvecera

                    Hello Pedro,

                     

                    this is very nice example. Do you think it would be possible to use SAML2LoginModule instead of SAML2STSLoginModule with EJB3 as well?

                     

                    Thanks,

                    Martin

                    1 2 Previous Next