-
1. Re: Using SSO on WildFly 8.0.0.Final?
andy12345 Feb 13, 2014 2:20 AM (in response to tinche)Hello Tin,
you just have to turn on SSO in the wildfly server config, by editing the standalone.xml as follows:
...
<subsystem xmlns="urn:jboss:domain:undertow:1.0">
...
<server name="default-server">
...
<host name="default-host" alias="localhost">
...
<single-sign-on domain="localhost"/>
-
2. Re: Using SSO on WildFly 8.0.0.Final?
tinche Feb 13, 2014 3:22 AM (in response to andy12345)Hi Andy,
thanks for the reply. I've tried that, but it still doesn't seem to work (I have to log in separately to all the applications). Am I supposed to see a JSESSIONIDSSO cookie in addition to the JSESSIONID cookie? It's not being set.
Cheers
-
3. Re: Using SSO on WildFly 8.0.0.Final?
andy12345 Feb 13, 2014 3:34 AM (in response to tinche)Hi Tin,
there will not be set a JSESSIONIDSSO cookie, but have you configured a propper security-constraint in your web.xml?
-
4. Re: Using SSO on WildFly 8.0.0.Final?
tinche Feb 13, 2014 4:30 AM (in response to andy12345)Hi Andy,
I think my web.xml's are fine; the auth works properly individually, just not once-for-all. Is there anything special I should add to get SSO working?
My security constraints generally contain a web-resource-collection, an auth-constraint (listing all the roles), and a user-data-constraint for no transport guarantee.
-
5. Re: Using SSO on WildFly 8.0.0.Final?
ctomc Feb 13, 2014 4:31 PM (in response to tinche)Tin Tvrtkovic wrote:
Am I supposed to see a JSESSIONIDSSO cookie in addition to the JSESSIONID cookie? It's not being set.
Yes you should see it. Can you try different browser, otherwise this looks like a bug.
-
6. Re: Using SSO on WildFly 8.0.0.Final?
bgaraude Feb 18, 2014 4:27 AM (in response to ctomc)Hello,
I'm encoutering the same issue on Wildfly 8.0.0.Final.
Basically, i have an EAR with 2 WARs inside.
Each WAR has a web.xml with security-constraints, login-config (form based), and security roles. They both use the same realm.
The auth works fine on each WAR individually.
When i activate the SSO as described above by Andy, i still have to perform the auth twice.
If i check the cookies, i only have the JSESSIONID cookie, but no JSESSIONIDSSO cookie.
This happens on Chrome (v 32) and Firefox (v 27).
I've not made any particular configuration for Infinispan.
Do i miss something?
Cheers,
-
7. Re: Using SSO on WildFly 8.0.0.Final?
sepp.marant Feb 20, 2014 5:18 AM (in response to bgaraude)Hi!
I've the same setup (2 WARs in one EAR) and both use the same security-domain. <sso/> is working in JBoss 7.2.0 but not in Wildfly 8.
The reason why i want to switch to Wildfly 8 is this bug: https://issues.jboss.org/browse/WFLY-1720
Maybe someone can help me with a propper solution fix this logout problem in JBoss 7.2.0?
Thanks,
Sepp
-
8. Re: Using SSO on WildFly 8.0.0.Final?
tinche Feb 26, 2014 9:12 AM (in response to ctomc)Hi,
so the cookie is there. The domain attribute, however, is always being set, even if it's not set in standalone.xml, so the server sets the cookie to the 'default-host' domain, which is useless obviously. How do I get undertow to not use the domain attribute at all in the Set-Cookie directive, so the browser fills in the domain I'm requesting from?
Also, the path cookie attribute isn't being set at all, so if I log into one service the SSO cookie won't be sent when I try accessing another service at a different URL. Can I set the cookie path to '/' or something? Since the cookie isn't being set at all, my ProxyPassReverseCookiePath Apache directive isn't taking effect, so now I'd need to introduce additional logic here...
-
9. Re: Using SSO on WildFly 8.0.0.Final?
swd847 Feb 26, 2014 8:08 PM (in response to tinche)Looks like a bug in org.wildfly.extension.undertow.SingleSignOnService, where the domain is defaulted if it is not set. Can you file a JIRA?
-
10. Re: Using SSO on WildFly 8.0.0.Final?
hkais Feb 27, 2014 12:31 AM (in response to tinche)Hello all,
I have the similar problem. I want to make a web application single sign on, but I have no clue how to configure it. I see you discuss already in detail. Can someone point me to the relevant documentation or a good book?
-
-
12. Re: Using SSO on WildFly 8.0.0.Final?
hkais Mar 6, 2014 1:32 PM (in response to hkais)Please give me a hint how to configure my applications to use a web SSO?
I have one EAR, which contains several WAR files. I have to authenticate against all WAR files, instead once (SSO)
I am new to wildfly an JBoss, so I am only finding outdated documentations about JBoss AS7 and earlier. I can see, here are some users, who managed to get a SSO, but how?
What to configure in the standalone.xml?
What to configure in my EAR file?
What to configure in my WAR files?
So again, please help a newbe to make a quick win with wildfly (against Websphere...)
-
13. Re: Re: Using SSO on WildFly 8.0.0.Final?
pferraro Mar 17, 2014 10:56 AM (in response to hkais)Within the undertow subsystem configuration, configure the target host with a nested <single-sign-on domain="..."/> element, where domain defines the domain of the cookie that will store the SSO session identifier per user.
-
14. Re: Using SSO on WildFly 8.0.0.Final?
santos.sandro Apr 28, 2014 6:20 PM (in response to tinche)My undertow isn't working, I've worked with sso until 7.1.3, I'm trying to use 8.1.0.CR1.
Here is my undertow configuration:
<subsystem xmlns="urn:jboss:domain:undertow:1.1">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http"/>
<host name="default-host" alias="localhost">
<single-sign-on domain="localhost" />
<location name="/" handler="welcome-content"/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
</host>
</server>
<servlet-container name="default">
<jsp-config/>
</servlet-container>
<handlers>
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
</handlers>
<filters>
<response-header name="server-header" header-name="Server" header-value="Wildfly 8"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow 1"/>
</filters>
</subsystem>
There's something different in the web.xml to do ? What would be the correct web.xml ?
Is necessary to install the valve de negotiation in the jboss-web ?
<valve> <class-name>org.jboss.security.negotiation.NegotiationAuthenticator</class-name> </valve>