In this section, we will discuss how to configure GateIn to provide Single Sign On (SSO). One possible way of configuring SSO with GateIn is to use an OpenSSO server.
OpenSSO is an SSO framework that can be configured to provide an authentication mechanism with different applications sharing realm configurations.
For more information about OpenSSO, please visit the following URL:
http://www.oracle.com/technetwork/middleware/id-mgmt/overview/index.html.
https://repository.jboss.org/nexus/content/groups/public/org/gatein/sso/sso-packaging
First, we will start configuring all the artifacts relating to the classpath.
GATEIN_SSO_HOME/opensso
to OPENSSO_HOME
, adding all the needed files in the application server of GateIn.8888
, change the AJP port from 8009
to 8809
.OPENSSO_HOME/webapps/opensso/config/auth/default/ AuthenticationPlugin.xml
in the following way:<?xml version='1.0' encoding="UTF-8"?> <!DOCTYPE ModuleProperties PUBLIC "=//iPlanet//Authentication Module Properties XML Interface 1.0 DTD//EN" "jar://com/sun/identity/authentication/Auth_Module_Properties.dtd"> <ModuleProperties moduleName="AuthenticationPlugin" version="1.0" > <Callbacks length="2" order="1" timeout="60" header="GateIn OpenSSO Login" > <NameCallback> <Prompt> Username </Prompt> </NameCallback> <PasswordCallback echoPassword="false" > <Prompt> Password </Prompt> </PasswordCallback> </Callbacks> </ModuleProperties>
gatein.ear/META-INF/gatein-jboss-beans.xml
:<authentication> <login-module code="org.gatein.sso.agent.login.SSOLoginModule" flag="required"> <module-option name="portalContainerName">portal</module-option> <module-option name="realmName">gatein-domain</module-option> </login-module> <login-module code="org.exoplatform.services.security.j2ee.JbossLoginModule" flag="required"> <module-option name="portalContainerName">portal</module-option> <module-option name="realmName">gatein-domain</module-option> </login-module> </authentication>
TOMCAT_HOME/conf/jaas.conf
and uncomment this snippet:org.gatein.sso.agent.login.SSOLoginModule required; org.exoplatform.services.security.j2ee.TomcatLoginModule required portalContainerName=portal realmName=gatein-domain;
TOMCAT_HOME/webapps/portal.war/META-INF/context.xml
:. . .
<Context path='/portal' docBase='portal' ... >
<Valve className='org.gatein.sso.agent.tomcat.ServletAccessValve' />
. . .
</Context>
. . .
Finally, we can configure the realm for the authentication process inside the OpenSSO server:
http://localhost:8888/opensso
.org.gatein.sso.opensso.plugin.AuthenticationPlugin
gatein
.gatein
realm and click on Authentication.Datastore
to AuthenticationPlugin
enabling the GateIn REST services for authenticating users.With these configuration steps done, the GateIn portal is configured to run with SSO executed by OpenSSO.
GateIn provides a support package dedicated to SSO integrations. In this way, all the required components and configuration are separated by the product and are used only if needed because it depends on your specific requirements.
During the first section of the configuration steps, we enabled the AuthenticationPlugin
on OpenSSO and then we also configured JAAS for the application server. These are the typical steps to federate a realm against an authentication provider using Java.
We then configured OpenSSO using the administration console for exchanging user sessions with GateIn. Finally, we added the AuthenticationPlugin
provided by GateIn and we used it for configuring the new dedicated realm.
3.133.148.105