geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Krishnakumar B" <www....@gmail.com>
Subject Re: Single Sign On with Geronimo 1.0
Date Wed, 02 Aug 2006 05:38:01 GMT
Hi Joe,

I have also tried this and was able to get it to work by doing a build
with SSOValve GBean open.

Refer to earlier post :
http://www.nabble.com/SSO-in-Tomcat-tf1478623.html#a4001647

I was not able to get it to work by deploying a new Valve along with 2
web applications that need SSO.

Regards
Krish.

On 8/1/06, Joe O'Pecko <opeckojo@yahoo.com> wrote:
> I know this has been discussed in the past, and I
> apologize for the lengthy inquiry, however, I have
> been trying unsuccessfully to get SSO working with
> Tomcat on Geronimo v1.0 for some time. I am deploying
> an application as an ear file with two war files
> contained within. My geronimo-application.xml file
> contains a definition for a JAAS Security Realm and
> the two WAR file's geronimo-web.xml reference it via
> security-realm-name elements. Once deployed each web
> application challenges the user upon first access,
> using the configured JAAS LoginModule. I'd like to
> establish a SSO trust between the two web
> applications, if possible, so that a user is only
> challenged once for both web applications.
>
> I've seen a previous post on this site entitled Single
> Sign On : Tomcat in Geronimo
> (http://tinyurl.com/lkgjy) which seemed to provide
> some information. Basically, it suggested the addition
> of a SSOValve GBean to the geronimo-web.xml file. As
> suggested, I've added the SSOValve to each
> geronimo-web.xml and confirmed that I could see them
> running in the deploy-tool web application. However,
> each application has its own SSOValve GBean running
> which leads me to believe that they do not share
> anything between them.
>
> I've also seen Aaron Mulder's website which states
> that Geronimo does not natively support web-based
> single sign-on across web sites
> (http://tinyurl.com/qa9bl).
>
> So is it possible to provide Single Sign On accross
> web applications? I've attached my config files below
> if it helps.
>
> Thanks in advance for any help and information you can
> provide.
>
> Joe
>
> ---begin geronimo-application.xml---
> <?xml version="1.0" encoding="UTF-8"?>
>
> <application
>
> xmlns="http://geronimo.apache.org/xml/ns/j2ee/application"
>
> xmlns:sec="http://geronimo.apache.org/xml/ns/security-1.1"
>    configId="com/foo/test"
>    parentId="geronimo/j2ee-server/1.0/car">
>
>    <dependency>
>        <groupId>log4j</groupId>
>        <artifactId>log4j</artifactId>
>        <version>1.2.8</version>
>    </dependency>
>
>    <sec:security>
>        <sec:default-principal realm-name="foo-realm">
>            <sec:principal
>
> class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
>                name="anonymous"/>
>        </sec:default-principal>
>        <sec:role-mappings>
>            <!--
>                this mapping maps all users in the
> registeredUsers group to registered-users role
>                defined in web.xml
>            -->
>            <sec:role role-name="FOO_ADMIN">
>                <sec:realm realm-name="foo-realm">
>                    <sec:principal
>
> class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
>                        name="foo_admin"/>
>                </sec:realm>
>            </sec:role>
>            <sec:role role-name="FOO_USER">
>                <sec:realm realm-name="foo-realm">
>                    <sec:principal
>
> class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
>                        name="foo_user"/>
>                </sec:realm>
>            </sec:role>
>
>        </sec:role-mappings>
>    </sec:security>
>
>    <gbean name="foo-realm"
> class="org.apache.geronimo.security.realm.GenericSecurityRealm">
>        <!--
>            this is the name of the Security Realm as
> well as the name
>            of the configuration entry used by the
> application
>        -->
>        <attribute
> name="realmName">foo-realm</attribute>
>
>        <!--
>            reference to the head of the login module
> use list
>        -->
>        <reference name="LoginModuleConfiguration">
>            <name>foo-login</name>
>        </reference>
>
>        <reference name="ServerInfo">
>
> <gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2ee-system/1.0/car,J2EEServer=geronimo,j2eeType=GBean,name=ServerInfo</gbean-name>
>        </reference>
>
>        <reference name="LoginService">
>
> <gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2ee-security/1.0/car,J2EEServer=geronimo,j2eeType=JaasLoginService,name=JaasLoginService</gbean-name>
>        </reference>
>    </gbean>
>
>    <!--
>        this is the head of the login module use list
>    -->
>    <gbean name="foo-login"
> class="org.apache.geronimo.security.jaas.JaasLoginModuleUse">
>        <!-- login module must succeed -->
>        <attribute
> name="controlFlag">REQUIRED</attribute>
>
>        <!-- reference to the login module -->
>        <reference name="LoginModule">
>            <name>foo-login</name>
>        </reference>
>    </gbean>
>
>    <!-- the login module GBean -->
>    <gbean name="foo-login"
> class="org.apache.geronimo.security.jaas.LoginModuleGBean">
>        <attribute name="loginModuleClass">
>            com.foo.FooLoginModule
>        </attribute>
>        <attribute name="serverSide">true</attribute>
>        <attribute
> name="loginDomainName">foo-realm</attribute>
>    </gbean>
>
>    <gbean name="FooServer"
>           class="com.foo.FooServerGBean"
>
> gbeanName="com.foo.fooserver:type=Server,name=GUIServer">
>        <attribute name="baseDirectory"
> type="java.lang.String">
>           /home/foo
>        </attribute>
>    </gbean>
> </application>
> ----end geronimo-application.xml----
>
>
> ---begin first geronimo-web.xml---
> <?xml version="1.0" encoding="UTF-8"?>
> <web-app
>
> xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-1.0"
>    configId="com/foo/contextOne">
>
>    <context-root>/contextOne</context-root>
>
> <context-priority-classloader>false</context-priority-classloader>
>
>
>    <container-config>
>        <!--  Tomcat-specific container declarations
> -->
>        <tomcat
> xmlns="http://geronimo.apache.org/xml/ns/j2ee/web/tomcat-1.0/config">
>            <valve-chain>SSOValve</valve-chain>
>        </tomcat>
>    </container-config>
>
>
> <security-realm-name>netcool-realm</security-realm-name>
>
>    <gbean name="SSOValve"
> class="org.apache.geronimo.tomcat.ValveGBean">
>        <attribute name="className">
>
> org.apache.catalina.authenticator.SingleSignOn
>        </attribute>
>    </gbean>
>
> </web-app>
> ----end first geronimo-web.xml----
>
>
> ---begin second geronimo-web.xml---
> <?xml version="1.0" encoding="UTF-8"?>
> <web-app
>
> xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-1.0"
>    configId="com/foo/contextTwo">
>
>    <context-root>/contextTwo</context-root>
>
> <context-priority-classloader>false</context-priority-classloader>
>
>
>    <container-config>
>        <!--  Tomcat-specific container declarations
> -->
>        <tomcat
> xmlns="http://geronimo.apache.org/xml/ns/j2ee/web/tomcat-1.0/config">
>            <valve-chain>SSOValve</valve-chain>
>        </tomcat>
>    </container-config>
>
>
> <security-realm-name>netcool-realm</security-realm-name>
>
>    <gbean name="SSOValve"
> class="org.apache.geronimo.tomcat.ValveGBean">
>        <attribute name="className">
>
> org.apache.catalina.authenticator.SingleSignOn
>        </attribute>
>    </gbean>
>
> </web-app>
> ----end second geronimo-web.xml----
>
>
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>

Mime
View raw message