Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Enterprise Platforms
- Alfresco
- Alfresco Archive
- Single Sign On (SSO) in JBoss / Tomcat / JBoss Por...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Single Sign On (SSO) in JBoss / Tomcat / JBoss Portal
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-25-2006 12:49 PM
Alfresco gurus:
I'm trying to implement single sign on between JBoss Portal and Alfresco running as a portlet in the same tomcat servlet container (no cluster). I have Tomcat's SingleSignOn value operational and single sign on works between web applications that use container based authentication just fine. I have tried a few hacks to try and propagate the JBoss Portal authenticated user credentials to the Alfresco portlet, but I feel like I'm back to square one.
Can anyone be of service here? I have a good understanding of container based authentication, but only a moderate understanding of Acegi (but I'm reading more right now!).
Environment:
JBoss Portal 1.2.1
Alfresco 1.3 community
Any help would be greatly appreciated!
I'm trying to implement single sign on between JBoss Portal and Alfresco running as a portlet in the same tomcat servlet container (no cluster). I have Tomcat's SingleSignOn value operational and single sign on works between web applications that use container based authentication just fine. I have tried a few hacks to try and propagate the JBoss Portal authenticated user credentials to the Alfresco portlet, but I feel like I'm back to square one.
Can anyone be of service here? I have a good understanding of container based authentication, but only a moderate understanding of Acegi (but I'm reading more right now!).
Environment:
JBoss Portal 1.2.1
Alfresco 1.3 community
Any help would be greatly appreciated!
Labels:
- Labels:
-
Archive
14 REPLIES 14
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-31-2006 04:05 AM
Alfresco gurus:
I'm trying to implement single sign on between JBoss Portal and Alfresco running as a portlet in the same tomcat servlet container (no cluster). I have Tomcat's SingleSignOn value operational and single sign on works between web applications that use container based authentication just fine. I have tried a few hacks to try and propagate the JBoss Portal authenticated user credentials to the Alfresco portlet, but I feel like I'm back to square one.
Can anyone be of service here? I have a good understanding of container based authentication, but only a moderate understanding of Acegi (but I'm reading more right now!).
Environment:
JBoss Portal 1.2.1
Alfresco 1.3 community
Any help would be greatly appreciated!
Hello, I want to do the same thing with a Liferay Portal. So can anyone help us ?
Thank you.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-31-2006 12:17 PM
I think I have a solution via JOSSO. http://www.josso.org/. It is requiring a bit of integration work with Alfresco. Specifically I'm having to write an Authentication Filter patterned off of NTLMAuthenticationFilter.
I'll post my work if it works. (Maybe by next week?)
I'll post my work if it works. (Maybe by next week?)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-18-2006 04:02 AM
I think I have a solution via JOSSO. http://www.josso.org/. It is requiring a bit of integration work with Alfresco. Specifically I'm having to write an Authentication Filter patterned off of NTLMAuthenticationFilter.
I'll post my work if it works. (Maybe by next week?)
Hello, do you perform your implementation ?
Thank you
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-18-2006 10:03 AM
I'm still refining it, but, yes, it seems to work. I'm using a PortletFilter as defined by the Apache portals project here:
http://portals.apache.org/bridges/multiproject/portals-bridges-portletfilter/index.html
to create the necessary session environment for single sign on in Alfresco.
I hate to put you off, but I'm not ready to post quite yet as my code is still a bit of a mess.
http://portals.apache.org/bridges/multiproject/portals-bridges-portletfilter/index.html
to create the necessary session environment for single sign on in Alfresco.
I hate to put you off, but I'm not ready to post quite yet as my code is still a bit of a mess.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-20-2006 04:45 PM
OK. Here is my solution.
[1] Install JOSSO 1.4 into your container http://www.josso.org. I followed the JBoss 4 instructions and didn't have any problems. The one modification you will have to make to the JOSSO code is to implement the currently un-implemented WebserviceSSOSessionManager#getSession(String) method:
Once you make this change, make sure you re-install JOSSO.
Note I have submitted a patch to JOSSO with this method implemented at:http://sourceforge.net/tracker/index.php?func=detail&aid=1557480&group_id=116854&atid=676234 so in future versions of JOSSO, it may already be included.
[2] The next thing you want to do is get JBoss Portal authenticating against JOSSO. Since JBoss Portal uses container based authentication, this shouldn't be to hard. However, here are some info that might help…
I put all my josso-*.xml configuration files in $JBOSS_HOME/server/default/conf.
josso-config.xml:
interesting parts of josso-gateway-config.xml:
I've chopped up the josso-gateway-config.xml quite a bit. Here is what I think you need to know:
[a] Use the DataSourceSessionStore so different web applications contacting JOSSO will see the same session information.
JBossAuthenticationManagerCredentialStore performs JOSSO authentication based on a configured JBossAuthenticationManager. This should probably be the AuthenticationManager you already have set up for jboss-portal (in login-config.xml). Here is the code:
JBossPortalIdentityStore gets JOSSO authorization information from JBossPortal Daos:
[3] Now that you have JBoss Portal authenticating JBoss Portal, you need to get Alfresco to recognize your JOSSO authentication cookie and load the Alfresco portlet session environment to mimic a user login. To accomplish this, I wrote a PortletFilter that sits in front of every request to the Alfresco portlet:
And the requisite changes to alfresco.war/WEB-INF/portlet.xml to make sure the FilterPortlet is deployed:
[4] You need to make sure that the josso*.jar files are in the requisite places to get this all to work. Note that josso-1.4.jar is in the alfresco.war/WEB-INF/lib directory.
[5] Other thoughts:
You probably want to comment out the "Login/logout" link of the Alfresco portlet, because you don't want users using alfresco controls for these actions anymore. I haven't done this yet, so I'm not sure where that link is located in the Alfresco jsps.
I haven't thoroughly tested this configuration yet, but I'm sure there are weird corner cases that haven't yet been vetted, but it seems to be producing single sign on thus far…
[1] Install JOSSO 1.4 into your container http://www.josso.org. I followed the JBoss 4 instructions and didn't have any problems. The one modification you will have to make to the JOSSO code is to implement the currently un-implemented WebserviceSSOSessionManager#getSession(String) method:
public SSOSession getSession(String sessionId)
throws NoSuchSessionException, SSOSessionException {
try {
final org.josso.gateway.session.service.ws.impl.SSOSession session =
_wsSSOSessionManager.getSession(sessionId);
if (session == null) {
throw new org.josso.gateway.session.exceptions.NoSuchSessionException(null);
}
return new org.josso.gateway.session.SSOSession(){
public void fireSessionEvent(String type, Object data){
throw new UnsupportedOperationException("Not supported by this implementation");
}
public long getAccessCount(){
return session.getAccessCount();
}
public long getCreationTime(){
return session.getCreationTime();
}
public String getId(){
return session.getId();
}
public long getLastAccessTime(){
return session.getLastAccessTime();
}
public int getMaxInactiveInterval(){
return session.getMaxInactiveInterval();
}
public String getUsername(){
return session.getUsername();
}
public boolean isValid(){
return session.isValid();
}
public void setMaxInactiveInterval(int interval) {
session.setMaxInactiveInterval(interval);
}
};
} catch (java.rmi.RemoteException e) {
_errorCount++;
throw new SSOSessionException(e.getMessage(), e);
} finally {
_processedCount++;
}
}
Once you make this change, make sure you re-install JOSSO.
Note I have submitted a patch to JOSSO with this method implemented at:http://sourceforge.net/tracker/index.php?func=detail&aid=1557480&group_id=116854&atid=676234 so in future versions of JOSSO, it may already be included.
[2] The next thing you want to do is get JBoss Portal authenticating against JOSSO. Since JBoss Portal uses container based authentication, this shouldn't be to hard. However, here are some info that might help…
I put all my josso-*.xml configuration files in $JBOSS_HOME/server/default/conf.
josso-config.xml:
<configuration>
<hierarchicalXml fileName="josso-gateway-config.xml"/>
<hierarchicalXml fileName="josso-agent-config.xml"/>
</configuration>
interesting parts of josso-gateway-config.xml:
…
<authentication-scheme>
<name>basic-authentication</name>
<class>org.josso.auth.scheme.BindUsernamePasswordAuthScheme</class>
…
<credential-store>
<class>gov.doi.usgs.josso.JBossAuthenticationManagerCredentialStore</class>
<authenticationManagerJndiName>java:jaas/portal</authenticationManagerJndiName>
</credential-store>
…
<class>gov.doi.usgs.josso.JBossPortalIdentityStore</class>
<additionalRole>Authenticated</additionalRole>
<userModuleJdniName>java:/portal/UserModule</userModuleJdniName>
</sso-identity-store>
…
<sso-session-store>
<class>org.josso.gateway.session.service.store.db.DataSourceSessionStore</class>
I've chopped up the josso-gateway-config.xml quite a bit. Here is what I think you need to know:
[a] Use the DataSourceSessionStore so different web applications contacting JOSSO will see the same session information.
JBossAuthenticationManagerCredentialStore performs JOSSO authentication based on a configured JBossAuthenticationManager. This should probably be the AuthenticationManager you already have set up for jboss-portal (in login-config.xml). Here is the code:
package gov.doi.usgs.josso;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import org.josso.gateway.identity.exceptions.SSOIdentityException;
import org.josso.auth.exceptions.SSOAuthenticationException;
import org.josso.auth.Credential;
import org.josso.auth.CredentialKey;
import org.josso.auth.BindableCredentialStore;
import org.josso.auth.scheme.AuthenticationScheme;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.jboss.security.AuthenticationManager;
import org.jboss.security.SimplePrincipal;
/**
* BindableCredentialStore that authenticates from a JBoss AuthenticationManager
* loaded from JNDI.
*
* @author Jon French
*/
public class JBossAuthenticationManagerCredentialStore implements BindableCredentialStore {
private static final Log LOG = LogFactory.getLog(JBossAuthenticationManagerCredentialStore.class);
private String fAuthenticationManagerJndiName = null;
private AuthenticationScheme fAuthScheme;
private AuthenticationManager fAuthManager;
public void setAuthenticationManagerJndiName(String name){
fAuthenticationManagerJndiName=name;
}
/**
* Sets the Authentication Scheme
*
* @param as the authentication scheme
*/
public void setAuthenticationScheme(AuthenticationScheme as) {
fAuthScheme = as;
}
/**
* Retrieves the configured Authentication Scheme.
*
* @return the authentication scheme.
*/
protected AuthenticationScheme getAuthenticationScheme() {
return fAuthScheme;
}
public boolean bind(String username, String password) throws SSOAuthenticationException{
if (LOG.isDebugEnabled()) {
LOG.debug("userName: " + username + " , " + password);
}
if (fAuthManager == null) {
try{
Context initContext = new InitialContext();
fAuthManager = (AuthenticationManager) initContext.lookup(fAuthenticationManagerJndiName);
} catch(NamingException e){
throw new SSOAuthenticationException("Problem obtaining AuthenticationManager",e);
}
}
SimplePrincipal userNameP = new SimplePrincipal(username);
return fAuthManager.isValid(userNameP,password);
}
public Credential[] loadCredentials(CredentialKey key) throws SSOIdentityException {
throw new UnsupportedOperationException();
}
}
JBossPortalIdentityStore gets JOSSO authorization information from JBossPortal Daos:
package gov.doi.usgs.josso;
import java.util.Iterator;
import java.util.List;
import java.util.LinkedList;
import java.util.Set;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import org.josso.gateway.identity.service.store.IdentityStore;
import org.josso.gateway.identity.service.store.UserKey;
import org.josso.gateway.identity.service.store.SimpleUserKey;
import org.josso.gateway.identity.service.BaseUser;
import org.josso.gateway.identity.service.BaseRole;
import org.josso.gateway.identity.service.BaseRoleImpl;
import org.josso.gateway.identity.service.BaseUserImpl;
import org.josso.gateway.identity.exceptions.NoSuchUserException;
import org.josso.gateway.identity.exceptions.SSOIdentityException;
import org.josso.gateway.SSONameValuePair;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import javax.transaction.TransactionManager;
import org.jboss.portal.common.transaction.Transactions;
import org.jboss.portal.core.modules.UserModule;
import org.jboss.portal.core.model.User;
/**
* Identity Store that retrieves role information from JBossPortal Daos
*
* @author Jon French
*/
public class JBossPortalIdentityStore implements IdentityStore {
private static final Log LOG = LogFactory.getLog(JBossPortalIdentityStore.class);
private String fAdditionalRole,fUserModuleJNDIName;
private UserModule fUserModule;
public void setAdditionalRole(String role){
fAdditionalRole=role;
}
public void setUserModuleJdniName(String name){
fUserModuleJNDIName=name;
}
/**
* This method allows user attributes to be loaded into an object which is
* then available to other application via the web service methods. At this point,
* the method is not fully implemented because I have no need to load these properties
* at this point
*
* @return the user instance with the provided userid
* @throws NoSuchUserException if the user does not exist
* @throws SSOIdentityException a fatal exception loading the requested user
*/
public BaseUser loadUser(final UserKey key) throws NoSuchUserException, SSOIdentityException {
if (!(key instanceof SimpleUserKey)) {
throw new SSOIdentityException("Unsupported key type : " + key.getClass().getName());
}
/*
TODO: This should be changed to contact the MyUSGS biz layer in the future
*/
try
{
TransactionManager tm = (TransactionManager)new InitialContext().lookup("java:/TransactionManager");
return (BaseUser)Transactions.required(tm, new Transactions.Runnable()
{
public Object run() throws Exception
{
try
{
UserModule module = getUserModule();
String uid = ((SimpleUserKey) key).getId();
if (LOG.isDebugEnabled()) {
LOG.debug("[loadUser] user id: "+ uid);
}
User user = null;
try {
user = module.findUserByUserName(uid);
}catch(org.jboss.portal.core.model.NoSuchUserException e){
LOG.error("No user found for id: " + uid,e);
throw new NoSuchUserException(key);
}
BaseUser bu = new BaseUserImpl();
bu.setName(uid);
List userProperties = new LinkedList();
userProperties.add(new SSONameValuePair("first name", user.getGivenName()));
userProperties.add(new SSONameValuePair("last name", user.getFamilyName()));
SSONameValuePair[] props = (SSONameValuePair[])
userProperties.toArray(new SSONameValuePair[userProperties.size()]);
bu.setProperties(props);
return bu;
}
catch (org.jboss.portal.core.modules.ModuleException e)
{
LOG.error("Error retreiving user",e);
throw new SSOIdentityException(e);
}
}
});
}
catch (NamingException e)
{
throw new SSOIdentityException(e);
}
}
/**
* Returns the roles associated with a given user key. This implementation
* pulls info from JBoss Portal.
* <p>
* Note that if the <tt>additionalRole</tt> parameter is set, that role
* will be added to the array of roles for every user
*/
public BaseRole[] findRolesByUserKey(final UserKey key)
throws SSOIdentityException
{
try
{
TransactionManager tm = (TransactionManager)new InitialContext().lookup("java:/TransactionManager");
return (BaseRole[])Transactions.required(tm, new Transactions.Runnable()
{
public Object run() throws Exception
{
try
{
UserModule module = getUserModule();
User user = module.findUserByUserName(((SimpleUserKey)key).getId());
Set roleNames = user.getRoleNames();
List roles = new LinkedList();
for (Iterator iterator = roleNames.iterator(); iterator.hasNext();)
{
String roleName = (String)iterator.next();
try
{
BaseRole role = new BaseRoleImpl();
role.setName(roleName);
roles.add(role);
}
catch (Exception e)
{
LOG.warn("Failed to create role:" + roleName, e);
}
}
if (fAdditionalRole != null) {
BaseRole role = new BaseRoleImpl();
role.setName(fAdditionalRole);
roles.add(role);
}
return (BaseRole[]) roles.toArray(new BaseRole[roles.size()]);
}
catch (Exception e)
{
LOG.fatal("Error assigning roles",e);
throw new SSOIdentityException(e);
}
}
});
}
catch (Exception e)
{
throw new SSOIdentityException(e);
}
}
public boolean userExists(UserKey key) throws SSOIdentityException {
try {
return loadUser(key) != null;
} catch (NoSuchUserException e) {
return false;
}
}
private UserModule getUserModule()
throws Exception{
if (fUserModule == null)
{
fUserModule = (UserModule)new InitialContext().lookup(fUserModuleJNDIName);
}
return fUserModule;
}
}
[3] Now that you have JBoss Portal authenticating JBoss Portal, you need to get Alfresco to recognize your JOSSO authentication cookie and load the Alfresco portlet session environment to mimic a user login. To accomplish this, I wrote a PortletFilter that sits in front of every request to the Alfresco portlet:
package gov.doi.usgs.alfresco.security;
import java.io.IOException;
import javax.portlet.ActionRequest;
import javax.portlet.ActionResponse;
import javax.portlet.PortletException;
import javax.portlet.RenderRequest;
import javax.portlet.RenderResponse;
import javax.portlet.PortletRequest;
import javax.portlet.PortletSession;
import javax.servlet.http.Cookie;
import javax.transaction.UserTransaction;
import org.apache.portals.bridges.portletfilter.PortletFilter;
import org.apache.portals.bridges.portletfilter.PortletFilterChain;
import org.apache.portals.bridges.portletfilter.PortletFilterConfig;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.web.context.WebApplicationContext;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.security.authentication.AuthenticationComponent;
import org.alfresco.service.ServiceRegistry;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.web.app.servlet.AuthenticationHelper;
import org.alfresco.web.bean.LoginBean;
import org.alfresco.web.bean.repository.User;
import org.josso.Lookup;
import org.josso.gateway.Constants;
import org.josso.gateway.session.SSOSession;
import org.josso.gateway.session.service.SSOSessionManager;
/**
* Filters every request for the Alfresco portlet and makes sure that the correct
* user PortletSession environment exists so that the user is not asked to re-authenticate
*
* @author Jon French
*/
public class AuthenticationPortletFilter implements PortletFilter {
private static final Log LOG = LogFactory.getLog(AuthenticationPortletFilter.class);
private AuthenticationService fAuthService;
private AuthenticationComponent fAuthComponent;
private PersonService fPersonService;
private NodeService fNodeService;
private TransactionService fTransactionService;
public void init(PortletFilterConfig filterConfig) throws PortletException{
WebApplicationContext ctx = (WebApplicationContext)filterConfig.getPortletConfig().getPortletContext().getAttribute(
WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE);
ServiceRegistry serviceRegistry = (ServiceRegistry) ctx.getBean(ServiceRegistry.SERVICE_REGISTRY);
fNodeService = serviceRegistry.getNodeService();
fTransactionService = serviceRegistry.getTransactionService();
fAuthService = (AuthenticationService) ctx.getBean("authenticationService");
fAuthComponent = (AuthenticationComponent) ctx.getBean("authenticationComponent");
fPersonService = (PersonService) ctx.getBean("personService");
if (LOG.isDebugEnabled()) {
LOG.debug(getClass().getName() + " initialized");
}
}
public void renderFilter(RenderRequest request, RenderResponse response, PortletFilterChain chain)
throws PortletException, IOException{
if (LOG.isDebugEnabled()) {
LOG.debug("here in renderFilter");
}
ensureLogin(request);
chain.renderFilter(request,response);
}
public void processActionFilter(ActionRequest request, ActionResponse response, PortletFilterChain chain)
throws PortletException, IOException{
if (LOG.isDebugEnabled()) {
LOG.debug("here in renderFilter.");
}
ensureLogin(request);
chain.processActionFilter(request,response);
}
public void destroy(){
}
private void ensureLogin(PortletRequest request)
throws PortletException,IOException {
PortletSession session = request.getPortletSession();
User user = (User) session.getAttribute(AuthenticationHelper.AUTHENTICATION_USER);
if (user == null)
{
if (LOG.isDebugEnabled()) {
LOG.debug("session user attirbute is null.");
}
String ssosessionId = retreiveSSOId(request);
if (ssosessionId == null) {
/* If the a SSO session id is not stored as a cookie, something is
wrong since the user should always have to go through JOSSO to get to
this filter. */
throw new PortletException("SSO session cookie is not present");
}
SSOSession ssoSession = retrieveSSOSession(ssosessionId);
if (ssoSession == null || !ssoSession.isValid()) {
throw new PortletException("SSO Session not valid");
}
/* Make sure the user is loaded into the PortletSession environment.
The code below is modeled on the Alfresco org.alfresco.web.app.servlet.NTLMAuthenticationFilter */
UserTransaction tx = fTransactionService.getUserTransaction();
NodeRef homeSpaceRef = null;
try
{
tx.begin();
// Get user details for the authenticated user
fAuthComponent.setCurrentUser(ssoSession.getUsername().toLowerCase());
// The user name used may be a different case to the NTLM supplied user name, read the current
// user and use that name
String userName = fAuthComponent.getCurrentUserName();
// Setup User object and Home space ID etc.
NodeRef personNodeRef = fPersonService.getPerson(userName);
String currentTicket = fAuthService.getCurrentTicket();
user = new User(userName, currentTicket, personNodeRef);
homeSpaceRef = (NodeRef) fNodeService.getProperty(
personNodeRef,
ContentModel.PROP_HOMEFOLDER);
user.setHomeSpaceId(homeSpaceRef.getId());
tx.commit();
}
catch (Throwable ex)
{
try
{
tx.rollback();
}
catch (Exception ex2)
{
LOG.error("Failed to rollback transaction", ex2);
}
if(ex instanceof RuntimeException)
{
throw (RuntimeException)ex;
}
else if(ex instanceof IOException)
{
throw (IOException)ex;
}
else if(ex instanceof PortletException)
{
throw (PortletException)ex;
}
else
{
throw new RuntimeException("Authentication setup failed", ex);
}
}
// Store the user
session.setAttribute(AuthenticationHelper.AUTHENTICATION_USER, user);
/* I'm not sure if this parameter is necessary? */
session.setAttribute(LoginBean.LOGIN_EXTERNAL_AUTH, Boolean.TRUE);
// Note! If you wanted to do any fancy Locale stuff, you should do it here.
if ( LOG.isDebugEnabled()){
LOG.debug("User logged on via JOSSO");
}
return;
}
}
/**
* Retreives the JOSSO single sign on cookie from the PortletRequest
*/
private String retreiveSSOId(PortletRequest request){
String ssosessionId = null;
String cookies1 = request.getProperty("cookie");
String[] cookies2 = StringUtils.split(cookies1,";");
if (cookies2 != null) {
for (int i = 0;i<cookies2.length;i++) {
String[] c = StringUtils.split(cookies2[i],"=");
if (Constants.JOSSO_SINGLE_SIGN_ON_COOKIE.equals(c[0].trim())) {
ssosessionId = c[1];
break;
}
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("SSO cookie found. value: " + ssosessionId);
}
return ssosessionId;
}
/**
* Retreive the JOSSO session from JOSSO.
*/
private SSOSession retrieveSSOSession(String ssosessionId)
throws PortletException{
try{
SSOSessionManager manager = Lookup.getInstance().lookupSecurityDomain().getSessionManager();
return manager.getSession(ssosessionId);
}catch(Exception e){
throw new PortletException("Problem obtaining SSOSession",e);
}
}
}
And the requisite changes to alfresco.war/WEB-INF/portlet.xml to make sure the FilterPortlet is deployed:
<?xml version="1.0" encoding="UTF-8"?>
<portlet-app xmlns="http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd" version="1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd">
<portlet>
<description>Alfresco Client Portlet</description>
<portlet-name>AlfrescoClient</portlet-name>
<portlet-class>org.alfresco.web.app.portlet.AlfrescoFacesPortlet</portlet-class>
<init-param>
<name>default-view</name>
<value>/jsp/login.jsp</value>
</init-param>
<supports>
<mime-type>text/html</mime-type>
<portlet-mode>VIEW</portlet-mode>
<portlet-mode>HELP</portlet-mode>
</supports>
<portlet-info>
<title>Alfresco Client Portlet</title>
<short-title>alfresco-client-portlet</short-title>
</portlet-info>
</portlet>
<portlet id="FilteredAlfresco">
<portlet-name>FilteredAlfresco</portlet-name>
<display-name>Filtered Alfresco</display-name>
<portlet-class>org.apache.portals.bridges.portletfilter.FilterPortlet</portlet-class>
<init-param>
<name>portlet-class</name>
<value>org.alfresco.web.app.portlet.AlfrescoFacesPortlet</value>
</init-param>
<!– Important! The default view is where the MyFacesPortlet will take the user
in absence of any species view id in the users session. This should be the browse page,
not the login page –>
<init-param>
<name>default-view</name>
<value>/jsp/browse/browse.jsp</value>
</init-param>
<init-param>
<name>portlet-filters</name>
<value>gov.doi.usgs.alfresco.security.AuthenticationPortletFilter</value>
</init-param>
<expiration-cache>-1</expiration-cache>
<supports>
<mime-type>text/html</mime-type>
<portlet-mode>VIEW</portlet-mode>
</supports>
<supported-locale>en</supported-locale>
<supported-locale>ja</supported-locale>
<portlet-info>
<title>Filtered Alfresco</title>
<short-title>This is a filtered portlet for alfresco</short-title>
</portlet-info>
</portlet>
</portlet-app>
[4] You need to make sure that the josso*.jar files are in the requisite places to get this all to work. Note that josso-1.4.jar is in the alfresco.war/WEB-INF/lib directory.
[jfrench:/usr/local/jboss/server/default]$find . -name "josso*jar"
./deploy/jbossweb-tomcat55.sar/josso-1.4.jar
./deploy/jbossweb-tomcat55.sar/josso-common-1.4.jar
./deploy/jbossweb-tomcat55.sar/josso-tomcat55-plugin-1.4.jar
./deploy/jbossweb-tomcat55.sar/josso-jboss4-plugin-1.4.jar
./deploy/alfresco.sar/alfresco-1.3.0.war/WEB-INF/lib/josso-1.4.jar
./deploy/josso.ear/josso.war/WEB-INF/lib/josso-1.4.jar
[5] Other thoughts:
You probably want to comment out the "Login/logout" link of the Alfresco portlet, because you don't want users using alfresco controls for these actions anymore. I haven't done this yet, so I'm not sure where that link is located in the Alfresco jsps.
I haven't thoroughly tested this configuration yet, but I'm sure there are weird corner cases that haven't yet been vetted, but it seems to be producing single sign on thus far…
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-21-2006 06:11 AM
Hello, it seems to be a good job that you have done !!!
So i have not enought time to try your solution but i am very interested by it.
So, thank you very much, it will be nice for all the community.
Thank you very much.
So i have not enought time to try your solution but i am very interested by it.
So, thank you very much, it will be nice for all the community.
Thank you very much.
OK. Here is my solution.
[1] Install JOSSO 1.4 into your container http://www.josso.org. I followed the JBoss 4 instructions and didn't have any problems. The one modification you will have to make to the JOSSO code is to implement the currently un-implemented WebserviceSSOSessionManager#getSession(String) method:public SSOSession getSession(String sessionId)
throws NoSuchSessionException, SSOSessionException {
try {
final org.josso.gateway.session.service.ws.impl.SSOSession session =
_wsSSOSessionManager.getSession(sessionId);
if (session == null) {
throw new org.josso.gateway.session.exceptions.NoSuchSessionException(null);
}
return new org.josso.gateway.session.SSOSession(){
public void fireSessionEvent(String type, Object data){
throw new UnsupportedOperationException("Not supported by this implementation");
}
public long getAccessCount(){
return session.getAccessCount();
}
public long getCreationTime(){
return session.getCreationTime();
}
public String getId(){
return session.getId();
}
public long getLastAccessTime(){
return session.getLastAccessTime();
}
public int getMaxInactiveInterval(){
return session.getMaxInactiveInterval();
}
public String getUsername(){
return session.getUsername();
}
public boolean isValid(){
return session.isValid();
}
public void setMaxInactiveInterval(int interval) {
session.setMaxInactiveInterval(interval);
}
};
} catch (java.rmi.RemoteException e) {
_errorCount++;
throw new SSOSessionException(e.getMessage(), e);
} finally {
_processedCount++;
}
}
Once you make this change, make sure you re-install JOSSO.
Note I have submitted a patch to JOSSO with this method implemented at:http://sourceforge.net/tracker/index.php?func=detail&aid=1557480&group_id=116854&atid=676234 so in future versions of JOSSO, it may already be included.
[2] The next thing you want to do is get JBoss Portal authenticating against JOSSO. Since JBoss Portal uses container based authentication, this shouldn't be to hard. However, here are some info that might help…
I put all my josso-*.xml configuration files in $JBOSS_HOME/server/default/conf.
josso-config.xml:<configuration>
<hierarchicalXml fileName="josso-gateway-config.xml"/>
<hierarchicalXml fileName="josso-agent-config.xml"/>
</configuration>
interesting parts of josso-gateway-config.xml:
…
<authentication-scheme>
<name>basic-authentication</name>
<class>org.josso.auth.scheme.BindUsernamePasswordAuthScheme</class>
…
<credential-store>
<class>gov.doi.usgs.josso.JBossAuthenticationManagerCredentialStore</class>
<authenticationManagerJndiName>java:jaas/portal</authenticationManagerJndiName>
</credential-store>
…
<class>gov.doi.usgs.josso.JBossPortalIdentityStore</class>
<additionalRole>Authenticated</additionalRole>
<userModuleJdniName>java:/portal/UserModule</userModuleJdniName>
</sso-identity-store>
…
<sso-session-store>
<class>org.josso.gateway.session.service.store.db.DataSourceSessionStore</class>
I've chopped up the josso-gateway-config.xml quite a bit. Here is what I think you need to know:
[a] Use the DataSourceSessionStore so different web applications contacting JOSSO will see the same session information.
JBossAuthenticationManagerCredentialStore performs JOSSO authentication based on a configured JBossAuthenticationManager. This should probably be the AuthenticationManager you already have set up for jboss-portal (in login-config.xml). Here is the code:
package gov.doi.usgs.josso;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import org.josso.gateway.identity.exceptions.SSOIdentityException;
import org.josso.auth.exceptions.SSOAuthenticationException;
import org.josso.auth.Credential;
import org.josso.auth.CredentialKey;
import org.josso.auth.BindableCredentialStore;
import org.josso.auth.scheme.AuthenticationScheme;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.jboss.security.AuthenticationManager;
import org.jboss.security.SimplePrincipal;
/**
* BindableCredentialStore that authenticates from a JBoss AuthenticationManager
* loaded from JNDI.
*
* @author Jon French
*/
public class JBossAuthenticationManagerCredentialStore implements BindableCredentialStore {
private static final Log LOG = LogFactory.getLog(JBossAuthenticationManagerCredentialStore.class);
private String fAuthenticationManagerJndiName = null;
private AuthenticationScheme fAuthScheme;
private AuthenticationManager fAuthManager;
public void setAuthenticationManagerJndiName(String name){
fAuthenticationManagerJndiName=name;
}
/**
* Sets the Authentication Scheme
*
* @param as the authentication scheme
*/
public void setAuthenticationScheme(AuthenticationScheme as) {
fAuthScheme = as;
}
/**
* Retrieves the configured Authentication Scheme.
*
* @return the authentication scheme.
*/
protected AuthenticationScheme getAuthenticationScheme() {
return fAuthScheme;
}
public boolean bind(String username, String password) throws SSOAuthenticationException{
if (LOG.isDebugEnabled()) {
LOG.debug("userName: " + username + " , " + password);
}
if (fAuthManager == null) {
try{
Context initContext = new InitialContext();
fAuthManager = (AuthenticationManager) initContext.lookup(fAuthenticationManagerJndiName);
} catch(NamingException e){
throw new SSOAuthenticationException("Problem obtaining AuthenticationManager",e);
}
}
SimplePrincipal userNameP = new SimplePrincipal(username);
return fAuthManager.isValid(userNameP,password);
}
public Credential[] loadCredentials(CredentialKey key) throws SSOIdentityException {
throw new UnsupportedOperationException();
}
}
JBossPortalIdentityStore gets JOSSO authorization information from JBossPortal Daos:
package gov.doi.usgs.josso;
import java.util.Iterator;
import java.util.List;
import java.util.LinkedList;
import java.util.Set;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import org.josso.gateway.identity.service.store.IdentityStore;
import org.josso.gateway.identity.service.store.UserKey;
import org.josso.gateway.identity.service.store.SimpleUserKey;
import org.josso.gateway.identity.service.BaseUser;
import org.josso.gateway.identity.service.BaseRole;
import org.josso.gateway.identity.service.BaseRoleImpl;
import org.josso.gateway.identity.service.BaseUserImpl;
import org.josso.gateway.identity.exceptions.NoSuchUserException;
import org.josso.gateway.identity.exceptions.SSOIdentityException;
import org.josso.gateway.SSONameValuePair;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import javax.transaction.TransactionManager;
import org.jboss.portal.common.transaction.Transactions;
import org.jboss.portal.core.modules.UserModule;
import org.jboss.portal.core.model.User;
/**
* Identity Store that retrieves role information from JBossPortal Daos
*
* @author Jon French
*/
public class JBossPortalIdentityStore implements IdentityStore {
private static final Log LOG = LogFactory.getLog(JBossPortalIdentityStore.class);
private String fAdditionalRole,fUserModuleJNDIName;
private UserModule fUserModule;
public void setAdditionalRole(String role){
fAdditionalRole=role;
}
public void setUserModuleJdniName(String name){
fUserModuleJNDIName=name;
}
/**
* This method allows user attributes to be loaded into an object which is
* then available to other application via the web service methods. At this point,
* the method is not fully implemented because I have no need to load these properties
* at this point
*
* @return the user instance with the provided userid
* @throws NoSuchUserException if the user does not exist
* @throws SSOIdentityException a fatal exception loading the requested user
*/
public BaseUser loadUser(final UserKey key) throws NoSuchUserException, SSOIdentityException {
if (!(key instanceof SimpleUserKey)) {
throw new SSOIdentityException("Unsupported key type : " + key.getClass().getName());
}
/*
TODO: This should be changed to contact the MyUSGS biz layer in the future
*/
try
{
TransactionManager tm = (TransactionManager)new InitialContext().lookup("java:/TransactionManager");
return (BaseUser)Transactions.required(tm, new Transactions.Runnable()
{
public Object run() throws Exception
{
try
{
UserModule module = getUserModule();
String uid = ((SimpleUserKey) key).getId();
if (LOG.isDebugEnabled()) {
LOG.debug("[loadUser] user id: "+ uid);
}
User user = null;
try {
user = module.findUserByUserName(uid);
}catch(org.jboss.portal.core.model.NoSuchUserException e){
LOG.error("No user found for id: " + uid,e);
throw new NoSuchUserException(key);
}
BaseUser bu = new BaseUserImpl();
bu.setName(uid);
List userProperties = new LinkedList();
userProperties.add(new SSONameValuePair("first name", user.getGivenName()));
userProperties.add(new SSONameValuePair("last name", user.getFamilyName()));
SSONameValuePair[] props = (SSONameValuePair[])
userProperties.toArray(new SSONameValuePair[userProperties.size()]);
bu.setProperties(props);
return bu;
}
catch (org.jboss.portal.core.modules.ModuleException e)
{
LOG.error("Error retreiving user",e);
throw new SSOIdentityException(e);
}
}
});
}
catch (NamingException e)
{
throw new SSOIdentityException(e);
}
}
/**
* Returns the roles associated with a given user key. This implementation
* pulls info from JBoss Portal.
* <p>
* Note that if the <tt>additionalRole</tt> parameter is set, that role
* will be added to the array of roles for every user
*/
public BaseRole[] findRolesByUserKey(final UserKey key)
throws SSOIdentityException
{
try
{
TransactionManager tm = (TransactionManager)new InitialContext().lookup("java:/TransactionManager");
return (BaseRole[])Transactions.required(tm, new Transactions.Runnable()
{
public Object run() throws Exception
{
try
{
UserModule module = getUserModule();
User user = module.findUserByUserName(((SimpleUserKey)key).getId());
Set roleNames = user.getRoleNames();
List roles = new LinkedList();
for (Iterator iterator = roleNames.iterator(); iterator.hasNext();)
{
String roleName = (String)iterator.next();
try
{
BaseRole role = new BaseRoleImpl();
role.setName(roleName);
roles.add(role);
}
catch (Exception e)
{
LOG.warn("Failed to create role:" + roleName, e);
}
}
if (fAdditionalRole != null) {
BaseRole role = new BaseRoleImpl();
role.setName(fAdditionalRole);
roles.add(role);
}
return (BaseRole[]) roles.toArray(new BaseRole[roles.size()]);
}
catch (Exception e)
{
LOG.fatal("Error assigning roles",e);
throw new SSOIdentityException(e);
}
}
});
}
catch (Exception e)
{
throw new SSOIdentityException(e);
}
}
public boolean userExists(UserKey key) throws SSOIdentityException {
try {
return loadUser(key) != null;
} catch (NoSuchUserException e) {
return false;
}
}
private UserModule getUserModule()
throws Exception{
if (fUserModule == null)
{
fUserModule = (UserModule)new InitialContext().lookup(fUserModuleJNDIName);
}
return fUserModule;
}
}
[3] Now that you have JBoss Portal authenticating JBoss Portal, you need to get Alfresco to recognize your JOSSO authentication cookie and load the Alfresco portlet session environment to mimic a user login. To accomplish this, I wrote a PortletFilter that sits in front of every request to the Alfresco portlet:
package gov.doi.usgs.alfresco.security;
import java.io.IOException;
import javax.portlet.ActionRequest;
import javax.portlet.ActionResponse;
import javax.portlet.PortletException;
import javax.portlet.RenderRequest;
import javax.portlet.RenderResponse;
import javax.portlet.PortletRequest;
import javax.portlet.PortletSession;
import javax.servlet.http.Cookie;
import javax.transaction.UserTransaction;
import org.apache.portals.bridges.portletfilter.PortletFilter;
import org.apache.portals.bridges.portletfilter.PortletFilterChain;
import org.apache.portals.bridges.portletfilter.PortletFilterConfig;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.web.context.WebApplicationContext;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.security.authentication.AuthenticationComponent;
import org.alfresco.service.ServiceRegistry;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.web.app.servlet.AuthenticationHelper;
import org.alfresco.web.bean.LoginBean;
import org.alfresco.web.bean.repository.User;
import org.josso.Lookup;
import org.josso.gateway.Constants;
import org.josso.gateway.session.SSOSession;
import org.josso.gateway.session.service.SSOSessionManager;
/**
* Filters every request for the Alfresco portlet and makes sure that the correct
* user PortletSession environment exists so that the user is not asked to re-authenticate
*
* @author Jon French
*/
public class AuthenticationPortletFilter implements PortletFilter {
private static final Log LOG = LogFactory.getLog(AuthenticationPortletFilter.class);
private AuthenticationService fAuthService;
private AuthenticationComponent fAuthComponent;
private PersonService fPersonService;
private NodeService fNodeService;
private TransactionService fTransactionService;
public void init(PortletFilterConfig filterConfig) throws PortletException{
WebApplicationContext ctx = (WebApplicationContext)filterConfig.getPortletConfig().getPortletContext().getAttribute(
WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE);
ServiceRegistry serviceRegistry = (ServiceRegistry) ctx.getBean(ServiceRegistry.SERVICE_REGISTRY);
fNodeService = serviceRegistry.getNodeService();
fTransactionService = serviceRegistry.getTransactionService();
fAuthService = (AuthenticationService) ctx.getBean("authenticationService");
fAuthComponent = (AuthenticationComponent) ctx.getBean("authenticationComponent");
fPersonService = (PersonService) ctx.getBean("personService");
if (LOG.isDebugEnabled()) {
LOG.debug(getClass().getName() + " initialized");
}
}
public void renderFilter(RenderRequest request, RenderResponse response, PortletFilterChain chain)
throws PortletException, IOException{
if (LOG.isDebugEnabled()) {
LOG.debug("here in renderFilter");
}
ensureLogin(request);
chain.renderFilter(request,response);
}
public void processActionFilter(ActionRequest request, ActionResponse response, PortletFilterChain chain)
throws PortletException, IOException{
if (LOG.isDebugEnabled()) {
LOG.debug("here in renderFilter.");
}
ensureLogin(request);
chain.processActionFilter(request,response);
}
public void destroy(){
}
private void ensureLogin(PortletRequest request)
throws PortletException,IOException {
PortletSession session = request.getPortletSession();
User user = (User) session.getAttribute(AuthenticationHelper.AUTHENTICATION_USER);
if (user == null)
{
if (LOG.isDebugEnabled()) {
LOG.debug("session user attirbute is null.");
}
String ssosessionId = retreiveSSOId(request);
if (ssosessionId == null) {
/* If the a SSO session id is not stored as a cookie, something is
wrong since the user should always have to go through JOSSO to get to
this filter. */
throw new PortletException("SSO session cookie is not present");
}
SSOSession ssoSession = retrieveSSOSession(ssosessionId);
if (ssoSession == null || !ssoSession.isValid()) {
throw new PortletException("SSO Session not valid");
}
/* Make sure the user is loaded into the PortletSession environment.
The code below is modeled on the Alfresco org.alfresco.web.app.servlet.NTLMAuthenticationFilter */
UserTransaction tx = fTransactionService.getUserTransaction();
NodeRef homeSpaceRef = null;
try
{
tx.begin();
// Get user details for the authenticated user
fAuthComponent.setCurrentUser(ssoSession.getUsername().toLowerCase());
// The user name used may be a different case to the NTLM supplied user name, read the current
// user and use that name
String userName = fAuthComponent.getCurrentUserName();
// Setup User object and Home space ID etc.
NodeRef personNodeRef = fPersonService.getPerson(userName);
String currentTicket = fAuthService.getCurrentTicket();
user = new User(userName, currentTicket, personNodeRef);
homeSpaceRef = (NodeRef) fNodeService.getProperty(
personNodeRef,
ContentModel.PROP_HOMEFOLDER);
user.setHomeSpaceId(homeSpaceRef.getId());
tx.commit();
}
catch (Throwable ex)
{
try
{
tx.rollback();
}
catch (Exception ex2)
{
LOG.error("Failed to rollback transaction", ex2);
}
if(ex instanceof RuntimeException)
{
throw (RuntimeException)ex;
}
else if(ex instanceof IOException)
{
throw (IOException)ex;
}
else if(ex instanceof PortletException)
{
throw (PortletException)ex;
}
else
{
throw new RuntimeException("Authentication setup failed", ex);
}
}
// Store the user
session.setAttribute(AuthenticationHelper.AUTHENTICATION_USER, user);
/* I'm not sure if this parameter is necessary? */
session.setAttribute(LoginBean.LOGIN_EXTERNAL_AUTH, Boolean.TRUE);
// Note! If you wanted to do any fancy Locale stuff, you should do it here.
if ( LOG.isDebugEnabled()){
LOG.debug("User logged on via JOSSO");
}
return;
}
}
/**
* Retreives the JOSSO single sign on cookie from the PortletRequest
*/
private String retreiveSSOId(PortletRequest request){
String ssosessionId = null;
String cookies1 = request.getProperty("cookie");
String[] cookies2 = StringUtils.split(cookies1,";");
if (cookies2 != null) {
for (int i = 0;i<cookies2.length;i++) {
String[] c = StringUtils.split(cookies2[i],"=");
if (Constants.JOSSO_SINGLE_SIGN_ON_COOKIE.equals(c[0].trim())) {
ssosessionId = c[1];
break;
}
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("SSO cookie found. value: " + ssosessionId);
}
return ssosessionId;
}
/**
* Retreive the JOSSO session from JOSSO.
*/
private SSOSession retrieveSSOSession(String ssosessionId)
throws PortletException{
try{
SSOSessionManager manager = Lookup.getInstance().lookupSecurityDomain().getSessionManager();
return manager.getSession(ssosessionId);
}catch(Exception e){
throw new PortletException("Problem obtaining SSOSession",e);
}
}
}
And the requisite changes to alfresco.war/WEB-INF/portlet.xml to make sure the FilterPortlet is deployed:
<?xml version="1.0" encoding="UTF-8"?>
<portlet-app xmlns="http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd" version="1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd">
<portlet>
<description>Alfresco Client Portlet</description>
<portlet-name>AlfrescoClient</portlet-name>
<portlet-class>org.alfresco.web.app.portlet.AlfrescoFacesPortlet</portlet-class>
<init-param>
<name>default-view</name>
<value>/jsp/login.jsp</value>
</init-param>
<supports>
<mime-type>text/html</mime-type>
<portlet-mode>VIEW</portlet-mode>
<portlet-mode>HELP</portlet-mode>
</supports>
<portlet-info>
<title>Alfresco Client Portlet</title>
<short-title>alfresco-client-portlet</short-title>
</portlet-info>
</portlet>
<portlet id="FilteredAlfresco">
<portlet-name>FilteredAlfresco</portlet-name>
<display-name>Filtered Alfresco</display-name>
<portlet-class>org.apache.portals.bridges.portletfilter.FilterPortlet</portlet-class>
<init-param>
<name>portlet-class</name>
<value>org.alfresco.web.app.portlet.AlfrescoFacesPortlet</value>
</init-param>
<!– Important! The default view is where the MyFacesPortlet will take the user
in absence of any species view id in the users session. This should be the browse page,
not the login page –>
<init-param>
<name>default-view</name>
<value>/jsp/browse/browse.jsp</value>
</init-param>
<init-param>
<name>portlet-filters</name>
<value>gov.doi.usgs.alfresco.security.AuthenticationPortletFilter</value>
</init-param>
<expiration-cache>-1</expiration-cache>
<supports>
<mime-type>text/html</mime-type>
<portlet-mode>VIEW</portlet-mode>
</supports>
<supported-locale>en</supported-locale>
<supported-locale>ja</supported-locale>
<portlet-info>
<title>Filtered Alfresco</title>
<short-title>This is a filtered portlet for alfresco</short-title>
</portlet-info>
</portlet>
</portlet-app>
[4] You need to make sure that the josso*.jar files are in the requisite places to get this all to work. Note that josso-1.4.jar is in the alfresco.war/WEB-INF/lib directory.
[jfrench:/usr/local/jboss/server/default]$find . -name "josso*jar"
./deploy/jbossweb-tomcat55.sar/josso-1.4.jar
./deploy/jbossweb-tomcat55.sar/josso-common-1.4.jar
./deploy/jbossweb-tomcat55.sar/josso-tomcat55-plugin-1.4.jar
./deploy/jbossweb-tomcat55.sar/josso-jboss4-plugin-1.4.jar
./deploy/alfresco.sar/alfresco-1.3.0.war/WEB-INF/lib/josso-1.4.jar
./deploy/josso.ear/josso.war/WEB-INF/lib/josso-1.4.jar
[5] Other thoughts:
You probably want to comment out the "Login/logout" link of the Alfresco portlet, because you don't want users using alfresco controls for these actions anymore. I haven't done this yet, so I'm not sure where that link is located in the Alfresco jsps.
I haven't thoroughly tested this configuration yet, but I'm sure there are weird corner cases that haven't yet been vetted, but it seems to be producing single sign on thus far…
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-09-2006 05:45 AM
I'm trying to implement single sign on between JLiferay Portal and Alfresco running as a portlet in the same tomcat servlet container (no cluster). I have Tomcat's SingleSignOn value operational and single sign on works between web applications that use container based authentication just fine. I have tried a few hacks to try and propagate the Liferay Portal authenticated user credentials to the Alfresco portlet, but I feel like I'm back to square one.
Basically i want to enter to alfresco as soon as i provide user id password through Liferay
Please help me urgently
Environment:
Liferay Portal 4.0.0
Alfresco 1.3 community
Basically i want to enter to alfresco as soon as i provide user id password through Liferay
Please help me urgently
Environment:
Liferay Portal 4.0.0
Alfresco 1.3 community
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-10-2006 11:32 AM
I have no experience with Liferay, but the JOSSO/PortletFilter scheme I outlined below should work for any application that seeks to integrate Alfresco with container based single sign on. You would of course need to provide a JOSSO Crendential/IdentityStore appropriate for your application.
Have you tried it yet???
Have you tried it yet???
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-15-2006 02:20 AM
Thanks a lot for reply
my new query is : can i know where does alfresco keeps usrId and password and how the flow goes once user provided appropriate credentials
thanks
suman
my new query is : can i know where does alfresco keeps usrId and password and how the flow goes once user provided appropriate credentials
thanks
suman
Related Content
- Alfresco, Docker, MS SQL, Data Store DFS, on docker swarm replicated. YML in Alfresco Forum
- Problems with uploading big files in Alfresco in Alfresco Forum
- Alfresco Community Edition 23.1 Release Notes in Alfresco Blog
- Alfresco 7.3 - Upgrading to Transform Core 3.0.0 in Alfresco Blog
- Db pool and max_connections for clustered instance in Alfresco Forum
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
