I'm still struggling to figure out how to get SSO working and need some help please :-)
In a nutshell, I've written two web apps, one of which acts as a logon app and the other as a true application but the user from the logon app is not being propagated to the other app. The logon app captures user and password details, then makes a call to processManualLoginNotification() as defined in the instructions on the WARConfiguration page in the Wiki (http://labs.jboss.com/wiki/WARConfiguration), in the section titled 'Instructions for web applications using their own authentication mechanism'. After the call to processManualLoginNotification() it does a call to getUserPrincipal() and gets back the same user as was used to log on so that part appears to be working. However, when I go into my second app and do a getUserPrincipal() call it returns null, so my user details are not being passed between sessions and this is what I need help with. I've looked inthe FAQ but havent really found anything I can use. I know nothing about JAAS but as we need to implement our own specific logon system (as per my earlier post http://www.jboss.com/index.html?module=bb&op=viewtopic&t=96617) I'm not sure how it would help us. I've previously implemented a LogonProvider object as per the instructions on the IdentityManagement page in the wiki (http://labs.jboss.com/wiki/IdentityManagement ). It's being called on server startup (it writes to the logs), but it doesnt appear to do anything after that. Both apps have a context.xml file in their WEB-INF folder which mirrors that of the one on the WARConfiguration page, and uses the same provider id as used in my sso.cfg.xml file context.xml example | <?xml version="1.0"?> | <Context> | <!-- | logoutURL - URL for performing logout/signout function in your application | --> | <Valve className="org.jboss.security.valve.PlainSSOAutoLogout" | logoutURL="/nicklogoff/nicklogoff.htm"/> | | <!-- | assertingParty - this is the partnerId of this application as a part of a federation of multiple partner sites | --> | <Valve className="org.jboss.security.valve.PlainSSOTokenManager" | assertingParty="nicktestapp"/> | | <!-- | tomcat built-in AuthenticationTypes: FORM,BASIC,DIGEST,CLIENT-CERT | --> | <Valve className="org.jboss.security.valve.PlainSSOAutoLogin" | authType="FORM" | provider="si:njw-sso:njw:login" | /> | </Context> | sso.cfg.xml | <?xml version='1.0' encoding='ISO-8859-1'?> | | <jboss-sso> | <!-- | identity management related configuration, this is the LDAP based module | Technically, this can be a provider that can integrate with thirdparty identity systems like SiteMinder etc | --> | <identity-management> | <login> | <provider id="si:njw-sso:njw:login" class="com.njw.NWLoginProvider"> | </provider> | </login> | <provisioning> | </provisioning> | </identity-management> | | | <!-- sso processor for SingleSignOn, the default JBossSingleSignOn processor uses OpenSAML-1.0, | the next version of this processor will use the latest SAML specification | --> | <sso-processor> | <processor class="org.jboss.security.saml.JBossSingleSignOn"> | <property name="trustServer">http://a05300.vmoney.local:8080/federate/trust</property> | </processor> | </sso-processor> | </jboss-sso> | I've also tried changing NWLoginProvider to extend ProvisioningProvider and added<provider id="si:njw-sso:njw:provisioning" class="com.njw.NWLoginProvider"> to the "provider" section of sso.cfg.xml but with no success, other than a few extra entries in the log file at startup. The rest of this posting consists of examples from log files My LoginProvider is being invoked when the server starts (I've also added some extra log.debug calls to SSOManager and PlainSSOAutoLogin to help me understand whats going on) | 2006-12-13 15:34:34,471 DEBUG [org.jboss.system.ServiceCreator] About to create xmbean object: jboss.sso:service=SSOManager with code: org.jboss.security.saml.SSOManager with embedded descriptor | 2006-12-13 15:34:34,627 DEBUG [org.jboss.system.ServiceCreator] Created bean: jboss.sso:service=SSOManager | 2006-12-13 15:34:34,627 DEBUG [org.jboss.system.ServiceConfigurator] conf set to conf/sso.cfg.xml in jboss.sso:service=SSOManager | 2006-12-13 15:34:34,627 DEBUG [org.jboss.system.ServiceController] Creating service jboss.sso:service=IdentityManager | 2006-12-13 15:34:34,627 DEBUG [org.jboss.system.ServiceController] Creating dependent components for: jboss.sso:service=IdentityManager dependents are: [] | 2006-12-13 15:34:34,627 DEBUG [org.jboss.system.ServiceController] Creating service jboss.sso:service=SSOManager | 2006-12-13 15:34:34,627 DEBUG [org.jboss.system.ServiceController] Creating dependent components for: jboss.sso:service=SSOManager dependents are: [] | 2006-12-13 15:34:34,627 DEBUG [org.jboss.deployment.MainDeployer] Done with create step of deploying jboss-sso.sar | 2006-12-13 15:34:34,627 DEBUG [org.jboss.deployment.MainDeployer] Begin deployment start file:/C:/jboss-4.0.5.GA/server/default/deploy/jboss-sso.sar/ | 2006-12-13 15:34:34,627 DEBUG [org.jboss.deployment.MainDeployer] Begin deployment start file:/C:/jboss-4.0.5.GA/server/default/deploy/jboss-sso.sar/NWFedSSO.jar | 2006-12-13 15:34:34,627 DEBUG [org.jboss.deployment.MainDeployer] End deployment start on package: NWFedSSO.jar | (lots of begin and end deployment logs for the various jar files removed for clarity) | 2006-12-13 15:34:34,643 DEBUG [org.jboss.deployment.SARDeployer] Deploying SAR, start step: url file:/C:/jboss-4.0.5.GA/server/default/deploy/jboss-sso.sar/ | 2006-12-13 15:34:34,643 DEBUG [org.jboss.system.ServiceController] starting service jboss.sso:service=IdentityManager | 2006-12-13 15:34:34,721 DEBUG [com.njw.NWLoginProvider] Constructor 1 called | 2006-12-13 15:34:34,721 DEBUG [com.njw.NWLoginProvider] setId() id=si:njw-sso:njw:login | 2006-12-13 15:34:34,721 DEBUG [com.njw.NWLoginProvider] setProperties() properties={} | [2006-12-13 15:34:34,721 DEBUG [com.njw.NWLoginProvider] getId() started - returning id="si:njw-sso:njw:login" | 2006-12-13 15:34:34,721 DEBUG [com.njw.NWLoginProvider] getId() started - returning id="si:njw-sso:njw:login" | 2006-12-13 15:34:34,721 DEBUG [com.njw.NWLoginProvider] getId() started - returning id="si:njw-sso:njw:login" | 2006-12-13 15:34:34,721 INFO [org.jboss.security.idm.IdentityManager] Configuration successfully loaded for the IdentityManager........... | 2006-12-13 15:34:34,721 DEBUG [org.jboss.system.ServiceController] Starting dependent components for: jboss.sso:service=IdentityManager dependent components: [] | 2006-12-13 15:34:34,721 DEBUG [org.jboss.system.ServiceController] starting service jboss.sso:service=SSOManager | 2006-12-13 15:34:34,783 INFO [org.jboss.security.saml.SSOManager] SSOProcessor [EMAIL PROTECTED] was successfully registered..... | 2006-12-13 15:34:34,783 INFO [org.jboss.security.saml.SSOManager] SSOManager service successfully started........... | 2006-12-13 15:34:34,783 DEBUG [org.jboss.system.ServiceController] Starting dependent components for: jboss.sso:service=SSOManager dependent components: [] | server log from my logon app server started | 2006-12-13 15:35:13,424 INFO [org.apache.jk.common.ChannelSocket] JK: ajp13 listening on /0.0.0.0:8009 | 2006-12-13 15:35:13,471 INFO [org.apache.jk.server.JkMain] Jk running ID=0 time=0/156 config=null | 2006-12-13 15:35:13,518 INFO [org.jboss.system.server.Server] JBoss (MX MicroKernel) [4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)] Started in 47s:594ms | open http://localhost:8080/njwsecurity | 2006-12-13 15:41:33,507 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() started | 2006-12-13 15:41:33,507 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() activeSession.getTurnOff()=null | 2006-12-13 15:41:33,507 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() performSSO=true | 2006-12-13 15:41:33,507 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] performSSO() started | 2006-12-13 15:41:33,507 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] performSSO() ssoCookieFound=false | 2006-12-13 15:41:33,507 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] performSSO() returning wasSSOPerformed=false | 2006-12-13 15:41:33,507 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() wasSSOPerformed=false | 2006-12-13 15:41:33,507 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] calling this.getNext().invoke(request,response) | 2006-12-13 15:41:33,507 DEBUG [com.njw.onlinesecurity.filters.UserInputFilter] doFilter request /njwsecurity/ | 2006-12-13 15:41:33,523 DEBUG [com.njw.onlinesecurity.filters.CleanServletRequestWrapper] CleanServletRequestWrapper() finished | 2006-12-13 15:41:33,804 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() called this.getNext().invoke(request,response) | 2006-12-13 15:41:33,804 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() !wasSSOPerformed | 2006-12-13 15:41:33,804 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() finished | key in user and password, submit | 2006-12-13 15:42:19,274 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() started | 2006-12-13 15:42:19,274 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() activeSession.getTurnOff()=null | 2006-12-13 15:42:19,274 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() performSSO=true | 2006-12-13 15:42:19,274 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] performSSO() started | 2006-12-13 15:42:19,274 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] performSSO() ssoCookieFound=false | 2006-12-13 15:42:19,274 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] performSSO() returning wasSSOPerformed=false | 2006-12-13 15:42:19,274 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() wasSSOPerformed=false | 2006-12-13 15:42:19,274 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] calling this.getNext().invoke(request,response) | 2006-12-13 15:42:19,274 DEBUG [com.njw.onlinesecurity.filters.UserInputFilter] doFilter request /njwsecurity/logon.do | 2006-12-13 15:42:19,274 DEBUG [com.njw.onlinesecurity.filters.CleanServletRequestWrapper] CleanServletRequestWrapper() finished | 2006-12-13 15:42:19,321 DEBUG [com.njw.onlinesecurity.filters.CleanServletRequestWrapper] getParameter org.apache.struts.taglib.html.CANCEL = null | 2006-12-13 15:42:19,321 DEBUG [com.njw.onlinesecurity.filters.CleanServletRequestWrapper] getParameter org.apache.struts.taglib.html.CANCEL.x = null | 2006-12-13 15:42:19,321 DEBUG [com.njw.onlinesecurity.presentation.forms.LogonForm] checking for errors | 2006-12-13 15:42:19,352 DEBUG [com.njw.onlinesecurity.presentation.actions.LogonAction] ActionForward started | 2006-12-13 15:42:19,352 DEBUG [com.njw.onlinesecurity.beans.LogonDetails] Created logon user=aaaaaaaaa | 2006-12-13 15:42:19,352 DEBUG [com.njw.onlinesecurity.presentation.actions.LogonAction] ActionForward logonDetails=user=aaaaaaaaa | 2006-12-13 15:42:19,367 DEBUG [com.njw.onlinesecurity.delegates.CustomerDelegate] CustomerDelegate() [EMAIL PROTECTED] | 2006-12-13 15:42:19,367 DEBUG [com.njw.onlinesecurity.presentation.actions.LogonAction] ActionForward [EMAIL PROTECTED] | 2006-12-13 15:42:19,367 DEBUG [com.njw.onlinesecurity.data.rdbms.RdbmsCustomerDAO] Logon FUDGED - user=aaaaaaaaa | 2006-12-13 15:42:19,383 DEBUG [com.njw.onlinesecurity.beans.Customer] Created customer user=aaaaaaaaa | 2006-12-13 15:42:19,383 DEBUG [com.njw.onlinesecurity.presentation.actions.LogonAction] Customer details - user=aaaaaaaaa | 2006-12-13 15:42:19,383 DEBUG [com.njw.onlinesecurity.presentation.actions.LogonAction] Saving as bean "customer" | note call to processManualLoginNotification() and subsequent retrieval | 2006-12-13 15:42:19,383 DEBUG [com.njw.onlinesecurity.presentation.actions.LogonAction] ActionForward calling org.jboss.security.saml.SSOManager.processManualLoginNotification | 2006-12-13 15:42:19,383 DEBUG [org.jboss.security.saml.SSOManager] processManualLoginNotification() created ssoUser [EMAIL PROTECTED] | 2006-12-13 15:42:19,383 DEBUG [com.njw.onlinesecurity.presentation.actions.LogonAction] ActionForward called org.jboss.security.saml.SSOManager.processManualLoginNotification | 2006-12-13 15:42:19,383 DEBUG [org.jboss.security.saml.SSOManager] getUserPrincipal() [EMAIL PROTECTED] | 2006-12-13 15:42:19,383 DEBUG [com.njw.onlinesecurity.presentation.actions.LogonAction] Principal (after logon) =aaaaaaaaa | 2006-12-13 15:42:19,383 DEBUG [com.njw.onlinesecurity.presentation.actions.LogonAction] ssoUser = [EMAIL PROTECTED] | 2006-12-13 15:42:19,602 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() called this.getNext().invoke(request,response) | 2006-12-13 15:42:19,602 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() !wasSSOPerformed | 2006-12-13 15:42:19,602 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() principal=aaaaaaaaa | 2006-12-13 15:42:19,602 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() finished | server log from my second app open http://localhost:8080/njwtest - note that PlainSSOAutoLogin is being invoked | 2006-12-13 15:43:35,759 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() started | 2006-12-13 15:43:35,759 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() activeSession.getTurnOff()=null | 2006-12-13 15:43:35,759 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() performSSO=true | 2006-12-13 15:43:35,759 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] performSSO() started | 2006-12-13 15:43:35,759 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] performSSO() ssoCookieFound=false | 2006-12-13 15:43:35,759 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] performSSO() returning wasSSOPerformed=false | 2006-12-13 15:43:35,759 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() wasSSOPerformed=false | 2006-12-13 15:43:35,759 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] calling this.getNext().invoke(request,response) | note that there is no Principal 2006-12-13 15:43:35,775 DEBUG [org.jboss.security.saml.SSOManager] getUserPrincipal() =null | 2006-12-13 15:43:35,759 DEBUG [com.njw.nicktest.filters.UserInputFilter] doFilter request /nicktest/ | 2006-12-13 15:43:35,775 DEBUG [com.njw.nicktest.filters.UserInputFilter] Principal (filter) =null | 2006-12-13 15:43:35,775 DEBUG [com.njw.nicktest.filters.UserInputFilter] ssoUser = null | 2006-12-13 15:43:35,775 DEBUG [com.njw.nicktest.filters.UserInputFilter] NOT LOGGED ON | 2006-12-13 15:43:35,775 DEBUG [com.njw.nicktest.filters.UserInputFilter] URI=/nicktest/ | 2006-12-13 15:43:35,775 DEBUG [com.njw.nicktest.filters.UserInputFilter] path=/nicktest | 2006-12-13 15:43:35,775 DEBUG [com.njw.nicktest.filters.UserInputFilter] page=/not_logged_on.htm | 2006-12-13 15:43:35,790 DEBUG [com.njw.nicktest.filters.CleanServletRequestWrapper] CleanServletRequestWrapper() finished | 2006-12-13 15:43:36,025 DEBUG [org.jboss.web.tomcat.tc5.jasper.TagLibCache] Scanning for tlds | in: file:/C:/jboss-4.0.5.GA/server/default/deploy/jbossweb-tomcat55.sar/jsf-libs/myfaces-impl.jar | 2006-12-13 15:43:41,275 DEBUG [com.njw.nicktest.presentation.forms.CustomerDetailsForm] products=[, Motor, Travel, Pet] | 2006-12-13 15:43:41,275 DEBUG [com.njw.nicktest.presentation.forms.CustomerDetailsForm] products=[, Motor, Travel, Pet] | 2006-12-13 15:43:41,290 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() called this.getNext().invoke(request,response) | 2006-12-13 15:43:41,290 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() !wasSSOPerformed | 2006-12-13 15:43:41,290 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() finished | 2006-12-13 15:44:23,353 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() started | 2006-12-13 15:44:23,353 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() activeSession.getTurnOff()=null | 2006-12-13 15:44:23,353 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() performSSO=true | 2006-12-13 15:44:23,353 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] performSSO() started | 2006-12-13 15:44:23,353 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] performSSO() ssoCookieFound=false | 2006-12-13 15:44:23,353 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] performSSO() returning wasSSOPerformed=false | 2006-12-13 15:44:23,353 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() wasSSOPerformed=false | 2006-12-13 15:44:23,353 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] calling this.getNext().invoke(request,response) | 2006-12-13 15:44:23,353 DEBUG [com.njw.nicktest.filters.UserInputFilter] doFilter request /nicktest/customerdetails.do | 2006-12-13 15:44:23,353 DEBUG [org.jboss.security.saml.SSOManager] getUserPrincipal() =null | 2006-12-13 15:44:23,353 DEBUG [com.njw.nicktest.filters.UserInputFilter] Principal (filter) =null | 2006-12-13 15:44:23,353 DEBUG [com.njw.nicktest.filters.UserInputFilter] ssoUser = null | 2006-12-13 15:44:23,353 DEBUG [com.njw.nicktest.filters.UserInputFilter] NOT LOGGED ON | 2006-12-13 15:44:23,353 DEBUG [com.njw.nicktest.filters.UserInputFilter] URI=/nicktest/customerdetails.do | 2006-12-13 15:44:23,353 DEBUG [com.njw.nicktest.filters.UserInputFilter] path=/nicktest | 2006-12-13 15:44:23,353 DEBUG [com.njw.nicktest.filters.UserInputFilter] page=/not_logged_on.htm | 2006-12-13 15:44:23,353 DEBUG [com.njw.nicktest.filters.CleanServletRequestWrapper] CleanServletRequestWrapper() finished | 2006-12-13 15:44:23,385 DEBUG [com.njw.nicktest.filters.CleanServletRequestWrapper] getParameter org.apache.struts.taglib.html.CANCEL = null | 2006-12-13 15:44:23,385 DEBUG [com.njw.nicktest.filters.CleanServletRequestWrapper] getParameter org.apache.struts.taglib.html.CANCEL.x = null | 2006-12-13 15:44:23,400 DEBUG [com.njw.nicktest.presentation.forms.CustomerDetailsForm] checking for errors | 2006-12-13 15:44:23,400 DEBUG [com.njw.nicktest.presentation.forms.CustomerDetailsForm] parsing dob string"11/12/1986" | 2006-12-13 15:44:23,400 DEBUG [com.njw.nicktest.presentation.forms.CustomerDetailsForm] Forename="qwerty" | Surname="uiop" Postcode="aa11aa" DOB="Thu Dec 11 00:00:00 GMT 1986" Product="Motor" | 2006-12-13 15:44:23,400 DEBUG [com.njw.nicktest.presentation.forms.CustomerDetailsForm] errors={} | 2006-12-13 15:44:23,416 DEBUG [com.njw.nicktest.presentation.actions.CustomerDetailsAction] ActionForward started | 2006-12-13 15:44:23,416 DEBUG [org.jboss.security.saml.SSOManager] getUserPrincipal() =null | 2006-12-13 15:44:23,416 DEBUG [com.njw.nicktest.presentation.actions.CustomerDetailsAction] Principal CustomerDetailsAction.execute() =null | 2006-12-13 15:44:23,416 DEBUG [com.njw.nicktest.presentation.actions.CustomerDetailsAction] NOT LOGGED ON | 2006-12-13 15:44:23,572 DEBUG [org.jboss.security.plugins.JaasSecurityManager.other] CallbackHandler: [EMAIL PROTECTED] | 2006-12-13 15:44:23,572 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Created [EMAIL PROTECTED] | 2006-12-13 15:44:23,572 DEBUG [org.jboss.security.plugins.JaasSecurityManager.other] CachePolicy set to: [EMAIL PROTECTED] | 2006-12-13 15:44:23,572 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] setCachePolicy, [EMAIL PROTECTED] | 2006-12-13 15:44:23,572 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Added other, [EMAIL PROTECTED] to map | 2006-12-13 15:44:23,572 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() called this.getNext().invoke(request,response) | 2006-12-13 15:44:23,572 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() !wasSSOPerformed | 2006-12-13 15:44:23,572 DEBUG [org.jboss.security.valve.PlainSSOAutoLogin] invoke() finished | View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3993468#3993468 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3993468 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
