Hi,
I think the documentation [1] is misleading for the Form-authentication
support, which is supported only with SSOWebContentPortlet.
However, I think you can use IFrameGenericPortlet to allow that form
authentication, simply by configuring your new view page in preferrences. For
example, you can read the preferences and build a simple hidden form with the
sso credentials info to post to the target site.
If you want to retrieve the sso credentials info for the SSO site from your
portlet or your view JSP page, you will probably need to access the Jetspeed
SSO Manager, listed here as Jetspeed Service component. [2]
PortletContext context = getPortletContext();
SSOManager sso = (SSOManager) context.getAttribute("cps:SSO");
You could refer to SSOProxyPortlet.java on how to use the component. [3]
[1] http://portals.apache.org/jetspeed-2/deployguide/config-sso.html
[2] http://portals.apache.org/jetspeed-2/deployguide/guide-services.html
[3]
https://svn.apache.org/repos/asf/portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/sso/SSOProxyPortlet.java
HTH,
Woonsan
--- On Mon, 8/23/10, [email protected] <[email protected]> wrote:
> From: [email protected] <[email protected]>
> Subject: Re: SSO IFrame form authentication
> To: "Jetspeed Users List" <[email protected]>
> Date: Monday, August 23, 2010, 7:45 PM
> The only portlet producing acceptable
> rendering results is the SSO IFrame
> Portlet, which claims to use SSO, but appears to not work
> according to the
> documentation. The SSO section of the deployment
> guide clearly spells out
> how to use sso.type, sso.form.principal,
> sso.form.credential, sso.Action,
> sso.form.Args, etc to do what we need but it does not work
> in the simplest
> of examples of form based preemptive authentication.
> I am at a loss as to
> where to go next.
>
> Thanks, MikeB
>
> Mike Ballard
> Director of Internet Development and Networking
> O'Reilly Auto Parts
> (417) 874-7107 Ofc
> (417) 838-0271 Cell
>
> This message is protected by the Electronic Communications
> Privacy Act, 18
> USCS § 2510 et seq., and may not be used, copied or
> forwarded without the
> consent of the named recipient(s). The information
> contained in this
> message is confidential, is intended only for the use of
> the individual or
> entity named. If the reader of this message is not
> the intended
> recipient, you are hereby notified that any dissemination,
> distribution or
> copying of this communication is strictly prohibited.
> If you have
> received this communication in error, please notify me
> immediately at
> 417-874-7107.
>
>
>
> From:
> Woonsan Ko <[email protected]>
> To:
> Jetspeed Users List <[email protected]>
> Date:
> 08/20/2010 06:54 PM
> Subject:
> Re: SSO IFrame form authentication
>
>
>
> How about prepending a double quote or single quote,
> depending your target
> website, in the regex expression?
> For example,
> \"\\/otrs\\/customer\\.pl\\?CSID
> will exclude "/j2-admin/rproxy/otrs/...".
>
> Also, you can configure multiple custom replacements in the
> configuration.
> (Multiple keys are defined with the same keys.
> For example,
>
> proxy.reverse.pass.otrs.rewriter.parserAdaptor.html.property.customPatterns
>
> = \"\\/otrs\\/customer\\.pl
> proxy.reverse.pass.otrs.rewriter.parserAdaptor.html.property.customReplaces
>
> = \"/j2-admin/rproxy/otrs/otrs/customer.pl
> proxy.reverse.pass.otrs.rewriter.parserAdaptor.html.property.customPatterns
>
> = \"\\/otrs-web\\/customer\\.pl
> proxy.reverse.pass.otrs.rewriter.parserAdaptor.html.property.customReplaces
>
> = \"/j2-admin/rproxy/otrs/otrs-web/customer.pl
> ...
>
> -Woonsan
>
>
> --- On Fri, 8/20/10, [email protected]
> <[email protected]>
>
> wrote:
>
> > From: [email protected]
> <[email protected]>
> > Subject: Re: SSO IFrame form authentication
> > To: "Jetspeed Users List" <[email protected]>
> > Date: Friday, August 20, 2010, 10:52 PM
> > Thank you, I had figured that
> > out. Problem is that this rule replaces
> > everything with /otrs/customer.pl even when it already
> has
> >
> > /j2-admin/rproxy/otrs prepended. Since the
> offending
> > string is
> >
> http://hostname.domain-name.com:8080/otrs/customer.pl?CSID=10822f631e5c8aaaa5b4236cd2547c5d82
>
> >
> > I attempted to construct a new rule with pattern
>
> > \\/otrs\\/customer\\.pl\\?CSID and replacement
> > /j2-admin/rproxy/otrs/otrs/customer.pl?CSID
> >
> > However, it never seems to catch the pattern. I
> tried
> > it with escaping
> > the ? and not escaping the ? as I wasn't sure which
> it
> > should be.
> >
> > I also have a similiar issue with /otrs-web.....
> > coming from javascript,
> > I assume. Problem is that some of these patterns
> are
> > prepended with the
> > proxy and some are not. How to catch the ones
> which
> > need rewrite as
> > opposed to the ones which do not.
> >
> >
> >
> > From:
> > Woonsan Ko <[email protected]>
> > To:
> > Jetspeed Users List <[email protected]>
> > Date:
> > 08/20/2010 03:35 PM
> > Subject:
> > Re: SSO IFrame form authentication
> >
> >
> >
> > If the pass configuration is for 'otrs' in your
> example,
> > "proxy.reverse.pass = otrs", then the configuration
> keys
> > should look like
> > these:
> >
> >
> proxy.reverse.pass.otrs.rewriter.parserAdaptor.html.property.customPatterns
> >
> > = \\/otrs\\/customer\\.pl
> >
> proxy.reverse.pass.otrs.rewriter.parserAdaptor.html.property.customReplaces
> >
> > = /j2-admin/rproxy/otrs/otrs/customer.pl
> >
> > --- On Fri, 8/20/10, Woonsan Ko <[email protected]>
> > wrote:
> >
> > > From: Woonsan Ko <[email protected]>
> > > Subject: Re: SSO IFrame form authentication
> > > To: "Jetspeed Users List" <[email protected]>
> > > Date: Friday, August 20, 2010, 9:13 PM
> > > I guess the first page which tried to
> > > redirect to the second page with wrong url by
> using
> > > javascript.
> > > If it redirects to other page from the
> server-side
> > with
> > > http status code and header, then the reverse
> proxy
> > service
> > > can detect and rewrite to a proxied url from the
> > reverse
> > > proxy configurations if found.
> > >
> > > Anyway, if the first page has javascript to
> redirect,
> > e.g.,
> > > 'location.href =
> > >
> >
> /otrs/customer.pl?CSID=1047f4e2a54420bc329c4f2e3cd511e23a',
> > > that script line is not rewritten by default.
> > > (By the way, you can refer to the default
> rewriting
> > class
> > > here if you're interested in:
> >
> http://svn.apache.org/repos/asf/portals/applications/webcontent/trunk/webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/impl/DefaultReverseProxyLinkRewritingParserAaptor.java
>
> > )
> > >
> > > If the redirecting script line is simple, then
> you can
> > add
> > > a custom replace pattern in the reverse proxy
> > configuration
> > > like the following example:
> > >
> > >
> >
> proxy.reverse.pass.issues.rewriter.parserAdaptor.html.property.customPatterns
> > > = \\/otrs\\/customer\\.pl
> > >
> >
> proxy.reverse.pass.issues.rewriter.parserAdaptor.html.property.customReplaces
> > > = /j2-admin/rproxy/otrs/otrs/customer.pl
> > >
> > > The above additional custom replace
> configuration
> > will
> > > replace every line having that regex pattern.
> > >
> > > -Woonsan
> > >
> > > --- On Fri, 8/20/10, [email protected]
> > > <[email protected]>
> > > wrote:
> > >
> > > > From: [email protected]
> > > <[email protected]>
> > > > Subject: Re: SSO IFrame form authentication
> > > > To: "Jetspeed Users List" <[email protected]>
> > > > Date: Friday, August 20, 2010, 8:19 PM
> > > > I am using
> > > >
> j2-admin::SSOReverseProxyIFramePortlet. I
> > also
> > > believe
> > > > I am
> > > > using the exact reverse properties as the
> apache
> > > > example. I have
> > > > discovered one issue when accessing directly
> in
> > that
> > > it
> > > > appears when I
> > > > enter
> > > >
> http://host.domain-name.com:8080/j2-admin/rproxy/otrs/otrs/customer.pl
> > ,
> > > >
> > > > and login manually, I am redirected to
> > > >
> >
> http://host.domain-name.com:8080/otrs/customer.pl?CSID=1047f4e2a54420bc329c4f2e3cd511e23a
>
> >
> > > >
> > > > and I get an HTTP 404 error. If I
> then
> > correct the
> > > > url and put the
> > > > j2-admin/rproxy/otrs back in, I get the
> correct
> > page
> > > > rendered and I am
> > > > logged in. In any case, once I get
> logged
> > in and
> > > try
> > > > to drill down to an
> > > > incident link, I get an error trying to load
> the
> > > javascript
> > > > because
> > > > something has changed the .js in the link
> to
> > .html
> > > > Again, I am using the
> > > > apache example config for rewriting.
> > > >
> > > > # ... Set max matching path part count
> > > > proxy.reverse.pass.maxMatchingPathPartCount
> = 2
> > > >
> > > > # ... Sets detail attributes for apache
> path
> > mapping
> > > > proxy.reverse.pass = otrs
> > > > proxy.reverse.pass.otrs.local = /otrs/
> > > > proxy.reverse.pass.otrs.remote = http://host.domain-name.com/
> > > > proxy.reverse.pass.otrs.rewriter.basic =
> > > >
> > >
> >
> org.apache.portals.applications.webcontent.rewriter.WebContentRewriter
> > > >
> proxy.reverse.pass.otrs.rewriter.parserAdaptor =
> > html
> > > >
> > proxy.reverse.pass.otrs.rewriter.parserAdaptor.html =
> > >
> > > >
> > >
> >
> org.apache.portals.applications.webcontent.proxy.impl.DefaultReverseProxyLinkRewritingParserAaptor
> > > >
> > >
> >
> proxy.reverse.pass.otrs.rewriter.parserAdaptor.html.mimeType
> > > > = text/html
> > > >
> > >
> >
> proxy.reverse.pass.otrs.rewriter.parserAdaptor.html.property.lookUpAllMappings
> > > >
> > > > = true
> > > >
> > > > Thanks, MikeB
> > > >
> > > > Mike Ballard
> > > > Director of Internet Development and
> Networking
> > > > O'Reilly Auto Parts
> > > > (417) 874-7107 Ofc
> > > > (417) 838-0271 Cell
> > > >
> > > > This message is protected by the Electronic
> > > Communications
> > > > Privacy Act, 18
> > > > USCS § 2510 et seq., and may not be used,
> copied
> > or
> > > > forwarded without the
> > > > consent of the named recipient(s).
> The
> > information
> > > > contained in this
> > > > message is confidential, is intended only
> for the
> > use
> > > of
> > > > the individual or
> > > > entity named. If the reader of this
> message
> > is not
> > > > the intended
> > > > recipient, you are hereby notified that any
> > > dissemination,
> > > > distribution or
> > > > copying of this communication is strictly
> > > prohibited.
> > > > If you have
> > > > received this communication in error,
> please
> > notify
> > > me
> > > > immediately at
> > > > 417-874-7107.
> > > >
> > > >
> > > >
> > > > From:
> > > > Woonsan Ko <[email protected]>
> > > > To:
> > > > Jetspeed Users List <[email protected]>
> > > > Date:
> > > > 08/20/2010 12:55 PM
> > > > Subject:
> > > > Re: SSO IFrame form authentication
> > > >
> > > >
> > > >
> > > > Regarding the problem of javascript link
> ending
> > in .js
> > > to
> > > > .html, with
> > > > which portlet do you meet the problem?
> > > > j2-admin::SSOReverseProxyIFramePortlet,
> > > >
> > j2-admin::SSOFormBasedAuthReverseProxyIFramePortlet,
> > > > j2-admin::SSOIFramePortlet,
> > > j2-admin::SSOWebContentPortlet,
> > > > or
> > > > j2-admin::SSOProxyPortletPortlet?
> > > >
> > > > j2-admin::SSOReverseProxyIFramePortlet and
> > > >
> > j2-admin::SSOFormBasedAuthReverseProxyIFramePortlet
> > > only
> > > > are using the
> > > > reverse proxy service.
> > > >
> > > > If you are using those reverse proxy
> portlets,
> > then
> > > how's
> > > > the rewriter
> > > > configurations for the reverse proxy pass
> mapping
> > in
> > > >
> /j2-admin/WEB-INF/conf/reverseproxy.properties?
> > > > I'd like to recommend you to use the
> default
> > > configuration
> > > > like the apache
> > > > example:
> > > >
> > > > # ... Sets detail attributes for apache
> path
> > mapping
> > > > proxy.reverse.pass.apache.local = /apache/
> > > > proxy.reverse.pass.apache.remote = http://apache.org/
> > > > proxy.reverse.pass.apache.rewriter.basic =
> > > >
> > >
> >
> org.apache.portals.applications.webcontent.rewriter.WebContentRewriter
> > > >
> proxy.reverse.pass.apache.rewriter.parserAdaptor
> > =
> > > html
> > > >
> > proxy.reverse.pass.apache.rewriter.parserAdaptor.html
> > > =
> > > >
> > >
> >
> org.apache.portals.applications.webcontent.proxy.impl.DefaultReverseProxyLinkRewritingParserAaptor
> > > >
> > >
> >
> proxy.reverse.pass.apache.rewriter.parserAdaptor.html.mimeType
> > > > = text/html
> > > >
> > >
> >
> proxy.reverse.pass.apache.rewriter.parserAdaptor.html.property.lookUpAllMappings
> > > >
> > > > = true
> > > >
> > > > With the default example above, the
> rewriting
> > xml
> > > rule
> > > > files such as
> > > > default-rewriter-rules.xml and
> > rewriter-rules-mapping
> > > do
> > > > not play any role
> > > > with reverse proxying portlets.
> > > >
> > > > The last example in the configuration file
> still
> > uses
> > > the
> > > > Neko and Sax
> > > > parser adaptor configuation, which was
> provided
> > for
> > > the old
> > > > web content
> > > > portlets. However, it turns out to be less
> useful
> > in
> > > this
> > > > reverse proxy
> > > > portlets. (The old rewriting xml rules were
> > mainly
> > > for
> > > > rewriting urls to
> > > > portlet urls, while reverse proxy service
> is
> > just
> > > another
> > > > servlet-based
> > > > solution with integration to portlet,
> meaning the
> > url
> > > > rewriting doesn't
> > > > need to be that complex any more.)
> > > >
> > > > One more tip is that you could test the
> reverse
> > > proxying by
> > > > navigating the
> > > > proxied urls directly.
> > > > So, for example, if http://www.yourdomain.com/orders/ is mapped to
> > > > /j2-admin/rproxy/yourdomain/orders/, then
> you
> > can
> > > browse
> > > > directly to
> > > > http://localhost:8080/j2-admin/rproxy/yourdomain/orders/.
> > > > You can see what
> > > > happens for rewriting problems with this
> direct
> > > access.
> > > >
> > > > HTH,
> > > >
> > > > Woonsan
> > > >
> > > > --- On Fri, 8/20/10, [email protected]
> > > > <[email protected]>
> > > >
> > > > wrote:
> > > >
> > > > > From: [email protected]
> > > > <[email protected]>
> > > > > Subject: Re: SSO IFrame form
> authentication
> > > > > To: "Jetspeed Users List" <[email protected]>
> > > > > Date: Friday, August 20, 2010, 6:55 PM
> > > > > Good to know. So I have rebuilt
> > > > > my site on 2.2.1 and it seems to be
> > > > > stable, unlike the previous
> implementation
> > on
> > > Derby.
> > > > > Not sure if that's
> > > > > an indication of a problem with 2.2.1
> &
> > > Derby, or
> > > > just
> > > > > a local issue. My
> > > > > remaining issue is the rewrite in the
> > reverse
> > > proxy
> > > > portlet
> > > > > is changing a
> > > > > javascript link ending in .js to .html
>
> > Any
> > > > ideas?
> > > > >
> > > > >
> > > > >
> > > > > From:
> > > > > Woonsan Ko <[email protected]>
> > > > > To:
> > > > > Jetspeed Users List <[email protected]>
> > > > > Date:
> > > > > 08/20/2010 11:50 AM
> > > > > Subject:
> > > > > Re: SSO IFrame form authentication
> > > > >
> > > > >
> > > > >
> > > > > I believe the pages can be simply
> copied
> > because
> > > I
> > > > cannot
> > > > > find anything to
> > > > > watch with psml pages either.
> > > > > By the way, you can copy those pages
> into
> > any
> > > other
> > > > folder
> > > > > by configuring
> > > > > the path in
> > > > /jetspeed/WEB-INF/conf/override.properties.
> For
> > > > > example,
> > > > >
> > > > > # default path to (XML) PSML pages
> root
> > folder
> > > > > psml.pages.path =
> > > > >
> ${applicationRoot}/WEB-INF/migrated_pages
> > > > >
> > > > > Regards,
> > > > >
> > > > > Woonsan
> > > > >
> > > > > --- On Fri, 8/20/10, [email protected]
> > > > > <[email protected]>
> > > > >
> > > > > wrote:
> > > > >
> > > > > > From: [email protected]
> > > > > <[email protected]>
> > > > > > Subject: Re: SSO IFrame form
> > authentication
> > > > > > To: "Jetspeed Users List" <[email protected]>
> > > > > > Date: Friday, August 20, 2010,
> 3:05 PM
> > > > > > I have installed 2.2.1 with MySQL
> and
> > > > > > I now need to move my pages and
> > > > > > layouts from the 2.2.0
> installation.
> > > Given
> > > > that
> > > > > my
> > > > > > previous 2.2.1
> > > > > > installation on Derby is defunct,
> is
> > there
> > > > anything I
> > > > > > should watch out for
> > > > > > this time? Can I simply copy
> the
> > psml's
> > > > from
> > > > > the
> > > > > > 2.2.0 directories to the
> > > > > > 2.2.1
> directories? I
> > have not
> > > > seen a
> > > > > > migration guide to address this
> > > > > > need.
> > > > > >
> > > > > >
> > > > > >
> > > > > > From:
> > > > > > Woonsan Ko <[email protected]>
> > > > > > To:
> > > > > > Jetspeed Users List <[email protected]>
> > > > > > Date:
> > > > > > 08/18/2010 12:35 PM
> > > > > > Subject:
> > > > > > Re: SSO IFrame form
> authentication
> > > > > >
> > > > > >
> > > > > >
> > > > > > Hi,
> > > > > >
> > > > > > I haven't heard of that
> preferences
> > data
> > > problem
> > > > yet
> > > > > in
> > > > > > 2.2.1.
> > > > > > IMHO, It could help to localize
> the
> > problems
> > > if
> > > > you
> > > > > test
> > > > > > against other
> > > > > > databases
> > > > > > like PostgreSQL or MySQL.
> > > > > > On the other hand, I think you
> could
> > deploy
> > > > newer
> > > > > > j2-admin.war and
> > > > > > apa-webcontent.war which were
> included
> > in
> > > 2.2.1.
> > > > > >
> > > > > > -Woonsan
> > > > > >
> > > > > >
> > > > > > ----- Original Message ----
> > > > > > > From: "[email protected]"
> > > > > > <[email protected]>
> > > > > > > To: Jetspeed Users List
> <[email protected]>
> > > > > > > Sent: Wed, August 18, 2010
> 6:10:25
> > AM
> > > > > > > Subject: Re: SSO IFrame form
> > > authentication
> > > > > > >
> > > > > > > Well, here's the rub.
> I
> > believe the
> > > > > > SSOReverseProxyIFramePortlet is
> new
> > > > > >
> > > > > > > in 2.2.1, which is where I
> was
> > when I
> > > first
> > > > > posted,
> > > > > > however, I found
> > > > > > that
> > > > > > > my configuration kept
> getting
> > > scrambled, so
> > > > I
> > > > > reverted
> > > > > > to 2.2.0 I will
> > > > > > > try your suggestion on 2.2.1,
> but
> > I
> > > will
> > > > have to
> > > > > > address the scrambling
> > > > > > > issue. What is
> happening is
> > > > this. I
> > > > > have
> > > > > > cloned the IFramePortlet
> > > > > > > several times and configured
> each
> > for
> > > > different
> > > > > static
> > > > > > content being
> > > > > > > served from apache2. I
> have
> > avoided
> > > > setting
> > > > > any
> > > > > > user preferences, and,
> > > > > >
> > > > > > > instead, set the preferences
> for
> > each
> > > clone
> > > > in
> > > > > the
> > > > > > PAM portlet.
> > > > > > Everything
> > > > > > > worked fine. Then after
> a
> > few hours,
> > > > the
> > > > > > IFramePortlet content was all
> > > > > >
> > > > > > > mixed up. For instance,
> the
> > portlet
> > > on
> > > >
> > > > > > page 1 would be showing the
> > > > > > > content I had configured for
> the
> > > portlet on
> > > > page
> > > > >
> > > > > > 2 and so on. I went
> > > > > > into
> > > > > > > PAM and corrected the
> preferences
> > to
> > > what
> > > > > they
> > > > > > should be and assumed I
> > > > > > was
> > > > > > > ok, but the next morning
> things
> > were
> > > > > scrambled
> > > > > > again. I did some
> > > > > > queries
> > > > > > > in the derby db and it
> > appears they
> > > > are
> > > > > wrong
> > > > > > there. I don't know if
> > > > > > this
> > > > > > > is a portlet id issue or an
> > indexing
> > > > > problem or
> > > > > > what, but I need a
> > > > > > > resolution before I can
> proceed to
> >
> > > > 2.2.1
> > > > > > Of course, I have the exact
> > > > > > same
> > > > > > > configuration in 2.2.0 and
> > am having
> > > > no
> > > > > problem
> > > > > > there, but I also have
> > > > > > no
> > > > > > > SSOReverseProxyIFrame
> there.
> >
> > > > Any
> > > > > ideas?
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > From:
> > > > > > > David Sean Taylor <[email protected]>
> > > > > > > To:
> > > > > > > Jetspeed Users List
> <[email protected]>
> > > > > > > Date:
> > > > > > > 08/17/2010 07:19 PM
> > > > > > > Subject:
> > > > > > > Re: SSO IFrame form
> > authentication
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > On Tue, Aug 17, 2010 at
> 1:40
> > PM,
> > > > > <[email protected]>
> > > > >
> > > > > > wrote:
> > > > > > > > How did your testing
> > go? I
> > > > compared
> > > > > SSO
> > > > > > Webcontent (which works,
> > > > > > sort
> > > > > > > of)
> > > > > > > > to SSO IFrame classes
> and I
> > see a
> > > > method
> > > > > > for preemptive login in the
> > > > > > > > webcontent class but no
> > reference
> > > at
> > > > all in
> > > > > > the SSO IFrame class.
> > > > > > Does
> > > > > > > > this just mean it is
> being
> > done
> > > > > > differently, or is something amiss
> in
> > > > > >
> > > > > > > the
> > > > > > > > SSO IFrame class?
> > > > > > >
> > > > > > > There are two SSOIFrame
> classes:
> > > > > > >
> > > > > > > 1. SSOIFramePortlet
> > > > > > > 2.
> > SSOReverseProxyIFramePortlet
> > > > > > >
> > > > > > > Suggest using the second one,
>
> > > > > > SSOReverseProxyIFramePortlet as
> it
> > gives
> > > > > > > you features not available in
> the
> >
> > > > older
> > > > > > SSOIFramePortlet such as
> > > > > > > auto-resizing and form-based
> > > authentication
> > > >
> > > > > > (what you are after)
> > > > > > >
> > > > > > > I tested with
> > > SSOReverseProxyIFramePortlet
> > > > and
> > > > > > it worked in the
> > > > > > > example that comes with
> Jetspeed,
> > but
> > > it
> > > > takes a
> > > > > > little bit of
> > > > > > > configuration.
> > > > > > >
> > > > > > > First, ensure your Tomcat
> will
> > need
> > > this
> > > > > > attribute set in the
> > > > > > > <Connector> element of
>
> > > > server.xml:
> > > > > > >
> > > > > > > emptySessionPath="true"
> > > > > > >
> > > > > > > more detail here:
> > > > > > >
> > > > > > > http://portals.apache.org/applications/webcontent/index.html
> > > > > > >
> > > > > > > If you had to change
> > server.xml
> > > > setting,
> > > > > then
> > > > > > restart your server
> > > > > > >
> > > > > > > I took these steps to
> verify
> > SSO
> > > with
> > > > the
> > > > > > example form-based login
> > > > > > > that comes with
> Jetspeed:
> > > > > > >
> > > > > > > 1. login as admin
> > > > > > > 2. navigate to the Jetspeed
> > > Administration
> > > > > > space, SSO Management page,
> > > > > > > or just go here:
> > > > > > >
> > > > > > >
> http://localhost:8080/jetspeed/ui/Administrative/sso-admin.psml
> > > > > > >
> > > > > > > Add a new Site with
> > following
> > > > parameters:
> > > > > > >
> > > > > > > Site Name: Form Example
> > > > > > > Site URL:
> http://localhost:8080/j2-admin/examples/formauth.jsp
> > > > > > > Field name for User
> ID:
> > user
> > > > > > > Field name For Password
> value:
> > pass
> > > > > > >
> > > > > > > Press Save
> > > > > > >
> > > > > > > Add a new credential
> for
> > this site
> > > in
> > > > the
> > > > > > portlet on the right side
> > > > > > > (SSO Details):
> > > > > > >
> > > > > > > Portal
> > Principal: admin
> > > > > > > Remote
> > Principal: admin
> > > > > > > Remote Credential: admin
> > > > > > >
> > > > > > > Press Add
> > > > > > >
> > > > > > > You can verify
> that
> > the remote
> > > > > credential
> > > > > > was added for the admin
> > > > > > > user by going here:
> > > > > > >
> > > > > > > http://localhost:8080/jetspeed/ui/my-account.psml
> > > > > > >
> > > > > > > see the portlet on the
> right
> > "SSO
> > > > Change
> > > > > > Passwords", a remote site
> > > > > > > entry should be there
> named
> > "Form
> > > > Example"
> > > > > > >
> > > > > > > Next, you can use the Toolbox
> to
> > find
> > > the
> > > > > > Reverse Proxy Iframe Portlet
> > > > > > > by searching on "iframe" and
> then
> > > selecting
> > > > it
> > > > > > from there and adding
> > > > > > > to a page. To make things
> simple,
> > I
> > > just
> > > > added a
> > > > > > page and then added
> > > > > > > the Reverse Proxy Iframe
> Portlet
> > there.
> > > At
> > > > first
> > > > > this
> > > > > > portlet seems to
> > > > > > > want to use Basic
> Authentication,
> > so
> > > just
> > > > hit
> > > > > cancel
> > > > > > when challenged.
> > > > > > > I then switched to edit mode
> > (pencil
> > > icon),
> > > > and
> > > > > > entered the following
> > > > > > > preferences:
> > > > > > >
> > > > > > > TITLE: My SSO Test
> > > > > > > SRC: http://localhost:$
> > > > >
> > {serverPort}${contextPath}/examples/formauth.jsp
> > > > > > >
> > > > > > > Press Save
> > > > > > >
> > > > > > > You should see in your
> portlet
> > content
> > > > something
> > > > >
> > > > > > like:
> > > > > > >
> > > > > > > "Hello, admin. You have been
> > authorized
> > > by
> > > > > > form-based authentication
> > > > > > !!!"
> > > > > > >
> > > > > > > Give that a try and see if
> it
> > works.
> > > Then,
> > > > move
> > > > > on
> > > > > > to your specific
> > > > > > > IFrame source and let us know
> how
> > it
> > > > > goes...
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> ---------------------------------------------------------------------
> > > > > > > To unsubscribe, e-mail:
>
> > > > [email protected]
> > > > > > > For additional
> commands,
> > e-mail:
> > > > > [email protected]
> > > > > > >
> > > > > > >
> > > > > > > --
> > > > > > > This message has been
> > scanned for
> > > > viruses
> > > > > and
> > > > > > > dangerous content by
> MailScanner,
> >
> > > and
> > > > is
> > > > > > > believed to be clean
> > > > > > (mailgw2:E659D1E6FC.D1395).
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > This communication and any
> > > attachments
> > > > are
> > > > > > confidential, protected by
> > > > > > > Communications Privacy Act
> > 18 USCS
> > > §
> > > > > 2510,
> > > > > > solely for the use of the
> > > > > > > intended recipient, and may
> > contain
> > > > > legally
> > > > > > privileged material. If you
> > > > > >
> > > > > > > are not the intended
> recipient,
> > please
> > >
> > > > > return or
> > > > > > destroy it
> > > > > > immediately.
> > > > > > > Thank you.
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> ---------------------------------------------------------------------
> > > > > > To unsubscribe, e-mail:
> > [email protected]
> > > > > > For additional commands, e-mail:
> > [email protected]
> > > > > >
> > > > > >
> > > > > > --
> > > > > > This message has been scanned for
> > viruses
> > > and
> > > > > > dangerous content by MailScanner,
> and
> > is
> > > > > > believed to be clean
> > > (mailgw2:9902C1E701.B0EA8).
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > This communication and any
> attachments
> > are
> > > > > confidential,
> > > > > > protected by
> > > > > > Communications Privacy Act 18 USCS
> §
> > 2510,
> > > > solely for
> > > > > the
> > > > > > use of the
> > > > > > intended recipient, and may
> contain
> > legally
> > > > > privileged
> > > > > > material. If you
> > > > > > are not the intended recipient,
> please
> > > return or
> > > > > destroy it
> > > > > > immediately.
> > > > > > Thank you.
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > >
> >
> ---------------------------------------------------------------------
> > > > > To unsubscribe, e-mail:
> [email protected]
> > > > > For additional commands, e-mail:
> > [email protected]
> > > > >
> > > > >
> > > > > --
> > > > > This message has been scanned for
> viruses
> > and
> > > > > dangerous content by MailScanner, and
> is
> > > > > believed to be clean
> > > (mailgw2:8B04D2A000C.7088C).
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > This communication and any attachments
> are
> > > > confidential,
> > > > > protected by
> > > > > Communications Privacy Act 18 USCS §
> 2510,
> > > solely for
> > > > the
> > > > > use of the
> > > > > intended recipient, and may contain
> legally
> > > > privileged
> > > > > material. If you
> > > > > are not the intended recipient, please
> > return or
> > > > destroy it
> > > > > immediately.
> > > > > Thank you.
> > > >
> > > >
> > > >
> > > >
> > > >
> > >
> >
> ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: [email protected]
> > > > For additional commands, e-mail:
> [email protected]
> > > >
> > > >
> > > > --
> > > > This message has been scanned for viruses
> and
> > > > dangerous content by MailScanner, and is
> > > > believed to be clean
> (mailgw2:792FC1E702.4691D).
> > > >
> > > >
> > > >
> > > >
> > > > This communication and any attachments are
> > > confidential,
> > > > protected by
> > > > Communications Privacy Act 18 USCS § 2510,
> > solely for
> > > the
> > > > use of the
> > > > intended recipient, and may contain legally
> > > privileged
> > > > material. If you
> > > > are not the intended recipient, please
> return or
> > > destroy it
> > > > immediately.
> > > > Thank you.
> > >
> > >
> > >
> > >
> > >
> >
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [email protected]
> > > For additional commands, e-mail: [email protected]
> > >
> > >
> >
> >
> >
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [email protected]
> > For additional commands, e-mail: [email protected]
> >
> >
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean (mailgw2:EE2E12A000A.92659).
> >
> >
> >
> >
> > This communication and any attachments are
> confidential,
> > protected by
> > Communications Privacy Act 18 USCS § 2510, solely for
> the
> > use of the
> > intended recipient, and may contain legally
> privileged
> > material. If you
> > are not the intended recipient, please return or
> destroy it
> > immediately.
> > Thank you.
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean (mailgw2:2DDC92A000B.D7312).
>
>
>
>
> This communication and any attachments are confidential,
> protected by
> Communications Privacy Act 18 USCS § 2510, solely for the
> use of the
> intended recipient, and may contain legally privileged
> material. If you
> are not the intended recipient, please return or destroy it
> immediately.
> Thank you.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
