4.8.2.1. Integration with JOSSO 1.8

Configuring JOSSO server

  1. Copy files of the GateIn SSO plugin ($GATEIN_SSO_HOME/josso/josso-181/plugin/* if you are using JOSSO 1.8.1; or $GATEIN_SSO_HOME/josso/josso-182/plugin/* if you are using JOSSO 1.8.2 or newer) to $JOSSO_TOMCAT_HOME to use the REST callback service. This is not mandatory but recommended.

    This action should replace or add some JAR files to the $JOSSO_TOMCAT_HOME/webapps/josso/WEB-INF/lib directory and also the files:

    • $JOSSO_TOMCAT_HOME/lib/josso-gateway-config.xml

    • $JOSSO_TOMCAT_HOME/lib/josso-gateway-gatein-stores.xml

    • $JOSSO_TOMCAT_HOME/webapps/josso/WEB-INF/classes/gatein.properties - This file may need to be reconfigured according to your eXo Platform environment (you need to use host and port where your eXo Platform is running as this will be used by Authentication plugin to send REST request over HTTP).

  2. Edit $JOSSO_TOMCAT_HOME/conf/server.xml) and replace 8080 port with 8888 to change the default Tomcat port and avoid a port conflict with the default eXo Platform port (for testing purposes).

    Note

    If eXo Platform is running on the same machine as Tomcat, other ports need to be changed in addition to 8080 to avoid port conflicts. They can be changed to any free port. For example, you can change the admin port from 8005 to 8805, and AJP port from 8009 to 8809.

  3. Start the JOSSO server (using catalina.bat run on Windows or catalina.sh run on Ubuntu, in $JOSSO_TOMCAT_HOME/bin) that now allows access to http://localhost:8888/josso/signon/login.do. However, if you are using SSO Authentication plugin, the login will not be available at this stage as your eXo Platform server is not set yet.

Configuring eXo Platform server

In Tomcat

Note

If you are using eXo Platform bundled with Tomcat, you will be noticed of a possible problem caused by $PLATFORM_TOMCAT_HOME/lib/jacc-x.y.jar. This file is not necessary, so you can workaround just by removing it.

  1. Edit the $PLATFORM_TOMCAT_HOME/gatein/conf/configuration.properties file by adding/modifying the following lines:

    #SSO
    gatein.sso.enabled=true
    gatein.sso.callback.enabled=${gatein.sso.enabled}
    gatein.sso.login.module.enabled=${gatein.sso.enabled}
    gatein.sso.login.module.class=org.gatein.sso.agent.login.SSOLoginModule
    gatein.sso.josso.agent.config.file=sso/josso/1.8/josso-agent-config.xml
    gatein.sso.josso.properties.file=file:${TOMCAT_HOME}/gatein/conf/configuration.properties
    gatein.sso.josso.host=localhost:8888
    gatein.sso.josso.base.url=http://${gatein.sso.josso.host}/josso/signon
    gatein.sso.server.url=${gatein.sso.josso.base.url}/login.do
    gatein.sso.portal.url=http://localhost:8080
    gatein.sso.filter.logout.class=org.gatein.sso.agent.filter.JOSSOLogoutFilter
    gatein.sso.filter.logout.url=${gatein.sso.josso.base.url}/logout.do
    gatein.sso.filter.login.sso.url=${gatein.sso.server.url}?josso_back_to=${gatein.sso.portal.url}/@@portal.container.name@@/initiatessologin

    Most of these properties were already described in Central Authentication Service (CAS). For JOSSO, some of the properties are different, including:

    • gatein.sso.josso.agent.config.file points to location of Agent configuration file, which is relative to classpath. So the agent file location is actually in portal.war!/WEB-INF/classes/sso/josso/1.8/josso-agent-config.xml but normally you will not need to change anything here.

    • gatein.sso.josso.properties.file points to the configuration.properties file. ${TOMCAT_HOME} is the absolute path of $PLATFORM_TOMCAT_HOME.

    • gatein.sso.josso.host, which points to location of the JOSSO server.

    • gatein.sso.portal.url needs to be changed if you expect eXo Platform to be accessed on different URL than localhost:8080.

    • gatein.sso.filter.logout.class is the logout filter class that is now org.gatein.sso.agent.filter.JOSSOLogoutFilter.

    • gatein.sso.filter.logout.url is URL for redirecting to logout of the JOSSO server.

  2. Remove all files josso-*.jar from the $PLATFORM_TOMCAT_HOME/lib.

  3. Copy all the .jar files into the $PLATFORM_TOMCAT_HOME/lib directory:

    • $GATEIN_SSO_HOME/josso/gatein-josso-181/modules/org/gatein/sso/main/*.jar if you are using JOSSO 1.8.1.

    • $GATEIN_SSO_HOME/josso/gatein-josso-182/modules/org/gatein/sso/main/*.jar if you are using JOSSO 1.8.2 or newer.

  4. Add <Valve className="org.gatein.sso.agent.tomcat.ServletAccessValve" /> to the $PLATFORM_TOMCAT_HOME/conf/server.xml file. The content of this file now looks like:

    
    ...
        <Engine name="Catalina" defaultHost="localhost">
            <Host name="localhost" appBase="webapps" startStopThreads="-1"
                  unpackWARs="${EXO_TOMCAT_UNPACK_WARS}" autoDeploy="true">
                <Valve className="org.gatein.sso.agent.tomcat.ServletAccessValve" />
                ... 
                <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
                ...
                <Listener className="org.exoplatform.platform.server.tomcat.PortalContainersCreator" />
                ...
            </Host>
        </Engine>
    ...

In JBoss

  1. Edit the $PLATFORM_JBOSS_HOME/standalone/configuration/gatein/configuration.properties file by adding/modifying the following lines:

    #SSO
    gatein.sso.enabled=true
    gatein.sso.callback.enabled=${gatein.sso.enabled}
    gatein.sso.login.module.enabled=${gatein.sso.enabled}
    gatein.sso.login.module.class=org.gatein.sso.agent.login.SSOLoginModule
    gatein.sso.josso.agent.config.file=sso/josso/1.8/josso-agent-config.xml
    gatein.sso.josso.properties.file=file:${jboss.home.dir}/standalone/configuration/gatein/configuration.properties
    gatein.sso.josso.host=localhost:8888
    gatein.sso.josso.base.url=http://${gatein.sso.josso.host}/josso/signon
    gatein.sso.server.url=${gatein.sso.josso.base.url}/login.do
    gatein.sso.portal.url=http://localhost:8080
    gatein.sso.filter.logout.class=org.gatein.sso.agent.filter.JOSSOLogoutFilter
    gatein.sso.filter.logout.url=${gatein.sso.josso.base.url}/logout.do
    gatein.sso.filter.login.sso.url=${gatein.sso.server.url}?josso_back_to=${gatein.sso.portal.url}/@@portal.container.name@@/initiatessologin
  2. Uncomment the below login module in $PLATFORM_JBOSS_HOME/standalone/configuration/standalone-exo.xml, then change ${gatein.sso.login.module.enabled} and ${gatein.sso.login.module.class} into #{gatein.sso.login.module.enabled} and #{gatein.sso.login.module.class} respectively.

    
    <login-module code="org.gatein.sso.integration.SSODelegateLoginModule" flag="required">
        <module-option name="enabled" value="#{gatein.sso.login.module.enabled}"/>
        <module-option name="delegateClassName" value="#{gatein.sso.login.module.class}"/>
        <module-option name="portalContainerName" value="portal"/>
        <module-option name="realmName" value="gatein-domain"/>
        <module-option name="password-stacking" value="useFirstPass"/>
    </login-module>
  3. Remove all files josso-*.jar from the $PLATFORM_JBOSS_HOME/standalone/deployments/platform.ear/lib folder.

  4. Copy all the .jar files into the $PLATFORM_JBOSS_HOME/standalone/deployments/platform.ear/lib directory:

    • $GATEIN_SSO_HOME/josso/gatein-josso-181/modules/org/gatein/sso/main/*.jar if you are using JOSSO 1.8.1.

    • $GATEIN_SSO_HOME/josso/gatein-josso-182/modules/org/gatein/sso/main/*.jar if you are using JOSSO 1.8.2 or newer.

Testing this integration

From now on, when you use http://localhost:8080/portal/ to go to eXo Platform, you will be auto-redirected to the JOSSO centralized authentication form not the eXo Platform one:

If you set GateIn SSO plugin, you can log in with eXo Platform credentials (for example, root/gtn).

Copyright ©. All rights reserved. eXo Platform SAS
blog comments powered byDisqus