4.8.3.4. Cross-domain authentication configuration

In the above example (in both JBoss and Tomcat), the portal server and the SSO server are deployed at localhost:8080 and localhost:8888. The above configuration works if both servers are deployed on the same machine or the same domain, like portal on portal.mydomain.com and SSO on opensso.mydomain.com.

In case eXo Platform and SSO are deployed in different domain, for example portal.yourdomain.com:8080 and opensso.mydomain.com:8888, you need to do some changes on both sides, as follows:

  1. On portal side, change the configuration that you have done to $PLATFORM_JBOSS_HOME/standalone/configuration/standalone-exo.xml in JBoss, or $PLATFORM_TOMCAT_HOME/gatein/conf/configuration.properties in Tomcat, to have the following lines:

    # SSO
    gatein.sso.enabled=true
    gatein.sso.callback.enabled=${gatein.sso.enabled}
    gatein.sso.login.module.enabled=${gatein.sso.enabled}
    gatein.sso.login.module.class=org.gatein.sso.agent.login.SSOLoginModule
    gatein.sso.server.url=http://opensso.mydomain.com:8888/opensso
    gatein.sso.openam.realm=gatein
    gatein.sso.portal.url=http://portal.yourdomain.com:8080
    gatein.sso.filter.logout.class=org.gatein.sso.agent.filter.OpenSSOLogoutFilter
    gatein.sso.filter.logout.url=${gatein.sso.server.url}/UI/Logout
    gatein.sso.filter.login.enabled=false
    gatein.sso.filter.login.openamcdc.enabled=true
    gatein.sso.filter.login.sso.url=${gatein.sso.server.url}/cdcservlet
  2. On the OpenAM side, create an agent as follows:

    Note

    If you have more portal servers on different hosts, you may want to create an agent for each of them. Look at OpenAM administration guide for more details.

Copyright ©. All rights reserved. eXo Platform SAS
blog comments powered byDisqus