4.8.3.4. Cross-domain authentication configuration

In the above example (in both JBoss and Tomcat), the portal server and the SSO server are deployed at localhost:8080 and localhost:8888. The above configuration works if both servers are deployed on the same machine or the same domain, like portal on portal.mydomain.com and SSO on opensso.mydomain.com.

In case eXo Platform and SSO are deployed in different domain, for example portal.yourdomain.com:8080 and opensso.mydomain.com:8888, you need to do some changes on both sides, as follows:

  1. On portal side, change the configuration that you have done to $PLATFORM_JBOSS_HOME/standalone/configuration/standalone-exo.xml in JBoss, or $PLATFORM_TOMCAT_HOME/gatein/conf/configuration.properties in Tomcat, to have the following lines: 

    # SSO
gatein.sso.enabled=true
gatein.sso.callback.enabled=${gatein.sso.enabled}
gatein.sso.login.module.enabled=${gatein.sso.enabled}
gatein.sso.login.module.class=org.gatein.sso.agent.login.SSOLoginModule
gatein.sso.server.url=http://opensso.mydomain.com:8888/opensso
gatein.sso.openam.realm=gatein
gatein.sso.portal.url=http://portal.yourdomain.com:8080
gatein.sso.filter.logout.class=org.gatein.sso.agent.filter.OpenSSOLogoutFilter
gatein.sso.filter.logout.url=${gatein.sso.server.url}/UI/Logout
gatein.sso.filter.login.enabled=false
gatein.sso.filter.login.openamcdc.enabled=true
gatein.sso.filter.login.sso.url=${gatein.sso.server.url}/cdcservlet

  2. On the OpenAM side, create an agent as follows:

    Note

    If you have more portal servers on different hosts, you may want to create an agent for each of them. Look at OpenAM administration guide for more details.

Copyright ©. All rights reserved. eXo Platform SAS
blog comments powered byDisqus