4.8.5.1. eXo Platform as SAML2 SP

In JBoss

  1. Edit the standalone/configuration/standalone-exo.xml file to add login module SSODelegateLoginModule to the security domain "gatein-domain": 

    
<security-domain name="gatein-domain" cache-type="default">
    
    <authentication>
    
        <login-module code="org.gatein.sso.integration.SSODelegateLoginModule" flag="required">
    
            <module-option name="enabled" value="true"/>
    
            <module-option name="delegateClassName" value="org.gatein.sso.agent.login.SAML2IntegrationLoginModule"/>
    
            <module-option name="portalContainerName" value="portal"/>
    
            <module-option name="realmName" value="gatein-domain"/>
    
            <module-option name="password-stacking" value="useFirstPass"/>
    
        </login-module>
    
        <login-module code="org.exoplatform.services.security.j2ee.JBossAS7LoginModule" flag="required">
    
            <module-option name="portalContainerName" value="portal"/>
    
            <module-option name="realmName" value="gatein-domain"/>
    
        </login-module>
    
    </authentication>
    
</security-domain>

  2. Edit the standalone/configuration/gatein/configuration.properties file to have the following SSO section: 

    # SSO
gatein.sso.enabled=true
gatein.sso.callback.enabled=${gatein.sso.enabled}
gatein.sso.login.module.enabled=${gatein.sso.enabled}
gatein.sso.login.module.class=org.gatein.sso.agent.login.SAML2IntegrationLoginModule
gatein.sso.filter.login.sso.url=/@@portal.container.name@@/dologin
gatein.sso.filter.logout.enabled=true
gatein.sso.filter.logout.class=org.gatein.sso.agent.filter.SAML2LogoutFilter
gatein.sso.filter.initiatelogin.enabled=false
gatein.sso.valve.enabled=true
gatein.sso.valve.class=org.picketlink.identity.federation.bindings.tomcat.sp.ServiceProviderAuthenticator
gatein.sso.saml.config.file=/WEB-INF/conf/sso/saml/picketlink-sp.xml
gatein.sso.idp.host=www.idp.com
gatein.sso.idp.url=http://${gatein.sso.idp.host}:8080/portal/dologin
gatein.sso.sp.url=http://www.sp.com:8080/portal/dologin
# WARNING: This bundled keystore is only for testing purposes. You should generate and use your own keystore!
gatein.sso.picketlink.keystore=/sso/saml/jbid_test_keystore.jks

    You need to modify gate.sso.idp.host, gatein.sso.idp.url and gatein.sso.sp.url according to your environment setup. You also need to install your own keystore as instructed in Generating and using your own keystore.

Copyright ©. All rights reserved. eXo Platform SAS
blog comments powered byDisqus