4.8.4.2. eXo Platform server configuration

Note

As said earlier, the eXo Platform configuration should be done on the Machine 2 on which eXo Platform is running.

Intergating SPNEGO with eXo Platform Tomcat

  1. Copy the downloaded SPNEGO jar into $PLATFORM_TOMCAT_HOME/lib.

  2. Append this login module into the bottom of the $PLATFORM_TOMCAT_HOME/conf/jaas.conf file.

    
    spnego-server {
            com.sun.security.auth.module.Krb5LoginModule required
            storeKey=true
            doNotPrompt=true
            useKeyTab=true
            keyTab="/etc/krb5.keytab"
            principal="HTTP/server.example.com@EXAMPLE.COM"
            useFirstPass=true
            debug=true
            isInitiator=false;
        };

    Note

    On Windows environment, you should change the path of keytab. For example, if this file is put into the D drive, it should be: keyTab="D:/server.keytab".

  3. Configure SSO for eXo Platform by appending these configurations into the $PLATFORM_TOMCAT_HOME/gatein/conf/exo.properties file (see Configuration overview for this file).

    
    # SSO
        gatein.sso.enabled=true
        gatein.sso.filter.spnego.enabled=true
        gatein.sso.callback.enabled=false
        gatein.sso.skip.jsp.redirection=false
        gatein.sso.login.module.enabled=true
        gatein.sso.login.module.class=org.gatein.security.sso.spnego.SPNEGOSSOLoginModule
        gatein.sso.filter.login.sso.url=/@@portal.container.name@@/spnegosso
        gatein.sso.filter.initiatelogin.enabled=false
        gatein.sso.valve.enabled=false
        gatein.sso.filter.logout.enabled=false
  4. On Windows environment, rename $PLATFORM_TOMCAT_HOME/bin/setenv-customize.sample.bat into $PLATFORM_TOMCAT_HOME/bin/setenv-customize.bat, then add the following to the setenv-customize.bat file.

    SET "CATALINA_OPTS=%CATALINA_OPTS% -Djava.security.krb5.realm=EXAMPLE.COM -Djava.security.krb5.kdc=$ADMACHINE_NAME.example.com"

    Note

    $ADMACHINE_NAME is name of the machine that has Active Directory installed.

  5. Start eXo Platform.

Intergating SPNEGO with eXo Platform JBoss

  1. Copy the downloaded SPNEGO jar into $PLATFORM_JBOSS_HOME/standalone/deployments/platform.ear/lib.

  2. Add the login module "spnego-server" as the child of the <security-domains> section of the $PLATFORM_JBOSS_HOME/standalone/configuration/standalone-exo.xml file.

    
    <security-domain name="spnego-server" cache-type="default">
            <authentication>
                <login-module code="com.sun.security.auth.module.Krb5LoginModule" flag="required">
                    <module-option name="storeKey" value="true"/>
                    <module-option name="doNotPrompt" value="true"/>
                    <module-option name="useKeyTab" value="true"/>
                    <module-option name="keyTab" value="/etc/krb5.keytab"/>
                    <module-option name="principal" value="HTTP/server.example.com@EXAMPLE.COM"/>
                    <module-option name="useFirstPass" value="true"/>
                    <module-option name="debug" value="true"/>
                    <module-option name="isInitiator" value="false"/>
                </login-module>
            </authentication>
        </security-domain>

    Note

    On Windows environment, you should change the path of keytab. For example, if this file is put into the D drive, it should be: keyTab="D:/server.keytab".

  3. Uncomment the below login module in standalone-exo.xml, then change ${gatein.sso.login.module.enabled} and ${gatein.sso.login.module.class} into #{gatein.sso.login.module.enabled} and #{gatein.sso.login.module.class} respectively.

    
    <login-module code="org.gatein.sso.integration.SSODelegateLoginModule" flag="required">
            <module-option name="enabled" value="#{gatein.sso.login.module.enabled}"/>
            <module-option name="delegateClassName" value="#{gatein.sso.login.module.class}"/>
            <module-option name="portalContainerName" value="portal"/>
            <module-option name="realmName" value="gatein-domain"/>
            <module-option name="password-stacking" value="useFirstPass"/>
        </login-module>
  4. Configure SSO for eXo Platform by appending these configurations into the $PLATFORM_JBOSS_HOME/standalone/configuration/gatein/exo.properties file (see Configuration overview for this file).

    
    # SSO
        gatein.sso.enabled=true
        gatein.sso.filter.spnego.enabled=true
        gatein.sso.callback.enabled=false
        gatein.sso.skip.jsp.redirection=false
        gatein.sso.login.module.enabled=true
        gatein.sso.login.module.class=org.gatein.security.sso.spnego.SPNEGOSSOLoginModule
        gatein.sso.filter.login.sso.url=/@@portal.container.name@@/spnegosso
        gatein.sso.filter.initiatelogin.enabled=false
        gatein.sso.valve.enabled=false
        gatein.sso.filter.logout.enabled=false
  5. Start eXo Platform by using the command:

    • ./standalone.sh -Djava.security.krb5.realm=EXAMPLE.COM -Djava.security.krb5.kdc=server.example.com -b server.example.com (on Linux)

    • standalone.bat -Djava.security.krb5.realm=EXAMPLE.COM -Djava.security.krb5.kdc=$AD_MACHINE_NAME.example.com -b server.example.com (on Windows)

      Note

      $AD_MACHINE_NAME is name of the machine that has Active Directory installed.

Next, move to the final step to configure the client (browser you are using).

Copyright ©. All rights reserved. eXo Platform SAS
blog comments powered byDisqus