4.8.4.2. eXo Platform server configuration

Note

As said earlier, the eXo Platform configuration should be done on the Machine 2 on which eXo Platform is running.

Intergating SPNEGO with eXo Platform Tomcat

  1. Copy the downloaded SPNEGO jar into $PLATFORM_TOMCAT_HOME/lib.

  2. Append this login module into the bottom of the $PLATFORM_TOMCAT_HOME/conf/jaas.conf file.

    
spnego-server {
    
        com.sun.security.auth.module.Krb5LoginModule required
    
        storeKey=true
    
        doNotPrompt=true
    
        useKeyTab=true
    
        keyTab="/etc/krb5.keytab"
    
        principal="HTTP/server.example.com@EXAMPLE.COM"
    
        useFirstPass=true
    
        debug=true
    
        isInitiator=false;
    
    };

    Note

    On Windows environment, you should change the path of keytab. For example, if this file is put into the D drive, it should be: keyTab="D:/server.keytab".

  3. Configure SSO for eXo Platform by appending these configurations into the $PLATFORM_TOMCAT_HOME/gatein/conf/exo.properties file (see Configuration overview for this file).

    
# SSO
    
    gatein.sso.enabled=true
    
    gatein.sso.filter.spnego.enabled=true
    
    gatein.sso.callback.enabled=false
    
    gatein.sso.skip.jsp.redirection=false
    
    gatein.sso.login.module.enabled=true
    
    gatein.sso.login.module.class=org.gatein.security.sso.spnego.SPNEGOSSOLoginModule
    
    gatein.sso.filter.login.sso.url=/@@portal.container.name@@/spnegosso
    
    gatein.sso.filter.initiatelogin.enabled=false
    
    gatein.sso.valve.enabled=false
    
    gatein.sso.filter.logout.enabled=false

  4. On Windows environment, rename $PLATFORM_TOMCAT_HOME/bin/setenv-customize.sample.bat into $PLATFORM_TOMCAT_HOME/bin/setenv-customize.bat, then add the following to the setenv-customize.bat file.

    SET "CATALINA_OPTS=%CATALINA_OPTS% -Djava.security.krb5.realm=EXAMPLE.COM -Djava.security.krb5.kdc=$ADMACHINE_NAME.example.com"

    Note

    $ADMACHINE_NAME is name of the machine that has Active Directory installed.

  5. Start eXo Platform.

Intergating SPNEGO with eXo Platform JBoss

  1. Copy the downloaded SPNEGO jar into $PLATFORM_JBOSS_HOME/standalone/deployments/platform.ear/lib.

  2. Add the login module "spnego-server" as the child of the <security-domains> section of the $PLATFORM_JBOSS_HOME/standalone/configuration/standalone-exo.xml file.

    
<security-domain name="spnego-server" cache-type="default">
    
        <authentication>
    
            <login-module code="com.sun.security.auth.module.Krb5LoginModule" flag="required">
    
                <module-option name="storeKey" value="true"/>
    
                <module-option name="doNotPrompt" value="true"/>
    
                <module-option name="useKeyTab" value="true"/>
    
                <module-option name="keyTab" value="/etc/krb5.keytab"/>
    
                <module-option name="principal" value="HTTP/server.example.com@EXAMPLE.COM"/>
    
                <module-option name="useFirstPass" value="true"/>
    
                <module-option name="debug" value="true"/>
    
                <module-option name="isInitiator" value="false"/>
    
            </login-module>
    
        </authentication>
    
    </security-domain>

    Note

    On Windows environment, you should change the path of keytab. For example, if this file is put into the D drive, it should be: keyTab="D:/server.keytab".

  3. Uncomment the below login module in standalone-exo.xml, then change ${gatein.sso.login.module.enabled} and ${gatein.sso.login.module.class} into #{gatein.sso.login.module.enabled} and #{gatein.sso.login.module.class} respectively. 

    
<login-module code="org.gatein.sso.integration.SSODelegateLoginModule" flag="required">
    
        <module-option name="enabled" value="#{gatein.sso.login.module.enabled}"/>
    
        <module-option name="delegateClassName" value="#{gatein.sso.login.module.class}"/>
    
        <module-option name="portalContainerName" value="portal"/>
    
        <module-option name="realmName" value="gatein-domain"/>
    
        <module-option name="password-stacking" value="useFirstPass"/>
    
    </login-module>

  4. Configure SSO for eXo Platform by appending these configurations into the $PLATFORM_JBOSS_HOME/standalone/configuration/gatein/exo.properties file (see Configuration overview for this file).

    
# SSO
    
    gatein.sso.enabled=true
    
    gatein.sso.filter.spnego.enabled=true
    
    gatein.sso.callback.enabled=false
    
    gatein.sso.skip.jsp.redirection=false
    
    gatein.sso.login.module.enabled=true
    
    gatein.sso.login.module.class=org.gatein.security.sso.spnego.SPNEGOSSOLoginModule
    
    gatein.sso.filter.login.sso.url=/@@portal.container.name@@/spnegosso
    
    gatein.sso.filter.initiatelogin.enabled=false
    
    gatein.sso.valve.enabled=false
    
    gatein.sso.filter.logout.enabled=false

  5. Start eXo Platform by using the command:

    • ./standalone.sh -Djava.security.krb5.realm=EXAMPLE.COM -Djava.security.krb5.kdc=server.example.com -b server.example.com (on Linux)

    • standalone.bat -Djava.security.krb5.realm=EXAMPLE.COM -Djava.security.krb5.kdc=$AD_MACHINE_NAME.example.com -b server.example.com (on Windows)

      Note

      $AD_MACHINE_NAME is name of the machine that has Active Directory installed.

Next, move to the final step to configure the client (browser you are using).

Copyright ©. All rights reserved. eXo Platform SAS
blog comments powered byDisqus