4.8.5.1. eXo Platform as SAML2 SP

In JBoss

  1. Edit the standalone/configuration/standalone-exo.xml file to add login module SSODelegateLoginModule to the security domain "gatein-domain":

    
    <security-domain name="gatein-domain" cache-type="default">
        <authentication>
            <login-module code="org.gatein.sso.integration.SSODelegateLoginModule" flag="required">
                <module-option name="enabled" value="true"/>
                <module-option name="delegateClassName" value="org.gatein.sso.agent.login.SAML2IntegrationLoginModule"/>
                <module-option name="portalContainerName" value="portal"/>
                <module-option name="realmName" value="gatein-domain"/>
                <module-option name="password-stacking" value="useFirstPass"/>
            </login-module>
            <login-module code="org.exoplatform.services.security.j2ee.JBossAS7LoginModule" flag="required">
                <module-option name="portalContainerName" value="portal"/>
                <module-option name="realmName" value="gatein-domain"/>
            </login-module>
        </authentication>
    </security-domain>
  2. Edit the standalone/configuration/gatein/exo.properties file to have the following SSO section (see Configuration overview for this file):

    # SSO
    gatein.sso.enabled=true
    gatein.sso.callback.enabled=${gatein.sso.enabled}
    gatein.sso.login.module.enabled=${gatein.sso.enabled}
    gatein.sso.login.module.class=org.gatein.sso.agent.login.SAML2IntegrationLoginModule
    gatein.sso.filter.login.sso.url=/@@portal.container.name@@/dologin
    gatein.sso.filter.logout.enabled=true
    gatein.sso.filter.logout.class=org.gatein.sso.agent.filter.SAML2LogoutFilter
    gatein.sso.filter.initiatelogin.enabled=false
    gatein.sso.valve.enabled=true
    gatein.sso.valve.class=org.picketlink.identity.federation.bindings.tomcat.sp.ServiceProviderAuthenticator
    gatein.sso.saml.config.file=/WEB-INF/conf/sso/saml/picketlink-sp.xml
    gatein.sso.idp.host=www.idp.com
    gatein.sso.idp.url=http://${gatein.sso.idp.host}:8080/portal/dologin
    gatein.sso.sp.url=http://www.sp.com:8080/portal/dologin
    # WARNING: This bundled keystore is only for testing purposes. You should generate and use your own keystore!
    gatein.sso.picketlink.keystore=/sso/saml/jbid_test_keystore.jks

    You need to modify gate.sso.idp.host, gatein.sso.idp.url and gatein.sso.sp.url according to your environment setup. You also need to install your own keystore as instructed in Generating and using your own keystore.

Copyright ©. All rights reserved. eXo Platform SAS
blog comments powered byDisqus