3.5.1. eXo Platform as SAML2 SP

In JBoss only

  1. Install SAML2 add-on with the command: $PLATFORM_SP/addon install exo-saml (Windows, Linux / Mac OX).

    Accordingly, the SAML2 package named saml-plugin-jboss.zip will be downloaded into $PLATFORM_SP folder. Unzip this package to see inside folders including: idp-sig.war and idp-sig-module. Notice these extracted folders will be used for the case SAML2 scenario with REST callback.

  2. Open the $PLATFORM_SP/standalone/configuration/standalone-exo.xml file, and uncomment the configuration of SSODelegateLoginModule (under security domain gatein-domain). Then, replace ${gatein.sso.login.module.enabled} with #{gatein.sso.login.module.enabled} and ${gatein.sso.login.module.class} with #{gatein.sso.login.module.class}. Now, the SSODelegateLoginModule will look like: 

    
<login-module code="org.gatein.sso.integration.SSODelegateLoginModule" flag="required">
    
    <module-option name="enabled" value="#{gatein.sso.login.module.enabled}"/>
    
    <module-option name="delegateClassName" value="#{gatein.sso.login.module.class}"/>
    
    <module-option name="portalContainerName" value="portal"/>
    
    <module-option name="realmName" value="gatein-domain"/>
    
    <module-option name="password-stacking" value="useFirstPass"/>
    
</login-module>

  3. Edit the $PLATFORM_SP/standalone/configuration/gatein/exo.properties file to have the following configurations (see Configuration overview for details): 

    # SSO
gatein.sso.enabled=true
gatein.sso.callback.enabled=${gatein.sso.enabled}
gatein.sso.login.module.enabled=${gatein.sso.enabled}
gatein.sso.login.module.class=org.gatein.sso.agent.login.SAML2IntegrationLoginModule
gatein.sso.filter.login.sso.url=/@@portal.container.name@@/dologin
gatein.sso.filter.logout.enabled=true
gatein.sso.filter.logout.class=org.gatein.sso.agent.filter.SAML2LogoutFilter
gatein.sso.filter.initiatelogin.enabled=false
gatein.sso.valve.enabled=true
gatein.sso.valve.class=org.picketlink.identity.federation.bindings.tomcat.sp.ServiceProviderAuthenticator
gatein.sso.saml.config.file=/WEB-INF/conf/sso/saml/picketlink-sp.xml
gatein.sso.idp.host=www.idp.com
gatein.sso.idp.url=http://${gatein.sso.idp.host}:8080/portal/dologin
gatein.sso.sp.url=http://www.sp.com:8080/portal/dologin
# WARNING: This bundled keystore is only for testing purposes. You should generate and use your own keystore!
gatein.sso.picketlink.keystore=/sso/saml/jbid_test_keystore.jks

    You need to modify gatein.sso.idp.host, gatein.sso.idp.url and gatein.sso.sp.url according to your environment setup. You also need to install your own keystore as instructed in Generating and using your own keystore.

Copyright ©. All rights reserved. eXo Platform SAS
blog comments powered byDisqus