You are looking at documentation for an older release. Not what you want? See the current release documentation.
Install SAML2 add-on with the command: $PLATFORM_SP/addon install exo-saml (Windows, Linux / Mac OX).
Add the option --no-compat for tomcat application server.
Accordingly, the SAML2 package named saml-plugin-jboss.zip
will be downloaded into $PLATFORM_SP
folder.
Unzip this package to see inside folders including: idp-sig.war
and idp-sig-module
.
Notice these extracted folders will be used for the case SAML2 scenario with REST callback.
For Jboss
Open the $PLATFORM_SP/standalone/configuration/standalone-exo.xml
file, and uncomment the configuration of SSODelegateLoginModule
(under security domain gatein-domain
).
Then, replace ${gatein.sso.login.module.enabled}
with #{gatein.sso.login.module.enabled}
and ${gatein.sso.login.module.class}
with #{gatein.sso.login.module.class}
. Now, the SSODelegateLoginModule
will look like:
<login-module code="org.gatein.sso.integration.SSODelegateLoginModule" flag="required">
<module-option name="enabled" value="#{gatein.sso.login.module.enabled}"/>
<module-option name="delegateClassName" value="#{gatein.sso.login.module.class}"/>
<module-option name="portalContainerName" value="portal"/>
<module-option name="realmName" value="gatein-domain"/>
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
For both Jboss and Tomcat
Open the file $PLATFORM_SP/standalone/configuration/gatein/exo.properties
(for Jboss) or
$PLATFORM_SP/gatein/conf/exo.properties
(for Tomcat).
Rename the file exo-samples.properties
to exo.properties
.
Edit the following properties (add them if they don't exist):
# SSO gatein.sso.enabled=true gatein.sso.saml.sp.enabled=true gatein.sso.callback.enabled=${gatein.sso.enabled} gatein.sso.login.module.enabled=${gatein.sso.enabled} gatein.sso.filter.logout.enabled=false gatein.sso.filter.login.sso.url=/@@portal.container.name@@/dologin gatein.sso.filter.initiatelogin.enabled=false gatein.sso.saml.config.file=${exo.conf.dir}/saml2/picketlink-sp.xml gatein.sso.idp.host=www.idp.com gatein.sso.idp.url=http://${gatein.sso.idp.host}:8087/portal/sso gatein.sso.sp.url=http://www.sp.com:8080/portal/dologin # WARNING: This bundled keystore is only for testing purposes. You should generate and use your own keystore! gatein.sso.picketlink.keystore=${exo.conf.dir}/saml2/jbid_test_keystore.jks # Uncomment this when JBoss is used #gatein.sso.login.module.class=org.gatein.sso.agent.login.SAML2WildflyIntegrationLoginModule #gatein.sso.uri.suffix=dologin # Uncomment this when Tomcat is used #gatein.sso.login.module.class=org.gatein.sso.agent.login.SAML2IntegrationLoginModule #gatein.sso.valve.enabled=true #gatein.sso.valve.class=org.gatein.sso.saml.plugin.valve.ServiceProviderAuthenticator
You need to modify gatein.sso.idp.host, gatein.sso.idp.url and gatein.sso.sp.url according to your environment setup. You also need to install your own keystore as instructed in Generating and using your own keystore.
Download and import your generated IDP certificate to your keystore using this command:
keytool -import -keystore jbid_test_keystore.jks -file idp-certificate.crt -alias Identity_Provider-idpThe Default password of the keystore jbid_test_keystore.jks
is store123.
Start up the platform using:
For Tomcat
./start_eXo.shfor linux Operating systems or
start_eXo.batfor Windows operating systems.
For Jboss
cd $PLATFORM_SP/binthen
./standalone.sh -b www.sp.com