Thanks for the much needed documentaton. However, I still can't seem to tie the SSO configuration to the portlet. I can use the SSO Reverse Proxy portlet to render the remote content, but I do not see how to get the portlet to preemptively log into the site. My src is http://host.domainname.com:8090/ATGAdmin/customers.htm, however, SSO should be logging into http://host.domainname.com:8090/ATGAdmin/login.htm I don't see how the SSO config knows that, and in my case, it certainly does not do it. To net it out, I can get the SSO portlet to render the site, but the login never happens.
From: Woonsan Ko <[email protected]> To: Jetspeed Users List <[email protected]> Date: 08/18/2010 12:28 PM Subject: Re: SSO IFrame form authentication Hi, For the preferences of the portlet, you can refer to this documentation: http://portals.apache.org/applications/webcontent/index.html For URL related stuffs, there are three: SRC, PROXYREMOTEURL and PROXYLOCALPATH. The SRC preference is the same as the default IFrame portlet. The PROXYREMOTEURL preference is for configuring the remote proxy target url base path. The PROXYLOCALPATH preference is for configuring the local proxy pass base path. So, for example, if SRC is http://www.yourcompany.com/foo/bar/test.html and your reverse proxy service (servlet) is configured to map /j2-admin/rproxy/foo/ to http://www.yourcompany.com/foo/, then PROXYREMOTEURL should be set to http://www.yourcompany.com/foo/ and PROXYLOCALPATH should be set to /j2-admin/rproxy/foo/ or $[contextPath}/rproxy/foo/. Also, please see the following documentation on how to configure reverse proxy service: http://portals.apache.org/applications/webcontent/rproxy.html Regards, Woonsan ----- Original Message ---- > From: "[email protected]" <[email protected]> > To: Jetspeed Users List <[email protected]> > Sent: Wed, August 18, 2010 7:22:38 AM > Subject: Re: SSO IFrame form authentication > > I was able to successfully get form-based auth to work with your example > scenario, however, my own test case does not. I still simply go directly > to the login screen. I'm sure it has to do with the proxyremoteurl and > proxylocalpath args, but I have not seen any detailed doc on how they > work. > > > > From: > David Sean Taylor <[email protected]> > To: > Jetspeed Users List <[email protected]> > Date: > 08/17/2010 07:19 PM > Subject: > Re: SSO IFrame form authentication > > > > On Tue, Aug 17, 2010 at 1:40 PM, <[email protected]> wrote: > > How did your testing go? I compared SSO Webcontent (which works, sort > of) > > to SSO IFrame classes and I see a method for preemptive login in the > > webcontent class but no reference at all in the SSO IFrame class. Does > > this just mean it is being done differently, or is something amiss in > the > > SSO IFrame class? > > There are two SSOIFrame classes: > > 1. SSOIFramePortlet > 2. SSOReverseProxyIFramePortlet > > Suggest using the second one, SSOReverseProxyIFramePortlet as it gives > you features not available in the older SSOIFramePortlet such as > auto-resizing and form-based authentication (what you are after) > > I tested with SSOReverseProxyIFramePortlet and it worked in the > example that comes with Jetspeed, but it takes a little bit of > configuration. > > First, ensure your Tomcat will need this attribute set in the > <Connector> element of server.xml: > > emptySessionPath="true" > > more detail here: > > http://portals.apache.org/applications/webcontent/index.html > > If you had to change server.xml setting, then restart your server > > I took these steps to verify SSO with the example form-based login > that comes with Jetspeed: > > 1. login as admin > 2. navigate to the Jetspeed Administration space, SSO Management page, > or just go here: > > http://localhost:8080/jetspeed/ui/Administrative/sso-admin.psml > > Add a new Site with following parameters: > > Site Name: Form Example > Site URL: http://localhost:8080/j2-admin/examples/formauth.jsp > Field name for User ID: user > Field name For Password value: pass > > Press Save > > Add a new credential for this site in the portlet on the right side > (SSO Details): > > Portal Principal: admin > Remote Principal: admin > Remote Credential: admin > > Press Add > > You can verify that the remote credential was added for the admin > user by going here: > > http://localhost:8080/jetspeed/ui/my-account.psml > > see the portlet on the right "SSO Change Passwords", a remote site > entry should be there named "Form Example" > > Next, you can use the Toolbox to find the Reverse Proxy Iframe Portlet > by searching on "iframe" and then selecting it from there and adding > to a page. To make things simple, I just added a page and then added > the Reverse Proxy Iframe Portlet there. At first this portlet seems to > want to use Basic Authentication, so just hit cancel when challenged. > I then switched to edit mode (pencil icon), and entered the following > preferences: > > TITLE: My SSO Test > SRC: http://localhost:${serverPort}${contextPath}/examples/formauth.jsp > > Press Save > > You should see in your portlet content something like: > > "Hello, admin. You have been authorized by form-based authentication !!!" > > Give that a try and see if it works. Then, move on to your specific > IFrame source and let us know how it goes... > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean (mailgw2:E659D1E6FC.D1395). > > > > > This communication and any attachments are confidential, protected by > Communications Privacy Act 18 USCS § 2510, solely for the use of the > intended recipient, and may contain legally privileged material. If you > are not the intended recipient, please return or destroy it immediately. > Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean (mailgw2:8B67A1E701.EB059). This communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS § 2510, solely for the use of the intended recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you.
