Regarding the additional hidden fields, can you append those in the SRC url like this? http://host.domainname.com:8090/ATGAdmin/login.jsp?hidden1=a&hidden2=b
--- On Thu, 8/19/10, [email protected] <[email protected]> wrote: > From: [email protected] <[email protected]> > Subject: Re: SSO IFrame form authentication > To: "Jetspeed Users List" <[email protected]> > Date: Thursday, August 19, 2010, 6:41 PM > OK, finally got my simple case to > work. I was able to set my src to > customers.htm and my SSO url to login.htm and it works > great now. However, > this was a simple case and not the solution I need. I > am now trying to > login into a url which requires form auth with User & > Password fields, and > also has 3 or 4 hidden fields it is expecting. The > sso doc in the > deployment guide refers to sso.form.Args, but this doesn't > seem to work. > Should it, or is there another way to accomplish. The > net result is > reverse proxy is rendering my url but it doesn't log me > in. > > > > From: > Woonsan Ko <[email protected]> > To: > Jetspeed Users List <[email protected]> > Date: > 08/18/2010 05:28 PM > Subject: > Re: SSO IFrame form authentication > > > > Did you configure `emptySessionPath="true"' for the > Connector in > $CATALINA_HOME/conf/server.xml? > Because all the SSO credentials are shared via session > between the portlet > and > reverse proxy service servlet, the option above is > necessary. The option > name is > case-sensitive and tomcat must be restarted. (Sometimes, > you should check > if the > process is still running after trying to stop tomcat.) > Also, are you using j2-admin's reverse proxy service > servlet > (/j2-admin/rproxy > or ${contextPath}/rproxy) with j2-admin's > SSOReveseProxyIFramePortlet? > Session can be shared inside the same web application. > By the way, can you test it after refreshing the session? > I've just found > that > the SSO credentials information are initialized when > there's no existing > one in > the session. > And, when you right-click in the iframe, is the page > properly > reverse-proxied? > The page should be from /j2-admin/rproxy/.... Otherwise, > the reverse proxy > > configuration could be wrong. > > -Woonsan > > > ----- Original Message ---- > > From: "[email protected]" > <[email protected]> > > To: Jetspeed Users List <[email protected]> > > Sent: Wed, August 18, 2010 1:47:59 PM > > Subject: Re: SSO IFrame form authentication > > > > Well, that surprises me, as the SSO doc refers to an > sso.form.Action > > property. And this works fine in the sso > webcontent portlet in 2.2.0 I > > > successfully configured it to post my login form, > using sso.form.Action, > > > log me in, then navigate to the SRC url. Works > great, except > webcontent > > has problems rendering the page properly. Thats > why I want to use SSO > > IFrame. The makes no distinction between IFrame > and Webcontent > portlets > > as it relates to form based auth. At any rate, > I have went thru your > > previous responses, tried using login.htm in the > src, but I still never > > > get a post . It simply does a get on the > login.htm and renders the > page. > > I have been very careful to assure my SSO Admin > properties are synced > with > > my portlet properties, so it should map to a set > of credentials, but > they > > never get posted. The best I can do with > the proxy portlets is get it > to > > do basic auth, which of course will not work > with my target url. > > > > > > > > From: > > Woonsan Ko <[email protected]> > > To: > > Jetspeed Users List <[email protected]> > > Date: > > 08/18/2010 02:12 PM > > Subject: > > Re: SSO IFrame form authentication > > > > > > > > Unfortunately, the portlet or any other > SSO-related portlet does not > > provide > > different form auth URL from the navigating > URL. > > So, the SRC URL must be the form auth target URL. It's > up to the form > auth > > > > target URL to redirect to other contents. > > The SSOReverseProxyIFramePortlet is responsible > only for sending > > credentials > > information to the target form auth page with > specified parameter names > in > > POST > > method. > > This limitation is because it could be complicated if > it should manage > > some > > states in a general way to check if the target > site has authenticated > or > > not. > > On the other hand, it would be easier to add or > customize a form auth > > target > > page; it can do authentication, store some > session attributes and > redirect > > to > > other pages. > > SSOReverseProxyIFramePortlet remembers the last > visited page; so when > you > > visit > > the page back, it will remember the navigation states > during the > session. > > Also, you could choose basic authentication if you > don't want to add or > > > customize the form auth target page. > > > > Here are some details on SSO configurations. > > There are two places to configure SSO configs. > > Firstly, the system administrator should register SSO > SITEs in > j2-admin's > > SSO > > Admin portlet. [1] > > Secondly, each user should register the SSO > credentials information in > > my-account.psml which can be navigated by a link > in the login portlet > > after > > authenticated. > > Thirdly, SSOReverseProxyIFramePortlet retrieves > the SSO SITE > information > > and the > > user's SSO credentials information, determining those > from the SRC url. > > > > In your example, you need to register an SSO SITE with > > > http://host.domainname.com:8090/ATGAdmin/ > or > > http://host.domainname.com:8090/ > > with proper authentication mechanism. > > If the SSO SITE needs form authentication, you should > provide proper > form > > auth > > parameters for username and password. > > When you visit a portal page including the sso > reverse proxy iframe > > portlet, the > > portlet will find the best matched SSO SITE from the > current navigation > > url. > > So, if the current proxied url > > is http://host.domainname.com:8090/ATGAdmin/login.jsp, > then the portlet > > > will > > retrieve the SSO SITE and credentials information for > the user. > > If it is form-auth for the SSO SITE, the portlet > will send the > credentials > > > > information with the specified parameter names in POST > method to the > > target form > > auth page. > > > > [1] > > http://portals.apache.org/jetspeed-2/adminguide/sso.html#SSO_Management > > > > HTH, > > > > Woonsan > > > > > > ----- Original Message ---- > > > From: "[email protected]" > <[email protected]> > > > To: Jetspeed Users List <[email protected]> > > > Sent: Wed, August 18, 2010 11:37:23 AM > > > Subject: Re: SSO IFrame form > authentication > > > > > > Thanks for the much needed > documentaton. However, I still can't seem > to > > > > > tie the SSO configuration to the > portlet. I can use the SSO Reverse > > Proxy > > > portlet to render the remote content, but I > do not see how to get the > > > > portlet to preemptively log into the > site. My src is > > > http://host.domainname.com:8090/ATGAdmin/customers.htm, > however, SSO > > > should be logging into > > http://host.domainname.com:8090/ATGAdmin/login.htm > > > I don't see how the SSO config knows that, and in > my case, it > certainly > > > does not do it. To net it out, I can get > the SSO portlet to render > the > > > site, but the login never happens. > > > > > > > > > > > > From: > > > Woonsan Ko <[email protected]> > > > To: > > > Jetspeed Users List <[email protected]> > > > Date: > > > 08/18/2010 12:28 PM > > > Subject: > > > Re: SSO IFrame form authentication > > > > > > > > > > > > Hi, > > > > > > For the preferences of the portlet, you can > refer to this > > documentation: > > > http://portals.apache.org/applications/webcontent/index.html > > > > > > For URL related stuffs, there are > three: SRC, PROXYREMOTEURL and > > > PROXYLOCALPATH. > > > The SRC preference is the same as the > default IFrame portlet. > > > The PROXYREMOTEURL preference is for > configuring the remote proxy > target > > > > > url > > > base path. > > > The PROXYLOCALPATH preference is for > configuring the local proxy > pass > > base > > > path. > > > So, for example, if SRC is > http://www.yourcompany.com/foo/bar/test.html > > > > > and your > > > reverse proxy service (servlet) is > configured to map > > /j2-admin/rproxy/foo/ > > > to > > > http://www.yourcompany.com/foo/, > then PROXYREMOTEURL should be set > > > to http://www.yourcompany.com/foo/ and > PROXYLOCALPATH should be set > > > to /j2-admin/rproxy/foo/ or > $[contextPath}/rproxy/foo/. > > > Also, please see the following > documentation on how to configure > > reverse > > > proxy > > > service: > > > http://portals.apache.org/applications/webcontent/rproxy.html > > > > > > Regards, > > > > > > Woonsan > > > > > > > > > ----- Original Message ---- > > > > From: "[email protected]" > <[email protected]> > > > > To: Jetspeed Users List <[email protected]> > > > > Sent: Wed, August 18, 2010 > 7:22:38 AM > > > > Subject: Re: SSO IFrame form > authentication > > > > > > > > I was able to successfully get > form-based auth to work with your > > example > > > > > > > scenario, however, my own test case > does not. I still simply go > > > directly > > > > to the login screen. I'm > sure it has to do with the > proxyremoteurl > > and > > > > > > > proxylocalpath args, but I > have not seen any detailed doc on how > > they > > > > work. > > > > > > > > > > > > > > > > From: > > > > David Sean Taylor <[email protected]> > > > > To: > > > > Jetspeed Users List <[email protected]> > > > > Date: > > > > 08/17/2010 07:19 PM > > > > Subject: > > > > Re: SSO IFrame form authentication > > > > > > > > > > > > > > > > On Tue, Aug 17, 2010 at > 1:40 PM, <[email protected]> > > wrote: > > > > > How did your testing go? I > compared SSO Webcontent (which > works, > > > sort > > > > of) > > > > > to SSO IFrame classes and I > see a method for preemptive login > in > > the > > > > > webcontent class but no reference > at all in the SSO IFrame > class. > > > Does > > > > > this just mean it is being > done differently, or is something > amiss > > in > > > > > > > the > > > > > SSO IFrame class? > > > > > > > > There are two SSOIFrame classes: > > > > > > > > 1. SSOIFramePortlet > > > > 2. > SSOReverseProxyIFramePortlet > > > > > > > > Suggest using the second > one, SSOReverseProxyIFramePortlet as it > > gives > > > > you features not available in > the older SSOIFramePortlet such as > > > > auto-resizing and form-based > authentication (what you are after) > > > > > > > > I tested with > SSOReverseProxyIFramePortlet and it worked in the > > > > example that comes with > Jetspeed, but it takes a little bit of > > > > configuration. > > > > > > > > First, ensure your Tomcat will need > this attribute set in the > > > > <Connector> element > of server.xml: > > > > > > > > emptySessionPath="true" > > > > > > > > more detail here: > > > > > > > > http://portals.apache.org/applications/webcontent/index.html > > > > > > > > If you had to change server.xml > setting, then restart your server > > > > > > > > I took these steps to verify SSO > with the example form-based > login > > > > that comes with Jetspeed: > > > > > > > > 1. login as admin > > > > 2. navigate to the Jetspeed > Administration space, SSO Management > > page, > > > > or just go here: > > > > > > > > http://localhost:8080/jetspeed/ui/Administrative/sso-admin.psml > > > > > > > > Add a new Site with following > parameters: > > > > > > > > Site Name: Form Example > > > > Site URL: http://localhost:8080/j2-admin/examples/formauth.jsp > > > > Field name for User ID: > user > > > > Field name For Password value: pass > > > > > > > > Press Save > > > > > > > > Add a new credential for this > site in the portlet on the right > side > > > > (SSO Details): > > > > > > > > > Portal Principal: admin > > > > Remote Principal: admin > > > > Remote Credential: admin > > > > > > > > Press Add > > > > > > > > You can verify that the > remote credential was added for the > admin > > > > user by going here: > > > > > > > > http://localhost:8080/jetspeed/ui/my-account.psml > > > > > > > > see the portlet on the > right "SSO Change Passwords", a remote > site > > > > entry should be there named > "Form Example" > > > > > > > > Next, you can use the Toolbox to > find the Reverse Proxy Iframe > > Portlet > > > > by searching on "iframe" > and then selecting it from there and > adding > > > > to a page. To make things > simple, I just added a page and then > added > > > > the Reverse Proxy Iframe Portlet > there. At first this portlet > seems > > to > > > > want to use Basic > Authentication, so just hit cancel when > challenged. > > > > I then switched to edit mode > (pencil icon), and entered the > following > > > > preferences: > > > > > > > > TITLE: My SSO Test > > > > SRC: http://localhost:$ > > {serverPort}${contextPath}/examples/formauth.jsp > > > > > > > > Press Save > > > > > > > > You should see in your portlet > content something like: > > > > > > > > "Hello, admin. You have been > authorized by form-based > authentication > > > > > !!!" > > > > > > > > Give that a try and see if it > works. Then, move on to your > specific > > > > IFrame source and let us know > how it goes... > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: > [email protected] > > > > For additional commands, > e-mail: > > [email protected] > > > > > > > > > > > > -- > > > > This message has been scanned > for viruses and > > > > dangerous content by > MailScanner, and is > > > > believed to be > clean (mailgw2:E659D1E6FC.D1395). > > > > > > > > > > > > > > > > > > > > This communication and any attachments > are confidential, protected > > > by > > > > Communications Privacy Act 18 > USCS § 2510, solely for the use of > the > > > > > > intended recipient, and may > contain legally privileged material. > If > > you > > > > > > > are not the intended recipient, > please return or destroy it > > > immediately. > > > > Thank you. > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [email protected] > > > For additional commands, e-mail: > [email protected] > > > > > > > > > -- > > > This message has been scanned for > viruses and > > > dangerous content by MailScanner, and is > > > believed to be clean > (mailgw2:8B67A1E701.EB059). > > > > > > > > > > > > > > > This communication and any attachments are > confidential, protected > by > > > Communications Privacy Act 18 USCS § 2510, > solely for the use of the > > > > intended recipient, and may contain > legally privileged material. If > you > > > > > are not the intended recipient, > please return or destroy it > > immediately. > > > Thank you. > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean > (mailgw2:AB8841E700.50A86). > > > > > > > > > > This communication and any attachments are > confidential, protected by > > Communications Privacy Act 18 USCS § 2510, > solely for the use of the > > intended recipient, and may contain legally > privileged material. If you > > > are not the intended recipient, please return or > destroy it > immediately. > > Thank you. > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean (mailgw2:C70BC1E6FE.B6E38). > > > > > This communication and any attachments are confidential, > protected by > Communications Privacy Act 18 USCS § 2510, solely for the > use of the > intended recipient, and may contain legally privileged > material. If you > are not the intended recipient, please return or destroy it > immediately. > Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
