I am using j2-admin::SSOReverseProxyIFramePortlet. I also believe I am using the exact reverse properties as the apache example. I have discovered one issue when accessing directly in that it appears when I enter http://host.domain-name.com:8080/j2-admin/rproxy/otrs/otrs/customer.pl, and login manually, I am redirected to http://host.domain-name.com:8080/otrs/customer.pl?CSID=1047f4e2a54420bc329c4f2e3cd511e23a and I get an HTTP 404 error. If I then correct the url and put the j2-admin/rproxy/otrs back in, I get the correct page rendered and I am logged in. In any case, once I get logged in and try to drill down to an incident link, I get an error trying to load the javascript because something has changed the .js in the link to .html Again, I am using the apache example config for rewriting.
# ... Set max matching path part count proxy.reverse.pass.maxMatchingPathPartCount = 2 # ... Sets detail attributes for apache path mapping proxy.reverse.pass = otrs proxy.reverse.pass.otrs.local = /otrs/ proxy.reverse.pass.otrs.remote = http://host.domain-name.com/ proxy.reverse.pass.otrs.rewriter.basic = org.apache.portals.applications.webcontent.rewriter.WebContentRewriter proxy.reverse.pass.otrs.rewriter.parserAdaptor = html proxy.reverse.pass.otrs.rewriter.parserAdaptor.html = org.apache.portals.applications.webcontent.proxy.impl.DefaultReverseProxyLinkRewritingParserAaptor proxy.reverse.pass.otrs.rewriter.parserAdaptor.html.mimeType = text/html proxy.reverse.pass.otrs.rewriter.parserAdaptor.html.property.lookUpAllMappings = true Thanks, MikeB Mike Ballard Director of Internet Development and Networking O'Reilly Auto Parts (417) 874-7107 Ofc (417) 838-0271 Cell This message is protected by the Electronic Communications Privacy Act, 18 USCS § 2510 et seq., and may not be used, copied or forwarded without the consent of the named recipient(s). The information contained in this message is confidential, is intended only for the use of the individual or entity named. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify me immediately at 417-874-7107. From: Woonsan Ko <[email protected]> To: Jetspeed Users List <[email protected]> Date: 08/20/2010 12:55 PM Subject: Re: SSO IFrame form authentication Regarding the problem of javascript link ending in .js to .html, with which portlet do you meet the problem? j2-admin::SSOReverseProxyIFramePortlet, j2-admin::SSOFormBasedAuthReverseProxyIFramePortlet, j2-admin::SSOIFramePortlet, j2-admin::SSOWebContentPortlet, or j2-admin::SSOProxyPortletPortlet? j2-admin::SSOReverseProxyIFramePortlet and j2-admin::SSOFormBasedAuthReverseProxyIFramePortlet only are using the reverse proxy service. If you are using those reverse proxy portlets, then how's the rewriter configurations for the reverse proxy pass mapping in /j2-admin/WEB-INF/conf/reverseproxy.properties? I'd like to recommend you to use the default configuration like the apache example: # ... Sets detail attributes for apache path mapping proxy.reverse.pass.apache.local = /apache/ proxy.reverse.pass.apache.remote = http://apache.org/ proxy.reverse.pass.apache.rewriter.basic = org.apache.portals.applications.webcontent.rewriter.WebContentRewriter proxy.reverse.pass.apache.rewriter.parserAdaptor = html proxy.reverse.pass.apache.rewriter.parserAdaptor.html = org.apache.portals.applications.webcontent.proxy.impl.DefaultReverseProxyLinkRewritingParserAaptor proxy.reverse.pass.apache.rewriter.parserAdaptor.html.mimeType = text/html proxy.reverse.pass.apache.rewriter.parserAdaptor.html.property.lookUpAllMappings = true With the default example above, the rewriting xml rule files such as default-rewriter-rules.xml and rewriter-rules-mapping do not play any role with reverse proxying portlets. The last example in the configuration file still uses the Neko and Sax parser adaptor configuation, which was provided for the old web content portlets. However, it turns out to be less useful in this reverse proxy portlets. (The old rewriting xml rules were mainly for rewriting urls to portlet urls, while reverse proxy service is just another servlet-based solution with integration to portlet, meaning the url rewriting doesn't need to be that complex any more.) One more tip is that you could test the reverse proxying by navigating the proxied urls directly. So, for example, if http://www.yourdomain.com/orders/ is mapped to /j2-admin/rproxy/yourdomain/orders/, then you can browse directly to http://localhost:8080/j2-admin/rproxy/yourdomain/orders/. You can see what happens for rewriting problems with this direct access. HTH, Woonsan --- On Fri, 8/20/10, [email protected] <[email protected]> wrote: > From: [email protected] <[email protected]> > Subject: Re: SSO IFrame form authentication > To: "Jetspeed Users List" <[email protected]> > Date: Friday, August 20, 2010, 6:55 PM > Good to know. So I have rebuilt > my site on 2.2.1 and it seems to be > stable, unlike the previous implementation on Derby. > Not sure if that's > an indication of a problem with 2.2.1 & Derby, or just > a local issue. My > remaining issue is the rewrite in the reverse proxy portlet > is changing a > javascript link ending in .js to .html Any ideas? > > > > From: > Woonsan Ko <[email protected]> > To: > Jetspeed Users List <[email protected]> > Date: > 08/20/2010 11:50 AM > Subject: > Re: SSO IFrame form authentication > > > > I believe the pages can be simply copied because I cannot > find anything to > watch with psml pages either. > By the way, you can copy those pages into any other folder > by configuring > the path in /jetspeed/WEB-INF/conf/override.properties. For > example, > > # default path to (XML) PSML pages root folder > psml.pages.path = > ${applicationRoot}/WEB-INF/migrated_pages > > Regards, > > Woonsan > > --- On Fri, 8/20/10, [email protected] > <[email protected]> > > wrote: > > > From: [email protected] > <[email protected]> > > Subject: Re: SSO IFrame form authentication > > To: "Jetspeed Users List" <[email protected]> > > Date: Friday, August 20, 2010, 3:05 PM > > I have installed 2.2.1 with MySQL and > > I now need to move my pages and > > layouts from the 2.2.0 installation. Given that > my > > previous 2.2.1 > > installation on Derby is defunct, is there anything I > > should watch out for > > this time? Can I simply copy the psml's from > the > > 2.2.0 directories to the > > 2.2.1 directories? I have not seen a > > migration guide to address this > > need. > > > > > > > > From: > > Woonsan Ko <[email protected]> > > To: > > Jetspeed Users List <[email protected]> > > Date: > > 08/18/2010 12:35 PM > > Subject: > > Re: SSO IFrame form authentication > > > > > > > > Hi, > > > > I haven't heard of that preferences data problem yet > in > > 2.2.1. > > IMHO, It could help to localize the problems if you > test > > against other > > databases > > like PostgreSQL or MySQL. > > On the other hand, I think you could deploy newer > > j2-admin.war and > > apa-webcontent.war which were included in 2.2.1. > > > > -Woonsan > > > > > > ----- Original Message ---- > > > From: "[email protected]" > > <[email protected]> > > > To: Jetspeed Users List <[email protected]> > > > Sent: Wed, August 18, 2010 6:10:25 AM > > > Subject: Re: SSO IFrame form authentication > > > > > > Well, here's the rub. I believe the > > SSOReverseProxyIFramePortlet is new > > > > > in 2.2.1, which is where I was when I first > posted, > > however, I found > > that > > > my configuration kept getting scrambled, so I > reverted > > to 2.2.0 I will > > > try your suggestion on 2.2.1, but I will have to > > address the scrambling > > > issue. What is happening is this. I > have > > cloned the IFramePortlet > > > several times and configured each for different > static > > content being > > > served from apache2. I have avoided setting > any > > user preferences, and, > > > > > instead, set the preferences for each clone in > the > > PAM portlet. > > Everything > > > worked fine. Then after a few hours, the > > IFramePortlet content was all > > > > > mixed up. For instance, the portlet on > > page 1 would be showing the > > > content I had configured for the portlet on page > > > 2 and so on. I went > > into > > > PAM and corrected the preferences to what > they > > should be and assumed I > > was > > > ok, but the next morning things were > scrambled > > again. I did some > > queries > > > in the derby db and it appears they are > wrong > > there. I don't know if > > this > > > is a portlet id issue or an indexing > problem or > > what, but I need a > > > resolution before I can proceed to 2.2.1 > > Of course, I have the exact > > same > > > configuration in 2.2.0 and am having no > problem > > there, but I also have > > no > > > SSOReverseProxyIFrame there. Any > ideas? > > > > > > > > > > > > From: > > > David Sean Taylor <[email protected]> > > > To: > > > Jetspeed Users List <[email protected]> > > > Date: > > > 08/17/2010 07:19 PM > > > Subject: > > > Re: SSO IFrame form authentication > > > > > > > > > > > > On Tue, Aug 17, 2010 at 1:40 PM, > <[email protected]> > > > wrote: > > > > How did your testing go? I compared > SSO > > Webcontent (which works, > > sort > > > of) > > > > to SSO IFrame classes and I see a method > > for preemptive login in the > > > > webcontent class but no reference at all in > > the SSO IFrame class. > > Does > > > > this just mean it is being done > > differently, or is something amiss in > > > > > the > > > > SSO IFrame class? > > > > > > There are two SSOIFrame classes: > > > > > > 1. SSOIFramePortlet > > > 2. SSOReverseProxyIFramePortlet > > > > > > Suggest using the second one, > > SSOReverseProxyIFramePortlet as it gives > > > you features not available in the older > > SSOIFramePortlet such as > > > auto-resizing and form-based authentication > > (what you are after) > > > > > > I tested with SSOReverseProxyIFramePortlet and > > it worked in the > > > example that comes with Jetspeed, but it takes a > > little bit of > > > configuration. > > > > > > First, ensure your Tomcat will need this > > attribute set in the > > > <Connector> element of server.xml: > > > > > > emptySessionPath="true" > > > > > > more detail here: > > > > > > http://portals.apache.org/applications/webcontent/index.html > > > > > > If you had to change server.xml setting, > then > > restart your server > > > > > > I took these steps to verify SSO with the > > example form-based login > > > that comes with Jetspeed: > > > > > > 1. login as admin > > > 2. navigate to the Jetspeed Administration > > space, SSO Management page, > > > or just go here: > > > > > > http://localhost:8080/jetspeed/ui/Administrative/sso-admin.psml > > > > > > Add a new Site with following parameters: > > > > > > Site Name: Form Example > > > Site URL: http://localhost:8080/j2-admin/examples/formauth.jsp > > > Field name for User ID: user > > > Field name For Password value: pass > > > > > > Press Save > > > > > > Add a new credential for this site in the > > portlet on the right side > > > (SSO Details): > > > > > > Portal Principal: admin > > > Remote Principal: admin > > > Remote Credential: admin > > > > > > Press Add > > > > > > You can verify that the remote > credential > > was added for the admin > > > user by going here: > > > > > > http://localhost:8080/jetspeed/ui/my-account.psml > > > > > > see the portlet on the right "SSO Change > > Passwords", a remote site > > > entry should be there named "Form Example" > > > > > > Next, you can use the Toolbox to find the > > Reverse Proxy Iframe Portlet > > > by searching on "iframe" and then selecting it > > from there and adding > > > to a page. To make things simple, I just added a > > page and then added > > > the Reverse Proxy Iframe Portlet there. At first > this > > portlet seems to > > > want to use Basic Authentication, so just hit > cancel > > when challenged. > > > I then switched to edit mode (pencil icon), and > > entered the following > > > preferences: > > > > > > TITLE: My SSO Test > > > SRC: http://localhost:$ > {serverPort}${contextPath}/examples/formauth.jsp > > > > > > Press Save > > > > > > You should see in your portlet content something > > > like: > > > > > > "Hello, admin. You have been authorized by > > form-based authentication > > !!!" > > > > > > Give that a try and see if it works. Then, move > on > > to your specific > > > IFrame source and let us know how it > goes... > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [email protected] > > > For additional commands, e-mail: > [email protected] > > > > > > > > > -- > > > This message has been scanned for viruses > and > > > dangerous content by MailScanner, and is > > > believed to be clean > > (mailgw2:E659D1E6FC.D1395). > > > > > > > > > > > > > > > This communication and any attachments are > > confidential, protected by > > > Communications Privacy Act 18 USCS § > 2510, > > solely for the use of the > > > intended recipient, and may contain > legally > > privileged material. If you > > > > > are not the intended recipient, please > return or > > destroy it > > immediately. > > > Thank you. > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean (mailgw2:9902C1E701.B0EA8). > > > > > > > > > > This communication and any attachments are > confidential, > > protected by > > Communications Privacy Act 18 USCS § 2510, solely for > the > > use of the > > intended recipient, and may contain legally > privileged > > material. If you > > are not the intended recipient, please return or > destroy it > > immediately. > > Thank you. > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean (mailgw2:8B04D2A000C.7088C). > > > > > This communication and any attachments are confidential, > protected by > Communications Privacy Act 18 USCS § 2510, solely for the > use of the > intended recipient, and may contain legally privileged > material. If you > are not the intended recipient, please return or destroy it > immediately. > Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean (mailgw2:792FC1E702.4691D). This communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS § 2510, solely for the use of the intended recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you.
