Actually, I have tested with /j2-admin/examples/formauth.jsp, where I modified
it to check additional parameters strictly to authenticate. And I also modified
the SSO SITE url and SRC url preference (e.g., .../formauth.jsp?action=login).
I succeeded in SSO with this test.
There could be something else, of course.
For example, I simply used request.getParameter("action") in my local
formauth.jsp, which doesn't care if it's posted or in the query string.
Some target web page could accept form params only. In that case, the appended
query string wouldn't work..
In this sense, I think we should allow users to add additional parameters in
the SSO Admin portlet for SSO Site in the next version. It also makes it
clearer.
-Woonsan
--- On Fri, 8/20/10, [email protected] <[email protected]> wrote:
> From: [email protected] <[email protected]>
> Subject: Re: SSO IFrame form authentication
> To: "Jetspeed Users List" <[email protected]>
> Date: Friday, August 20, 2010, 8:29 PM
> Yes, I have tried it that way and
> many other combinations. I suspect the
> issue is as I described in my last post, when in the
> portlet that redirect
> is not getting to me and I think that CSID parm is
> important to getting
> logged in.
>
>
>
> From:
> Woonsan Ko <[email protected]>
> To:
> Jetspeed Users List <[email protected]>
> Date:
> 08/20/2010 01:16 PM
> Subject:
> Re: SSO IFrame form authentication
>
>
>
> When you tried to append
> "?Action=Login&RequestedURL=&Lang=en&TimeOffset=30"
> for the SSO SITE url,
> did you change the SRC preference for the portlet, too?
> If not, the portlet would not try to navigate the url with
> the additional
> parameters. That could be the cause.
>
> --- On Fri, 8/20/10, [email protected]
> <[email protected]>
>
> wrote:
>
> > From: [email protected]
> <[email protected]>
> > Subject: Re: SSO IFrame form authentication
> > To: "Jetspeed Users List" <[email protected]>
> > Date: Friday, August 20, 2010, 7:38 PM
> > ok, I was right. SSO Login did
> > not stay working. I have need for these
> > add'l args in the login.
> >
> ?Action=Login&RequestedURL=&Lang=en&TimeOffset=30
> >
> > I found that if I append these to the login url
> in SSO
> > Admin, then try to
> > access the portlet, I get a 404, then if I remove the
> extra
> > args from SSO
> > Admin and go back to the portlet, I am logged
> in. Of
> > course, this only
> > works once and then it's broke again. Also,
> > evidently, the sso.form.Args
> > property does not help. Any other ideas?
> >
> >
> >
> > From:
> > Woonsan Ko <[email protected]>
> > To:
> > Jetspeed Users List <[email protected]>
> > Date:
> > 08/20/2010 11:50 AM
> > Subject:
> > Re: SSO IFrame form authentication
> >
> >
> >
> > I believe the pages can be simply copied because I
> cannot
> > find anything to
> > watch with psml pages either.
> > By the way, you can copy those pages into any other
> folder
> > by configuring
> > the path in
> /jetspeed/WEB-INF/conf/override.properties. For
> > example,
> >
> > # default path to (XML) PSML pages root folder
> > psml.pages.path =
> > ${applicationRoot}/WEB-INF/migrated_pages
> >
> > Regards,
> >
> > Woonsan
> >
> > --- On Fri, 8/20/10, [email protected]
> > <[email protected]>
> >
> > wrote:
> >
> > > From: [email protected]
> > <[email protected]>
> > > Subject: Re: SSO IFrame form authentication
> > > To: "Jetspeed Users List" <[email protected]>
> > > Date: Friday, August 20, 2010, 3:05 PM
> > > I have installed 2.2.1 with MySQL and
> > > I now need to move my pages and
> > > layouts from the 2.2.0 installation. Given
> that
> > my
> > > previous 2.2.1
> > > installation on Derby is defunct, is there
> anything I
> > > should watch out for
> > > this time? Can I simply copy the psml's
> from
> > the
> > > 2.2.0 directories to the
> > > 2.2.1 directories? I have not
> seen a
> > > migration guide to address this
> > > need.
> > >
> > >
> > >
> > > From:
> > > Woonsan Ko <[email protected]>
> > > To:
> > > Jetspeed Users List <[email protected]>
> > > Date:
> > > 08/18/2010 12:35 PM
> > > Subject:
> > > Re: SSO IFrame form authentication
> > >
> > >
> > >
> > > Hi,
> > >
> > > I haven't heard of that preferences data problem
> yet
> > in
> > > 2.2.1.
> > > IMHO, It could help to localize the problems if
> you
> > test
> > > against other
> > > databases
> > > like PostgreSQL or MySQL.
> > > On the other hand, I think you could deploy
> newer
> > > j2-admin.war and
> > > apa-webcontent.war which were included in 2.2.1.
> > >
> > > -Woonsan
> > >
> > >
> > > ----- Original Message ----
> > > > From: "[email protected]"
> > > <[email protected]>
> > > > To: Jetspeed Users List <[email protected]>
> > > > Sent: Wed, August 18, 2010 6:10:25 AM
> > > > Subject: Re: SSO IFrame form authentication
> > > >
> > > > Well, here's the rub. I believe the
> > > SSOReverseProxyIFramePortlet is new
> > >
> > > > in 2.2.1, which is where I was when I first
> > posted,
> > > however, I found
> > > that
> > > > my configuration kept getting scrambled, so
> I
> > reverted
> > > to 2.2.0 I will
> > > > try your suggestion on 2.2.1, but I will
> have to
> > > address the scrambling
> > > > issue. What is happening is
> this. I
> > have
> > > cloned the IFramePortlet
> > > > several times and configured each for
> different
> > static
> > > content being
> > > > served from apache2. I have avoided
> setting
> > any
> > > user preferences, and,
> > >
> > > > instead, set the preferences for each clone
> in
> > the
> > > PAM portlet.
> > > Everything
> > > > worked fine. Then after a few hours,
> the
> > > IFramePortlet content was all
> > >
> > > > mixed up. For instance, the portlet on
>
> > > page 1 would be showing the
> > > > content I had configured for the portlet on
> page
> >
> > > 2 and so on. I went
> > > into
> > > > PAM and corrected the preferences to what
> > they
> > > should be and assumed I
> > > was
> > > > ok, but the next morning things were
> > scrambled
> > > again. I did some
> > > queries
> > > > in the derby db and it appears they
> are
> > wrong
> > > there. I don't know if
> > > this
> > > > is a portlet id issue or an indexing
> > problem or
> > > what, but I need a
> > > > resolution before I can proceed to
> 2.2.1
> > > Of course, I have the exact
> > > same
> > > > configuration in 2.2.0 and am having
> no
> > problem
> > > there, but I also have
> > > no
> > > > SSOReverseProxyIFrame there.
> Any
> > ideas?
> > > >
> > > >
> > > >
> > > > From:
> > > > David Sean Taylor <[email protected]>
> > > > To:
> > > > Jetspeed Users List <[email protected]>
> > > > Date:
> > > > 08/17/2010 07:19 PM
> > > > Subject:
> > > > Re: SSO IFrame form authentication
> > > >
> > > >
> > > >
> > > > On Tue, Aug 17, 2010 at 1:40 PM,
> > <[email protected]>
> >
> > > wrote:
> > > > > How did your testing go? I
> compared
> > SSO
> > > Webcontent (which works,
> > > sort
> > > > of)
> > > > > to SSO IFrame classes and I see a
> method
> > > for preemptive login in the
> > > > > webcontent class but no reference at
> all in
> > > the SSO IFrame class.
> > > Does
> > > > > this just mean it is being done
> > > differently, or is something amiss in
> > >
> > > > the
> > > > > SSO IFrame class?
> > > >
> > > > There are two SSOIFrame classes:
> > > >
> > > > 1. SSOIFramePortlet
> > > > 2. SSOReverseProxyIFramePortlet
> > > >
> > > > Suggest using the second one,
> > > SSOReverseProxyIFramePortlet as it gives
> > > > you features not available in the
> older
> > > SSOIFramePortlet such as
> > > > auto-resizing and form-based authentication
>
> > > (what you are after)
> > > >
> > > > I tested with SSOReverseProxyIFramePortlet
> and
> > > it worked in the
> > > > example that comes with Jetspeed, but it
> takes a
> > > little bit of
> > > > configuration.
> > > >
> > > > First, ensure your Tomcat will need this
> > > attribute set in the
> > > > <Connector> element of
> server.xml:
> > > >
> > > > emptySessionPath="true"
> > > >
> > > > more detail here:
> > > >
> > > > http://portals.apache.org/applications/webcontent/index.html
> > > >
> > > > If you had to change server.xml
> setting,
> > then
> > > restart your server
> > > >
> > > > I took these steps to verify SSO with
> the
> > > example form-based login
> > > > that comes with Jetspeed:
> > > >
> > > > 1. login as admin
> > > > 2. navigate to the Jetspeed Administration
> > > space, SSO Management page,
> > > > or just go here:
> > > >
> > > > http://localhost:8080/jetspeed/ui/Administrative/sso-admin.psml
> > > >
> > > > Add a new Site with following
> parameters:
> > > >
> > > > Site Name: Form Example
> > > > Site URL: http://localhost:8080/j2-admin/examples/formauth.jsp
> > > > Field name for User ID: user
> > > > Field name For Password value: pass
> > > >
> > > > Press Save
> > > >
> > > > Add a new credential for this site in
> the
> > > portlet on the right side
> > > > (SSO Details):
> > > >
> > > > Portal Principal: admin
> > > > Remote Principal: admin
> > > > Remote Credential: admin
> > > >
> > > > Press Add
> > > >
> > > > You can verify that the remote
> > credential
> > > was added for the admin
> > > > user by going here:
> > > >
> > > > http://localhost:8080/jetspeed/ui/my-account.psml
> > > >
> > > > see the portlet on the right "SSO
> Change
> > > Passwords", a remote site
> > > > entry should be there named "Form
> Example"
> > > >
> > > > Next, you can use the Toolbox to find the
> > > Reverse Proxy Iframe Portlet
> > > > by searching on "iframe" and then selecting
> it
> > > from there and adding
> > > > to a page. To make things simple, I just
> added a
> > > page and then added
> > > > the Reverse Proxy Iframe Portlet there. At
> first
> > this
> > > portlet seems to
> > > > want to use Basic Authentication, so just
> hit
> > cancel
> > > when challenged.
> > > > I then switched to edit mode (pencil icon),
> and
> > > entered the following
> > > > preferences:
> > > >
> > > > TITLE: My SSO Test
> > > > SRC: http://localhost:$
> > {serverPort}${contextPath}/examples/formauth.jsp
> > > >
> > > > Press Save
> > > >
> > > > You should see in your portlet content
> something
> >
> > > like:
> > > >
> > > > "Hello, admin. You have been authorized by
> > > form-based authentication
> > > !!!"
> > > >
> > > > Give that a try and see if it works. Then,
> move
> > on
> > > to your specific
> > > > IFrame source and let us know how it
> > goes...
> > > >
> > > >
> > >
> >
> ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail:
> [email protected]
> > > > For additional commands, e-mail:
> > [email protected]
> > > >
> > > >
> > > > --
> > > > This message has been scanned for
> viruses
> > and
> > > > dangerous content by MailScanner, and
> is
> > > > believed to be clean
> > > (mailgw2:E659D1E6FC.D1395).
> > > >
> > > >
> > > >
> > > >
> > > > This communication and any attachments
> are
> > > confidential, protected by
> > > > Communications Privacy Act 18 USCS §
> > 2510,
> > > solely for the use of the
> > > > intended recipient, and may contain
> > legally
> > > privileged material. If you
> > >
> > > > are not the intended recipient, please
> > return or
> > > destroy it
> > > immediately.
> > > > Thank you.
> > >
> > >
> > >
> > >
> > >
> >
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [email protected]
> > > For additional commands, e-mail: [email protected]
> > >
> > >
> > > --
> > > This message has been scanned for viruses and
> > > dangerous content by MailScanner, and is
> > > believed to be clean (mailgw2:9902C1E701.B0EA8).
> > >
> > >
> > >
> > >
> > > This communication and any attachments are
> > confidential,
> > > protected by
> > > Communications Privacy Act 18 USCS § 2510,
> solely for
> > the
> > > use of the
> > > intended recipient, and may contain legally
> > privileged
> > > material. If you
> > > are not the intended recipient, please return or
> > destroy it
> > > immediately.
> > > Thank you.
> >
> >
> >
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [email protected]
> > For additional commands, e-mail: [email protected]
> >
> >
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean (mailgw2:8B04D2A000C.7088C).
> >
> >
> >
> >
> > This communication and any attachments are
> confidential,
> > protected by
> > Communications Privacy Act 18 USCS § 2510, solely for
> the
> > use of the
> > intended recipient, and may contain legally
> privileged
> > material. If you
> > are not the intended recipient, please return or
> destroy it
> > immediately.
> > Thank you.
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean (mailgw2:7C42D1E6FC.46C94).
>
>
>
>
> This communication and any attachments are confidential,
> protected by
> Communications Privacy Act 18 USCS § 2510, solely for the
> use of the
> intended recipient, and may contain legally privileged
> material. If you
> are not the intended recipient, please return or destroy it
> immediately.
> Thank you.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
