Sorry, use this url for the last reference: [3] http://svn.apache.org/repos/asf/portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/sso/SSOProxyPortlet.java
--- On Mon, 8/23/10, Woonsan Ko <[email protected]> wrote: > From: Woonsan Ko <[email protected]> > Subject: Re: SSO IFrame form authentication > To: "Jetspeed Users List" <[email protected]> > Date: Monday, August 23, 2010, 8:37 PM > Hi, > > I think the documentation [1] is misleading for the > Form-authentication support, which is supported only with > SSOWebContentPortlet. > However, I think you can use IFrameGenericPortlet to allow > that form authentication, simply by configuring your new > view page in preferrences. For example, you can read the > preferences and build a simple hidden form with the sso > credentials info to post to the target site. > If you want to retrieve the sso credentials info for the > SSO site from your portlet or your view JSP page, you will > probably need to access the Jetspeed SSO Manager, listed > here as Jetspeed Service component. [2] > > PortletContext context = > getPortletContext(); > SSOManager sso = (SSOManager) > context.getAttribute("cps:SSO"); > > You could refer to SSOProxyPortlet.java on how to use the > component. [3] > > [1] http://portals.apache.org/jetspeed-2/deployguide/config-sso.html > [2] http://portals.apache.org/jetspeed-2/deployguide/guide-services.html > [3] > https://svn.apache.org/repos/asf/portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/sso/SSOProxyPortlet.java > > > HTH, > > Woonsan > > --- On Mon, 8/23/10, [email protected] > <[email protected]> > wrote: > > > From: [email protected] > <[email protected]> > > Subject: Re: SSO IFrame form authentication > > To: "Jetspeed Users List" <[email protected]> > > Date: Monday, August 23, 2010, 7:45 PM > > The only portlet producing acceptable > > rendering results is the SSO IFrame > > Portlet, which claims to use SSO, but appears to not > work > > according to the > > documentation. The SSO section of the deployment > > guide clearly spells out > > how to use sso.type, sso.form.principal, > > sso.form.credential, sso.Action, > > sso.form.Args, etc to do what we need but it does not > work > > in the simplest > > of examples of form based preemptive > authentication. > > I am at a loss as to > > where to go next. > > > > Thanks, MikeB > > > > Mike Ballard > > Director of Internet Development and Networking > > O'Reilly Auto Parts > > (417) 874-7107 Ofc > > (417) 838-0271 Cell > > > > This message is protected by the Electronic > Communications > > Privacy Act, 18 > > USCS § 2510 et seq., and may not be used, copied or > > forwarded without the > > consent of the named recipient(s). The information > > contained in this > > message is confidential, is intended only for the use > of > > the individual or > > entity named. If the reader of this message is not > > the intended > > recipient, you are hereby notified that any > dissemination, > > distribution or > > copying of this communication is strictly > prohibited. > > If you have > > received this communication in error, please notify > me > > immediately at > > 417-874-7107. > > > > > > > > From: > > Woonsan Ko <[email protected]> > > To: > > Jetspeed Users List <[email protected]> > > Date: > > 08/20/2010 06:54 PM > > Subject: > > Re: SSO IFrame form authentication > > > > > > > > How about prepending a double quote or single quote, > > depending your target > > website, in the regex expression? > > For example, > > \"\\/otrs\\/customer\\.pl\\?CSID > > will exclude "/j2-admin/rproxy/otrs/...". > > > > Also, you can configure multiple custom replacements > in the > > configuration. > > (Multiple keys are defined with the same keys. > > For example, > > > > > proxy.reverse.pass.otrs.rewriter.parserAdaptor.html.property.customPatterns > > > > = \"\\/otrs\\/customer\\.pl > > > proxy.reverse.pass.otrs.rewriter.parserAdaptor.html.property.customReplaces > > > > = \"/j2-admin/rproxy/otrs/otrs/customer.pl > > > proxy.reverse.pass.otrs.rewriter.parserAdaptor.html.property.customPatterns > > > > = \"\\/otrs-web\\/customer\\.pl > > > proxy.reverse.pass.otrs.rewriter.parserAdaptor.html.property.customReplaces > > > > = \"/j2-admin/rproxy/otrs/otrs-web/customer.pl > > ... > > > > -Woonsan > > > > > > --- On Fri, 8/20/10, [email protected] > > <[email protected]> > > > > wrote: > > > > > From: [email protected] > > <[email protected]> > > > Subject: Re: SSO IFrame form authentication > > > To: "Jetspeed Users List" <[email protected]> > > > Date: Friday, August 20, 2010, 10:52 PM > > > Thank you, I had figured that > > > out. Problem is that this rule replaces > > > everything with /otrs/customer.pl even when it > already > > has > > > > > > /j2-admin/rproxy/otrs prepended. Since the > > offending > > > string is > > > > > http://hostname.domain-name.com:8080/otrs/customer.pl?CSID=10822f631e5c8aaaa5b4236cd2547c5d82 > > > > > > > > I attempted to construct a new rule with > pattern > > > > > \\/otrs\\/customer\\.pl\\?CSID and replacement > > > /j2-admin/rproxy/otrs/otrs/customer.pl?CSID > > > > > > However, it never seems to catch the pattern. > I > > tried > > > it with escaping > > > the ? and not escaping the ? as I wasn't sure > which > > it > > > should be. > > > > > > I also have a similiar issue with /otrs-web..... > > > > coming from javascript, > > > I assume. Problem is that some of these > patterns > > are > > > prepended with the > > > proxy and some are not. How to catch the ones > > which > > > need rewrite as > > > opposed to the ones which do not. > > > > > > > > > > > > From: > > > Woonsan Ko <[email protected]> > > > To: > > > Jetspeed Users List <[email protected]> > > > Date: > > > 08/20/2010 03:35 PM > > > Subject: > > > Re: SSO IFrame form authentication > > > > > > > > > > > > If the pass configuration is for 'otrs' in your > > example, > > > "proxy.reverse.pass = otrs", then the > configuration > > keys > > > should look like > > > these: > > > > > > > > > proxy.reverse.pass.otrs.rewriter.parserAdaptor.html.property.customPatterns > > > > > > = \\/otrs\\/customer\\.pl > > > > > > proxy.reverse.pass.otrs.rewriter.parserAdaptor.html.property.customReplaces > > > > > > = /j2-admin/rproxy/otrs/otrs/customer.pl > > > > > > --- On Fri, 8/20/10, Woonsan Ko <[email protected]> > > > wrote: > > > > > > > From: Woonsan Ko <[email protected]> > > > > Subject: Re: SSO IFrame form authentication > > > > To: "Jetspeed Users List" <[email protected]> > > > > Date: Friday, August 20, 2010, 9:13 PM > > > > I guess the first page which tried to > > > > redirect to the second page with wrong url > by > > using > > > > javascript. > > > > If it redirects to other page from the > > server-side > > > with > > > > http status code and header, then the > reverse > > proxy > > > service > > > > can detect and rewrite to a proxied url from > the > > > reverse > > > > proxy configurations if found. > > > > > > > > Anyway, if the first page has javascript to > > redirect, > > > e.g., > > > > 'location.href = > > > > > > > > > > /otrs/customer.pl?CSID=1047f4e2a54420bc329c4f2e3cd511e23a', > > > > that script line is not rewritten by > default. > > > > (By the way, you can refer to the default > > rewriting > > > class > > > > here if you're interested in: > > > > > http://svn.apache.org/repos/asf/portals/applications/webcontent/trunk/webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/impl/DefaultReverseProxyLinkRewritingParserAaptor.java > > > > > ) > > > > > > > > If the redirecting script line is simple, > then > > you can > > > add > > > > a custom replace pattern in the reverse > proxy > > > configuration > > > > like the following example: > > > > > > > > > > > > > > proxy.reverse.pass.issues.rewriter.parserAdaptor.html.property.customPatterns > > > > = \\/otrs\\/customer\\.pl > > > > > > > > > > proxy.reverse.pass.issues.rewriter.parserAdaptor.html.property.customReplaces > > > > = /j2-admin/rproxy/otrs/otrs/customer.pl > > > > > > > > The above additional custom replace > > configuration > > > will > > > > replace every line having that regex > pattern. > > > > > > > > -Woonsan > > > > > > > > --- On Fri, 8/20/10, [email protected] > > > > <[email protected]> > > > > wrote: > > > > > > > > > From: [email protected] > > > > <[email protected]> > > > > > Subject: Re: SSO IFrame form > authentication > > > > > To: "Jetspeed Users List" <[email protected]> > > > > > Date: Friday, August 20, 2010, 8:19 PM > > > > > I am using > > > > > > > j2-admin::SSOReverseProxyIFramePortlet. I > > > also > > > > believe > > > > > I am > > > > > using the exact reverse properties as > the > > apache > > > > > example. I have > > > > > discovered one issue when accessing > directly > > in > > > that > > > > it > > > > > appears when I > > > > > enter > > > > > > > http://host.domain-name.com:8080/j2-admin/rproxy/otrs/otrs/customer.pl > > > , > > > > > > > > > > and login manually, I am redirected to > > > > > > > > > > > http://host.domain-name.com:8080/otrs/customer.pl?CSID=1047f4e2a54420bc329c4f2e3cd511e23a > > > > > > > > > > > > > > > and I get an HTTP 404 error. If I > > then > > > correct the > > > > > url and put the > > > > > j2-admin/rproxy/otrs back in, I get > the > > correct > > > page > > > > > rendered and I am > > > > > logged in. In any case, once I get > > logged > > > in and > > > > try > > > > > to drill down to an > > > > > incident link, I get an error trying to > load > > the > > > > javascript > > > > > because > > > > > something has changed the .js in the > link > > to > > > .html > > > > > Again, I am using the > > > > > apache example config for rewriting. > > > > > > > > > > # ... Set max matching path part count > > > > > > proxy.reverse.pass.maxMatchingPathPartCount > > = 2 > > > > > > > > > > # ... Sets detail attributes for > apache > > path > > > mapping > > > > > proxy.reverse.pass = otrs > > > > > proxy.reverse.pass.otrs.local = /otrs/ > > > > > proxy.reverse.pass.otrs.remote = http://host.domain-name.com/ > > > > > proxy.reverse.pass.otrs.rewriter.basic > = > > > > > > > > > > > > > > > org.apache.portals.applications.webcontent.rewriter.WebContentRewriter > > > > > > > proxy.reverse.pass.otrs.rewriter.parserAdaptor = > > > html > > > > > > > > > proxy.reverse.pass.otrs.rewriter.parserAdaptor.html = > > > > > > > > > > > > > > > > > > > org.apache.portals.applications.webcontent.proxy.impl.DefaultReverseProxyLinkRewritingParserAaptor > > > > > > > > > > > > > > > proxy.reverse.pass.otrs.rewriter.parserAdaptor.html.mimeType > > > > > = text/html > > > > > > > > > > > > > > > proxy.reverse.pass.otrs.rewriter.parserAdaptor.html.property.lookUpAllMappings > > > > > > > > > > = true > > > > > > > > > > Thanks, MikeB > > > > > > > > > > Mike Ballard > > > > > Director of Internet Development and > > Networking > > > > > O'Reilly Auto Parts > > > > > (417) 874-7107 Ofc > > > > > (417) 838-0271 Cell > > > > > > > > > > This message is protected by the > Electronic > > > > Communications > > > > > Privacy Act, 18 > > > > > USCS § 2510 et seq., and may not be > used, > > copied > > > or > > > > > forwarded without the > > > > > consent of the named recipient(s). > > The > > > information > > > > > contained in this > > > > > message is confidential, is intended > only > > for the > > > use > > > > of > > > > > the individual or > > > > > entity named. If the reader of this > > message > > > is not > > > > > the intended > > > > > recipient, you are hereby notified that > any > > > > dissemination, > > > > > distribution or > > > > > copying of this communication is > strictly > > > > prohibited. > > > > > If you have > > > > > received this communication in error, > > please > > > notify > > > > me > > > > > immediately at > > > > > 417-874-7107. > > > > > > > > > > > > > > > > > > > > From: > > > > > Woonsan Ko <[email protected]> > > > > > To: > > > > > Jetspeed Users List <[email protected]> > > > > > Date: > > > > > 08/20/2010 12:55 PM > > > > > Subject: > > > > > Re: SSO IFrame form authentication > > > > > > > > > > > > > > > > > > > > Regarding the problem of javascript > link > > ending > > > in .js > > > > to > > > > > .html, with > > > > > which portlet do you meet the problem? > > > > > j2-admin::SSOReverseProxyIFramePortlet, > > > > > > > > > > j2-admin::SSOFormBasedAuthReverseProxyIFramePortlet, > > > > > j2-admin::SSOIFramePortlet, > > > > j2-admin::SSOWebContentPortlet, > > > > > or > > > > > j2-admin::SSOProxyPortletPortlet? > > > > > > > > > > j2-admin::SSOReverseProxyIFramePortlet > and > > > > > > > > > j2-admin::SSOFormBasedAuthReverseProxyIFramePortlet > > > > only > > > > > are using the > > > > > reverse proxy service. > > > > > > > > > > If you are using those reverse proxy > > portlets, > > > then > > > > how's > > > > > the rewriter > > > > > configurations for the reverse proxy > pass > > mapping > > > in > > > > > > > /j2-admin/WEB-INF/conf/reverseproxy.properties? > > > > > I'd like to recommend you to use the > > default > > > > configuration > > > > > like the apache > > > > > example: > > > > > > > > > > # ... Sets detail attributes for > apache > > path > > > mapping > > > > > proxy.reverse.pass.apache.local = > /apache/ > > > > > proxy.reverse.pass.apache.remote = http://apache.org/ > > > > > > proxy.reverse.pass.apache.rewriter.basic = > > > > > > > > > > > > > > > org.apache.portals.applications.webcontent.rewriter.WebContentRewriter > > > > > > > proxy.reverse.pass.apache.rewriter.parserAdaptor > > > = > > > > html > > > > > > > > > proxy.reverse.pass.apache.rewriter.parserAdaptor.html > > > > = > > > > > > > > > > > > > > > org.apache.portals.applications.webcontent.proxy.impl.DefaultReverseProxyLinkRewritingParserAaptor > > > > > > > > > > > > > > > proxy.reverse.pass.apache.rewriter.parserAdaptor.html.mimeType > > > > > = text/html > > > > > > > > > > > > > > > proxy.reverse.pass.apache.rewriter.parserAdaptor.html.property.lookUpAllMappings > > > > > > > > > > = true > > > > > > > > > > With the default example above, the > > rewriting > > > xml > > > > rule > > > > > files such as > > > > > default-rewriter-rules.xml and > > > rewriter-rules-mapping > > > > do > > > > > not play any role > > > > > with reverse proxying portlets. > > > > > > > > > > The last example in the configuration > file > > still > > > uses > > > > the > > > > > Neko and Sax > > > > > parser adaptor configuation, which was > > provided > > > for > > > > the old > > > > > web content > > > > > portlets. However, it turns out to be > less > > useful > > > in > > > > this > > > > > reverse proxy > > > > > portlets. (The old rewriting xml rules > were > > > mainly > > > > for > > > > > rewriting urls to > > > > > portlet urls, while reverse proxy > service > > is > > > just > > > > another > > > > > servlet-based > > > > > solution with integration to portlet, > > meaning the > > > url > > > > > rewriting doesn't > > > > > need to be that complex any more.) > > > > > > > > > > One more tip is that you could test > the > > reverse > > > > proxying by > > > > > navigating the > > > > > proxied urls directly. > > > > > So, for example, if http://www.yourdomain.com/orders/ is mapped to > > > > > /j2-admin/rproxy/yourdomain/orders/, > then > > you > > > can > > > > browse > > > > > directly to > > > > > http://localhost:8080/j2-admin/rproxy/yourdomain/orders/. > > > > > You can see what > > > > > happens for rewriting problems with > this > > direct > > > > access. > > > > > > > > > > HTH, > > > > > > > > > > Woonsan > > > > > > > > > > --- On Fri, 8/20/10, [email protected] > > > > > <[email protected]> > > > > > > > > > > wrote: > > > > > > > > > > > From: [email protected] > > > > > <[email protected]> > > > > > > Subject: Re: SSO IFrame form > > authentication > > > > > > To: "Jetspeed Users List" <[email protected]> > > > > > > Date: Friday, August 20, 2010, > 6:55 PM > > > > > > Good to know. So I have rebuilt > > > > > > my site on 2.2.1 and it seems to > be > > > > > > stable, unlike the previous > > implementation > > > on > > > > Derby. > > > > > > Not sure if that's > > > > > > an indication of a problem with > 2.2.1 > > & > > > > Derby, or > > > > > just > > > > > > a local issue. My > > > > > > remaining issue is the rewrite in > the > > > reverse > > > > proxy > > > > > portlet > > > > > > is changing a > > > > > > javascript link ending in .js to > .html > > > > > Any > > > > > ideas? > > > > > > > > > > > > > > > > > > > > > > > > From: > > > > > > Woonsan Ko <[email protected]> > > > > > > To: > > > > > > Jetspeed Users List <[email protected]> > > > > > > Date: > > > > > > 08/20/2010 11:50 AM > > > > > > Subject: > > > > > > Re: SSO IFrame form > authentication > > > > > > > > > > > > > > > > > > > > > > > > I believe the pages can be simply > > copied > > > because > > > > I > > > > > cannot > > > > > > find anything to > > > > > > watch with psml pages either. > > > > > > By the way, you can copy those > pages > > into > > > any > > > > other > > > > > folder > > > > > > by configuring > > > > > > the path in > > > > > > /jetspeed/WEB-INF/conf/override.properties. > > For > > > > > > example, > > > > > > > > > > > > # default path to (XML) PSML > pages > > root > > > folder > > > > > > psml.pages.path = > > > > > > > > ${applicationRoot}/WEB-INF/migrated_pages > > > > > > > > > > > > Regards, > > > > > > > > > > > > Woonsan > > > > > > > > > > > > --- On Fri, 8/20/10, [email protected] > > > > > > <[email protected]> > > > > > > > > > > > > wrote: > > > > > > > > > > > > > From: [email protected] > > > > > > <[email protected]> > > > > > > > Subject: Re: SSO IFrame form > > > authentication > > > > > > > To: "Jetspeed Users List" > <[email protected]> > > > > > > > Date: Friday, August 20, > 2010, > > 3:05 PM > > > > > > > I have installed 2.2.1 with > MySQL > > and > > > > > > > I now need to move my pages > and > > > > > > > layouts from the 2.2.0 > > installation. > > > > Given > > > > > that > > > > > > my > > > > > > > previous 2.2.1 > > > > > > > installation on Derby is > defunct, > > is > > > there > > > > > anything I > > > > > > > should watch out for > > > > > > > this time? Can I simply > copy > > the > > > psml's > > > > > from > > > > > > the > > > > > > > 2.2.0 directories to the > > > > > > > 2.2.1 > > directories? I > > > have not > > > > > seen a > > > > > > > migration guide to address > this > > > > > > > need. > > > > > > > > > > > > > > > > > > > > > > > > > > > > From: > > > > > > > Woonsan Ko <[email protected]> > > > > > > > To: > > > > > > > Jetspeed Users List <[email protected]> > > > > > > > Date: > > > > > > > 08/18/2010 12:35 PM > > > > > > > Subject: > > > > > > > Re: SSO IFrame form > > authentication > > > > > > > > > > > > > > > > > > > > > > > > > > > > Hi, > > > > > > > > > > > > > > I haven't heard of that > > preferences > > > data > > > > problem > > > > > yet > > > > > > in > > > > > > > 2.2.1. > > > > > > > IMHO, It could help to > localize > > the > > > problems > > > > if > > > > > you > > > > > > test > > > > > > > against other > > > > > > > databases > > > > > > > like PostgreSQL or MySQL. > > > > > > > On the other hand, I think > you > > could > > > deploy > > > > > newer > > > > > > > j2-admin.war and > > > > > > > apa-webcontent.war which > were > > included > > > in > > > > 2.2.1. > > > > > > > > > > > > > > -Woonsan > > > > > > > > > > > > > > > > > > > > > ----- Original Message ---- > > > > > > > > From: "[email protected]" > > > > > > > <[email protected]> > > > > > > > > To: Jetspeed Users List > > <[email protected]> > > > > > > > > Sent: Wed, August 18, > 2010 > > 6:10:25 > > > AM > > > > > > > > Subject: Re: SSO IFrame > form > > > > authentication > > > > > > > > > > > > > > > > Well, here's the rub. > > I > > > believe the > > > > > > > SSOReverseProxyIFramePortlet > is > > new > > > > > > > > > > > > > > > in 2.2.1, which is where > I > > was > > > when I > > > > first > > > > > > posted, > > > > > > > however, I found > > > > > > > that > > > > > > > > my configuration kept > > getting > > > > scrambled, so > > > > > I > > > > > > reverted > > > > > > > to 2.2.0 I will > > > > > > > > try your suggestion on > 2.2.1, > > but > > > I > > > > will > > > > > have to > > > > > > > address the scrambling > > > > > > > > issue. What is > > happening is > > > > > this. I > > > > > > have > > > > > > > cloned the IFramePortlet > > > > > > > > several times and > configured > > each > > > for > > > > > different > > > > > > static > > > > > > > content being > > > > > > > > served from apache2. > I > > have > > > avoided > > > > > setting > > > > > > any > > > > > > > user preferences, and, > > > > > > > > > > > > > > > instead, set the > preferences > > for > > > each > > > > clone > > > > > in > > > > > > the > > > > > > > PAM portlet. > > > > > > > Everything > > > > > > > > worked fine. Then > after > > a > > > few hours, > > > > > the > > > > > > > IFramePortlet content was all > > > > > > > > > > > > > > > > mixed up. For > instance, > > the > > > portlet > > > > on > > > > > > > > > > > > page 1 would be showing the > > > > > > > > content I had configured > for > > the > > > > portlet on > > > > > page > > > > > > > > > > > > > 2 and so on. I went > > > > > > > into > > > > > > > > PAM and corrected the > > preferences > > > to > > > > what > > > > > > they > > > > > > > should be and assumed I > > > > > > > was > > > > > > > > ok, but the next > morning > > things > > > were > > > > > > scrambled > > > > > > > again. I did some > > > > > > > queries > > > > > > > > in the derby db and it > > > appears they > > > > > are > > > > > > wrong > > > > > > > there. I don't know if > > > > > > > this > > > > > > > > is a portlet id issue or > an > > > indexing > > > > > > problem or > > > > > > > what, but I need a > > > > > > > > resolution before I can > > proceed to > > > > > > > > 2.2.1 > > > > > > > Of course, I have the exact > > > > > > > same > > > > > > > > configuration in 2.2.0 > and > > > am having > > > > > no > > > > > > problem > > > > > > > there, but I also have > > > > > > > no > > > > > > > > SSOReverseProxyIFrame > > there. > > > > > > > > Any > > > > > > ideas? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > From: > > > > > > > > David Sean Taylor <[email protected]> > > > > > > > > To: > > > > > > > > Jetspeed Users List > > <[email protected]> > > > > > > > > Date: > > > > > > > > 08/17/2010 07:19 PM > > > > > > > > Subject: > > > > > > > > Re: SSO IFrame form > > > authentication > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Tue, Aug 17, 2010 > at > > 1:40 > > > PM, > > > > > > <[email protected]> > > > > > > > > > > > > > wrote: > > > > > > > > > How did your > testing > > > go? I > > > > > compared > > > > > > SSO > > > > > > > Webcontent (which works, > > > > > > > sort > > > > > > > > of) > > > > > > > > > to SSO IFrame > classes > > and I > > > see a > > > > > method > > > > > > > for preemptive login in > the > > > > > > > > > webcontent class > but no > > > reference > > > > at > > > > > all in > > > > > > > the SSO IFrame class. > > > > > > > Does > > > > > > > > > this just mean it > is > > being > > > done > > > > > > > differently, or is something > amiss > > in > > > > > > > > > > > > > > > the > > > > > > > > > SSO IFrame > class? > > > > > > > > > > > > > > > > There are two SSOIFrame > > classes: > > > > > > > > > > > > > > > > 1. SSOIFramePortlet > > > > > > > > 2. > > > SSOReverseProxyIFramePortlet > > > > > > > > > > > > > > > > Suggest using the second > one, > > > > > > > > > SSOReverseProxyIFramePortlet > as > > it > > > gives > > > > > > > > you features not > available in > > the > > > > > > > > older > > > > > > > SSOIFramePortlet such as > > > > > > > > auto-resizing and > form-based > > > > authentication > > > > > > > > > > > > (what you are after) > > > > > > > > > > > > > > > > I tested with > > > > SSOReverseProxyIFramePortlet > > > > > and > > > > > > > it worked in the > > > > > > > > example that comes with > > Jetspeed, > > > but > > > > it > > > > > takes a > > > > > > > little bit of > > > > > > > > configuration. > > > > > > > > > > > > > > > > First, ensure your > Tomcat > > will > > > need > > > > this > > > > > > > attribute set in the > > > > > > > > <Connector> > element of > > > > > > > server.xml: > > > > > > > > > > > > > > > > emptySessionPath="true" > > > > > > > > > > > > > > > > more detail here: > > > > > > > > > > > > > > > > http://portals.apache.org/applications/webcontent/index.html > > > > > > > > > > > > > > > > If you had to change > > > server.xml > > > > > setting, > > > > > > then > > > > > > > restart your server > > > > > > > > > > > > > > > > I took these steps to > > verify > > > SSO > > > > with > > > > > the > > > > > > > example form-based login > > > > > > > > that comes with > > Jetspeed: > > > > > > > > > > > > > > > > 1. login as admin > > > > > > > > 2. navigate to the > Jetspeed > > > > Administration > > > > > > > space, SSO Management page, > > > > > > > > or just go here: > > > > > > > > > > > > > > > > > > http://localhost:8080/jetspeed/ui/Administrative/sso-admin.psml > > > > > > > > > > > > > > > > Add a new Site with > > > following > > > > > parameters: > > > > > > > > > > > > > > > > Site Name: Form Example > > > > > > > > Site URL: > > http://localhost:8080/j2-admin/examples/formauth.jsp > > > > > > > > Field name for User > > ID: > > > user > > > > > > > > Field name For Password > > value: > > > pass > > > > > > > > > > > > > > > > Press Save > > > > > > > > > > > > > > > > Add a new credential > > for > > > this site > > > > in > > > > > the > > > > > > > portlet on the right side > > > > > > > > (SSO Details): > > > > > > > > > > > > > > > > Portal > > > Principal: admin > > > > > > > > Remote > > > Principal: admin > > > > > > > > Remote Credential: > admin > > > > > > > > > > > > > > > > Press Add > > > > > > > > > > > > > > > > You can verify > > that > > > the remote > > > > > > credential > > > > > > > was added for the admin > > > > > > > > user by going here: > > > > > > > > > > > > > > > > http://localhost:8080/jetspeed/ui/my-account.psml > > > > > > > > > > > > > > > > see the portlet on > the > > right > > > "SSO > > > > > Change > > > > > > > Passwords", a remote site > > > > > > > > entry should be there > > named > > > "Form > > > > > Example" > > > > > > > > > > > > > > > > Next, you can use the > Toolbox > > to > > > find > > > > the > > > > > > > Reverse Proxy Iframe Portlet > > > > > > > > by searching on "iframe" > and > > then > > > > selecting > > > > > it > > > > > > > from there and adding > > > > > > > > to a page. To make > things > > simple, > > > I > > > > just > > > > > added a > > > > > > > page and then added > > > > > > > > the Reverse Proxy > Iframe > > Portlet > > > there. > > > > At > > > > > first > > > > > > this > > > > > > > portlet seems to > > > > > > > > want to use Basic > > Authentication, > > > so > > > > just > > > > > hit > > > > > > cancel > > > > > > > when challenged. > > > > > > > > I then switched to edit > mode > > > (pencil > > > > icon), > > > > > and > > > > > > > entered the following > > > > > > > > preferences: > > > > > > > > > > > > > > > > TITLE: My SSO Test > > > > > > > > SRC: http://localhost:$ > > > > > > > > > {serverPort}${contextPath}/examples/formauth.jsp > > > > > > > > > > > > > > > > Press Save > > > > > > > > > > > > > > > > You should see in your > > portlet > > > content > > > > > something > > > > > > > > > > > > > like: > > > > > > > > > > > > > > > > "Hello, admin. You have > been > > > authorized > > > > by > > > > > > > form-based authentication > > > > > > > !!!" > > > > > > > > > > > > > > > > Give that a try and see > if > > it > > > works. > > > > Then, > > > > > move > > > > > > on > > > > > > > to your specific > > > > > > > > IFrame source and let us > know > > how > > > it > > > > > > goes... > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > > > > To unsubscribe, > e-mail: > > > > > > > [email protected] > > > > > > > > For additional > > commands, > > > e-mail: > > > > > > [email protected] > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > This message has been > > > scanned for > > > > > viruses > > > > > > and > > > > > > > > dangerous content by > > MailScanner, > > > > > > > and > > > > > is > > > > > > > > believed to be clean > > > > > > > (mailgw2:E659D1E6FC.D1395). > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > This communication and > any > > > > attachments > > > > > are > > > > > > > confidential, protected by > > > > > > > > Communications Privacy > Act > > > 18 USCS > > > > § > > > > > > 2510, > > > > > > > solely for the use of the > > > > > > > > intended recipient, and > may > > > contain > > > > > > legally > > > > > > > privileged material. If you > > > > > > > > > > > > > > > are not the intended > > recipient, > > > please > > > > > > > > > > return or > > > > > > > destroy it > > > > > > > immediately. > > > > > > > > Thank you. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > > > To unsubscribe, e-mail: > > > [email protected] > > > > > > > For additional commands, > e-mail: > > > [email protected] > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > This message has been scanned > for > > > viruses > > > > and > > > > > > > dangerous content by > MailScanner, > > and > > > is > > > > > > > believed to be clean > > > > (mailgw2:9902C1E701.B0EA8). > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > This communication and any > > attachments > > > are > > > > > > confidential, > > > > > > > protected by > > > > > > > Communications Privacy Act 18 > USCS > > § > > > 2510, > > > > > solely for > > > > > > the > > > > > > > use of the > > > > > > > intended recipient, and may > > contain > > > legally > > > > > > privileged > > > > > > > material. If you > > > > > > > are not the intended > recipient, > > please > > > > return or > > > > > > destroy it > > > > > > > immediately. > > > > > > > Thank you. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > > To unsubscribe, e-mail: > > [email protected] > > > > > > For additional commands, e-mail: > > > [email protected] > > > > > > > > > > > > > > > > > > -- > > > > > > This message has been scanned for > > viruses > > > and > > > > > > dangerous content by MailScanner, > and > > is > > > > > > believed to be clean > > > > (mailgw2:8B04D2A000C.7088C). > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > This communication and any > attachments > > are > > > > > confidential, > > > > > > protected by > > > > > > Communications Privacy Act 18 USCS > § > > 2510, > > > > solely for > > > > > the > > > > > > use of the > > > > > > intended recipient, and may > contain > > legally > > > > > privileged > > > > > > material. If you > > > > > > are not the intended recipient, > please > > > return or > > > > > destroy it > > > > > > immediately. > > > > > > Thank you. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: [email protected] > > > > > For additional commands, e-mail: > > [email protected] > > > > > > > > > > > > > > > -- > > > > > This message has been scanned for > viruses > > and > > > > > dangerous content by MailScanner, and > is > > > > > believed to be clean > > (mailgw2:792FC1E702.4691D). > > > > > > > > > > > > > > > > > > > > > > > > > This communication and any attachments > are > > > > confidential, > > > > > protected by > > > > > Communications Privacy Act 18 USCS § > 2510, > > > solely for > > > > the > > > > > use of the > > > > > intended recipient, and may contain > legally > > > > privileged > > > > > material. If you > > > > > are not the intended recipient, please > > return or > > > > destroy it > > > > > immediately. > > > > > Thank you. > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [email protected] > > > > For additional commands, e-mail: [email protected] > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [email protected] > > > For additional commands, e-mail: [email protected] > > > > > > > > > -- > > > This message has been scanned for viruses and > > > dangerous content by MailScanner, and is > > > believed to be clean > (mailgw2:EE2E12A000A.92659). > > > > > > > > > > > > > > > This communication and any attachments are > > confidential, > > > protected by > > > Communications Privacy Act 18 USCS § 2510, > solely for > > the > > > use of the > > > intended recipient, and may contain legally > > privileged > > > material. If you > > > are not the intended recipient, please return or > > destroy it > > > immediately. > > > Thank you. > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean (mailgw2:2DDC92A000B.D7312). > > > > > > > > > > This communication and any attachments are > confidential, > > protected by > > Communications Privacy Act 18 USCS § 2510, solely for > the > > use of the > > intended recipient, and may contain legally > privileged > > material. If you > > are not the intended recipient, please return or > destroy it > > immediately. > > Thank you. > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
