Hi, I'm trying out the JBoss SSO and got stuck with cross domain SSO setup. I wonder if anyone can point out what I was doing wrong.
I am running two JBoss instances on the local box, with JBoss config name "sso-site1" and "sso-site2". For sso-site2, I've changed all the ports it uses by prefixing them with a 1 so they are in the 10000-19999 range. I am accessing the two sites using www.ssosite1.com:8080 and www.ssosite2.com:18080 after updating the Windows host file. I also dropped the jboss-sso.sar and jboss-federation-server-exploded.ear to the deploy directory of both sites. I then deployed ssoapp1 and ssoapp2 to sso-site1 and sso-site2, respectively. Below are the settings of various files. For ssoapp1, it uses "site1" in various places as mentioned below. For ssoapp2, it uses "site2" wherever "site1" is used in ssoapp1. jboss-sso.sar/conf/sso.cfg.xml | <login> | <provider id="si:myconmpany:site1:login" class="org.jboss.security.idm.demo.DemoLoginProvider"/> | </login> | | <sso-processor> | <processor class="org.jboss.security.saml.JBossSingleSignOn"> | <property name="trustServer">http://www.ssosite1.com:8080/federate/trust</property> | </processor> | </sso-processor> | | JBoss conf/login-config.xml | <application-policy name="ssodemo-site1"> | <authentication> | <login-module code="org.jboss.security.idm.UsernameAndPasswordLoginModule" flag="required"> | <module-option name="unauthenticatedIdentity">guest</module-option> | <module-option name="password-stacking">useFirstPass</module-option> | <module-option name="authenticatedRoles">Authenticated,RegisteredUsers</module-option> | <module-option name="provider">si:myconmpany:site1:login</module-option> | </login-module> | </authentication> | </application-policy> | jboss-federation-server.sar/conf/server.cfg.xml | <federation-server> | <partners> | <partner domain="ssodemo-site1" server="http://www.ssosite1.com:8080/federate"/> | <partner domain="ssodemo-site2" server="http://www.ssosite2.com:18080/federate"/> | </partners> | </federation-server> | WEB-INF/Context.xml | <Context> | <!-- a federation routing valve --> | <Valve className="org.jboss.security.valve.SSOFederationRouter" /> | <Valve className="org.jboss.security.valve.SSOAutoLogout" logoutURL="/ssoapp1/close_session.jsp" /> | | <Valve className="org.jboss.security.valve.SSOTokenManager" assertingParty="ssodemo:site1" /> | | <Valve className="org.jboss.security.valve.SSOAutoLogin" authType="BASIC" provider="si:mycompany:site1:login" /> | </Context> | WEB-INF/jboss-web.xml | <security-domain>java:/jaas/ssodemo-site1</security-domain> | WEB-INF/web.xml | <security-constraint> | <display-name>protected resources</display-name> | <web-resource-collection> | <web-resource-name>protected contents</web-resource-name> | <url-pattern>/protected/*</url-pattern> | </web-resource-collection> | <auth-constraint> | <role-name>Authenticated</role-name> | </auth-constraint> | </security-constraint> | <login-config> | <auth-method>BASIC</auth-method> | <realm-name>SSO Authentication App1 @ Site1</realm-name> | </login-config> | <security-role> | <role-name>Authenticated</role-name> | </security-role> | I think I've connected all the dots. The login worked okay. Once login, I can see the SAML token in the cookie. However, when I click a link to jump from site1 to site2 (or vise versa), the SAML token is not restored and therefore, I am getting the login prompt again. Any idea what is missing? Thanks in advance. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4161637#4161637 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4161637 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user