I want to use SSO jbpm 6.2 via CAS server 4.0.0 (and cas is running on tomcat) but i don't know how to do it. I searched on google but i can't find how to config wildfly of jbpm 6.2 with CAS server.
Please help me, thank you for your help !
I have no expirience with CAS but this tutorial helped me set up jbpm 6.1 with WSO2 Identity Manager.
http://riyazmsm.blogspot.mx/2014/05/jbpm-60-sso-integration-with-wso2.html
It might not be the same but this can put you on the right track since CAS can also handle SAML. Wildfly uses picketlink to handle security federation, reading the docs will be helpful on your journey.
Related
I am very new in this IAM and SSO area. I am trying to setup CAS server which support SAML1.1, I have gone through cas v5.3 documentation and followed the instruction there but still I am not able to setup CAS server with SAML1.1 support.
I am looking for any documentation which can help me to do so that would be great as I am not sure how I can enable SAML 1.1 support.
I followed official documentation from : https://docs.wso2.com/display/IS541/Integrating+WSO2+Identity+Server+with+Liferay to Login in my Liferay Portal with wso2is user, but it not work for me in wso2is-5.4.1 and liferay6.2ga6. When I try login, liferay's log print "Primary URL :https://wso2is.local:9443/services/Secondary URL :null" but no call to wso2is server is done.
I added this lines into my portal-ext.properties :
auth.pipeline.pre=org.wso2.liferay.is.authenticator.WSO2ISAuthenticator auth.pipeline.enable.liferay.check=false wso2is.auth.service.endpoint.primary=https://wso2is.local:9443/services/ wso2is.auth.thrift.endpoint=localhost wso2is.auth.thrift.port=10500 wso2is.auth.thrift.connection.timeout=10000 wso2is.auth.thrift.admin.user=admin wso2is.auth.thrift.admin.user.password=admin wso2is.auth.thrift.endpoint.login=https://wso2is.local:9443/ wso2is.auth.thrift.system.trusstore=/wso2is-5.4.1/repository/resources/security/wso2carbon.jks wso2is.auth.thrift.system.trusstore.password=wso2carbon
Is there something wrong?
Unfortunately, a lot of the WSO2 documentation is very crufty, containing articles that have been pulled forward from previous versions of the documentation without regression testing on the use cases they present. In short, there's stuff in the documentation that plain doesn't work. If you look at the bottom of the article you'll see the following:
Please note that the above configuration is tested with Liferay 6.1.1
and WSO2 Identity 3.2.3/4.0.0.
I recall I tested this a long time ago, and determined that it wouldn't work with the current version, but that was so long ago that I can't remember why. In any case, the approach presented for integrating Liferay was offered at a time where Liferay didn't have the ability to use standardized authentication protocols like SAML. Now that it does, you probably want to do it in a standards compliant manner instead of using an authentication interface Liferay only promotes using for proprietary authentication systems.
My suggestion is that if you are using Liferay portal enterprise with LDAP that you use the built-in SAML connector. If you aren't using Enterprise, there are some compatible authenticator extensions in the extensions store that will also integrate with Liferay. If you configure Liferay to be a client against WSO2 and then integrate Liferay to LDAP on the backend, it also allows Liferay to be used as a user dashboard instead of the jaggery based one that comes in the product.
We are using WSO2 Identity Server for user authentication.
We have upgraded from WSO2 IS 5.2.0 version to WSO2 IS 5.3.0.
We are using the IWA (Integrated Windows Authentication) for user authentication for our applications.
In WSO2 5.3.0 version we do not see the option to select IWA under the Authentication Type “Local Authentication” while registering the application under “Service Provider”. This option was available in WSO2 IS 5.2.0 and we were able to use it properly.
Can you please let us know if this feature is deprecated or disabled in the WSO2 IS 5.3.0 version? Please let us know the steps to enable IWA in WSO2 IS 5.3.0
From IS 5.3.0 onwards we moved to Kerberos based IWA Authentication. The motive behind this decision was to overcome the limitations faced in NTLM based IWA.
To mention a few, NTLM based IWA forced the WSO2 Identity Server to be run on Windows and the AD was required to plugged in as the primary user store.
To read more about IWA Authentication using Kerberos please refer this blog.
So to answer,
Can you please let us know if this feature is deprecated or disabled
in the WSO2 IS 5.3.0 version? Please let us know the steps to enable
IWA in WSO2 IS 5.3.0
Yes, we deprecated the NTLM based IWA Authenticator in IS 5.3.0. However, for the benefit of the users preferring to use the NTLM based authenticator we have the tag compatible with IS 5.3.0.
You can build the tag and drop the authenticator jar to IS_HOME/repository/components/dropins. Then you should be able to see the authenticator listed under local authenticators and use it as in IS 5.2.0
Are you sure it is activated in your installed instance :
Open the <wso2is_home>/repository/conf/security/authenticators.xml file and add the following lines inside the <Authenticators> tag.
<Authenticator name="IWAUIAuthenticator" disabled="false">
<Priority>5</Priority>
</Authenticator>
Source : https://docs.wso2.com/display/IS530/Configuring+IWA+Single-Sign-On
Jeff
I'm newbie to liferay 7,I want to integrate liferay 7 with CAS without ldap.
my liferay's version is DXP, CAS server's version is 4.0.0.
I have installed liferay on localhost:8080,CAS server is on one of my server machine over ssl.
I have successfully integrated CAS. After this I have configured CAS authentication in liferay that is in Configuration->Instance Setting->Authentication under this CAS tab.
When I try to login im getting following url:
http://localhost:8080/?ticket=ST-23-d3Dvgf5h56Fa3ptUf5wEc-cas01.example.org
Although ticket is generating,but I'm not able to access admin panel.
Please help, Thanks
I have followed all the instructions in this manual
https://web.liferay.com/web/nidhi.singh/blog/-/blogs/liferay-intregation-with-cas-and-ldap
and everything works perfectly!
I need to set up JBOSS EAP6 WebApp to integrate with Siteminder with IDP initiated SAML2 artifact binding.The current integration is using Form based header authentication. Siteminder is onPrem and JBOSS/App is in AWS. I have little visibility to the siteminder set up or it's requirement to integrate to JBOSS. I have a clarity on setting up the ServiceProvider in JBOSS for SSO and Single Log out with post binding.
My question are:
1. To integrate with an OnPrem Siteminder IDM, what components other than JBOSS and it's configurations are to be present in the server hosting JBOSS?
Something like a siteminder agent to be run in the server?
From a purely JBOSS perspective ,where does the JBOSS set up boundary starts?
I went through the net and could not find a conclusive list of components required to meet this integration.
2. Artifact binding is not supported by JBOSS EAP 6 per doc, so I must ask the IDM team to support SSO with post binding, correct?
Thank you in advance for your help.
You need to implemented your own JAAS security module. There is information on JBoss and CA websites on how to do this. This module will provide the authenication (user) and authorization (roles) to the applications deployed on JBoss. When developing I suggest setting the log level of org.jboss.security to trace.
It is picketlink that needs to be configured.Github has [examples][1]
[1]: https://github.com/jboss-developer/jboss-picketlink-quickstarts .
There is no need of siteminder agent if SP set up alone in the scope.
Also IDM team has to be requested to stick to POST Binding.
This covers the questions I asked.