New to JAVA. I developed Web application(JSP) successfully delpoyed on TOMCAT 6.0. Now the client want to use external SSO to authenticate users. As of now when the users are authenticated the website is displayed with Login Page where the user has to login again.
I am using the Login.jsp to bring the user roles from the SQLDB for Website.
What I want to accomplish now is when User is authenticated login.jsp should retrieve the credentials from the SSO and display the website thus accomplishing the purpose of Single sign on process.
I read a lot from this forum and other websites but kinda lost in the process.
Any help would be appreciated.
thank you
We developed a Tomcat extension (valve) which does just that. Basically you use standard J2EE security (role-ref etc) in your app and our Tomcat valve then acts as a bridge between Tomcat and our SSO platform. You can find out more at www.cloudseal.com
Of course you may not want to use our SSO platform :-( but you can still use our Tomcat valve and modify it to fit your needs. It's released under an Apache 2 license and you can grab the source from Github
Related
I followed official documentation from : https://docs.wso2.com/display/IS541/Integrating+WSO2+Identity+Server+with+Liferay to Login in my Liferay Portal with wso2is user, but it not work for me in wso2is-5.4.1 and liferay6.2ga6. When I try login, liferay's log print "Primary URL :https://wso2is.local:9443/services/Secondary URL :null" but no call to wso2is server is done.
I added this lines into my portal-ext.properties :
auth.pipeline.pre=org.wso2.liferay.is.authenticator.WSO2ISAuthenticator auth.pipeline.enable.liferay.check=false wso2is.auth.service.endpoint.primary=https://wso2is.local:9443/services/ wso2is.auth.thrift.endpoint=localhost wso2is.auth.thrift.port=10500 wso2is.auth.thrift.connection.timeout=10000 wso2is.auth.thrift.admin.user=admin wso2is.auth.thrift.admin.user.password=admin wso2is.auth.thrift.endpoint.login=https://wso2is.local:9443/ wso2is.auth.thrift.system.trusstore=/wso2is-5.4.1/repository/resources/security/wso2carbon.jks wso2is.auth.thrift.system.trusstore.password=wso2carbon
Is there something wrong?
Unfortunately, a lot of the WSO2 documentation is very crufty, containing articles that have been pulled forward from previous versions of the documentation without regression testing on the use cases they present. In short, there's stuff in the documentation that plain doesn't work. If you look at the bottom of the article you'll see the following:
Please note that the above configuration is tested with Liferay 6.1.1
and WSO2 Identity 3.2.3/4.0.0.
I recall I tested this a long time ago, and determined that it wouldn't work with the current version, but that was so long ago that I can't remember why. In any case, the approach presented for integrating Liferay was offered at a time where Liferay didn't have the ability to use standardized authentication protocols like SAML. Now that it does, you probably want to do it in a standards compliant manner instead of using an authentication interface Liferay only promotes using for proprietary authentication systems.
My suggestion is that if you are using Liferay portal enterprise with LDAP that you use the built-in SAML connector. If you aren't using Enterprise, there are some compatible authenticator extensions in the extensions store that will also integrate with Liferay. If you configure Liferay to be a client against WSO2 and then integrate Liferay to LDAP on the backend, it also allows Liferay to be used as a user dashboard instead of the jaggery based one that comes in the product.
I am having a Web Application running on tomcat and hosted on amazon, I want to add it as an SAML Service Provider which allows single sign on(SSO) in onelogin(https://www.onelogin.com/)
I have a free trial account in one login, and In Add App section I can see many applications like salesforce,aws and all but how can I add my own application there ?
I clicked on Suggest an App and and gave my application URL. Is there anyway I can add my own application as an SP in onelogin ?
You can use the SAML Test Connector. It works with any generic SAML Service Provider.
If you also need to add SAML support to your tomcat application, you should know that Tomcat does not have a SAML SP provider implementation itself, so you will need to add SAML support to the java application. For that you can use:
OIOSAML
spring security
java-saml
shibboleth (It requires also Apache).
We have a requirement where user needs to login to portal with CAS (but SAML way). User can also login via login portlet of liferay.
We have few apps hosted on Intranet and few on Extranet. When user is in our office network, he should be able to login to all the apps via SSO. This includes apps which are hosted on extranet as well.
To achive this we want to use SAML with CAS.
By doing some research I understand that in this case CAS would be my IDP i.e. Identity provider and my apps on extranet would be SP i.e. service provider
Any idea how to proceed with it?
Any help is appreciated.
I have to do the same thing but using a LDAP too ...
I'm following this cookbook to achieve that, the second chapter talks about Authentication and Registration Process
I hope this would be helpful!!
Following excellent article talks about SSO connection between one web application to wso2 IS through SAML2.0.
http://wso2.org/library/articles/2010/07/saml2-web-browser-based-sso-wso2-identity-server
My requirement is to connect multiple web applications through SSO with the wso2 IS. Can anyone give me some light on this how can I do that?
In another words if I login to any one of those webapp I can navigate to other webapps by clicking on the links available on the first webapp without relogin.
Yes. This is possible with WSO2 IS..You can refer this for more information where you can find IS as the IDP for all the webapps...
In our current setup we have about a dozen web applications that deploy to a single Tomcat server. One of these applications is CAS which is used for all authorization.
This works pretty well and in our jRuby web application we use the rubycas-client gem, point to CAS and we're done.
Now we have a requirements where, in a Java component, we need to be able to call out to another web application via a rest service that resides on the same server. My first thought was to use CAS proxy tickets but the web application we have to hit currently doesn't have this enabled and, due to the nature of the environment, this cannot be changed.
So as far as I can tell we're left trying to impersonate the user by using an iframe in our web application that points to the other one (we're all on the same domain and server) and scrape its sessionid for impersonation and pass it down to the Java layer. But I really, really don't want to do this.
Am I missing anything? Is there any better ways of doing this? Is there a way to get the sessionid without an iframe maybe?
Thanks!
If you want to call a web service from a web application using CAS identity, you certainly should use the CAS proxy feature.
If you can't cassify your web service, there is another option for you : you could use the Apache module for CAS : https://wiki.jasig.org/display/CASC/mod_auth_cas.