Added by Sebastian Gonzalez Oyuela, last edited by Sebastian Gonzalez Oyuela on Jan 16, 2009  (view change)

Labels:

Enter labels to add to this page:
Wait Image 
Looking for a label? Just start typing.

Introduction

This guide will explain how to integrate your own user and roles database with JOSSO, using basic authentication to validate user identity. It provides a specific example but you could use other persistence mechanism and data structure. Make sure that the required JDBC driver is deployed in the gateway. If you branded the gateway, you can add the resource to your custom gateway project.

Create the user and roles database schema

Using your own data structure
If you already have your own database schema, this step is not required.
You should instead modify the SQL queries in the Identity Store configuration so that user and roles can be obtained.

Lets assume that you don't have a user and role tables. We must then create 3 tables :

  • JOSSO_USER : contains all the users that will be able to sign-on.
  • JOSSO_ROLE : contains all the roles to which users can be associated.
  • JOSSO_USER_ROLE : contains the roles associated with each user.
  • JOSSO_USER_PROPERTY : contains additional properties of the user, like personal data, etc. .

Lets have a look at the ER Diagram :

Download DDLs
You can download sample DLLs for identity and other stores here. Pick the DDLs that best suite your RDMBS.
In this sample we will only need the sso.sql DDL because we are using memory session and assertion stores.

The DDL SQL scripts should look like the following :

josso-ddl.sql
CREATE TABLE JOSSO_ROLE (
       NAME                 VARCHAR2(16) NOT NULL,
       DESCRIPTION          VARCHAR2(64) NULL
);

ALTER TABLE JOSSO_ROLE
       ADD  ( PRIMARY KEY (NAME) ) ;

CREATE TABLE JOSSO_USER (
       LOGIN                VARCHAR2(16) NOT NULL,
       PASSWORD             VARCHAR2(20) NOT NULL,
       NAME                 VARCHAR2(64) NULL,
       DESCRIPTION          VARCHAR2(64) NULL
);

ALTER TABLE JOSSO_USER
       ADD  ( PRIMARY KEY (LOGIN) ) ;


CREATE TABLE JOSSO_USER_PROPERTY (
       LOGIN                VARCHAR2(16) NOT NULL,
       NAME                 VARCHAR2(255) NOT NULL,
       VALUE                VARCHAR2(255) NOT NULL
);

ALTER TABLE JOSSO_USER_PROPERTY
       ADD  ( PRIMARY KEY (LOGIN, NAME) ) ;

CREATE TABLE JOSSO_USER_ROLE (
       LOGIN                VARCHAR2(16) NOT NULL,
       NAME                 VARCHAR2(255) NOT NULL
);

ALTER TABLE JOSSO_USER_ROLE
       ADD  ( PRIMARY KEY (LOGIN, NAME) ) ;

ALTER TABLE JOSSO_USER_PROPERTY
       ADD  ( FOREIGN KEY (LOGIN)
                             REFERENCES JOSSO_USER ) ;

ALTER TABLE JOSSO_USER_ROLE
       ADD  ( FOREIGN KEY (NAME)
                             REFERENCES JOSSO_ROLE ) ;

ALTER TABLE JOSSO_USER_ROLE
       ADD  ( FOREIGN KEY (LOGIN)
                             REFERENCES JOSSO_USER ) ;

Execute this DDL in your database.

Create sample Users and Roles

After you finished creating the database schema, add sample user and role records. These users should be able to sign-on to JOSSO.

We'll create three roles :

  • role1
  • role2
  • role3

We'll create two users and associate them to the created roles :

  • user1: which will be part of the 'role1' and 'role2' roles.
  • user2: which will be part of the 'role3' role.

We'll associate three properties to the two just created users :

  • user.name: which will hold the first name of the user.
  • user.lastName: which will hold the lastname of the user.
  • user.registrationDate: which will hold when the user registred.

Lets look ad the DML script to do this :

josso-users.sql
INSERT INTO JOSSO_ROLE (NAME,DESCRIPTION) VALUES('role1','The Role1');

INSERT INTO JOSSO_ROLE (NAME,DESCRIPTION) VALUES('role2','The Role2');

INSERT INTO JOSSO_ROLE (NAME,DESCRIPTION) VALUES('role3','The Role3');

INSERT INTO JOSSO_USER (LOGIN,PASSWORD,DESCRIPTION)
        VALUES('user1', 'user1pwd', 'The User1');

INSERT INTO JOSSO_USER_ROLE (LOGIN,NAME) VALUES('user1', 'role1');

INSERT INTO JOSSO_USER_ROLE (LOGIN,NAME) VALUES('user1', 'role2');

INSERT INTO JOSSO_USER (LOGIN,PASSWORD,DESCRIPTION)
        VALUES('user2', 'user2pwd', 'The User2');

INSERT INTO JOSSO_USER_ROLE (LOGIN,NAME) VALUES('user2', 'role3');

INSERT INTO JOSSO_USER_PROPERTY(LOGIN,NAME,VALUE)
        VALUES('user1', 'user.name', 'User1 Name');

INSERT INTO JOSSO_USER_PROPERTY(LOGIN,NAME,VALUE)
        VALUES('user1', 'user.lastName', 'User1 Last Name');

INSERT INTO JOSSO_USER_PROPERTY(LOGIN,NAME,VALUE)
        VALUES('user1', 'user.registrationDate', 'User1 Registration Date');

INSERT INTO JOSSO_USER_PROPERTY(LOGIN,NAME,VALUE)
        VALUES('user2', 'user.name', 'User2 Name');

INSERT INTO JOSSO_USER_PROPERTY(LOGIN,NAME,VALUE)
        VALUES('user2', 'user.lastName', 'User2 Last Name');

INSERT INTO JOSSO_USER_PROPERTY(LOGIN,NAME,VALUE)
        VALUES('user2', 'user.registrationDate', 'User2 Registration Date');

Configure Identity Store

Because we're using RDBMS to persist identity information, you should have installed the gateway using the --persistence db option. This will install a josso-gateway-stores.xml file that already has a preconfigured db identity store. Let's take a look at the component configuration:

josso-gateway-stores.xml
    <db-istore:jdbc-store
            id="josso-identity-store"
            driverName="com.mysql.jdbc.Driver"
            connectionURL="jdbc:mysql://localhost:3306/josso"
            connectionName="root"
            connectionPassword="sago4"
            userQueryString="SELECT LOGIN AS NAME FROM JOSSO_USER WHERE LOGIN = ?"
            rolesQueryString="SELECT NAME AS ROLE FROM JOSSO_USER_ROLE WHERE LOGIN = ?"
            credentialsQueryString="SELECT LOGIN AS USERNAME, PASSWORD FROM JOSSO_USER WHERE LOGIN = ?"
            userPropertiesQueryString="SELECT NAME, VALUE FROM JOSSO_USER_PROPERTY WHERE LOGIN = ?"
            resetCredentialDml="UPDATE JOSSO_USER SET PASSWORD = ? WHERE LOGIN = ?"
            relayCredentialQueryString="SELECT LOGIN FROM JOSSO_USER WHERE #?# = ?"
            />
JDBC Driver
Make sure you have to include the database driver in the JOSSO Gateway. You can either brand the gateway or copy the driver to the WEB-INF/lib directory of the deployed josso war.

Include DB Identity Stores

Include the correct Stores configuration
Make sure to include the configuration file you modified from the gateway main config: josso-gateway-config.xml

For example, you can have something like this:

josso-gateway-config.xml
    ...
    <!-- Identity, Session and Assertion Stores configuration -->

    <s:import resource="josso-gateway-stores.xml" />

    <!--
    <s:import resource="josso-gateway-memory-stores.xml" />
    <s:import resource="josso-gateway-db-stores.xml" />
    <s:import resource="josso-gateway-ldap-stores.xml" />
    -->

    ...

Configure the Basic Authentication Scheme

Now that we configured the identity store, we have to setup our basic authentication scheme. In this case we will remove the hasAlgorithm and hasEnconding properties because in our sample, passwords are stored in plain text. The authentication scheme configuration can be found in the josso-gateway-auth.xml file.

josso-gateway-auth.xml
<basic-authscheme:basic-auth-scheme
        id="josso-basic-authentication"
        ignorePasswordCase="false"
        ignoreUserCase="false">

    <basic-authscheme:credentialStore>
        <s:ref bean="josso-identity-store"/>
    </basic-authscheme:credentialStore>

    <basic-authscheme:credentialStoreKeyAdapter>
        <s:ref bean="josso-simple-key-adapter"/>
    </basic-authscheme:credentialStoreKeyAdapter>

</basic-authscheme:basic-auth-scheme>

Test it

Now you can redeploy your branded gateway and try this changes. If you altered a standard JOSSO Gateway you probably only need to restart the container.