Page Operations
Browse Space1. Introduction
In order to setup JOSSO we have to install and configure the SSO Gateway (IdP) and at least a SSO Agent (SP). Exactly who many agents will depend on your planned SSO deployment. You will have to install an agent in each container onto which Jossifyed web application will run.
Refer to JOSSO Architecture Overview to help you build a plan that suites your needs.
2. Install JOSSO Agent (SP)
Normally you will install an agent in each container that will host SSO partner applications. For example, if you have applications deployed on Tomcat and JBoss, you will have to install an agent in each container. Agents are part of the Service Provider (partner application) runtime environment.
2.1 Agent Setup Matrix
The following matrix contains references to platform specific install instructions. JOSSO Deployment Console provides a JOSSO Agent installer for most of them.
| Platform | Supported | Deployment Console | Setup Instructions |
|---|---|---|---|
| JBoss 6.x (JASPI) |  |
|
setup |
| JBoss 5.x (JASPI) | |
|
setup |
| JBoss 4.2.x | |
|
setup |
| JBoss 4.0.x | |
|
setup |
| JBoss 3.2.6+ | |
|
setup |
| Tomcat 6.0 | |
|
setup |
| Tomcat 5.5 | |
|
setup |
| Tomcat 5.0 | |
|
setup |
| Weblogic 10.0 | |
|
setup |
| Weblogic 9.2 | |
|
setup |
| Geronimo 2.1 | |
 |
setup |
| Websphere CE | |
|
setup |
| Generic J2EE / JEE | |
|
setup |
| Apache 2.2 (php, perl, python, etc.) | |
|
setup |
| PHP 4.x,5.x | |
|
setup |
| IIS (asp, aspx, .net) | |
|
setup |
| Liferay 5.2.x | |
|
setup |
| Liferay 6.x | |
|
setup |
| Alfresco 3.3 | |
|
setup |
| Coldfusion 9 | |
|
setup |
| phpBB | |
|
setup |
2.2 Configure JOSSO Agent (SP)
Since version 1.8 JOSSO Java based agents use Spring as lightweight container.
To provide some examples within this guide, we'll assume the following facts when configuring our agent:
- The gateway is receiving login/logout requets using SSL
- The gateway (tomcat) is using the default 8443 port to receive SSL requets.
- The gateway hostname is www.my-domain.com
- The gateway IP address is 192.168.1.100
2.3 Configure the SSO Gateway login URL
We have to tell the agent where the gateway is processing login and logout requests. The agent configuration section has two properties that define this URLs. The default value for login URL is http://localhost:8080/josso/signon/login.do , in our case this should be replaced with https://www.my-domain.com:8443/josso/signon/login.do . The same rule applies for the logout URL that should be replaced with https://www.my-domain.com:8443/josso/signon/logout.do. Keep in mind that the hostname used in the URLs is very important and must be the hostname that users will access when authenticated.
2.4 Configure the SSO Gateway endpoint
Now, we have to tell the agent how to access the gateway WebServices. This is called the 'back channel' and is used by the agent (SP) to assert users identity, retrieve users information, etc. This communication can be done using the internal network, therefore the gateway endpoint can be defined using the gateway's ip address or internal host name as shown in the example bellow. In our case, the endpoint will be defined as 192.168.1.100:8080 . If your gateway and agent are running in the same box, you can use the default value for your platform.
2.5 Define Partner Applications
After connecting the agent and the gateway, we have to define the set of applications deployed in the container that will be part of the SSO infrastructure as Partner Applications (service providers). In Java Agents this is done by declaring a new partner-app element in the partner-apps section of the josso-agent-config.xml file. We define a partner application with a unique id and the web context where the application has been deployed.
...
<agent:agent-configuration>
<agent:partner-apps>
<agent:partner-app id="MySimplePartnerApp" context="/simple-partnerapp"/>
<agent:partner-app id="MyPartnerApp1" context="/partnerapp" />
</agent:partner-apps>
</agent:agent-configuration>
...
3. Sample Configuration
Let's take a look at a java agent configuration file for Tomcat 6.0. This is almost identical to all other Java based agent configurations:
<s:beans xmlns:s="http://www.springframework.org/schema/beans" xmlns:tc60="urn:org:josso:agent:tomcat60" xmlns:agent="urn:org:josso:agent:core" xmlns:protocol="urn:org:josso:protocol:client" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd urn:org:josso:agent:tomcat60 http://www.josso.org/schema/josso-tomcat60-agent.xsd urn:org:josso:agent:core http://www.josso.org/schema/josso-agent.xsd urn:org:josso:protocol:client http://www.josso.org/schema/josso-protocol-client.xsd"> <tc60:agent name="josso-tomcat60-agent" sessionAccessMinInterval="1000" > <!-- Gateway LOGIN and LOGOUT URLs --> <gatewayLoginUrl>https://www.my-domain.com:8443/josso/signon/login.do</gatewayLoginUrl> <gatewayLogoutUrl>https://www.my-domain.com:8443/josso/signon/logout.do</gatewayLogoutUrl> <!-- Gateway service locator --> <gatewayServiceLocator> <!-- Other properties for ws-service-locator : username, password, servicesWebContext, transportSecurity --> <protocol:ws-service-locator endpoint="192.168.1.100:8080" /> </gatewayServiceLocator> .... </s:beans>
Setup JOSSO Agent - Alfresco 3.3
Setup JOSSO Agent - Liferay 5.2.x
Setup JOSSO Agent - Liferay 6.x
Setup JOSSO Agent - phpBB
Setup JOSSO Agent - Tomcat 7.0
Setup JOSSO JASPI Agent - JBoss 5.x
Setup JOSSO JASPI Agent - JBoss 6.x
Setup JOSSO Agent - Apache 2.2
Setup JOSSO Agent - ASP
Setup JOSSO Agent - ISAPI
Setup JOSSO Agent - Generic JEE
Setup JOSSO Agent - JBoss 3.2
Setup JOSSO Agent - JBoss 4.0
Setup JOSSO Agent - JBoss 4.2
Setup JOSSO Agent - PHP
Setup JOSSO Agent - Tomcat 5.0
Setup JOSSO Agent - Tomcat 5.5
Setup JOSSO Agent - Tomcat 6.0
Setup JOSSO Agent - Weblogic 9.2
Setup JOSSO Agent - Weblogic 10.0
Setup JOSSO Agent - Websphere CE