Page Operations
Browse SpaceIndex
1. Introduction
This guide will walk you through the steps to get a JOSSO 1.8 Agent running on Liferay 5.2.x web application. Deployment console provides complete agent install for Tomcat and JBoss bundles, other bundles require manual adjustments.
2. Prerequisites
To make a quick JOSSO setup we will need:
- JDK 1.5 : For optimal results, confirm that your JDK version matches a JDK listed at http://java.sun.com/javase/downloads/index_jdk5.jsp
- Any Liferay 5.2.x bundle listed at: http://sourceforge.net/projects/lportal/
- JOSSO 1.8
For the purposes of this guide, we will assume the following facts:
- JDK 1.5.0 16 is located at /opt/jdk1.5.0_16
- Liferay Portal 5.2.3 is located at /opt/liferay-portal-5.2.3 (with tomcat as application server)
- JOSSO 1.8.0 is located at /opt/josso-1.8.0
3. Install Agent
First we will start JOSSO Deployment Console.
$ cd /opt/josso-1.8.0/bin
$ ./josso-gsh
__ _____ _____ _____ _____
__| | | __| __| |
| | | | |__ |__ | | |
|_____|_____|_____|_____|_____|
JOSSO (1.8.0)
Type 'help' for more information.
--------------------------------------
josso>
Now we have to execute the agent install command as shown below:
(remember that target parameter is always path to root of liferay web application)
3.1 Tomcat bundle
josso> agent install --target /opt/liferay-portal-5.2.3/tomcat-6.0.18/webapps/ROOT/ --platform liferay --tcdir /opt/liferay-portal-5.2.3/jboss-tomcat-5.0.0/
3.2 JBoss bundle
josso> agent install --target /opt/liferay-portal-5.2.3/jboss-tomcat-5.0.0/server/default/deploy/ROOT.war --platform liferay --jbdir /opt/liferay-portal-5.2.3/jboss-tomcat-5.0.0
3.3 Other bundles
Expanded liferay.war package is located in /opt/liferay-portal-5.2.3/server/webapps/liferay
josso> agent install --target /opt/liferay-portal-5.2.3/server/webapps/liferay --platform liferay
You should see something like this :
josso> agent install --target /opt/liferay-portal-5.2.3/jetty-6.1.14/webapps/root --platform liferay Installing Liferay 5.2.x JOSSO Agent v.1.8.2-SNAPSHOT Verifying Target Liferay 5.2.x Liferay root [OK ] Backing up and removing old JOSSO artifacts Installing JOSSO 3rd party JARs Installing JOSSO Agent JARs Installing [josso-agent-shared-1.8.2-SNAPSHOT.jar] [OK ] Created file:///opt/liferay-portal-5.2.3/jetty-6.1.14/webapps/root/WEB-INF/lib/josso-agent-shared-1.8.2-SNAPSHOT.jar Installing [josso-liferay-agent-1.8.2-SNAPSHOT.jar] [OK ] Created file:///opt/liferay-portal-5.2.3/jetty-6.1.14/webapps/root/WEB-INF/lib/josso-liferay-agent-1.8.2-SNAPSHOT.jar Installing [josso-agents-bin-1.8.2-SNAPSHOT.jar] [OK ] Created file:///opt/liferay-portal-5.2.3/jetty-6.1.14/webapps/root/WEB-INF/lib/josso-agents-bin-1.8.2-SNAPSHOT.jar Installing JOSSO Agent JARs from Source Configuring Container Added josso filter into web.xml [JOSSO Liferay Agent ] [OK ] WEB-INF/web.xml Backup [web.xml] [OK ] file:///opt/liferay-portal-5.2.3/jetty-6.1.14/webapps/root/web.xml.bkp.1 Save [web.xml] [OK ] file:///opt/liferay-portal-5.2.3/jetty-6.1.14/webapps/root/WEB-INF/web.xml Installing JOSSO Agent Configuration files Installing [josso-agent-config.xml] [OK ] Created file:///opt/liferay-portal-5.2.3/jetty-6.1.14/webapps/root/WEB-INF/classes/josso-agent-config.xml Installing [portal-ext.properties] [OK ] Created file:///opt/liferay-portal-5.2.3/jetty-6.1.14/webapps/root/WEB-INF/classes/portal-ext.properties Liferay 5.2.x JOSSO Agent v.1.8.2-SNAPSHOT Overall Installation [OK ] Successful. Congratulations! You've successfully installed the agent. Now Follow the JOSSO Agent Configuration guide for SSO-enabling applications. josso>
You can see all the console activity, this information will also be recorded in a log file created in josso-1.8.0/log/.
3.3.1 Configure JAAS module
After you successfully installed josso agent, you need to setup jaas module manually.
 | If you are using Tomcat or JBoss you can skip this step. |
jaas.config (conf, xml) is located in conf directory of your application server. You should add josso module definition at the end of that file.
Let's take a look at an example of Jaas module configuration file :
PortalRealm {
com.liferay.portal.kernel.security.jaas.PortalLoginModule required;
};
josso {
org.josso.liferay.agent.jaas.SSOGatewayLoginModule required debug=true;
};
or if you have xml format config:
... <gbean name="PortalRealm" class="org.apache.geronimo.security.realm.GenericSecurityRealm"> <attribute name="realmName">PortalRealm</attribute> <reference name="ServerInfo"> <name>ServerInfo</name> </reference> <xml-reference name="LoginModuleConfiguration"> <log:login-config xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-2.0"> <log:login-module control-flag="REQUIRED" wrap-principals="false"> <log:login-domain-name>PortalRealm</log:login-domain-name> <log:login-module-class>com.liferay.portal.security.jaas.ext.tomcat.PortalLoginModule</log:login-module-class> </log:login-module> </log:login-config> </xml-reference> </gbean> <gbean name="JossoSecurityRealm" class="org.apache.geronimo.security.realm.GenericSecurityRealm"> <attribute name="realmName">josso</attribute> <reference name="ServerInfo"> <name>ServerInfo</name> </reference> <xml-reference name="LoginModuleConfiguration"> <log:login-config xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-2.0"> <log:login-module control-flag="REQUIRED" wrap-principals="false"> <log:login-domain-name>josso</log:login-domain-name> <log:login-module-class>org.josso.liferay.agent.jaas.SSOGatewayLoginModule</log:login-module-class> </log:login-module> </log:login-config> </xml-reference> </gbean> ...
4.Configure
The Single Sign-On Agent Configuration is installed in $LIFERAY_WEBAPP_ROOT/classes/ directory.
Let's take a look at an example Single Sign-On Agent configuration file :
<?xml version="1.0" encoding="ISO-8859-1" ?> <s:beans xmlns:s="http://www.springframework.org/schema/beans" xmlns:gen-svlt="urn:org:josso:agent:generic-servlet" xmlns:agent="urn:org:josso:agent:core" xmlns:protocol="urn:org:josso:protocol:client" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd"> <gen-svlt:agent name="josso-liferay-agent" sessionAccessMinInterval="1000"> <gatewayLoginUrl>http://localhost:8080/josso/signon/login.do</gatewayLoginUrl> <gatewayLogoutUrl>http://localhost:8080/josso/signon/logout.do</gatewayLogoutUrl> <gatewayServiceLocator> <protocol:ws-service-locator endpoint="localhost:8080"/> </gatewayServiceLocator> <configuration> <agent:agent-configuration> <agent:partner-apps> <agent:partner-app id="Liferay" context="/"> </agent:partner-app> </agent:partner-apps> </agent:agent-configuration> </configuration> <parametersBuilders> <agent:vhost-parameters-builder/> <agent:appctx-parameters-builder/> </parametersBuilders> </gen-svlt:agent> </s:beans>
Using this configuration you can set :
- The Gateway Login URL, where the Single Sign-On Agent will redirect the user on protected resource access request so that he can authenticate.
- The Gateway Logout URL, where the Single Sign-On Agent will redirect the user on logout request.
- The concrete Service Locator to be used to invoke the services of the Single Sign-On Gateway.
- The Single Sign-On partner applications
In this specific case, which is the default, we are using SOAP over HTTP to invoke The Single Sign-On Gateway WebServices.
Its important to specify the endpoint configuration parameter which should contain the host and port information where the Single Sign-On WebServices are listening.
If the agent and the gateway are running in the same server this will be localhost and the port should be the port where Tomcat is listening for incoming HTTP requests.
This configuration file defines only one partner application, Liferay, associated with the / (root) web context. This means that the web application associated with the / web context will be put behind the Single Sign-On. You can define other partner applications.