All geek questions in one place

Wildfly web application SSO (single sign) / book recommendation

I have run wildfly 8.0.0.final, but I can't get my wild flattery to do SSO. In IBM WAS, I needed to define the SSO of a web application. But under wildfly, I don’t know how to do this and how to enable / configure it.

My application packaging looks like this:

myapp.ear:

  • web.war (context: / web and used for web services)
  • gui.war (context: / gui and used by end users)
  • additional.war

Usually users work on gui.war. Here, users get an auth-based form (which is already working correctly) Web.war is used for external systems that perform basic authentication. Additionally .war usually uses form-based auth.

Currently, every auth on every war file works as expected. But I have to do authorization on every war file, even if I already passed authentication. So my question is how to enable SSO (single sign-on) on wildfly? Please keep in mind that I am completely new to wildfly and, of course, JBoss AS. So for configurations, I need newbee documentation.

Can someone recommend me a good wildlife book that explains the details in more detail?

bye hans

+4
source share
4 answers

Currently, to work in your jboss-web.xml of all wars, the following is required:

<?xml version="1.0"?>
<jboss-web>
    <session-config>
       <cookie-config>
          <path>/</path>
       </cookie-config>
    </session-config>
</jboss-web>
<xml>
+3
source

, , - wildfly 8.0.0. , - , wildfly, .

, , standalone.xml( domain.xml) - , .

:

WEB-INF/classes/META-INF/services/io.undertow.servlet.ServletExtension

:

FixSSOServletExtension

ServletExtension :

deploymentInfo.addFirstAuthenticationMechanism("form",  new FixSSOAuthenticationMechanism());

( , )

FixSSOAuthenticationMechanism.authenticate:

exchange.addResponseWrapper(responseListener);
return AuthenticationMechanismOutcome.NOT_ATTEMPTED;

( ChallengeResult (false))

final class ResponseListener implements ConduitWrapper<StreamSinkConduit> {
        public StreamSinkConduit wrap(ConduitFactory<StreamSinkConduit> factory, HttpServerExchange exchange) {
            Cookie c = exchange.getResponseCookies().get("JSESSIONIDSSO");
            if( c!=null ) {
                c.setDomain(null);
            }
            return factory.create();
        }
    }

.

jboss-deployment-structure.xml

<module name="io.undertow.core" />
<module name="io.undertow.servlet" />
<module name="org.jboss.xnio" />

, , - , , sar ( sar, mbean)

0

( ) SignleSignOnAuthenticationMechanism.java : setDomain (domain) , wildfly. , ( , , ) https://issues.jboss.org/browse/WFLY-3033

0

, , wildlfy, domain.xml standalone.xml:

<server name="default-server">
                <ajp-listener name="ajp" socket-binding="ajp"/>
                <http-listener name="default" socket-binding="http" redirect-socket="https"/>
                <https-listener name="https" socket-binding="https" security-realm="UndertowRealm"/>
                <host name="default-host" alias="localhost">
                    <location name="/" handler="welcome-content"/>
                    <filter-ref name="server-header"/>
                    <filter-ref name="x-powered-by-header"/>
                    <single-sign-on path="/"/>
                </host>
 </server>

just add a write-once path and not a domain because there is an error in that .. and then handle logging out correctly ... I spent a lot of time getting it to work very easily when you debug using google chrome you will see JSESSIONSSOID ... there is no valve in jboss-web because the web server is now working ...

0
source

Source: https://habr.com/ru/post/1529448/

More articles:


All Articles