RedHat has released a separate plugin called PicketLink, through which you can implement the SSO. It has many features like authentication, authorization, social logins and the list is going on. PicketLink has released different version. Since jBoss has moved to EAP and Wildfly, latest version of PicketLink cannot be used for AS 7.1. We need to use the PicketLink-V2.0.2 for configuring the SAML in jBoss AS 7.1
Download the PicketLink sample files from here
jBoss AS 7.1.1 already comes with PicketLink and is available in the location - jboss\modules\org\picketlink.
Go to the folder named main in the above location and open module.xml file
Add a new line and comment the last but one line. Refer the below code
<module xmlns="urn:jboss:module:1.1" name="org.picketlink"> <resources> <resource-root path="picketlink-fed-2.0.2.Final.jar"/> <resource-root path="picketlink-bindings-2.0.2.Final.jar"/> <resource-root path="picketlink-bindings-jboss-2.0.2.Final.jar"/> <resource-root path="picketlink-trust-jbossws-2.0.2.Final.jar"/> </resources> <dependencies> <module name="javax.api"/> <module name="javax.security.auth.message.api"/> <module name="javax.security.jacc.api"/> <module name="javax.transaction.api"/> <module name="javax.xml.bind.api"/> <module name="javax.xml.stream.api"/> <module name="javax.servlet.api"/> <module name="org.jboss.common-core"/> <module name="org.jboss.logging"/> <module name="org.jboss.as.web"/> <module name="org.jboss.security.xacml"/> <module name="org.picketbox"/> <module name="javax.xml.ws.api"/> <module name="org.apache.log4j"/> <!-- <module name="org.apache.santuario.xmlsec"/> --> <!-- Comment this line out --> <module name="sun.jdk"/> <!-- Add this new module dependency --> </dependencies> </module> - See more at: https://developer.jboss.org/wiki/HowToConfigurePicketLink202WithJBossAS711#sthash.yYySpqIH.dpuf
You need to update the sun.jdk module definition. Go to the location jboss\module\sun\jdk\main and open module.xml and add the following lines in the respective place
<module xmlns="urn:jboss:module:1.1" name="sun.jdk"> <resources> ... </resources> <dependencies> <system export="true"> <paths> ... <!-- Add this lines --> <path name="javax/xml/crypto/dsig"/> <path name="javax/xml/crypto"/> <path name="javax/xml/crypto/dsig/dom"/> <path name="javax/xml/crypto/dsig/keyinfo"/> <path name="com/sun/org/apache/xml/internal/security/transforms/implementations"/> <path name="org/jcp/xml/dsig/internal/dom"/> </paths> </system> </dependencies> </module> - See more at: https://developer.jboss.org/wiki/HowToConfigurePicketLink202WithJBossAS711#sthash.yYySpqIH.dpuf
Add the following lines in the standalone.xml of the jBoss AS
<subsystem> <security-domains> <security-domain name="idp" cache-type="default"> <authentication> <login-module code="UsersRoles" flag="required"> <module-option name="usersProperties" value="users.properties"/> <module-option name="rolesProperties" value="roles.properties"/> </login-module> </authentication> </security-domain> <security-domain name="picketlink-sts" cache-type="default"> <authentication> <login-module code="UsersRoles" flag="required"> <module-option name="usersProperties" value="sts-users.properties"/> <module-option name="rolesProperties" value="sts-roles.properties"/> </login-module> </authentication> </security-domain> <security-domain name="sp" cache-type="default"> <authentication> <login-module code="org.picketlink.identity.federation.bindings.jboss.auth.SAML2LoginModule" flag="required"/> </authentication> </security-domain> <security-domain name="cache-test" cache-type="default"> <authentication> <login-module code="org.picketlink.identity.federation.bindings.jboss.auth.SAML2STSLoginModule" flag="required"> <module-option name="password-stacking" value="useFirstPass"/> <module-option name="configFile" value="sts-config.properties"/> <module-option name="cache.invalidation" value="true"/> </login-module> </authentication> </security-domain> </security-domains> </subsystem>
Unzip the files downloaded in the first step and place the WAR files in the deployment folder of the jBoss AS.
After restarting the server, hit the URL localhost:8080/employee. Enter the username and password as tomcat. The values are available in user.properties, part of idp.war file. IDP will perform the authentication and then allow it to Employee application.
No comments:
Post a Comment