You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomee.apache.org by Luis Rodríguez Fernández <uo...@gmail.com> on 2018/10/03 16:37:21 UTC
Does SingleSignOn valve works for web apps deployed inside an .ear file?
Hello there,
OS Version: CentOS Linux release 7.5.1804
(Core) 3.10.0-862.11.6.el7.x86_64
Server version: Apache Tomcat/8.5.32 (TomEE 7.0.5)
I am deploying a (huge, sigh...) .ear file with multiple .war applications
on it. I was wondering if the good and
old "org.apache.catalina.authenticator.SingleSignOn" valve would work with
them.
For the deployment I am copying the .ear file in an "apps" folder inside my
$CATALINA_BASE. My conf/tomee.xml looks like:
<tomee>
<!-- activate next line to be able to deploy applications in apps -->
<Deployments dir="apps" autoDeploy="true"/>
</tomee>
Any thoughts on this?
Thanks in advance,
Luis
--
"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
- Samuel Beckett
Re: Does SingleSignOn valve works for web apps deployed inside an
.ear file?
Posted by Luis Rodríguez Fernández <uo...@gmail.com>.
Hi Romain,
Just for the completeness of the exercise I did test the SSO valve with two
web modules in an .ear file using <auth-method>FORM</auth-method> and it
works, great!
Thanks again.
Cheers,
Luis
El mié., 3 oct. 2018 a las 18:55, Luis Rodríguez Fernández (<
uo67113@gmail.com>) escribió:
> Hi Romain,
>
> Wow, that was fast, thanks!
>
> Well, probably I am taking it too far away. I am testing it together with
> another SSO valve, org.keycloak.adapters.saml.tomcat.SamlAuthenticatorValve
> [1]. My idea would that once the user is authenticated by our SSO and
> his/her java.security.Principal object are created, the next requests for
> protected resources will not trigger the SSO authentication.
>
> Just for the record: that keycloak valve works, but my problem is that one
> of the modules declares <context-root>/</context-root> and has some
> resources (/res, /Info, /search, etc..) that are shared with the rest of
> the modules. Short-long-story: a good mess :)
>
> Thanks for your prompt reaction!
>
> Cheers,
>
> Luis
>
> [1]
> https://www.keycloak.org/docs/latest/securing_apps/index.html#_saml-tomcat-adapter
>
>
>
>
> El mié., 3 oct. 2018 a las 18:39, Romain Manni-Bucau (<
> rmannibucau@gmail.com>) escribió:
>
>> Hi Luis,
>>
>> yes, it relies on "local" storage accross webapps so it works.
>>
>> Romain Manni-Bucau
>> @rmannibucau <https://twitter.com/rmannibucau> | Blog
>> <https://rmannibucau.metawerx.net/> | Old Blog
>> <http://rmannibucau.wordpress.com> | Github <
>> https://github.com/rmannibucau> |
>> LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book
>> <
>> https://www.packtpub.com/application-development/java-ee-8-high-performance
>> >
>>
>>
>> Le mer. 3 oct. 2018 à 18:37, Luis Rodríguez Fernández <uo...@gmail.com>
>> a
>> écrit :
>>
>> > Hello there,
>> >
>> > OS Version: CentOS Linux release 7.5.1804
>> > (Core) 3.10.0-862.11.6.el7.x86_64
>> > Server version: Apache Tomcat/8.5.32 (TomEE 7.0.5)
>> >
>> > I am deploying a (huge, sigh...) .ear file with multiple .war
>> applications
>> > on it. I was wondering if the good and
>> > old "org.apache.catalina.authenticator.SingleSignOn" valve would work
>> with
>> > them.
>> >
>> > For the deployment I am copying the .ear file in an "apps" folder
>> inside my
>> > $CATALINA_BASE. My conf/tomee.xml looks like:
>> >
>> > <tomee>
>> > <!-- activate next line to be able to deploy applications in apps -->
>> > <Deployments dir="apps" autoDeploy="true"/>
>> > </tomee>
>> >
>> > Any thoughts on this?
>> >
>> > Thanks in advance,
>> >
>> > Luis
>> >
>> > --
>> >
>> > "Ever tried. Ever failed. No matter. Try Again. Fail again. Fail
>> better."
>> >
>> > - Samuel Beckett
>> >
>>
>
>
> --
>
> "Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
>
> - Samuel Beckett
>
--
"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
- Samuel Beckett
Re: Does SingleSignOn valve works for web apps deployed inside an
.ear file?
Posted by Luis Rodríguez Fernández <uo...@gmail.com>.
Hi Romain,
Wow, that was fast, thanks!
Well, probably I am taking it too far away. I am testing it together with
another SSO valve, org.keycloak.adapters.saml.tomcat.SamlAuthenticatorValve
[1]. My idea would that once the user is authenticated by our SSO and
his/her java.security.Principal object are created, the next requests for
protected resources will not trigger the SSO authentication.
Just for the record: that keycloak valve works, but my problem is that one
of the modules declares <context-root>/</context-root> and has some
resources (/res, /Info, /search, etc..) that are shared with the rest of
the modules. Short-long-story: a good mess :)
Thanks for your prompt reaction!
Cheers,
Luis
[1]
https://www.keycloak.org/docs/latest/securing_apps/index.html#_saml-tomcat-adapter
El mié., 3 oct. 2018 a las 18:39, Romain Manni-Bucau (<rm...@gmail.com>)
escribió:
> Hi Luis,
>
> yes, it relies on "local" storage accross webapps so it works.
>
> Romain Manni-Bucau
> @rmannibucau <https://twitter.com/rmannibucau> | Blog
> <https://rmannibucau.metawerx.net/> | Old Blog
> <http://rmannibucau.wordpress.com> | Github <
> https://github.com/rmannibucau> |
> LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book
> <
> https://www.packtpub.com/application-development/java-ee-8-high-performance
> >
>
>
> Le mer. 3 oct. 2018 à 18:37, Luis Rodríguez Fernández <uo...@gmail.com>
> a
> écrit :
>
> > Hello there,
> >
> > OS Version: CentOS Linux release 7.5.1804
> > (Core) 3.10.0-862.11.6.el7.x86_64
> > Server version: Apache Tomcat/8.5.32 (TomEE 7.0.5)
> >
> > I am deploying a (huge, sigh...) .ear file with multiple .war
> applications
> > on it. I was wondering if the good and
> > old "org.apache.catalina.authenticator.SingleSignOn" valve would work
> with
> > them.
> >
> > For the deployment I am copying the .ear file in an "apps" folder inside
> my
> > $CATALINA_BASE. My conf/tomee.xml looks like:
> >
> > <tomee>
> > <!-- activate next line to be able to deploy applications in apps -->
> > <Deployments dir="apps" autoDeploy="true"/>
> > </tomee>
> >
> > Any thoughts on this?
> >
> > Thanks in advance,
> >
> > Luis
> >
> > --
> >
> > "Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
> >
> > - Samuel Beckett
> >
>
--
"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
- Samuel Beckett
Re: Does SingleSignOn valve works for web apps deployed inside an
.ear file?
Posted by Romain Manni-Bucau <rm...@gmail.com>.
Hi Luis,
yes, it relies on "local" storage accross webapps so it works.
Romain Manni-Bucau
@rmannibucau <https://twitter.com/rmannibucau> | Blog
<https://rmannibucau.metawerx.net/> | Old Blog
<http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> |
LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book
<https://www.packtpub.com/application-development/java-ee-8-high-performance>
Le mer. 3 oct. 2018 à 18:37, Luis Rodríguez Fernández <uo...@gmail.com> a
écrit :
> Hello there,
>
> OS Version: CentOS Linux release 7.5.1804
> (Core) 3.10.0-862.11.6.el7.x86_64
> Server version: Apache Tomcat/8.5.32 (TomEE 7.0.5)
>
> I am deploying a (huge, sigh...) .ear file with multiple .war applications
> on it. I was wondering if the good and
> old "org.apache.catalina.authenticator.SingleSignOn" valve would work with
> them.
>
> For the deployment I am copying the .ear file in an "apps" folder inside my
> $CATALINA_BASE. My conf/tomee.xml looks like:
>
> <tomee>
> <!-- activate next line to be able to deploy applications in apps -->
> <Deployments dir="apps" autoDeploy="true"/>
> </tomee>
>
> Any thoughts on this?
>
> Thanks in advance,
>
> Luis
>
> --
>
> "Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
>
> - Samuel Beckett
>