Does SingleSignOn valve works for web apps deployed inside an .ear file?

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Does SingleSignOn valve works for web apps deployed inside an .ear file?

Luis Rodríguez Fernández
Hello there,

OS Version:     CentOS Linux release 7.5.1804
(Core) 3.10.0-862.11.6.el7.x86_64
Server version: Apache Tomcat/8.5.32 (TomEE 7.0.5)

I am deploying a (huge, sigh...) .ear file with multiple .war applications
on it. I was wondering if the good and
old "org.apache.catalina.authenticator.SingleSignOn" valve would work with
them.

For the deployment I am copying the .ear file in an "apps" folder inside my
$CATALINA_BASE. My conf/tomee.xml looks like:

<tomee>
   <!-- activate next line to be able to deploy applications in apps -->
  <Deployments dir="apps" autoDeploy="true"/>
</tomee>

Any thoughts on this?

Thanks in advance,

Luis

--

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett
Reply | Threaded
Open this post in threaded view
|

Re: Does SingleSignOn valve works for web apps deployed inside an .ear file?

Romain Manni-Bucau
Hi Luis,

yes, it relies on "local" storage accross webapps so it works.

Romain Manni-Bucau
@rmannibucau <https://twitter.com/rmannibucau> |  Blog
<https://rmannibucau.metawerx.net/> | Old Blog
<http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> |
LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book
<https://www.packtpub.com/application-development/java-ee-8-high-performance>


Le mer. 3 oct. 2018 à 18:37, Luis Rodríguez Fernández <[hidden email]> a
écrit :

> Hello there,
>
> OS Version:     CentOS Linux release 7.5.1804
> (Core) 3.10.0-862.11.6.el7.x86_64
> Server version: Apache Tomcat/8.5.32 (TomEE 7.0.5)
>
> I am deploying a (huge, sigh...) .ear file with multiple .war applications
> on it. I was wondering if the good and
> old "org.apache.catalina.authenticator.SingleSignOn" valve would work with
> them.
>
> For the deployment I am copying the .ear file in an "apps" folder inside my
> $CATALINA_BASE. My conf/tomee.xml looks like:
>
> <tomee>
>    <!-- activate next line to be able to deploy applications in apps -->
>   <Deployments dir="apps" autoDeploy="true"/>
> </tomee>
>
> Any thoughts on this?
>
> Thanks in advance,
>
> Luis
>
> --
>
> "Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
>
> - Samuel Beckett
>
Reply | Threaded
Open this post in threaded view
|

Re: Does SingleSignOn valve works for web apps deployed inside an .ear file?

Luis Rodríguez Fernández
Hi Romain,

Wow, that was fast, thanks!

Well, probably I am taking it too far away. I am testing it together with
another SSO valve, org.keycloak.adapters.saml.tomcat.SamlAuthenticatorValve
[1]. My idea would that once the user is authenticated by our SSO and
his/her java.security.Principal object are created, the next requests for
protected resources will not trigger the SSO authentication.

Just for the record: that keycloak valve works, but my problem is that one
of the modules declares <context-root>/</context-root> and has some
resources (/res, /Info, /search, etc..) that are shared with the rest of
the modules. Short-long-story: a good mess :)

Thanks for your prompt reaction!

Cheers,

Luis

[1]
https://www.keycloak.org/docs/latest/securing_apps/index.html#_saml-tomcat-adapter




El mié., 3 oct. 2018 a las 18:39, Romain Manni-Bucau (<[hidden email]>)
escribió:

> Hi Luis,
>
> yes, it relies on "local" storage accross webapps so it works.
>
> Romain Manni-Bucau
> @rmannibucau <https://twitter.com/rmannibucau> |  Blog
> <https://rmannibucau.metawerx.net/> | Old Blog
> <http://rmannibucau.wordpress.com> | Github <
> https://github.com/rmannibucau> |
> LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book
> <
> https://www.packtpub.com/application-development/java-ee-8-high-performance
> >
>
>
> Le mer. 3 oct. 2018 à 18:37, Luis Rodríguez Fernández <[hidden email]>
> a
> écrit :
>
> > Hello there,
> >
> > OS Version:     CentOS Linux release 7.5.1804
> > (Core) 3.10.0-862.11.6.el7.x86_64
> > Server version: Apache Tomcat/8.5.32 (TomEE 7.0.5)
> >
> > I am deploying a (huge, sigh...) .ear file with multiple .war
> applications
> > on it. I was wondering if the good and
> > old "org.apache.catalina.authenticator.SingleSignOn" valve would work
> with
> > them.
> >
> > For the deployment I am copying the .ear file in an "apps" folder inside
> my
> > $CATALINA_BASE. My conf/tomee.xml looks like:
> >
> > <tomee>
> >    <!-- activate next line to be able to deploy applications in apps -->
> >   <Deployments dir="apps" autoDeploy="true"/>
> > </tomee>
> >
> > Any thoughts on this?
> >
> > Thanks in advance,
> >
> > Luis
> >
> > --
> >
> > "Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
> >
> > - Samuel Beckett
> >
>


--

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett
Reply | Threaded
Open this post in threaded view
|

Re: Does SingleSignOn valve works for web apps deployed inside an .ear file?

Luis Rodríguez Fernández
Hi Romain,

Just for the completeness of the exercise I did test the SSO valve with two
web modules in an .ear file using <auth-method>FORM</auth-method> and it
works, great!

Thanks again.

Cheers,

Luis







El mié., 3 oct. 2018 a las 18:55, Luis Rodríguez Fernández (<
[hidden email]>) escribió:

> Hi Romain,
>
> Wow, that was fast, thanks!
>
> Well, probably I am taking it too far away. I am testing it together with
> another SSO valve, org.keycloak.adapters.saml.tomcat.SamlAuthenticatorValve
> [1]. My idea would that once the user is authenticated by our SSO and
> his/her java.security.Principal object are created, the next requests for
> protected resources will not trigger the SSO authentication.
>
> Just for the record: that keycloak valve works, but my problem is that one
> of the modules declares <context-root>/</context-root> and has some
> resources (/res, /Info, /search, etc..) that are shared with the rest of
> the modules. Short-long-story: a good mess :)
>
> Thanks for your prompt reaction!
>
> Cheers,
>
> Luis
>
> [1]
> https://www.keycloak.org/docs/latest/securing_apps/index.html#_saml-tomcat-adapter
>
>
>
>
> El mié., 3 oct. 2018 a las 18:39, Romain Manni-Bucau (<
> [hidden email]>) escribió:
>
>> Hi Luis,
>>
>> yes, it relies on "local" storage accross webapps so it works.
>>
>> Romain Manni-Bucau
>> @rmannibucau <https://twitter.com/rmannibucau> |  Blog
>> <https://rmannibucau.metawerx.net/> | Old Blog
>> <http://rmannibucau.wordpress.com> | Github <
>> https://github.com/rmannibucau> |
>> LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book
>> <
>> https://www.packtpub.com/application-development/java-ee-8-high-performance
>> >
>>
>>
>> Le mer. 3 oct. 2018 à 18:37, Luis Rodríguez Fernández <[hidden email]>
>> a
>> écrit :
>>
>> > Hello there,
>> >
>> > OS Version:     CentOS Linux release 7.5.1804
>> > (Core) 3.10.0-862.11.6.el7.x86_64
>> > Server version: Apache Tomcat/8.5.32 (TomEE 7.0.5)
>> >
>> > I am deploying a (huge, sigh...) .ear file with multiple .war
>> applications
>> > on it. I was wondering if the good and
>> > old "org.apache.catalina.authenticator.SingleSignOn" valve would work
>> with
>> > them.
>> >
>> > For the deployment I am copying the .ear file in an "apps" folder
>> inside my
>> > $CATALINA_BASE. My conf/tomee.xml looks like:
>> >
>> > <tomee>
>> >    <!-- activate next line to be able to deploy applications in apps -->
>> >   <Deployments dir="apps" autoDeploy="true"/>
>> > </tomee>
>> >
>> > Any thoughts on this?
>> >
>> > Thanks in advance,
>> >
>> > Luis
>> >
>> > --
>> >
>> > "Ever tried. Ever failed. No matter. Try Again. Fail again. Fail
>> better."
>> >
>> > - Samuel Beckett
>> >
>>
>
>
> --
>
> "Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
>
> - Samuel Beckett
>


--

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett