Index

Index
Introduction
Prerequisites
Install
Configure

Configuring a new Weblogic Authenticator

1 - Access the administration console and click the "Security Realms" option from Your Application's Security Settings section :
2 - Select the Realm where you're adding the new Authentication Provider, we'll use myrealm in this how-to :
3 - Select the Providers section, you will see a list with configured Authenticators
4 - Now, click the New button to add JOSSO Authenticator
5 - Click the Reorder button and place JOSSO Authenticator first.
6 - Configure the Authenticators (JOSSO and Default) and set the Control Flag to SUFFICIENT
7 - Save and confirm changes, now JOSSO will authenticate configured applications

Next Steps

Introduction

This guide will walk you through the steps to get a JOSSO 1.8 Agent build up and running in Weblogic 10.0

Prerequisites

To make a quick JOSSO setup we will need:

JDK 1.5 : For optimal results, confirm that your JDK version matches a JDK listed at http://java.sun.com/javase/downloads/index_jdk5.jsp
Weblogic 10.0
JOSSO 1.8

For the purposes of this guide, we will assume the following facts:

JDK 1.5.0 16 is located at /opt/jdk1.5.0_16
Weblogic 10.0 is located at /opt/bea/wlserver_10.0
JOSSO 1.8.0 is located at /opt/josso-1.8.0

Install

First we will start JOSSO Deployment Console.

$ cd /opt/josso-1.8.0/bin
$ ./josso-gsh
    __ _____ _____ _____ _____ 
 __|  |     |   __|   __|     |
|  |  |  |  |__   |__   |  |  |
|_____|_____|_____|_____|_____|

 JOSSO (1.8.0)

Type 'help' for more information.
--------------------------------------
josso>

Now we have to execute the agent install command as shown below:

josso> agent install --target /opt/bea/wlserver_10.0 --weblogic-domain samples/domains/wl_server --platform wl10

You should see something like this :

josso> agent install --target /opt/bea/wlserver_10.0 --weblogic-domain samples/domains/wl_server --platform wl10

Installing Weblogic 10.0+ JOSSO Agent v.1.8.0

Verify Target Weblogic 10.0+
  Target lib                                               [ERROR] folder does not exist or is not a directory:file:///opt/bea/wlserver_10.0/samples/domains/wl_server/lib
  Target bin                                               [ERROR] folder does not exist or is not a directory:file:///opt/bea/wlserver_10.0/samples/domains/wl_server/bin
  Target conf                                              [ERROR] folder does not exist or is not a directory:file:///opt/bea/wlserver_10.0/samples/domains/wl_server/config
  Target endorsed lib                                      [ERROR] folder does not exist or is not a directory:file:///opt/bea/wlserver_10.0/samples/domains/wl_server/lib
  Target JOSSO shared lib                                  [ERROR] folder does not exist or is not a directory:file:///opt/bea/wlserver_10.0/samples/domains/wl_server/lib
  Target JOSSO lib                                         [ERROR] folder does not exist or is not a directory:file:///opt/bea/wlserver_10.0/samples/domains/wl_server/lib
  Target JOSSO conf                                        [ERROR] folder does not exist or is not a directory:file:///opt/bea/wlserver_10.0/samples/domains/wl_server

  Overall Installation                                     [ERROR] Invalid Target Platform

See ../log/gshell.log for details
josso> agent install --target /opt/bea/wlserver_10.0 --weblogic-domain samples/domains/wl_server --platform wl10

Installing Weblogic 10.0+ JOSSO Agent v.1.8.0

Verify Target Weblogic 10.0+
  Weblogic 10.0+                                           [OK   ] Directory Layout
  WeblogicHome                                             [OK   ] 
  WeblogicDomain                                           [OK   ] file:///opt/bea/wlserver_10.0/samples/domains/wl_server

Installing JOSSO 3rd party JARs
  Installing    [spring-aop-2.5.5.jar]                     [OK   ] Created file:///opt/bea/wlserver_10.0/samples/domains/wl_server/lib/spring-aop-2.5.5.jar
  Installing    [commons-beanutils-1.6.1.jar]              [OK   ] Created file:///opt/bea/wlserver_10.0/samples/domains/wl_server/lib/commons-beanutils-1.6.1.jar
  Installing    [commons-discovery-0.2.jar]                [OK   ] Created file:///opt/bea/wlserver_10.0/samples/domains/wl_server/lib/commons-discovery-0.2.jar
  Installing    [commons-lang-2.0.jar]                     [OK   ] Created file:///opt/bea/wlserver_10.0/samples/domains/wl_server/lib/commons-lang-2.0.jar
  Installing    [commons-digester-1.5.jar]                 [OK   ] Created file:///opt/bea/wlserver_10.0/samples/domains/wl_server/lib/commons-digester-1.5.jar
  Installing    [spring-beans-2.5.5.jar]                   [OK   ] Created file:///opt/bea/wlserver_10.0/samples/domains/wl_server/lib/spring-beans-2.5.5.jar
  Installing    [activation-1.1.jar]                       [OK   ] Created file:///opt/bea/wlserver_10.0/samples/domains/wl_server/lib/activation-1.1.jar
  Installing    [aopalliance-1.0.jar]                      [OK   ] Created file:///opt/bea/wlserver_10.0/samples/domains/wl_server/lib/aopalliance-1.0.jar
  Installing    [xbean-spring-3.4.3.jar]                   [OK   ] Created file:///opt/bea/wlserver_10.0/samples/domains/wl_server/lib/xbean-spring-3.4.3.jar
  Installing    [commons-collections-3.0.jar]              [OK   ] Created file:///opt/bea/wlserver_10.0/samples/domains/wl_server/lib/commons-collections-3.0.jar
  Installing    [commons-modeler-1.1.jar]                  [OK   ] Created file:///opt/bea/wlserver_10.0/samples/domains/wl_server/lib/commons-modeler-1.1.jar
  Installing    [axis-saaj-1.4.jar]                        [OK   ] Created file:///opt/bea/wlserver_10.0/samples/domains/wl_server/lib/axis-saaj-1.4.jar
  Installing    [commons-httpclient-3.1.jar]               [OK   ] Created file:///opt/bea/wlserver_10.0/samples/domains/wl_server/lib/commons-httpclient-3.1.jar
  Installing    [commons-logging-api-1.0.4.jar]            [OK   ] Created file:///opt/bea/wlserver_10.0/samples/domains/wl_server/lib/commons-logging-api-1.0.4.jar
  Installing    [axis-wsdl4j-1.5.1.jar]                    [OK   ] Created file:///opt/bea/wlserver_10.0/samples/domains/wl_server/lib/axis-wsdl4j-1.5.1.jar
  Installing    [log4j-1.2.14.jar]                         [OK   ] Created file:///opt/bea/wlserver_10.0/samples/domains/wl_server/lib/log4j-1.2.14.jar
  Installing    [axis-jaxrpc-1.4.jar]                      [OK   ] Created file:///opt/bea/wlserver_10.0/samples/domains/wl_server/lib/axis-jaxrpc-1.4.jar
  Installing    [commons-codec-1.3.jar]                    [OK   ] Created file:///opt/bea/wlserver_10.0/samples/domains/wl_server/lib/commons-codec-1.3.jar
  Installing    [axis-1.4.jar]                             [OK   ] Created file:///opt/bea/wlserver_10.0/samples/domains/wl_server/lib/axis-1.4.jar
  Installing    [spring-core-2.5.5.jar]                    [OK   ] Created file:///opt/bea/wlserver_10.0/samples/domains/wl_server/lib/spring-core-2.5.5.jar
  Installing    [spring-context-2.5.5.jar]                 [OK   ] Created file:///opt/bea/wlserver_10.0/samples/domains/wl_server/lib/spring-context-2.5.5.jar
  Installing    [axis-ant-1.4.jar]                         [OK   ] Created file:///opt/bea/wlserver_10.0/samples/domains/wl_server/lib/axis-ant-1.4.jar

Installing JOSSO Agent JARs
  Installing    [josso-servlet-agent-1.8.0.jar]            [OK   ] Created file:///opt/bea/wlserver_10.0/samples/domains/wl_server/lib/josso-servlet-agent-1.8.0.jar
  Installing    [josso-agents-bin-1.8.0.jar]               [OK   ] Created file:///opt/bea/wlserver_10.0/samples/domains/wl_server/lib/josso-agents-bin-1.8.0.jar
  Installing    [josso-agent-shared-1.8.0.jar]             [OK   ] Created file:///opt/bea/wlserver_10.0/samples/domains/wl_server/lib/josso-agent-shared-1.8.0.jar
  Installing    [josso-weblogic10-agent-1.8.0.jar]         [OK   ] Created file:///opt/bea/wlserver_10.0/samples/domains/wl_server/lib/josso-weblogic10-agent-1.8.0.jar

Installing JOSSO Agent JARs from Source
Using JAVA JDK at /opt/jdk1.5.0_12
Parsing the MBean definition file: /opt/josso-1.8.0/dist/agents/src/josso-weblogic10-agent-mbeans-src/org/josso/wls10/agent/mbeans/JOSSOAuthenticatorProviderImpl.xml
  Generate      [WL MBeans Descriptors]                    [OK   ] 
Creating an MJF from the contents of directory /opt/josso-1.8.0/dist/agents/src/josso-weblogic10-agent-mbeans-src...
Compiling the files...
Creating the list.
Doing the compile.
Note: Some input files use or override a deprecated API.
Note: Recompile with -Xlint:deprecation for details.
Note: Some input files use unchecked or unsafe operations.
Note: Recompile with -Xlint:unchecked for details.
WLMaker-SubProcess: : EXTRACT FROM /opt/bea/wlserver_10.0/server/lib/mbeantypes/wlManagementMBean.jar
WLMaker-SubProcess: :         INTO wlMakerTempDir
WLMaker-SubProcess: : 
WLMaker-SubProcess: : 
WLMaker-SubProcess: : 
WLMaker-SubProcess: : Generating the implementations for security MBeans
WLMaker-SubProcess: : no annotation found for key [i]
WLMaker-SubProcess: : no annotation found for key [velocityCount]
WLMaker-SubProcess: : no annotation found for key [line]
WLMaker-SubProcess: : no annotation found for key [f]
WLMaker-SubProcess: : no annotation found for key [m]
WLMaker-SubProcess: : no annotation found for key [p]
WLMaker-SubProcess: : no annotation found for key [n]
WLMaker-SubProcess: : done
WLMaker-SubProcess: : 
WLMaker-SubProcess: : 
WLMaker-SubProcess: : 
WLMaker-SubProcess: : Generating the parsing binders for security MBeans
WLMaker-SubProcess: : done
WLMaker-SubProcess: : 
WLMaker-SubProcess: : 
WLMaker-SubProcess: : 
WLMaker-SubProcess: : Generating the bean infos for security MBeans ...  
WLMaker-SubProcess: : no annotation found for key [import]
WLMaker-SubProcess: : no annotation found for key [property]
WLMaker-SubProcess: : no annotation found for key [beanConfigurable]
WLMaker-SubProcess: : no annotation found for key [beanIntfExclude]
WLMaker-SubProcess: : no annotation found for key [propertyMethod]
WLMaker-SubProcess: : no annotation found for key [method]
WLMaker-SubProcess: : Generating Bean Factory Class to /opt/josso-1.8.0/dist/agents/src/josso-weblogic10-agent-mbeans-src/weblogic/management/security/JOSSO_WEBLOGIC10_AGENT_MBEANS1231336616307243000BeanInfoFactory.java
WLMaker-SubProcess: : done
WLMaker-SubProcess: : Stopped draining WLMaker-SubProcess: 
WLMaker-SubProcess: : Stopped draining WLMaker-SubProcess: 
WLMaker-SchemaGen-SubProcess: Generating schema for security provider mbeans ... 
WLMaker-SchemaGen-SubProcess: MBEAN TYPES DIR : null
WLMaker-SchemaGen-SubProcess: SET BASE LIB /opt/bea/wlserver_10.0/server/lib/schema/weblogic-domain-binding.jar
WLMaker-SchemaGen-SubProcess: Stopped draining WLMaker-SchemaGen-SubProcess
WLMaker-SchemaGen-SubProcess: Stopped draining WLMaker-SchemaGen-SubProcess
Creating the list.
Doing the compile.
Note: Some input files use or override a deprecated API.
Note: Recompile with -Xlint:deprecation for details.
Note: Some input files use unchecked or unsafe operations.
Note: Recompile with -Xlint:unchecked for details.
Creating the MJF...
MJF is created.
  Generate      [WL MBeans JAR]                            [OK   ] /opt/bea/wlserver_10.0/samples/domains/wl_server/lib/mbeantypes/josso-weblogic10-agent-mbeans.jar

Configuring Container

Installing JOSSO Agent Configuration files
  Installing    [josso-agent-config.xml]                   [OK   ] Created file:///opt/bea/wlserver_10.0/samples/domains/wl_server/josso-agent-config.xml

Weblogic 10.0+ JOSSO Agent v.1.8.0
  Overall Installation                                     [OK   ] Successfull!

Congratulations! You successfully installed the agent.
Now Follow the JOSSO Agent Configuration guide and setup your SSO Partner applications !

josso>

You can see all the console activity, this information will also be recorded in a log file created in josso-1.8.0/log/.

You may need to the expand the VM MaxPermSize if you're using default values.

Configure

The Single Sign-On Agent Configuration is installed in /opt/bea/wlserver_10.0/samples/domains/wl_server/josso-agent-config.xml.

Let's take a look at an example Single Sign-On Agent configuration file :

josso-agent-config.xml

<?xml version="1.0" encoding="UTF-8" ?>
<s:beans xmlns:s="http://www.springframework.org/schema/beans"
         xmlns:wl10="urn:org:josso:agent:weblogic10"
         xmlns:agent="urn:org:josso:agent:core"
         xmlns:protocol="urn:org:josso:protocol:client"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
         urn:org:josso:agent:weblogic10 http://www.josso.org/schema/josso-weblogic10-agent.xsd
         urn:org:josso:agent:core http://www.josso.org/schema/josso-agent.xsd
         urn:org:josso:protocol:client http://www.josso.org/schema/josso-protocol-client.xsd">

    <wl10:agent name="josso-tomcat60-agent" sessionAccessMinInterval="1000" >

        <!-- Gateway LOGIN and LOGOUT URLs -->
        <gatewayLoginUrl>http://localhost:7001/josso/signon/login.do</gatewayLoginUrl>
        <gatewayLogoutUrl>http://localhost:7001/josso/signon/logout.do</gatewayLogoutUrl>

        <!-- Gateway service locator -->
        <gatewayServiceLocator>
            <!-- Other properties for ws-service-locator :
            username, password, servicesWebContext, transportSecurity
            -->
            <protocol:ws-service-locator endpoint="localhost:7001" />
        </gatewayServiceLocator>

        <configuration>
            <agent:agent-configuration>

                <!-- ============================================================================= -->
                <!--                                                                               -->
                <!-- JOSSO Parnter application definicions :                                       -->
                <!--                                                                               -->
                <!-- Configure all web applications that should be a josso partner application     -->
                <!-- within this server.                                                           -->
                <!-- For each partner application you have to define the proper web-context.      -->
                <!-- ============================================================================= -->

                <agent:partner-apps>

                    <!-- Simple definition of a partner application -->
                    <agent:partner-app id="MyPartnerApp1" context="/partnerapp" />

                </agent:partner-apps>

            </agent:agent-configuration>


        </configuration>

    </wl10:agent>

</s:beans>

Using this configuration you can set :

The Gateway Login URL, where the Single Sign-On Agent will redirect the user on protected resource access request so that he can authenticate.
The Gateway Logout URL, where the Single Sign-On Agent will redirect the user on logout request.
The concrete Service Locator to be used to invoke the services of the Single Sign-On Gateway.
The Single Sign-On partner applications

In this specific case, which is the default, we are using SOAP over HTTP to invoke The Single Sign-On Gateway WebServices.
Its important to specify the endpoint configuration parameter which should contain the host and port information where the Single Sign-On WebServices are listening.

If the agent and the gateway are running in the same server this will be localhost and the port should be the port where Weblogic is listening for incoming HTTP requests.

This configuration file defines only one partner application associated with the /partnerapp web context. This means that the web application associated with the /partnerapp web context will be put behind the Single Sign-On. You can define other partner applications.

You can also take a look at the distributed configuration file for Weblogic 10.0 located in josso-1.8-0/dist/agents/config/wl10/josso-agent-config.xml

Configuring a new Weblogic Authenticator

1 - Access the administration console and click the "Security Realms" option from Your Application's Security Settings section :

2 - Select the Realm where you're adding the new Authentication Provider, we'll use myrealm in this how-to :

3 - Select the Providers section, you will see a list with configured Authenticators

4 - Now, click the New button to add JOSSO Authenticator

You need to click the Lock&Edit button to be able to add a new Authenticator

Name the Authenticator JOSSO Authenticator and select the JOSSOAuthenticator type from the list.

5 - Click the Reorder button and place JOSSO Authenticator first.

6 - Configure the Authenticators (JOSSO and Default) and set the Control Flag to SUFFICIENT

Setting Authenticator's Control Flag to SUFFICIENT will allow Weblogic Default Authenticator and JOSSO Authenticator to assert users identity if any of them succeeds to verify credentials.

7 - Save and confirm changes, now JOSSO will authenticate configured applications

Try to access the sample partner application, if you are using the Memory Identity Store and Credential Store,
you can login as user1 and user1pwd

You many need to restart Weblogic after configuring the Authenticator

Protected resource
http://localhost:7001/partnerapp/protected/

Protected resource, accessing user properties
http://localhost:7001/partnerapp/josso/

Protected resource executing EJB component that requires identity
http://localhost:7001/partnerapp/protected/ejb.jsp

Next Steps

Jossify your application for Weblogic - Quick Start

About

Enterprise Edition

Services

Community

JOSSO 2

Setup

Developer Documentation

Deployer Documentation

SSO Plugins

Page Operations

Browse Space

Setup JOSSO Agent - Weblogic 10.0

Labels: