Configuration:
Tomcat has three virtual hosts (www.site-a.com, www.site-b.com, www.site-c.com) configured. Each virtual host has the same app deployed (eg. www.site-*.com/testsecurity). Users allowed to login to each site are different and stored in three different MySQL databases (sitea_users_db, siteb_users_db, sitec_users_db).
Goal:
Create JOSSO2 appliance(s) that allows only the correct set of users to login to each site.
configuration attempts that have failed (and need help): config 1:
Created one appliance for each site i.e in total three appliances (one idp, one sp, one db identity source, one execution environment, appropriate connections between each component). Result/Issue: The josso-agent-config.xml file would contain only information from the last "reactivate". Could not get all virtual hosts and partner apps listed (i.e. auto-generated)
config 2:
Created one appliance (three idp, three sp, three db identity source, one execution environment, appropriate connections between each component; all sp's point to the same execution environment). Result/Issue: The josso-agent-config.xml file would contain only information from one activation; thus sso would be enabled only for virtual host+app
config 3:
Created one appliance (three idp, three sp, three db identity source, three execution environments, appropriate connections between each component; each sp connects to a tomcat execution environment defined as local and the same install path). Result/Issue: The josso-agent-config.xml file would contain only information from the last activation; thus sso would be enabled only for virtual host+app
????? Question ?????
How can josso2 be configured for multiple apps and multiple virtual hosts? Is this possible? Can we use "remote host" even if it is local in this scenario? Is this supported (i.e correct way to configure).
Please help!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Created a new appliance (test-federated) based on the "Federated SSO Baseline". Observed how the baseline is created.
Then create a new empty identity appliance and configured using the test-federated as a guide. Now there are no localhost entries in the generated josso-agent-config.xml.
Note: If using mysql db for identity provider, then most typically, the user ids and passwords are stored in plain text (at least initially while test driving). For authentication to work correctly, modify the identity provider Basic Authentication (under authentication tab) properties so that the Hash Algorithm and Hash Encoding are set to Plain Text
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Configuration:
Tomcat has three virtual hosts (www.site-a.com, www.site-b.com, www.site-c.com) configured. Each virtual host has the same app deployed (eg. www.site-*.com/testsecurity). Users allowed to login to each site are different and stored in three different MySQL databases (sitea_users_db, siteb_users_db, sitec_users_db).
Goal:
Create JOSSO2 appliance(s) that allows only the correct set of users to login to each site.
configuration attempts that have failed (and need help):
config 1:
Created one appliance for each site i.e in total three appliances (one idp, one sp, one db identity source, one execution environment, appropriate connections between each component).
Result/Issue: The josso-agent-config.xml file would contain only information from the last "reactivate". Could not get all virtual hosts and partner apps listed (i.e. auto-generated)
config 2:
Created one appliance (three idp, three sp, three db identity source, one execution environment, appropriate connections between each component; all sp's point to the same execution environment).
Result/Issue: The josso-agent-config.xml file would contain only information from one activation; thus sso would be enabled only for virtual host+app
config 3:
Created one appliance (three idp, three sp, three db identity source, three execution environments, appropriate connections between each component; each sp connects to a tomcat execution environment defined as local and the same install path).
Result/Issue: The josso-agent-config.xml file would contain only information from the last activation; thus sso would be enabled only for virtual host+app
????? Question ?????
How can josso2 be configured for multiple apps and multiple virtual hosts? Is this possible? Can we use "remote host" even if it is local in this scenario? Is this supported (i.e correct way to configure).
Please help!
Is it possible to configure a path for the valve (for each Host in $CATALINA_BASE/conf/server.xml)
it seems this is now resolved.
Created a new appliance (test-federated) based on the "Federated SSO Baseline". Observed how the baseline is created.
Then create a new empty identity appliance and configured using the test-federated as a guide. Now there are no localhost entries in the generated josso-agent-config.xml.
Note: If using mysql db for identity provider, then most typically, the user ids and passwords are stored in plain text (at least initially while test driving). For authentication to work correctly, modify the identity provider Basic Authentication (under authentication tab) properties so that the Hash Algorithm and Hash Encoding are set to Plain Text