Does anyone have some experience integrating CAS SSO or another SSO implementation with percussion that they might be willing to share? I’ve tried following the documentation provided in the 6.7 Administration Guide but it is a bit unclear to me and I haven’t had much luck.
Thanks for the reply Riley, but looking at that thread I couldn’t seem to glean anything useful about integrating with single sign-on. It seemed to just mention CAS offhand.
Here is a little more detail on what I’ve gone through so far. If anyone has some suggestions I would be glad to hear them.
First off, I am unsure that single sign on is even possible with our current installation. Looking at page 74 of the Administration Manual, it says that a web server security provider is only recommended for use on portals or when Rhythmyx runs as a servlet on another server container that provides security. From this description I can’t really tell whether this applies to our installation. We did a default install that included jboss as the app server. Does this mean we can’t or shouldn’t attempt to integrate with single sign-on?
Skipping ahead to page 77, it mentions Web Server security providers are only available if you interface to Rhythmyx as a servlet under the Web server or Web application server. Same question here, Does this mean we can’t or shouldn’t attempt to integrate with single sign-on?
Assuming it was possible I went ahead and tried following the directions for setting up a web server security provider. I also added the init-params specified on page 78 (authUserHeaderName and userRolesHeaderName) to the RhythmyxServlet defininition in /AppServer/server/rx/deploy/rxapp.ear/rxapp.war/WEB-INF/web.xml and created a filter that wrapped the servlet request to return a header with the user’s username. Doing all of this, I couldn’t get it to work. So maybe I am missing something?
There is also an inconsistency on page 79, it says “In the Authenticated user header name field, enter the value of the userRolesHeaderName parameter from the Rhythmyx servlet setup.” I believe this should have said “authUserHeaderName parameter”
We are having similar problems getting the Web Server security provider working. We followed the instructions in the documentation and we pass in the header to the server, and can see the header on the login page; however, we still are shown the login form. Our setup has us using a reverse proxy using AJP to connect to the server.
I agree with hmcqueen in that the documentation does not actually tell you how to get authentication working, it only tells you what to do to configure the provider.
If anyone else has had any success getting this working, please respond. Thanks in advance.
[QUOTE=hmcqueen;17016]Here is a little more detail on what I’ve gone through so far. If anyone has some suggestions I would be glad to hear them.
First off, I am unsure that single sign on is even possible with our current installation. Looking at page 74 of the Administration Manual, it says that a web server security provider is only recommended for use on portals or when Rhythmyx runs as a servlet on another server container that provides security. From this description I can’t really tell whether this applies to our installation. We did a default install that included jboss as the app server. Does this mean we can’t or shouldn’t attempt to integrate with single sign-on?
Skipping ahead to page 77, it mentions Web Server security providers are only available if you interface to Rhythmyx as a servlet under the Web server or Web application server. Same question here, Does this mean we can’t or shouldn’t attempt to integrate with single sign-on?
Assuming it was possible I went ahead and tried following the directions for setting up a web server security provider. I also added the init-params specified on page 78 (authUserHeaderName and userRolesHeaderName) to the RhythmyxServlet defininition in /AppServer/server/rx/deploy/rxapp.ear/rxapp.war/WEB-INF/web.xml and created a filter that wrapped the servlet request to return a header with the user’s username. Doing all of this, I couldn’t get it to work. So maybe I am missing something?
There is also an inconsistency on page 79, it says “In the Authenticated user header name field, enter the value of the userRolesHeaderName parameter from the Rhythmyx servlet setup.” I believe this should have said “authUserHeaderName parameter”[/QUOTE]