[OpenAM] Deploy ApexIdentity's gateway on Glassfish error

Jamie Nelson jamie.nelson at forgerock.com
Thu Sep 8 14:22:49 EDT 2011 

> OK, Dan, don't worry.
>
> Other question about SSO between third parties
>
> I am investigate in how to do SSO between aplication securing by
> openAM and others application in Oracle Application server Form. I
> thought use the gateway of openAM for 'password replay' could solve my
> goals but the applets of java secured by OA Forms are running in the
> client site, and the gateway could not solve this.

My knowledge of Oracle forms is extremely limited, but my  
understanding is the applets may be configured to use HTTP.  Have you  
tried installing the  gateway between the applets and the forms  
server ?  Or is the use of HTTP with forms only an optional feature.

>
> The idea is make SSO between diferent application with agent less in
> the site of the Oracle App. Forms, in other words, some plugin that
> makes login with username/password to emulate the SSO access, the same
> way as the Apex Identity /openAM gateway with 'password reply'.

If the traffic is not HTTP or a public protocol you may be stuck with  
a classic ESSO solution as your only option.

Thanks,

Jamie

>
> Advices are wellcome.
>
> On Wed, Sep 7, 2011 at 8:58 PM, Dan Cutler <DCutler at intelimedix.com>  
> wrote:
>> Isaac,
>>
>> A little late im my reply...
>>
>> Thank you for the suggestion and offer to help!
>>
>> I am now moving in a completely different direction. (ie. I have  
>> abandoned the Apex based solution).
>>
>> My initial reason for attempting this was to try to solve  
>> SharePoint 2010 itegration using "basic mode" authentication.
>>
>> I am now working with Forgerock directly towards implementing  
>> "password replay" functionality into the Win 64 bit IIS 7 3.x based  
>> agent (and its going very well ;-)
>>
>> But thanks again anyway!
>>
>> --Dan
>>
>> -----Original Message-----
>> From: openam-bounces at forgerock.org [mailto:openam-bounces at forgerock.org 
>> ] On Behalf Of Isaac Casanovas
>> Sent: Wednesday, August 31, 2011 3:01 PM
>> To: Users
>> Subject: Re: [OpenAM] Deploy ApexIdentity's gateway on Glassfish  
>> error
>>
>> Hi, I have integrated the proxy Apex Identity manager with a OpenAM
>> and one web application with form access. The gateway replayed the
>> username and password to the web application and the user acces is  
>> way
>> SSO.
>>
>> A litle bit confusion in the integration is that you should deploy  
>> the
>> gateway in the root context (move the actual ROOT folder and deploy
>> the gateway renamed at ROOT.war).
>>
>> The configuration of json and others is good explained in the guide  
>> of
>> Apex Identity web site.
>>
>> If you needed, I can help in the integration.
>>
>> On Tue, Aug 9, 2011 at 1:44 AM, Jamie Nelson <jamie.nelson at forgerock.com 
>> > wrote:
>>>
>>>
>>>> Peter, Jamie,
>>>>
>>>> Thanks for the pointers.  I removed the mentioned jar and was able
>>>> to install the gateway on glassfish u2 where I am also running
>>>> OpenAM.  (I attempted to install tomcat on another box but had some
>>>> issues)...
>>>>
>>>> I'm not a java guy so I think my current issues are just my
>>>> ignorance of java and how to manipulate configurations.
>>>>
>>>> First, I am a little confused as to what to name the jar file  
>>>> should
>>>> be and what the context root should be, the "name" and whether or
>>>> not I need to use an alternate virtual server, etc.
>>>
>>> It does not matter what the war file is named as long as you  
>>> deploy it
>>> to the root context.  By root I mean /, not the actual name root.  
>>> You
>>> want every request going to the container to go to the Gateway web
>>> application.  The Gateway will then process and connect to the  
>>> target
>>> application(s) based on the JSON configuration file.
>>>
>>> If using the Glassfish admin console you would enter  / (no quotes)
>>> for the Context Root.
>>>
>>>>
>>>> Currently, I have a running OpenAM 9.5.2 on port 443 with a real  
>>>> cert.
>>>> I obviously added a listener I named http-listener-443 and added
>>>> that listener to the virtual server named "server".  I am not clear
>>>> whether or not the port 8080 listener can also be used on the same
>>>> virtual server as where I'm running OpenAM.  Should I add an
>>>> additional virtual server and move the port 8080 listener to it?  I
>>>> eventually need this whole setup to be 443 but for now 8080 is fine
>>>> (if I've done it corectly).
>>>
>>> You should install the OpenAM server and the Gateway on different
>>> containers or different Glassfish domains.
>>>
>>> Start by getting the OpenAM server running, then add the agent  
>>> without
>>> the Gateway and make sure you have it protecting some static HTML  
>>> page
>>> or sample servlet.  Once you have that working deploy the Gateway  
>>> web
>>> application.
>>>
>>>>
>>>> Anyway, I deployed the gateway and named the context root "gateway"
>>>> and named it "gateway".  The installer warned that they didn't  
>>>> match
>>>> the jar name (gateway-2.0.0.jar).  Should I just rename the jar to
>>>> match the name?  The proxy test instructions seem to indicate the
>>>> context-root, name and jar should all be "agentapp"???
>>>
>>> The names don't matter.  You just need to deploy it with / as the
>>> context root.
>>>
>>> It sounds like you are also confusing the OpenAM agent and the  
>>> Gateway
>>> web application.   First install the agent and deploy the agentapp
>>> which should be deployed with context root agentapp.  The agentapp  
>>> is
>>> part of the OpenAM agent installation. As recommended above, once  
>>> you
>>> have the agent working with a static page, then deploy the Gateway.
>>>
>>> Thanks,
>>>
>>> Jamie
>>>
>>>>
>>>> Currently when I attemp to "launch" the gateway (ie open http://server.mydomain.com:8080/gateway)
>>>> , I get a 404..
>>>>
>>>> Anyway, sorry for my newbie questions - again I'm not a java guy...
>>>>
>>>> Thank you both!
>>>>
>>>> --Dan
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: openam-bounces at forgerock.org [mailto:openam-bounces at forgerock.org
>>>> ] On Behalf Of Major Péter
>>>> Sent: Saturday, August 06, 2011 7:31 AM
>>>> To: Users
>>>> Subject: Re: [OpenAM] Deploy ApexIdentity's gateway on Glassfish  
>>>> error
>>>>
>>>> I've encountered with this error with OpenAM too. In my case I  
>>>> had to
>>>> install Metro 1.5 on my GlassFish (metro.java.net), then remove the
>>>> webservices-rt.jar from the OpenAM war file.
>>>> BTW this error only occured to me when I was using v2.5 web.xml (so
>>>> using the XSD declaration instead of 2.(3|4) DTD...
>>>>
>>>> Hope this helps.
>>>>
>>>> Peter
>>>>
>>>> On 2011-08-05 22:23, Jamie Nelson wrote:
>>>>>
>>>>> A good description of the problem can be found here
>>>>> <http://www.java.net/node/677505>. The Gateway embeds the Fedlet
>>>>> libraries which in turn require webservices-rt-1.5.jar. The  
>>>>> simplest
>>>>> workaround is to use Tomcat or Jetty. If you need to use Glassfish
>>>>> and
>>>>> you are not using Federation you can remove
>>>>> WEB-INF/lib/webservices-rt-1.5.jar from the Gateway war and
>>>>> redeploy. We
>>>>> will have to figure out how to get around this with Glassfish.
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Jamie
>>>>>
>>>>>
>>>>>
>>>>>> OpenAMers,
>>>>>> I am attempting to implement the ApexIdentity reverse proxy  
>>>>>> solution
>>>>>> so that I can authenticate via OpenAM to Sharepoint 2010.
>>>>>> I prepared for the test instance described in ApexIdentity docs
>>>>>> (http://resources.apexidentity.com/projects/docs/wiki/UseCase6)
>>>>>> When I attempt to deploy the gateway war file (gateway-2.0.0.war)
>>>>>> onto
>>>>>> my existing Glassfish 9.1_02 (u2) container, I get the following
>>>>>> error:
>>>>>> An error has occurred
>>>>>> Deploying application in domain failed; Error loading deployment
>>>>>> descriptors for module [root] -- wsdl file WEB-INF/wsdl/wsat.wsdl
>>>>>> does
>>>>>> not exist for web service WSATCoordinator Error loading  
>>>>>> deployment
>>>>>> descriptors for module [root] -- wsdl file WEB-INF/wsdl/wsat.wsdl
>>>>>> does
>>>>>> not exist for web service WSATCoordinator
>>>>>> Any thoughts/suggestions?
>>>>>> Thanks in advance,
>>>>>> --Dan
>>>>>> _______________________________________________
>>>>>> OpenAM mailing list
>>>>>> OpenAM at forgerock.org <mailto:OpenAM at forgerock.org>
>>>>>> https://lists.forgerock.org/mailman/listinfo/openam
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> OpenAM mailing list
>>>>> OpenAM at forgerock.org
>>>>> https://lists.forgerock.org/mailman/listinfo/openam
>>>> _______________________________________________
>>>> OpenAM mailing list
>>>> OpenAM at forgerock.org
>>>> https://lists.forgerock.org/mailman/listinfo/openam
>>>> _______________________________________________
>>>> OpenAM mailing list
>>>> OpenAM at forgerock.org
>>>> https://lists.forgerock.org/mailman/listinfo/openam
>>>
>>> _______________________________________________
>>> OpenAM mailing list
>>> OpenAM at forgerock.org
>>> https://lists.forgerock.org/mailman/listinfo/openam
>>>
>>
>>
>>
>> --
>> PGP public key,
>> http://keys.kfwebs.net:11371/pks/lookup?op=get&search=0x51FB397BFF53DF52
>> _______________________________________________
>> OpenAM mailing list
>> OpenAM at forgerock.org
>> https://lists.forgerock.org/mailman/listinfo/openam
>> _______________________________________________
>> OpenAM mailing list
>> OpenAM at forgerock.org
>> https://lists.forgerock.org/mailman/listinfo/openam
>>
>
>
>
> -- 
> PGP public key,
> http://keys.kfwebs.net:11371/pks/lookup?op=get&search=0x51FB397BFF53DF52
> _______________________________________________
> OpenAM mailing list
> OpenAM at forgerock.org
> https://lists.forgerock.org/mailman/listinfo/openam

More information about the OpenAM mailing list