users@jersey.java.net

OpenSSO Identity Services Integration

From: Ronak Patel <ronak2121_at_yahoo.com>
Date: Tue, 13 Oct 2009 16:10:56 -0700 (PDT)

Paul,

What I'm seeing is that OpenSSO sets the Tomcat security principal properly when I hit my JAX-RS Jersey app from a browser window.

It's when I hit my webapp from my iPhone App using OpenSSO's identity services that I'm having a problem.

OpenSSO has a security agent that is injected into the loop by a servlet filter but it doesn't seem to be able to generate this principal.

That leads me to believe that my iPhone App code is incorrect and not setting the appropriate cookies.

However, I did see that OpenSSO has an openssoclientsdk that you can use to parse out the http headers and obtain a security principal.

So, I was thinking that if I can inject my own @SecurityContext implementation using this openssoclientsdk maybe I can get that to work. However, I think the Agent would be using this same mechanism to generate the principal and if it didn't work there...why should it work when I use it?

Ronak



________________________________
From: Paul Sandoz <Paul.Sandoz_at_Sun.COM>
To: users_at_jersey.dev.java.net
Sent: Tue, October 13, 2009 2:36:07 AM
Subject: Re: [Jersey] OpenSSO Integration

Hi Ronak,

I do not have any experience with OpenSSO. We need some OpenSSO experts to respond (there are some listening :-) ).

When you say "not always setting the principal in the container" can you provide more information describing the conditions when it does and does not work?

Note that Jersey obtains the security information, like the Principle, from the HttpServletRequest instance. So it might be than OpenSSO does not have appropriate integration with Tomcat's security layer.

Paul.

On Oct 12, 2009, at 9:03 PM, Ronak Patel wrote:

> All,
>
> I've been trying to get OpenSSO integrated with JAX-RS Jersey and I'm having a problem with it that I'm wondering someone else may also have had.
>
> I have an OpenSSO Agent set up in front of my Jersey applications to authenticate and authorize with OpenSSO on Tomcat 6.
>
> The weird thing I'm seeing is that OpenSSO is not always setting the principal in the container.
>
> I was wondering if it would be required to implement my own concrete class for the SecurityContext which parses the http headers and pulls the Principal from OpenSSO using the OpenSSOclientsdk.
>
> Has anyone ever encountered this?
>
> Thanks!
>
> Ronak
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
For additional commands, e-mail: users-help_at_jersey.dev.java.net