« OpenID for JEE Appli... | Main | OpenID for JEE Appli... »

OpenID for JEE Applications - Part II

• Part I - The JSR-196, a general overview 
• Part II - How to install a OpenID Module on Glassfish
• Part III - Using OpenID in your Web Application

In Part I. I described the general concepts behind the JSR 196 and the OpenID integration in Glassfish. Now I would like to explain how you can configure a OpenLogin Provider in Glassfish. 

To configure a OpenID Provider in glassfish you need first the libary containg the OpenID Login Module. You can download the latest version of the library containing this OpenID Login Module from here: (sam.openid-0.0.1-SNAPSHOT.jar).
Next you can put the jar file simply into the <GF_HOME>/lib folder of your Glassfish installation.

Configuration of a OpenID Login Provider

You can configure the OpenID Login Provider using the GlassFish Admin Console following the next steps:

1. Make sure the GlassFish Application Server is running. If it is not already running, you can start it using the following command:

      <GF_HOME>bin/asadmin start-domain domain1
   

   where <GF_HOME> is the directory where you installed GlassFish

2. Open the GlassFish Admin Console by pointing your browser to the URL: http://localhost:4848/.
3. Login to the Admin Console by entering your ID and password.
4. Expand the Configuration node at the bottom of the left-hand pane.
5. Navigate to the Security node, expand it, and click MessageSecurity.
   
   
   
   
   
6. Under Message Security Configurations, either open the HttpServlet layer if it already exists, or create it if it doesn't exist by clicking the New button. Clicking the button opens the New Message Security Configuration window.

If you can not see the HttpServlet node you need to create the layer:

 

 Click the "New" button and you can than start to configure the new provider in one step. To do that:


• Set the following in the New Message Security Configuration window:

  Provider Type: server
  Provider ID: OpenIDProvider
  Class Name: SAM, that is, com.sun.security.sam.openid2.OpenIDServerAuthModule

  Do not check the Default Provider: Enabled check box.

   

• Click the OK button. This saves the settings and opens the Message Security Configurations window.
• Click on HttpServlet in the Authentication Layer column.
• Select the Providers tab. This opens the Provider Configuration window.
• Select OpenIDProvider in the Provider ID column you just created. This opens the Edit Provider Configuration window.
• Click the Save button to complete the configuration of the provider.

If the HttpServlet layer already exists, you open first the provider list and add a new Provider:

• Open the HttpServlet layer by selecting it in the Message Security Configurations window.
• Select the Providers tab to open the Provider Configuration window.
  
  
  
  
  
• Click the New button to open the New Provider Configuration window.
• In the Provider Configuration area of the window, set the following:

  Provider Type: server
  Provider ID: OpenIDProvider
  Class Name: SAM, that is, com.sun.security.sam.openid2.OpenIDServerAuthModule

  Do not check the Default Provider: Enabled check box.

For the first configuration this is a little bit confusing as you need to create the HttpServlet Layer. But in general the hole configuration is very simple. 

Also note that the provider configuration utility also provides a dialog box that you can use to configure additional properties. We will use this properties to configure out OpenIDProvider for our applications.

Configure additional Properties

After adding the new OpenIDProvider like described before you can start using the provider in your web application. But there a also a few additional properties which can be configured for each provicer instance. You cann add these properties by using the box "additional properties at the end of you confiugration page:

 

The different properties and there usage are described below:

assign.groups

This property is the most important one. It defines which group will be assigend to a user how has loged on with its OpenID. Typical this is a default group used in your web application. 

debug

Defines is login module will print debug messages on the console file. Remove this property to turn debug modus off.

debug.stages

This property allows you define different debug stages. So you can follow the different phases during the logon process on the server log. Remove this property to turn the debug modus off.

loginpage

Per default the login module will promt the user with a simpel login page where he can enter his OpenID url. You can replace this default page with a individueal page supported by your web application (simmilar to a form based authentification). We will descuss this later.

verifymode

This property can be set to "once" or "allways". If the property is set to "once" the login module will verify the OpenID Token only first time the user enters a restricted page. If set to "allways" (default) the token will be verified for every request of a restricted ressource.

Tags

Search

Up to 10 Recent Entries

• Liferay, Glassfish, Hot Deploy
• OpenID and Yahoo
• Liferay, JSF and Glasssfish
• Ubuntu 10.4, Glassfish V3 and Java.....
• EJB 3.0 and WebServices
• RichFaces and Prototype - how to avoid problems
• Imixs Workflow on JEE6
• AXIOM jar Conflict in Glassfish 2.1.1
• RichFaces on Glassfish
• JEE6 and packaging an EAR

Feeds

• Alle
• /General
• /Maven
• Comments

Categories

• Alle
• General
• Maven

Bookmarks

• imxis Workflow Blog (en)
• Open Source Workflow
• imixs Workflow Blog (de)
• imixs.com
• blogs.sun.com