Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Web & Directory Servers >> Directory Servers

Problem with Sun's SSO system and Websphere Portal Server integration

Hi All,

I am facing problem integrating my SSO system with Portal Server.

It is because of this problem I cannot move ahead with personalization.

Consider a single sign on system built over Sun One WebServer, we have policy agent 2.1 installed guarding application on a sun one web server machine. This policy agent talks to access manager installed on a separate machine which also has LDAP installed.

Also, there is another system where we have portal server installed and our application deployed on it, this portal server is configured to talk to same LDAP.

And we have plugged in our portal with sun web server. (policy agent is guarding both)

Now whenever a request comes from internet it is intercepted by policy agent for authetication, login screen from access manager is thrown in case user is not logged in (otherwise user is directly allowed access to portal application)

Request once authorized by access manager will land up at an index page on SunOne from where it gets redirected to portal.

Problem I am facing is that the authorized user at sso is anonymous on portal application, reason being portal server is unware about user. We did not user portal's security manager service to handle authetication.

Now it is because of this anonymity of user my personalization rules will not work.

Note: Another thing, we have this constraint that we cannot user anyother scurity manager, other wise we could have used tivoli access manager.

Can anybody help me out with this?

Thanks,

Yaseer

[1586 byte] By [yazeea] at [2007-11-27 7:32:16]
«« How can i add my organization Name
»» running Threads-need HELP ps
# 1
What portal server are you interfacing with? Sounds like you need SSO into the portal either by a policy agent, SAML, or possibly the platform service if it is the Sun portal.
Aaron_Andersona at 2007-7-12 19:12:31 > top of Java-index,Web & Directory Servers,Directory Servers...
# 2

Its websphere portal.

See I know about a policy agent that runs on websphere portal server but since we have our existing SSO system on Sun One I cannot take the deviation; apart from this we have another restriction ie. session management would be a problem between policy agent installed on portal server and the existing one installed on sun one server.

yazeea at 2007-7-12 19:12:31 > top of Java-index,Web & Directory Servers,Directory Servers...
# 3

I am facing problems in getting j2ee policy agent configured on websphere portal server.

The J2EE policy agent file I downloaded = SJS_WebSphere_Portal_5102_agent_2[1].2.zip

I used agentadmin --install command to configure and have done post installation steps mentioned in the "Sun Java SystemAccess Manager

PolicyAgent 2.2 Guide for IBM

WebSphere Portal Server 5.1.0.2"

But I am getting error when I try to login to portal application after passing authentication at the SSO end.

The error that I get is:

[6/22/07 20:48:43:828 IST] 3215766d WsServerA WSVR0001I: Server WebSphere_Portal open for e-business

[6/22/07 20:49:07:734 IST] 5a487664 InternalGener I DSRA8203I: Database product name : DBMS:db2j

[6/22/07 20:49:07:734 IST] 5a487664 InternalGener I DSRA8204I: Database product version : 5.1.60.12

[6/22/07 20:49:07:734 IST] 5a487664 InternalGener I DSRA8205I: JDBC driver name : Cloudscape Embedded JDBC Driver

[6/22/07 20:49:07:734 IST] 5a487664 InternalGener I DSRA8206I: JDBC driver version : 5.1.60.12

[6/22/07 21:01:54:109 IST] 6eb4b679 WebGroupE SRVE0026E: [Servlet Error]-[]: java.lang.ExceptionInInitializerError

at com.sun.identity.agents.arch.Manager.<clinit>(Manager.java:641)

at com.sun.identity.agents.websphere.AmTrustAssociationInterceptor.isTargetInterce ptor(AmTrustAssociationInterceptor.java:71)

at com.ibm.ws.security.web.TAIWrapper.isTargetInterceptor(TAIWrapper.java:195)

at com.ibm.ws.security.web.TrustAssociationManager.getInterceptor(TrustAssociation Manager.java:86)

at com.ibm.ws.security.web.WebAuthenticator.handleTrustAssociation(WebAuthenticato r.java:187)

at com.ibm.ws.security.web.WebAuthenticator.authenticate(WebAuthenticator.java:928 )

at com.ibm.ws.security.web.WebCollaborator.authorize(WebCollaborator.java:531)

at com.ibm.ws.security.web.EJSWebCollaborator.preInvoke(EJSWebCollaborator.java:26 2)

at com.ibm.ws.webcontainer.webapp.WebAppSecurityCollaborator.preInvoke(WebAppSecur ityCollaborator.java:132)

at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.dispatch(WebAppRequestDi spatcher.java:506)

at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.forward(WebAppRequestDis patcher.java:208)

at com.ibm.ws.webcontainer.srt.WebAppInvoker.doForward(WebAppInvoker.java:134)

at com.ibm.ws.webcontainer.srt.WebAppInvoker.handleInvocationHook(WebAppInvoker.ja va:321)

at com.ibm.ws.webcontainer.cache.invocation.CachedInvocation.handleInvocation(Cach edInvocation.java:71)

at com.ibm.ws.webcontainer.srp.ServletRequestProcessor.dispatchByURI(ServletReques tProcessor.java:246)

at com.ibm.ws.webcontainer.oselistener.OSEListenerDispatcher.service(OSEListener.j ava:334)

at com.ibm.ws.webcontainer.http.HttpConnection.handleRequest(HttpConnection.java:5 6)

at com.ibm.ws.http.HttpConnection.readAndHandleRequest(HttpConnection.java:652)

at com.ibm.ws.http.HttpConnection.run(HttpConnection.java:448)

at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:936)

Caused by: java.lang.RuntimeException: Failed to get configuration file:AMAgent.properties

at com.sun.identity.agents.arch.AgentConfiguration.setConfigurationFilePath(AgentC onfiguration.java:412)

at com.sun.identity.agents.arch.AgentConfiguration.bootStrapClientConfiguration(Ag entConfiguration.java:475)

at com.sun.identity.agents.arch.AgentConfiguration.initializeConfiguration(AgentCo nfiguration.java:859)

at com.sun.identity.agents.arch.AgentConfiguration.<clinit>(AgentConfigurati on.java:1136)

... 20 more

[6/22/07 21:02:40:516 IST] b083679 WebGroupE SRVE0026E: [Servlet Error]-[Filter [Policy Agent]: filter is unavailable.]: java.lang.NoClassDefFoundError: com/sun/identity/agents/arch/Manager

at com.sun.identity.agents.filter.AmAgentBaseFilter.initializeFilter(AmAgentBaseFi lter.java:184)

at com.sun.identity.agents.filter.AmAgentBaseFilter.getAmFilterInstance(AmAgentBas eFilter.java:246)

at com.sun.identity.agents.filter.AmAgentBaseFilter.doFilter(AmAgentBaseFilter.jav a:36)

at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWra pper.java:132)

at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.jav a:71)

at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.handleWebAppDispatch(Web AppRequestDispatcher.java:1009)

at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.dispatch(WebAppRequestDi spatcher.java:529)

at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.forward(WebAppRequestDis patcher.java:208)

at com.ibm.ws.webcontainer.srt.WebAppInvoker.doForward(WebAppInvoker.java:134)

at com.ibm.ws.webcontainer.srt.WebAppInvoker.handleInvocationHook(WebAppInvoker.ja va:321)

at com.ibm.ws.webcontainer.cache.invocation.CachedInvocation.handleInvocation(Cach edInvocation.java:71)

at com.ibm.ws.webcontainer.srp.ServletRequestProcessor.dispatchByURI(ServletReques tProcessor.java:246)

at com.ibm.ws.webcontainer.oselistener.OSEListenerDispatcher.service(OSEListener.j ava:334)

at com.ibm.ws.webcontainer.http.HttpConnection.handleRequest(HttpConnection.java:5 6)

at com.ibm.ws.http.HttpConnection.readAndHandleRequest(HttpConnection.java:652)

at com.ibm.ws.http.HttpConnection.run(HttpConnection.java:448)

at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:936)

[6/22/07 21:48:09:828 IST] 50487664 InternalGener I DSRA8203I: Database product name : DBMS:db2j

[6/22/07 21:48:09:844 IST] 50487664 InternalGener I DSRA8204I: Database product version : 5.1.60.12

[6/22/07 21:48:09:844 IST] 50487664 InternalGener I DSRA8205I: JDBC driver name : Cloudscape Embedded JDBC Driver

[6/22/07 21:48:09:844 IST] 50487664 InternalGener I DSRA8206I: JDBC driver version : 5.1.60.12

[6/23/07 13:04:46:297 IST] 6eb4b679 WebGroupE SRVE0026E: [Servlet Error]-[com/sun/identity/agents/websphere/AmWebsphereManager]: java.lang.NoClassDefFoundError: com/sun/identity/agents/websphere/AmWebsphereManager

at com.sun.identity.agents.websphere.AmTrustAssociationInterceptor.isTargetInterce ptor(AmTrustAssociationInterceptor.java:71)

at com.ibm.ws.security.web.TAIWrapper.isTargetInterceptor(TAIWrapper.java:195)

at com.ibm.ws.security.web.TrustAssociationManager.getInterceptor(TrustAssociation Manager.java:86)

at com.ibm.ws.security.web.WebAuthenticator.handleTrustAssociation(WebAuthenticato r.java:187)

at com.ibm.ws.security.web.WebAuthenticator.authenticate(WebAuthenticator.java:928 )

at com.ibm.ws.security.web.WebCollaborator.authorize(WebCollaborator.java:531)

at com.ibm.ws.security.web.EJSWebCollaborator.preInvoke(EJSWebCollaborator.java:26 2)

at com.ibm.ws.webcontainer.webapp.WebAppSecurityCollaborator.preInvoke(WebAppSecur ityCollaborator.java:132)

at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.dispatch(WebAppRequestDi spatcher.java:506)

at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.forward(WebAppRequestDis patcher.java:208)

at com.ibm.ws.webcontainer.srt.WebAppInvoker.doForward(WebAppInvoker.java:134)

at com.ibm.ws.webcontainer.srt.WebAppInvoker.handleInvocationHook(WebAppInvoker.ja va:321)

at com.ibm.ws.webcontainer.cache.invocation.CachedInvocation.handleInvocation(Cach edInvocation.java:71)

at com.ibm.ws.webcontainer.cache.invocation.CacheableInvocationContext.invoke(Cach eableInvocationContext.java:120)

at com.ibm.ws.webcontainer.srp.ServletRequestProcessor.dispatchByURI(ServletReques tProcessor.java:250)

at com.ibm.ws.webcontainer.oselistener.OSEListenerDispatcher.service(OSEListener.j ava:334)

at com.ibm.ws.webcontainer.http.HttpConnection.handleRequest(HttpConnection.java:5 6)

at com.ibm.ws.http.HttpConnection.readAndHandleRequest(HttpConnection.java:652)

at com.ibm.ws.http.HttpConnection.run(HttpConnection.java:448)

at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:936)

[6/23/07 13:04:55:672 IST] b083679 WebGroupE SRVE0026E: [Servlet Error]-[com/sun/identity/agents/websphere/AmWebsphereManager]: java.lang.NoClassDefFoundError: com/sun/identity/agents/websphere/AmWebsphereManager

at com.sun.identity.agents.websphere.AmTrustAssociationInterceptor.isTargetInterce ptor(AmTrustAssociationInterceptor.java:71)

at com.ibm.ws.security.web.TAIWrapper.isTargetInterceptor(TAIWrapper.java:195)

at com.ibm.ws.security.web.TrustAssociationManager.getInterceptor(TrustAssociation Manager.java:86)

at com.ibm.ws.security.web.WebAuthenticator.handleTrustAssociation(WebAuthenticato r.java:187)

at com.ibm.ws.security.web.WebAuthenticator.authenticate(WebAuthenticator.java:928 )

at com.ibm.ws.security.web.WebCollaborator.authorize(WebCollaborator.java:531)

at com.ibm.ws.security.web.EJSWebCollaborator.preInvoke(EJSWebCollaborator.java:26 2)

at com.ibm.ws.webcontainer.webapp.WebAppSecurityCollaborator.preInvoke(WebAppSecur ityCollaborator.java:132)

at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.dispatch(WebAppRequestDi spatcher.java:506)

at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.forward(WebAppRequestDis patcher.java:208)

at com.ibm.ws.webcontainer.srt.WebAppInvoker.doForward(WebAppInvoker.java:134)

at com.ibm.ws.webcontainer.srt.WebAppInvoker.handleInvocationHook(WebAppInvoker.ja va:321)

at com.ibm.ws.webcontainer.cache.invocation.CachedInvocation.handleInvocation(Cach edInvocation.java:71)

at com.ibm.ws.webcontainer.srp.ServletRequestProcessor.dispatchByURI(ServletReques tProcessor.java:246)

at com.ibm.ws.webcontainer.oselistener.OSEListenerDispatcher.service(OSEListener.j ava:334)

at com.ibm.ws.webcontainer.http.HttpConnection.handleRequest(HttpConnection.java:5 6)

at com.ibm.ws.http.HttpConnection.readAndHandleRequest(HttpConnection.java:652)

at com.ibm.ws.http.HttpConnection.run(HttpConnection.java:448)

at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:936)

Message was edited by:

yazee

yazeea at 2007-7-12 19:12:31 > top of Java-index,Web & Directory Servers,Directory Servers...
# 4
is this a network install? IE you have a node agent and deployment manager?
jeffcourtadea at 2007-7-12 19:12:31 > top of Java-index,Web & Directory Servers,Directory Servers...
# 5
Currently we are working on development environment, but yes once done we will move on with network deployment. :) Message was edited by: yazeeMessage was edited by: yazee
yazeea at 2007-7-12 19:12:31 > top of Java-index,Web & Directory Servers,Directory Servers...
# 6

Do you have the agent in J2EE_POLICY or URL_POLICY mode? Unless you really need to use J2EE security I would only go with URL_POLICY mode.

I believe Sun has an internal document on how to configure the 2.2 WebSphere policy agent for J2EE mode in a WebSphere network deployment mode configuration. If you plan to do that you might want to make a request for that document.

Aaron_Andersona at 2007-7-12 19:12:31 > top of Java-index,Web & Directory Servers,Directory Servers...
# 7

Aaron,

We already have web agent 2.1 configured on the web server, now we are configuring j2ee agent 2.2 on websphere portal server. The only reason why we are behind this j2ee agent is that we need websphere portal server to autheticate users this will eventually help us in implementing the personalization feature.

Currently we are trying out j2ee agent in development environment so we are not worried about the ND our focus right now is on j2ee agent configuration with websphere portal.

-Yaseer

yazeea at 2007-7-12 19:12:31 > top of Java-index,Web & Directory Servers,Directory Servers...
Web & Directory Servers
Directory Servers

Web & Directory Servers Hot Topic

Web & Directory Servers

All Classified