Case #52126: Providng SSO solution for jive applications


Description:


Hi,

I am currently trying to get SSO work for jive application. I used the guidelines provided by Jive people for the same. The guidelines are at the below link

 

http://www.jivesoftware.com/builds/docs/jive_sbs_employee/latest/developer/AuthenticationandAuthorization.html

 

I changed the filter and agent code as per my needs. Following is the flow of my code in filter:

 

1. Check if the user is already authenticated

2. If not authenticated, read the user id from incoming 'uid' header of HttpServletRequest

3. Created UserTemplate object using user uid in the agent

4. I am then setting the User to SecurityContext by passing object of JiveUserAuthentication. JiveUserAuthentication object is created by passing the user object created in step 3.

 

That's all the code that is there in my filter. I checked the logs through debug messages and saw that uid header is coming and JiveUserAuthentication  is also set in the SecurityContext. But unfortunately I am not getting redirected to the desired page. It is taking me to the log in page of jive. I see no error messages in the logs. If I provide the log in credentials jive doesn't authenticate anymore as formAuthenticationFilter is replaced by my federatedIdentityAuthFilter. This step I did by following the guidelines in the above link.

 

I am not sure if this is the correcct approach to notify to Jive SBS system that user is authenticated. Please help me me in doing it right.

 

Following is the code in my filter and agent

 

=============================================================================================

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
  throws IOException, ServletException {
 
  final SecurityContext context = SecurityContextHolder.getContext();
  final HttpServletRequest servletRequest = (HttpServletRequest)request;
  System.out.println("in filter uri==================="+servletRequest.getRequestURI()); 
  Authentication auth = context.getAuthentication();
 
  if((auth == null || !auth.isAuthenticated() || (auth instanceof AnonymousAuthentication && !allowAnon)) && active) {
  
   long timer = System.currentTimeMillis();
   //attempt to resolve the user from the agent  
   User externalUser = userAgent.extractUserFromRequest(servletRequest);
   try {
   
    if(externalUser != null) {
     context.setAuthentication(new JiveUserAuthentication(externalUser)); 

     System.out.println("Found user=="+externalUser);
     log.info("Found user=="+externalUser);
    }else
    {
     System.out.println("User agent failed to load user.");
     log.info("User agent failed to load user.");
    }
          
   }
   catch(Exception ex) {
    log.info("User agent failed to load user with exception.", ex);
   }  
  }
 
  chain.doFilter(request, response);
}

 

-----------------------------------------extractUserFromRequest method in agent-------------------------

public User extractUserFromRequest(HttpServletRequest request) {
 
  String userId = request.getHeader("uid");
  System.out.println("User id in agent========="+userId);
  if(userId == null) return null;
 
  UserTemplate ut = new UserTemplate();
  ut.setUsername(userId);
  ut.setEmail("pratapm@virtusa.com");
  ut.setName("Pratap Maddi");

  return ut;
}

--------------------------------------------------------------------------------------------------------------------------------

 

 

===================================================================================

Latest Comment: Aug 21, 2009 12:55 AM by pratapmaddi

Comments

More Like This