Case #53532: LDAP integration for SSO solution not working in jive sbs


Description:


I have configured jive application to authenticate using ldap. After the set up the users were getting properly synchronized. E.g if the user doesn't exist in jive but does exist in ldap, the jive application automatically logs in and creates an account in the jive using ldap values.

So far everything looks fine.

Then I have setup the sso for jive following the guidelines given in the below url

 

http://www.jivesoftware.com/builds/docs/jive_sbs_employee/latest/developer/AuthenticationandAuthorization.html

 

Basically for sso to work we need to inject our authentication filter using spring. Following is the filter chain proxy definitions used in the sso plugin

=======================================================================================================

<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
        <property name="filterInvocationDefinitionSource">
            <value>
                CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                PATTERN_TYPE_APACHE_ANT
                /upgrade/**=httpSessionContextIntegrationFilter, upgradeAuthenticationFilter, upgradeExceptionTranslationFilter, jiveAuthenticationTranslationFilter
                /post-upgrade/**=httpSessionContextIntegrationFilter, postUpgradeAuthenticationFilter, postUpgradeExceptionTranslationFilter,jiveAuthenticationTranslationFilter
                /admin/**=httpSessionContextIntegrationFilter, adminAuthenticationFilter, adminExceptionTranslationFilter,jiveAuthenticationTranslationFilter
                /rpc/xmlrpc=wsRequireSSLFilter, httpSessionContextIntegrationFilter, federatedIdentityAuthFilter, wsExceptionTranslator, jiveAuthenticationTranslationFilter, wsAccessTypeCheckFilter
                /rpc/rest/**=wsRequireSSLFilter, httpSessionContextIntegrationFilter, federatedIdentityAuthFilter, wsExceptionTranslator, jiveAuthenticationTranslationFilter, wsAccessTypeCheckFilter
                /rpc/soap/**=wsRequireSSLFilter, httpSessionContextIntegrationFilter, federatedIdentityAuthFilter, jiveAuthenticationTranslationFilter
    /**cs_login=httpSessionContextIntegrationFilter, testFilter
                /**=httpSessionContextIntegrationFilter, federatedIdentityAuthFilter, jiveAuthenticationTranslationFilter
            </value>
        </property>
    </bean>

=======================================================================================================

After doing this the ldap synchronization is not happening. Exusting users of jive are authenticated but the users that exist in ldap but not in jive are not getting authenticated. I am getting redirected to login page. I hoped that atleast if I provide the credentials for the second time in this login page, ldap synchronization would work. Unfortunately the login page is no more working due to the sso plugin. The plugin is overriding the authentication mechanism and the login page is always failing even with proper credentials.

 

Is there a way I could have sso plugin working for all urls except the log page url (<form action="cs_login">) ? Or is there a better way to do synchronization of ldap users with jive system with sso in place?

 

Regards,

Pratap

Latest Comment: Aug 21, 2009 8:12 AM by Cory Gagliardi

Comments

More Like This