PDA

View Full Version : JOSSO integration



eivindm
03-20-2006, 04:48 AM
Hi!

I have been looking through all documents I can find on the subject of JAAS/JOSSO integration with Pentaho, and can't seen to find anything mentioned except that the Pentaho BI Platfoem uses JOSSO for authentication.

My question is, are there any more specific documentation on how this works?

With my some limited knowledge to JAAS, I have some problems understanding how this is supposed to work: JAAS makes it possible to only allow users with a specific role to access a specified URL space. But from what I can see from the demo, all reports are presented through the ViewAction servlet (with parameters specifying which report to present). So how is it possible to only allow a user to access a few (and not all) reports using JAAS/JOSSO as they all are presented through the same servlet?

Thanks in advance
Eivind Mork

salome
09-07-2006, 02:03 AM
Hi there, did you come right with this? I have the same questions and would appreciate any help or reference to documentation to read on how this works.

eivindm
09-07-2006, 02:13 AM
No, I'm sorry. I didn't have time to dig into the code for this, so without any documentation I gave up at that point waiting for some documentation to show up in the future.

salome
09-07-2006, 02:17 AM
Thanks for the feedback. I'm looking at the josso website at the moment to try and figure this out. Will let you know if I find something useful.

ceratoz
03-16-2009, 05:00 PM
Anyone working on this integration nowadays? I am having a trouble integrating josso (1.8) in Pentaho (2.0.1).

Thanks in advance.
Gabriel

campi
03-18-2009, 07:44 AM
Hi,
I joined you the configuration files that you need to change and two screen shot of the lib that you will need to add into your tomcat lib folders and the lib folder of the WEB-INF folder of your pentaho war application.

I haven't the time to explain every step that you need to follow but I think that will help you.
The only thing that I haven't success to get it work is to show the schedulers into the administration console. I have kept a user into the administration console(the user named administrateur) that will be used by the report-designer for example for the publication (I haven't succeeded to get it work with the josso integration).

If someone know how to get the publication with the report-designer work with josso authentification I am interested in his solution.

ceratoz
03-26-2009, 03:27 PM
Hi Campi thanks for the info... here's what i've done so far:

* Deployed Pentaho 2.0 on Jboss 4.2.3 GA, tested and works fine with its own autentication scheme.
* Installed josso 1.8 gateway and agent on that jboss
* Modified pentaho.xml and applicationContext-acegi-security.xml as you described
* Added /pentaho as a partner-app in josso-agent-config.xml

Process:

--> I point to http://localhost:8080/pentaho then I get redirected to josso login page.

--> after typing credentials user1/user1pwd, auhtentication succeed


INFO [AUDIT] - sso-session - info - user1 - createSession=success - ssoSessionId=6BD4545E16FFE62490CCE909359A6079
INFO [AUDIT] - sso-user - info - user1 - authenticationSuccess=success - authScheme=basic-authentication,ssoSessionId=6BD4545E16FFE62490CCE909359A6079

--> Then I get redirected to http://localhost:8080/pentaho, but
the the following error shows up in the web browser:


org.acegisecurity.userdetails.UsernameNotFoundException: ; nested exception is:
java.io.IOException: java.io.IOException: Non nillable element 'securityDomain' is null.; nested exception is org.josso.gateway.identity.exceptions.SSOIdentityException: ; nested exception is:
java.io.IOException: java.io.IOException: Non nillable element 'securityDomain' is null.
org.josso.spring.acegi.JOSSOUserDetailsService.loadUserByUsername(JOSSOUserDetailsService.java:68)
org.josso.spring.acegi.JOSSOProcessingFilter.doFilter(JOSSOProcessingFilter.java:138)
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275)
org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275)
org.acegisecurity.util.FilterChainProxy.doFilter(FilterChainProxy.java:149)
org.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:98)
org.pentaho.platform.web.http.filters.SystemStatusFilter.doFilter(SystemStatusFilter.java:55)
org.pentaho.platform.web.http.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:113)
org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96):confused:

ceratoz
03-31-2009, 08:01 PM
After a lot of work, trying to make it work with Josso 1.8 without success, I decided to give it a try with Josso 1.7... And it worked with the configuration that Campi pointed out.

Campi, I faced same problems with report publication using the report designer. I was getting an HTTP 403 exception. This is because the report designer uses apache httpclient to publish the report passing user credentials, but it really have to authenticate against Josso first, in order to obtain a josso_sessionid. It's pretty much like this post says http://sourceforge.net/forum/message.php?msg_id=4856221.

So I decided to download the source code of report designer from pentaho svn and modify the class org.pentaho.reportdesigner.crm.report.reportexporter.RepositoryHelper / method getRepositoryDocument() and give it a try.

I had to add a new rule in the filterInvocationInterceptor bean (applicationContext-acegi-security.xml):


\A/repositoryfilepublisher.*\Z=PENTAHO_PROFIL_AUTHENTICATEDAfter that, I can publish reports successfully with this modified version of RD.

I dont know if I made it work the hard & long way, but if anyone knows a better solution... please share.