Skip to main content

High Availability Single Sign On in GlassFish 3.1

Posted by swchan2 on March 1, 2011 at 4:36 PM PST

Single Sign On allows web applications to share the same authentication state.

GlassFish v2 supports virtual server level Single Sign On (SSO). Web applications with the same authentication realm in a given virtual server can share the authentication state in GlassFish v2.

GlassFish 3.1 supports SSO failover at cluster level. So one has high availability for Single Sign On in a virtual server of a cluster in GlassFish 3.1.

One can set up the SSO failover in a cluster easily as follows:

  1. Create and start a cluster.
    For instance, one can create a cluster with two instances having ports 18080 and 28080 respectively as follows:
             asadmin create-cluster ${CLUSTER_NAME}
         asadmin create-local-instance --cluster ${CLUSTER_NAME} --systemproperties HTTP_LISTENER_PORT=18080 instance1
         asadmin create-local-instance --cluster ${CLUSTER_NAME} --systemproperties HTTP_LISTENER_PORT=28080 instance2
         asadmin start-cluster ${CLUSTER_NAME}    
  2. Enable SSO in a virtual server of the given cluster.
    asadmin set ${CLUSTER_NAME}.http-service.virtual-server.${VIRTUAL_SERVER}.sso-enabled=true
  3. Enable SSO failover for the given cluster.
    asadmin set ${CLUSTER_NAME}.availability-service.web-container-availability.sso-failover-enabled=true
  4. Use a cluster level realm for web applications.
    For instance, one can create a cluster level file realm user as follows:
                 echo AS_ADMIN_USERPASSWORD=${A_PASSWORD} > pwdfile
         asadmin create-file-user --target ${CLUSTER_NAME} --authrealmname file --passwordfile pwdfile --groups ${A_GROUP} ${A_USER}        
  5. Specify <security-constraints> and <login-config> in web.xml and <security-role-mapping> in glassfish-web.xml as in any security web application. Note that all web applications participating in a SSO session must use the same realm. In addition, one has to specify <distributable/> in web.xml of web applications.
  6. Deploy web applications with --availabilityenabled=true.
                 asadmin deploy --target ${CLUSTER_NAME} --availabilityenabled=true ${A_WAR}

Download GlassFish 3.1 and try it today!

Related Topics >>