5.7.5.3. Set up the portal to redirect to OpenSSO

The next part of the process is to redirect all user authentication to the OpenSSO server.

Information about where the OpenSSO server is hosted must be properly configured within the Enterprise Portal Platform instance. The required configuration is done by modifying three files:

In the gatein.ear/web.war/groovy/groovy/webui/component/UIBannerPortlet.gtml file, modify the 'Sign In' link as follows:


<!--
<a class="Login" onclick="$signInAction"><%=_ctx.appRes("UILoginForm.label.Signin")%></a>
-->
<a class="Login" href="/portal/sso"><%=_ctx.appRes("UILoginForm.label.Signin")%></a>

In the gatein.ear/web.war/groovy/portal/webui/component/UILogoPortlet.gtmpl file, modify the 'Sign In' link as follows:


<!--
<a onclick="$signInAction"><%=_ctx.appRes("UILogoPortlet.action.signin")%></a>
-->
<a href="/portal/sso"><%=_ctx.appRes("UILogoPortlet.action.signin")%></a>

Replace the entire contents of gatein.ear/02portal.war/login/jsp/login.jsp with:


<html>

  <head>

    <script type="text/javascript">

     window.location = '/portal/sso';

    </script>

  </head>

  <body>

  </body>

</html>

Add the following filters at the top of the filter chain in gatein.ear/02portal.war/WEB-INF/web.xml:

<filter>
   <filter-name>LoginRedirectFilter</filter-name>
   <filter-class>org.gatein.sso.agent.filter.LoginRedirectFilter</filter-class>
   <init-param>
      <!-- This should point to your SSO authentication server -->
      <param-name>LOGIN_URL</param-name>
      <param-value>http://localhost:8888/opensso/UI/Login?realm=gatein&amp;goto=http://localhost:8080/portal/initiatessologin</param-value>
   </init-param>
</filter>
<filter>
   <filter-name>OpenSSOLogoutFilter</filter-name>
   <filter-class>org.gatein.sso.agent.filter.OpenSSOLogoutFilter</filter-class>
   <init-param>
      <!-- This should point to your SSO authentication server -->
      <param-name>LOGOUT_URL</param-name>
      <param-value>http://localhost:8888/opensso/UI/Logout</param-value>
   </init-param>
</filter>
<filter>
   <filter-name>InitiateLoginFilter</filter-name>
   <filter-class>org.gatein.sso.agent.filter.InitiateLoginFilter</filter-class>
   <init-param>
      <param-name>ssoServerUrl</param-name>
      <param-value>http://localhost:8888/opensso</param-value>
   </init-param>
   <init-param>
      <param-name>loginUrl</param-name>
      <param-value>http://localhost:8080/portal/dologin</param-value>
   </init-param>
   <init-param>
      <param-name>ssoCookieName</param-name>
      <param-value>iPlanetDirectoryPro</param-value>
   </init-param>
</filter>

<!-- Mapping the filters at the very top of the filter chain -->
<filter-mapping>
   <filter-name>LoginRedirectFilter</filter-name>
   <url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
   <filter-name>OpenSSOLogoutFilter</filter-name>
   <url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
   <filter-name>InitiateLoginFilter</filter-name>
   <url-pattern>/initiatessologin</url-pattern>
</filter-mapping>

From now on, all links redirecting to the user authentication pages will redirect to the OpenSSO centralized authentication form.