on 08-26-2014 5:08 PM
Hi Friends,
We are trying to implement Single sign on functionality in our project wherein if a user is already logged onto our one of the systems, and tries to access our hybris application, then the user should be allowed to directly login without prompting for user ID and passwords. Any pointers would be highly appreciated. Thanks.
Regards,
Hi
I have done the configuration as mentioned in the tutorial. but I am getting the below mentioned issue during the server restart.
ERROR [localhost-startStop-1] [ContextLoader] Context initialization failed
org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Failed to import bean definitions from relative location [spring-security-config.xml]
Offending resource: ServletContext resource [/WEB-INF/config/web-application-config.xml]; nested exception is org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: No AuthenticationEntryPoint could be established. Please make sure you have a login mechanism configured through the namespace (such as form-login) or specify a custom AuthenticationEntryPoint with the 'entry-point-ref' attribute
Offending resource: ServletContext resource [/WEB-INF/config/spring-security-config.xml]
at org.springframework.beans.factory.parsing.FailFastProblemReporter.error(FailFastProblemReporter.java:68)
at org.springframework.beans.factory.parsing.ReaderContext.error(ReaderContext.java:85)
at org.springframework.beans.factory.parsing.ReaderContext.error(ReaderContext.java:76)
Can you please suggest on this.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Have you looked at the wiki? https://wiki.hybris.com/display/release5/samlsinglesignon+Extension
Hello Ravi,
Your one bet is to enable SAML in Spring security. However, as Art said it is your implementation that you have to POC and eventually rollout. You can refer it here http://projects.spring.io/spring-security-saml/ . Also note that your overall security should be federated in that scenario and also be SAML compliant. If the organization does not have SSO in place now, I would recommend 3rd party SSO solutions. However with those solutions some of the systems will fall outside (they may be legacy). In my practicle sense, SSO is pipe dream when you have more (varied) systems (count may affect the overall outcome) in the fold to be covered.
Hope that was helpful.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I have moved the Storefront Single Sign On writeup to my public space so you should be able to access it now. Feel free to post follow up questions here!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks Arthur. I read through the section and found out that you are taking use of cookies for SSO when there are a couple of sites in action.
Our requirement is a bit different. I will try to explain here. We have few applications running(only one application is hybris based).We have a web server in place where in we will pass a parameter in header with the UID of user.Now, if this UID is present in the header, we want to allow the user to directly enter into the hybris website without prompting for credentials. Hope I explained the requirement clearly. Please update in this regard.Thanks
Hi Ravi,
According to this post on the old forum,
There is no out-of-the-box solution for hybris - 3rd party login service integration. This is something you have to implement for yourself.
But the commenter does link to this other comment which may be of use.
However there is a possibility to implement it via spring security which is a more or less deep integration-issue in your project.
Hello Ravi,
There are many search results on this topic on the Wiki.
Search results for Single Sign On.To use SSO between Cockpits, this tutorial should help. The spring-security-config.xml file looks like it goes inside the WEB-INF directory.
If you require more customisation, you'll need to use Domain level cookies. So if you have sub-domains as follows
storefront1.shop.com
storefront2.shop.com
Your Domain Level Cookie should be .shop.com
Write a custom RememberMeService, by extending an existing RememberMeService. There is once such service in the accelerator.
de.hybris.platform.yacceleratorstorefront.security.AcceleratorRememberMeServices
Overwrite the setCookie() method. When constructing the cookies in the setCookie() method, set it to a domain. cookie.setDomain(".shop.com");
Remember to add your bean to the spring-securiy-config.xml.
I hope these are of use to you, Luke
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
https://localhost:9002/samlsinglesignon/saml/yacceleratorstorefront/electronics/en/?asm=true&site=el... when i was hitting this url its goes to SSO Circle site Login once logged and then redirected to the storefront with ASM mode enabled.I was unable to logged in as ASM agent with the same username/email registered with on the SSO Circle.Again asking ASM agent login it was taking only username asagent and the password 123456
User | Count |
---|---|
5 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.