Implementing Crowd SSO with Spring Security in a Grails App

Hi,

I'm following the instructions to integrate a Grails app (which used Spring Security) with Crowd.

(https://confluence.atlassian.com/display/CROWD/Integrating+Crowd+with+Spring+Security)

I've got authentication working fine (up to 3.1) But I can't get SSO to work. (3.2 in the linked doc).

I've not been abkle to follow the instructions exactly, as the config is slightly different in grails, but I think I have managed to get the crowd SSO filter running. When I go to my app I get the following:

2014-04-24 10:02:52,064 [http-bio-8080-exec-7] DEBUG web.FilterChainProxy  - /login/auth at position 6 of 9 in additional filter chain; firing Filter: 'CrowdSSOAuthenticationProcessingFilter'
2014-04-24 10:02:52,064 [http-bio-8080-exec-7] DEBUG util.CrowdHttpTokenHelperImpl  - Checking for a SSO token that will need to be verified by Crowd.
2014-04-24 10:02:52,064 [http-bio-8080-exec-7] DEBUG util.CrowdHttpTokenHelperImpl  - No request attribute token could be found, now checking the browser submitted cookies.
2014-04-24 10:02:52,064 [http-bio-8080-exec-7] DEBUG util.CrowdHttpTokenHelperImpl  - Cookie name/value: JSESSIONID / 9A86DFCF77D280E9693A7AF2DD6E7619
2014-04-24 10:02:52,064 [http-bio-8080-exec-7] DEBUG util.CrowdHttpTokenHelperImpl  - Cookie name/value: auth / Z3Vlc3Q6Z3Vlc3Q%3D
2014-04-24 10:02:52,064 [http-bio-8080-exec-7] DEBUG util.CrowdHttpTokenHelperImpl  - Cookie name/value: m / 1933
2014-04-24 10:02:52,064 [http-bio-8080-exec-7] DEBUG util.CrowdHttpTokenHelperImpl  - Unable to find a valid Crowd token.
2014-04-24 10:02:52,064 [http-bio-8080-exec-7] DEBUG web.FilterChainProxy  - /login/auth at position 7 of 9 in additional filter chain; firing Filter: 'GrailsAnonymousAuthenticationFilter'
2014-04-24 10:02:52,064 [http-bio-8080-exec-7] DEBUG web.FilterChainProxy  - /login/auth at position 8 of 9 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2014-04-24 10:02:52,065 [http-bio-8080-exec-7] DEBUG web.FilterChainProxy  - /login/auth at position 9 of 9 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2014-04-24 10:02:52,068 [http-bio-8080-exec-7] DEBUG intercept.FilterSecurityInterceptor  - Secure object: FilterInvocation: URL: /login/auth; Attributes: [permitAll]

I can't see anything in the Crowd logs. SSO is working between my other Atlassian applications.

Can anyone suggest what I should be looking at to get this working? Thanks!

1 answer

Hi Tamsin, I believe the suggestions of this other question may help to troubleshoot this case.

Cheers

Hi - thanks for the response. I've made some progress. I think the problem was to do with the SSO domain - in the example above it was not looking through cookies under the correct domain.

On our staging server (which has the correct SSO domain), SSO is working one way - so if I am logged in to Confluence, I am logged in to the custom application. However, the login form on the application itself is not working at all now I have SSO enable! It definitely authenticates with crowd, because in the logs I can see that it has identified the correct roles for the user. But I just get redirected back to the login page.

I am trying to get SSO working locally so I can test more easily.

I've added the line

cookie.domain=my.sso.domain

to crowd.properties, but can't it doesn't seem to work.

I can see in the logs that the SSO filter is still looking at the cookies listed
under localhost, not under the sso domain I have set. Should it be possible to
set cookie.domain to get the SSO working for local testing?
Thanks!

I'm still having problems when the app is running on the staging server, so the SSO domain should be fine. Note that if I log into Confluence, SSO works, and i am logged into my app too. But the login form on my app is not working. In the logs it looks as if the login works but is not recognised by SSO.

I've pasted the logs from the authentication process here https://gist.github.com/anorakgirl/437a0fba01220db40f38

Would be really grateful for any suggestions. Thanks!

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Posted Tuesday in Uncategorized

Friday fun: how many celebrates Midsummer holiday or is this a Swedish tradition only?

Any other country that celebrates Midsummer holiday (this friday 22 June)?  

46 views 3 1
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you