Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Implementing Crowd SSO with Spring Security in a Grails App

Tamsin Slinn
Tamsin Slinn April 23, 2014

Hi,

I'm following the instructions to integrate a Grails app (which used Spring Security) with Crowd.

(https://confluence.atlassian.com/display/CROWD/Integrating+Crowd+with+Spring+Security)

I've got authentication working fine (up to 3.1) But I can't get SSO to work. (3.2 in the linked doc).

I've not been abkle to follow the instructions exactly, as the config is slightly different in grails, but I think I have managed to get the crowd SSO filter running. When I go to my app I get the following:

2014-04-24 10:02:52,064 [http-bio-8080-exec-7] DEBUG web.FilterChainProxy  - /login/auth at position 6 of 9 in additional filter chain; firing Filter: 'CrowdSSOAuthenticationProcessingFilter'
2014-04-24 10:02:52,064 [http-bio-8080-exec-7] DEBUG util.CrowdHttpTokenHelperImpl  - Checking for a SSO token that will need to be verified by Crowd.
2014-04-24 10:02:52,064 [http-bio-8080-exec-7] DEBUG util.CrowdHttpTokenHelperImpl  - No request attribute token could be found, now checking the browser submitted cookies.
2014-04-24 10:02:52,064 [http-bio-8080-exec-7] DEBUG util.CrowdHttpTokenHelperImpl  - Cookie name/value: JSESSIONID / 9A86DFCF77D280E9693A7AF2DD6E7619
2014-04-24 10:02:52,064 [http-bio-8080-exec-7] DEBUG util.CrowdHttpTokenHelperImpl  - Cookie name/value: auth / Z3Vlc3Q6Z3Vlc3Q%3D
2014-04-24 10:02:52,064 [http-bio-8080-exec-7] DEBUG util.CrowdHttpTokenHelperImpl  - Cookie name/value: m / 1933
2014-04-24 10:02:52,064 [http-bio-8080-exec-7] DEBUG util.CrowdHttpTokenHelperImpl  - Unable to find a valid Crowd token.
2014-04-24 10:02:52,064 [http-bio-8080-exec-7] DEBUG web.FilterChainProxy  - /login/auth at position 7 of 9 in additional filter chain; firing Filter: 'GrailsAnonymousAuthenticationFilter'
2014-04-24 10:02:52,064 [http-bio-8080-exec-7] DEBUG web.FilterChainProxy  - /login/auth at position 8 of 9 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2014-04-24 10:02:52,065 [http-bio-8080-exec-7] DEBUG web.FilterChainProxy  - /login/auth at position 9 of 9 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2014-04-24 10:02:52,068 [http-bio-8080-exec-7] DEBUG intercept.FilterSecurityInterceptor  - Secure object: FilterInvocation: URL: /login/auth; Attributes: [permitAll]

I can't see anything in the Crowd logs. SSO is working between my other Atlassian applications.

Can anyone suggest what I should be looking at to get this working? Thanks!

Answer
Watch
Like Be the first to like this
874 views

1 answer

0 votes
Tiago Comasseto
Tiago Comasseto
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 23, 2014

Hi Tamsin, I believe the suggestions of this other question may help to troubleshoot this case.

Cheers

View More Comments
Tamsin Slinn
Tamsin Slinn April 26, 2014

Hi - thanks for the response. I've made some progress. I think the problem was to do with the SSO domain - in the example above it was not looking through cookies under the correct domain.

On our staging server (which has the correct SSO domain), SSO is working one way - so if I am logged in to Confluence, I am logged in to the custom application. However, the login form on the application itself is not working at all now I have SSO enable! It definitely authenticates with crowd, because in the logs I can see that it has identified the correct roles for the user. But I just get redirected back to the login page.

I am trying to get SSO working locally so I can test more easily.

I've added the line

cookie.domain=my.sso.domain

to crowd.properties, but can't it doesn't seem to work.

I can see in the logs that the SSO filter is still looking at the cookies listed
 under localhost, not under the sso domain I have set. Should it be possible to
set cookie.domain to get the SSO working for local testing?
Thanks!

Like
Tamsin Slinn
Tamsin Slinn April 27, 2014

I'm still having problems when the app is running on the staging server, so the SSO domain should be fine. Note that if I log into Confluence, SSO works, and i am logged into my app too. But the login form on my app is not working. In the logs it looks as if the login works but is not recognised by SSO.

I've pasted the logs from the authentication process here https://gist.github.com/anorakgirl/437a0fba01220db40f38

Would be really grateful for any suggestions. Thanks!

Like
Reply

Suggest an answer

Log in or Sign up to answer
Crowd
Crowd
TAGS
AUG Leaders

Atlassian Community Events

    See all events