Siteminder integration

[tangc]

Hello,

 

I am currently attempting integration of JasperIntelligence with Siteminder, using the SiteminderAuthenticationProcessingFilter and SiteminderAuthenticationProvider classes from Acegi. Right now, I'm using the form parameter to feed in the user ID.

 

From what I can tell, the user ID goes through OK. When UserAuthorityServiceImpl is invoked, the lookup fails since the user is not on the user database. I was then expecting the MetadataAuthenticationProcessingFilter to grab the Authentication object and create an entry on the user database; however, the Authentication object seems to be null at that point, and thus everything fails.

 

Is there a sample of applicationContext-security.xml that shows a successful use of Siteminder integration? I ended up building Acegi from a snapshot code drop as it was the only one with SiteminderAuthenticationProvider, however I'm not even sure I need it.

 

Thanks!

 

Carlos

[swood]

There was a bug I fixed in JI 1.0.1 that was preventing what you want to occur.

 

Teodor, Lucian and Ionut have just finished packaging up JI 1.1 with this fix in it. It is a WAR at the moment - we will get the installer version of this out next.

 

For better or for worse, I am the main Acegi guy on the team. We have not done a Siteminder integration, but it seems from the Acegi documentation that this is doable in Acegi with the SiteminderAuthenticationProvider etc, but I see that that those classes were not included in Acegi 1.0.1.

 

 

Sherman

JasperSoft

[tangc]

Thanks for the quick reply. I'm using the WAR file install, so will wait for the 1.1 release. Any idea when that will become available?

 

Yes, Acegi 1.0.1 doesn't include the SiteminderAuthenticationProvider class. The javadoc on their main site refers to it, though, which is why I ended up building it from the latest code snapshot. I'll let you know if we run into any further hiccups.

 

On a slightly separate note, will the 1.1 build still require the JasperIntelligence-1.0.1-Oracle.zip patch to use Oracle as the report repository?

[swood]

We will need to produce a new version of that patch. Some tables have changed in the database.

 

 

Sherman

JasperSoft

[smynampati]

I am using Jasper Server 3.0, Need to integrate with Siteminder.

I prepared my class

SiteMinderUserDetailsService

that extends PreAuthenticatedGrantedAuthoritiesUserDetailsService

and  implements UserDetailsService

I also created UserDetails class.

My problem is I am running into error.

When I try to execute a report, I run into the following report. The report executes fine, if I take Siteminder authentication out or directly run from the jasper server.

Need help.

 

 

com.jaspersoft.jasperserver.api.JSException: jsexception.user.expired
    at com.jaspersoft.jasperserver.api.engine.common.service.impl.AcegiSecurityContextProvider.setAuthenticatedUser(AcegiSecurityContextProvider.java:94)
    at com.jaspersoft.jasperserver.api.engine.scheduling.quartz.ReportExecutionJob.execute(ReportExecutionJob.java:186)
    at org.quartz.core.JobRunShell.run(JobRunShell.java:195)
    at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:520)
11:04:59,062 ERROR ErrorLogger,JasperServerScheduler_Worker-0:2015 - Job (ReportJobs.job_396 threw an exception.
org.quartz.SchedulerException: Job threw an unhandled exception. [see nested exception: com.jaspersoft.jasperserver.api.JSException: jsexception.user.expired]
    at org.quartz.core.JobRunShell.run(JobRunShell.java:206)
    at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:520)
* Nested Exception (Underlying Cause) ---------------
com.jaspersoft.jasperserver.api.JSException: jsexception.user.expired
    at com.jaspersoft.jasperserver.api.engine.common.service.impl.AcegiSecurityContextProvider.setAuthenticatedUser(AcegiSecurityContextProvider.java:94)
    at com.jaspersoft.jasperserver.api.engine.scheduling.quartz.ReportExecutionJob.execute(ReportExecutionJob.java:186)
    at org.quartz.core.JobRunShell.run(JobRunShell.java:195)
    at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:520)
11:04:59,968 DEBUG ExceptionTranslationFilter,http-8080-Processor24:169 - Chain processed normally
11:04:59,968 DEBUG ExceptionTranslationFilter,http-8080-Processor24:169 - Chain processed normally
11

[swood]

When the scheduled report runs, the user who created the report is used. This is based on the user information stored in the JasperServer repository. For some reason, the user managed by Siteminder has the enabled flag set to false on the user. Those users from Siteminder are maintained in the JasperServer repository during the login process and are not normally touched. Is the SiteMinder user being updated in something you are doing?

 

Sherman

Jaspersoft