[gatein-commits] gatein SVN: r6968 - epp/docs/branches/5.1/Reference_Guide/en-US/modules/AuthenticationAndIdentity.

do-not-reply at jboss.org do-not-reply at jboss.org
Tue Aug 2 00:22:05 EDT 2011 

Author: smumford
Date: 2011-08-02 00:22:04 -0400 (Tue, 02 Aug 2011)
New Revision: 6968

Modified:
   epp/docs/branches/5.1/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml
Log:
JBEPP-894:Added Enabling SSO valve section.

Modified: epp/docs/branches/5.1/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml
===================================================================
--- epp/docs/branches/5.1/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml	2011-08-01 21:47:46 UTC (rev 6967)
+++ epp/docs/branches/5.1/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml	2011-08-02 04:22:04 UTC (rev 6968)
@@ -60,7 +60,149 @@
         </warning>
     </section>
 
-    
+    <section>
+        <title><remark>Enabling SSO using JBoss SSO valve</remark></title>
+<!-- Source Metadata
+URL: https://issues.jboss.org/browse/JBQA-4530
+Author [w/email]:  Marek Posolda  (mposolda at redhat.com)
+
+URL: http://community.jboss.org/wiki/JBossWebSingleSignOn
+Author [w/email]: Brian Stansberry (bstansberry at jboss.com)
+
+URL: https://issues.jboss.org/browse/JBEPP-615
+Author [w/email]: Marek Posolda  (mposolda at redhat.com)
+-->
+            <para>
+                To successfully implement SSO integration, do the following:
+            </para> 
+            <procedure>
+                <title>SSO Integration</title>
+                    <step>
+                        <para>
+                            Open the <filename><replaceable>&lt;JBOSS_HOME&gt;</replaceable>/server/<replaceable>&lt;PROFILE&gt;</replaceable>/deploy/jmx-console.war/WEB-INF/web.xml</filename> file and ensure the following lines are present and unaltered:
+                        </para>
+
+<programlisting language="XML" role="XML"><![CDATA[<security-constraint>
+ <web-resource-collection>
+   <web-resource-name>HtmlAdaptor</web-resource-name>
+   <description>An example security config that only allows users with the
+     role JBossAdmin to access the HTML JMX console web application
+   </description>
+   <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+   <role-name>JBossAdmin</role-name>
+ </auth-constraint>
+</security-constraint>
+
+<login-config>
+  <auth-method>BASIC</auth-method>
+  <realm-name>JBoss JMX Console</realm-name>
+</login-config>
+
+<security-role>
+  <role-name>JBossAdmin</role-name>
+</security-role>
+]]></programlisting>
+                    </step>
+                    <step>
+                        <para>
+                            Open the <filename>/<replaceable>&lt;JBOSS_HOME&gt;</replaceable>/server/<replaceable>&lt;PROFILE&gt;</replaceable>/deploy/jbossweb.sar/server.xml</filename> file and uncomment one of the two <parameter>Valve</parameter> entries:
+                        </para>
+                        <itemizedlist>
+                            <listitem>
+                                <para>
+                                    For a <emphasis>non-clustered</emphasis> implementation, uncomment:
+                                </para>
+
+<programlisting language="XML" role="XML"><![CDATA[<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
+]]></programlisting>
+                            </listitem>
+                            <listitem>
+                                <para>
+                                    For a <emphasis>clustered</emphasis> implementation, uncomment:
+                                </para>
+
+<programlisting language="XML" role="XML"><![CDATA[<Valve className="org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn" />
+]]></programlisting>
+                            </listitem>
+                        </itemizedlist>
+                    </step>
+                    <step>
+                        <para>
+                            To integrate with the JBoss SSO valve, follow <emphasis role="bold">one</emphasis> of the procedures below to make the necessary configuration changes in the Java Authentication and Authorization Service (<emphasis role="bold">JAAS</emphasis>):
+                        </para>
+                        <itemizedlist>
+                            <listitem>
+                                <procedure>
+                                    <title>Call the JAAS authentication directly</title>
+                                        <step>
+                                            <para>
+                                                Open the <filename>/<replaceable>&lt;JBOSS_HOME&gt;</replaceable>/server/<replaceable>&lt;PROFILE&gt;</replaceable>/deploy/gatein.ear/02portal.war/login/jsp/login.jsp</filename> file.
+                                            </para>
+                                        </step>
+                                        <step>
+                                            <para>
+                                                Change the line that reads:
+                                            </para>
+<programlisting language="XML" role="XML"><![CDATA[<form name="loginForm" action="<%= contextPath + "/login"%>" method="post" style="margin: 0px;">
+]]></programlisting>
+                                            <para>
+                                                to read:
+                                            </para>
+<programlisting language="XML" role="XML"><![CDATA[<form name="loginForm" action="<%= contextPath + "/private/j_security_check"%>" method="post" style="margin: 0px;">
+]]></programlisting>
+                                        </step>
+                                        <step>
+                                            <para>
+                                                Change the line that reads:
+                                            </para>
+<programlisting language="XML" role="XML"><![CDATA[<td><input class="UserName" name="username" value="<%=username%>"/></td>
+]]></programlisting>
+                                            <para>
+                                                to read:
+                                            </para>
+<programlisting language="XML" role="XML"><![CDATA[<td><input class="UserName" name="j_username" value="<%=username%>"/></td>
+]]></programlisting>
+                                        </step>
+                                        <step>
+                                            <para>
+                                                Change the line that reads:
+                                            </para>
+<programlisting language="XML" role="XML"><![CDATA[<td><input class="Password" type="password" name="password" value=""/></td>
+]]></programlisting>
+
+                                            <para>
+                                                to read:
+                                            </para>
+<programlisting language="XML" role="XML"><![CDATA[<td><input class="Password" type="password" name="j_password" value=""/></td>
+]]></programlisting>
+                                        </step>
+                                </procedure>
+                            </listitem>
+                            <listitem>
+                                <procedure>
+                                    <title>Switch to <emphasis role="bold">BASIC</emphasis> authentication</title>
+                                        <step>
+                                            <para>
+                                                Change the <parameter>auth-method</parameter> element in <filename><replaceable>&lt;JBOSS_HOME&gt;</replaceable>/server/<replaceable>&lt;PROFILE&gt;</replaceable>/deploy/gatein.ear/02portal.war/WEB-INF/web.xml</filename> from <parameter>FORM</parameter> to <parameter>BASIC</parameter>:
+                                            </para>
+<programlisting language="XML" role="XML"><![CDATA[<login-config>
+<auth-method>BASIC</auth-method>
+<realm-name>gatein-domain</realm-name>
+<form-login-config>
+  <form-login-page>/initiatelogin</form-login-page>
+    <form-error-page>/errorlogin</form-error-page>
+</form-login-config>
+]]></programlisting>
+                                            </step>
+                                    </procedure>
+                            </listitem>
+                        </itemizedlist>
+                    </step>
+            </procedure>
+    </section>
+
     <section id="sect-Reference_Guide-SSO_Single_Sign_On-CAS_Central_Authentication_Service">
         <title>CAS - Central Authentication Service</title>
         <para>
@@ -113,7 +255,7 @@
                 
 <programlisting language="XML" role="XML"><xi:include href="../../extras/Authentication_Identity_SSO/default102.xml" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude" /></programlisting>
                 <para>
-                    ...with the following:
+                    with:
                 </para>
                 
 <programlisting language="XML" role="XML"><xi:include href="../../extras/Authentication_Identity_SSO/default103.xml" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude" /></programlisting>

More information about the gatein-commits mailing list