gatein SVN: r8624 - in components/wsrp/branches/2.1.x: consumer/src/main/java/org/gatein/wsrp/consumer and 1 other directory.
by do-not-reply@jboss.org
Author: chris.laprun(a)jboss.com
Date: 2012-03-21 06:17:57 -0400 (Wed, 21 Mar 2012)
New Revision: 8624
Modified:
components/wsrp/branches/2.1.x/common/src/main/java/org/gatein/wsrp/registration/LocalizedString.java
components/wsrp/branches/2.1.x/common/src/main/java/org/gatein/wsrp/registration/RegistrationPropertyDescription.java
components/wsrp/branches/2.1.x/consumer/src/main/java/org/gatein/wsrp/consumer/RegistrationInfo.java
components/wsrp/branches/2.1.x/consumer/src/main/java/org/gatein/wsrp/consumer/RegistrationProperty.java
Log:
- GTNWSRP-280: Made more classes Serializable.
Modified: components/wsrp/branches/2.1.x/common/src/main/java/org/gatein/wsrp/registration/LocalizedString.java
===================================================================
--- components/wsrp/branches/2.1.x/common/src/main/java/org/gatein/wsrp/registration/LocalizedString.java 2012-03-21 04:50:40 UTC (rev 8623)
+++ components/wsrp/branches/2.1.x/common/src/main/java/org/gatein/wsrp/registration/LocalizedString.java 2012-03-21 10:17:57 UTC (rev 8624)
@@ -25,6 +25,7 @@
import org.gatein.common.util.ParameterValidation;
+import java.io.Serializable;
import java.util.Locale;
/**
@@ -32,7 +33,7 @@
* @version $Revision:5865 $
* @since 2.6
*/
-public class LocalizedString
+public class LocalizedString implements Serializable
{
private String value;
private Locale locale;
Modified: components/wsrp/branches/2.1.x/common/src/main/java/org/gatein/wsrp/registration/RegistrationPropertyDescription.java
===================================================================
--- components/wsrp/branches/2.1.x/common/src/main/java/org/gatein/wsrp/registration/RegistrationPropertyDescription.java 2012-03-21 04:50:40 UTC (rev 8623)
+++ components/wsrp/branches/2.1.x/common/src/main/java/org/gatein/wsrp/registration/RegistrationPropertyDescription.java 2012-03-21 10:17:57 UTC (rev 8624)
@@ -26,6 +26,7 @@
import org.gatein.common.util.ParameterValidation;
import javax.xml.namespace.QName;
+import java.io.Serializable;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Arrays;
@@ -36,7 +37,7 @@
* @version $Revision:5865 $
* @since 2.6
*/
-public class RegistrationPropertyDescription implements PropertyDescription
+public class RegistrationPropertyDescription implements PropertyDescription, Serializable
{
public static final ParameterValidation.ValidationErrorHandler HANDLER = new ParameterValidation.ValidationErrorHandler(null)
{
Modified: components/wsrp/branches/2.1.x/consumer/src/main/java/org/gatein/wsrp/consumer/RegistrationInfo.java
===================================================================
--- components/wsrp/branches/2.1.x/consumer/src/main/java/org/gatein/wsrp/consumer/RegistrationInfo.java 2012-03-21 04:50:40 UTC (rev 8623)
+++ components/wsrp/branches/2.1.x/consumer/src/main/java/org/gatein/wsrp/consumer/RegistrationInfo.java 2012-03-21 10:17:57 UTC (rev 8624)
@@ -40,6 +40,7 @@
import org.slf4j.LoggerFactory;
import javax.xml.namespace.QName;
+import java.io.Serializable;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
@@ -53,7 +54,7 @@
* @version $Revision: 12686 $
* @since 2.6
*/
-public class RegistrationInfo implements RegistrationProperty.PropertyChangeListener
+public class RegistrationInfo implements RegistrationProperty.PropertyChangeListener, Serializable
{
private static final Logger log = LoggerFactory.getLogger(RegistrationInfo.class);
Modified: components/wsrp/branches/2.1.x/consumer/src/main/java/org/gatein/wsrp/consumer/RegistrationProperty.java
===================================================================
--- components/wsrp/branches/2.1.x/consumer/src/main/java/org/gatein/wsrp/consumer/RegistrationProperty.java 2012-03-21 04:50:40 UTC (rev 8623)
+++ components/wsrp/branches/2.1.x/consumer/src/main/java/org/gatein/wsrp/consumer/RegistrationProperty.java 2012-03-21 10:17:57 UTC (rev 8624)
@@ -28,6 +28,8 @@
import javax.xml.namespace.QName;
+import java.io.Serializable;
+
import static org.gatein.wsrp.consumer.RegistrationProperty.Status.*;
/**
@@ -35,7 +37,7 @@
* @version $Revision: 12019 $
* @since 2.6
*/
-public class RegistrationProperty implements Comparable<RegistrationProperty>
+public class RegistrationProperty implements Comparable<RegistrationProperty>, Serializable
{
private String persistentId;
private RegistrationPropertyDescription persistentDescription;
12 years, 9 months
gatein SVN: r8623 - epp/docs/branches/5.2/Release_Notes/en-US.
by do-not-reply@jboss.org
Author: jaredmorgs
Date: 2012-03-21 00:50:40 -0400 (Wed, 21 Mar 2012)
New Revision: 8623
Modified:
epp/docs/branches/5.2/Release_Notes/en-US/5.2.1_Release_Notes.xml
epp/docs/branches/5.2/Release_Notes/en-US/Book_Info.xml
epp/docs/branches/5.2/Release_Notes/en-US/Revision_History.xml
epp/docs/branches/5.2/Release_Notes/en-US/known.xml
epp/docs/branches/5.2/Release_Notes/en-US/needinfo.xml
Log:
second draft pushed to stage for 5.2.1 release
Modified: epp/docs/branches/5.2/Release_Notes/en-US/5.2.1_Release_Notes.xml
===================================================================
--- epp/docs/branches/5.2/Release_Notes/en-US/5.2.1_Release_Notes.xml 2012-03-21 04:47:38 UTC (rev 8622)
+++ epp/docs/branches/5.2/Release_Notes/en-US/5.2.1_Release_Notes.xml 2012-03-21 04:50:40 UTC (rev 8623)
@@ -190,8 +190,14 @@
</listitem>
</varlistentry>
<varlistentry>
+ <term>Java Open Single Sign-on (JOSSO) </term>
+ <listitem>
+ <para>Packaging changes require different file paths for JOSSO. Refer to the Reference Guide "Java Open Single Sign-On Project" section for more information.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
<term>
- <remark>Shiny New Component Number 2</remark>
+ <remark>Shiny New Component Number 3</remark>
</term>
<listitem>
<para><remark>Some info about the shiny new component </remark></para>
Modified: epp/docs/branches/5.2/Release_Notes/en-US/Book_Info.xml
===================================================================
--- epp/docs/branches/5.2/Release_Notes/en-US/Book_Info.xml 2012-03-21 04:47:38 UTC (rev 8622)
+++ epp/docs/branches/5.2/Release_Notes/en-US/Book_Info.xml 2012-03-21 04:50:40 UTC (rev 8623)
@@ -9,7 +9,7 @@
<productname>JBoss Enterprise Portal Platform</productname>
<productnumber>5.2</productnumber>
<edition>5.2.1</edition>
- <pubsnumber>1</pubsnumber>
+ <pubsnumber>2</pubsnumber>
<abstract>
<para>
These release notes contain important information related to JBoss Enterprise Portal Platform &VZ; that may not be currently available in the Product Manuals. You should read these Release Notes in their entirety before installing the product.
Modified: epp/docs/branches/5.2/Release_Notes/en-US/Revision_History.xml
===================================================================
--- epp/docs/branches/5.2/Release_Notes/en-US/Revision_History.xml 2012-03-21 04:47:38 UTC (rev 8622)
+++ epp/docs/branches/5.2/Release_Notes/en-US/Revision_History.xml 2012-03-21 04:50:40 UTC (rev 8623)
@@ -8,6 +8,20 @@
<simpara>
<revhistory>
<revision>
+ <revnumber>5.2.1-2</revnumber>
+ <date>Wed Mar 21 2012</date>
+ <author>
+ <firstname>Jared</firstname>
+ <surname>Morgan</surname>
+ <email>jmorgan [at] redhat [dot] com</email>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>Second draft run of Release Notes doc using BZ extraction script for JBoss Enterprise Portal Platform 5.2.1 GA.</member>
+ </simplelist>
+ </revdescription>
+ </revision>
+ <revision>
<revnumber>5.2.1-1</revnumber>
<date>Mon Mar 19 2012</date>
<author>
Modified: epp/docs/branches/5.2/Release_Notes/en-US/known.xml
===================================================================
--- epp/docs/branches/5.2/Release_Notes/en-US/known.xml 2012-03-21 04:47:38 UTC (rev 8622)
+++ epp/docs/branches/5.2/Release_Notes/en-US/known.xml 2012-03-21 04:50:40 UTC (rev 8623)
@@ -50,5 +50,14 @@
</listitem>
</varlistentry>
+<varlistentry>
+ <term><ulink url="https://bugzilla.redhat.com/show_bug.cgi?id=793804" /></term>
+ <listitem>
+ <para>
+ It was discovered that changing memberships of already authenticated users did not immediately take effect. If a user had administrative membership revoked, and remained logged onto the portal, the privileges were still accessible for up to 30 minutes until the user permissions cache was refreshed. This could permit the user to perform undesirable actions in the portal. The fix introduces a new listener "MembershipUpdateListener" which is configurable from the organization-configuration.xml directive file. The listener immediately updates authenticated user memberships based on information in the ConversationRegistry. Changes to user memberships now take effect immediately, which corrects the originally reported issue.
+ </para>
+ </listitem>
+</varlistentry>
+
</variablelist>
</chapter>
Modified: epp/docs/branches/5.2/Release_Notes/en-US/needinfo.xml
===================================================================
--- epp/docs/branches/5.2/Release_Notes/en-US/needinfo.xml 2012-03-21 04:47:38 UTC (rev 8622)
+++ epp/docs/branches/5.2/Release_Notes/en-US/needinfo.xml 2012-03-21 04:50:40 UTC (rev 8623)
@@ -19,35 +19,16 @@
<term><ulink url="https://bugzilla.redhat.com/show_bug.cgi?id=793639" /></term>
<listitem>
<para>
- If a user manually added users or groups into a Java Content Repository or LDAP, the required objects were not created because some necessary listeners were not called as they would be if the Organization API was used. This could result in exceptions in some situations, because the required JCR objects for a particular user or group were not correctly initialized. The fix introduces the CoreOrganizationInitializer plugin (exo.portal.component.initializer), which monitors the JCR and LDAP for changes and initiates the listeners when required. The plugin is disabled by default, but can be enabled by a portal administrator by uncommenting the block in JBOSS_HOME/server/[PROFILE]/deploy/gatein.ear/02portal.war/WEB-INF/conf/configuration.xml, which imports the static configuration stored in the initializer-configuration.xml file .
+ If a user manually added users or groups into a Java Content Repository or LDAP, the required objects were not created because some necessary listeners were not called as they would be if the Organization API was used. This could result in exceptions in some situations, because the required JCR objects for a particular user or group were not correctly initialized. The fix introduces the CoreOrganizationInitializer plugin (exo.portal.component.initializer), which monitors the JCR and LDAP for changes and initiates the listeners when required. The plugin is disabled by default, but can be enabled by a portal administrator by uncommenting the block in JBOSS_HOME/server/[PROFILE]/deploy/gatein.ear/02portal.war/WEB-INF/conf/configuration.xml, which imports the configuration stored in the initializer-configuration.xml file.
</para>
</listitem>
</varlistentry>
<varlistentry>
- <term><ulink url="https://bugzilla.redhat.com/show_bug.cgi?id=793804" /></term>
- <listitem>
- <para>
- CAUSE: when memberships of some user are changed (For example user root will remove user john from group /platform/users group), then user john won't see updates immediately. He needs to logout and login to see it. Example:
-1) Start browser1, Go to http://localhost:8080/portal and login as john. User john is in group /platform/administrators by default, so he can see "Administrators" link in group menu,
-2) Start browser2, Go to http://localhost:8080/portal and login as root. Go to OrganizationManagement and remove user john from /platform/administrators
-3) Return to browser1 and refresh page. User john can still see "administrators" pages, which is a bug.
-4) Logout and login again as john. Now "Administrators" are not longer visible. Bad is that john needs to logout and login, otherwise permissions for pages are not reflected.
-
-FIX: I added new listener "MembershipUpdateListener" into organization-configuration.xml file. This listener will update all memberships of logged user in ConversationRegistry, so that changes are immediately reflected in UI.
-
-RESULT: Changes are immediately reflected in UI. In previous example, user john won't see "Administrators" page in step 3, which is correct.
- </para>
- </listitem>
-</varlistentry>
-
-<varlistentry>
<term><ulink url="https://bugzilla.redhat.com/show_bug.cgi?id=794235" /></term>
<listitem>
<para>
- CAUSE: When user login, he can see his fullname in right top corner. This is his fullName according to format "firstName lastName" and it's hardcoded so that users can't use different format. It is also quite bad for some languages like Japanese, where is common to use opposite order as fullName.
-
-FIX: There is new field "Display Name" in UI in all screens where is possible to create or edit user. So user is able to fill his displayName and this displayName will be used in right top corner instead of fullName. DisplayName is not mandatory and when user is not using it, it fallback to fullName (old behaviour). This also ensure backward compatibility with older versions of EPP. Name of new attribute in Picketlink IDM database is "displayName" but as said before, attribute is not mandatory.
+ The way the display name of authenticated users presented in portal screens used the firstName lastName format (commonly referred to as Western Order). Customers in regions where Eastern Order is prevalent reported issues with configuring upper-name requirements in portal UI screens. The fix introduces the Display Name (displayName) field, which is available in all UI screens. When configuring a user account, the user can specify their preferred display name, which overrides the fullName value retrieved by default.
</para>
</listitem>
</varlistentry>
@@ -56,15 +37,7 @@
<term><ulink url="https://bugzilla.redhat.com/show_bug.cgi?id=793838" /></term>
<listitem>
<para>
- Release notes docs status: Not Yet Documented
-
-Release notes: CAUSE: Previously it was possible to integrate EPP only with JOSSO 1.8.1
-
-FIX: It's fixed in EPP SSO component, which has been updated in EPP to have the fix available. Now it's still possible to integrate with JOSSO 1.8.1 but also with newer versions like 1.8.2, 1.8.3, 1.8.4 and 1.8.5.
-
-There is changed JOSSO agent API between JOSSO versions 1.8.1 and 1.8.2, which means that we need to have slightly different packaging for JOSSO 1.8.1 and for JOSSO 1.8.2 and newer.
-
-It also affects documentation and related Docs issue is https://bugzilla.redhat.com/show_bug.cgi?id=794433
+ Due to a changed Java Open Single Sign On JOSSO agent API, it was only possible to upgrade JOSSO to v1.8.1. An upstream fix was applied to JBoss Enterprise Portal Platform which allows later JOSSO versions to be applied after v1.8.1. A changed JOSSO agent API between JOSSO versions v1.8.1 and v1.8.2 requires different packaging, which has changed some procedures. Refer to the updated procedures in the <citetitle>Reference Guide</citetitle> "Java Open Single Sign-On Project" section for more details.
</para>
</listitem>
</varlistentry>
12 years, 9 months
gatein SVN: r8622 - in epp/docs/branches/5.2/Reference_Guide/en-US: modules/AuthenticationAndIdentity and 1 other directory.
by do-not-reply@jboss.org
Author: jaredmorgs
Date: 2012-03-21 00:47:38 -0400 (Wed, 21 Mar 2012)
New Revision: 8622
Modified:
epp/docs/branches/5.2/Reference_Guide/en-US/Book_Info.xml
epp/docs/branches/5.2/Reference_Guide/en-US/Revision_History.xml
epp/docs/branches/5.2/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml
Log:
https://bugzilla.redhat.com/show_bug.cgi?id=794433 - Updated the Java Open Single Sign-On Project section to included the required JOSSO version in the procedures.
Modified: epp/docs/branches/5.2/Reference_Guide/en-US/Book_Info.xml
===================================================================
--- epp/docs/branches/5.2/Reference_Guide/en-US/Book_Info.xml 2012-03-20 17:05:38 UTC (rev 8621)
+++ epp/docs/branches/5.2/Reference_Guide/en-US/Book_Info.xml 2012-03-21 04:47:38 UTC (rev 8622)
@@ -9,7 +9,7 @@
<productname>JBoss Enterprise Portal Platform</productname>
<productnumber>5.2</productnumber>
<edition>5.2.1</edition>
- <pubsnumber>6</pubsnumber>
+ <pubsnumber>8</pubsnumber>
<abstract>
<para>
This Reference Guide is a high-level usage document. It deals with more advanced topics than the Installation and User Guides, adding new content or taking concepts discussed in the earlier documents further. It aims to provide supporting documentation for advanced users of the JBoss Enterprise Portal Platform product. Its primary focus is on advanced use of the product and it assumes an intermediate or advanced knowledge of the technology and terms.
Modified: epp/docs/branches/5.2/Reference_Guide/en-US/Revision_History.xml
===================================================================
--- epp/docs/branches/5.2/Reference_Guide/en-US/Revision_History.xml 2012-03-20 17:05:38 UTC (rev 8621)
+++ epp/docs/branches/5.2/Reference_Guide/en-US/Revision_History.xml 2012-03-21 04:47:38 UTC (rev 8622)
@@ -8,8 +8,8 @@
<simpara>
<revhistory>
<revision>
- <revnumber>5.2.1-6</revnumber>
- <date>Tue Mar 20 2112</date>
+ <revnumber>5.2.1-8</revnumber>
+ <date>Tue Mar 20 2012</date>
<author>
<firstname>Jared</firstname>
<surname>Morgan</surname>
@@ -19,6 +19,7 @@
<simplelist>
<member>https://bugzilla.redhat.com/show_bug.cgi?id=794466 - Added line break to Redirect to CAS procedure code sample.</member>
<member>https://bugzilla.redhat.com/show_bug.cgi?id=794455 - Changed the LocalePolicy file path as declared in the diff.</member>
+ <member>https://bugzilla.redhat.com/show_bug.cgi?id=794433 - Updated the Java Open Single Sign-On Project section to included the required JOSSO version in the procedures.</member>
</simplelist>
</revdescription>
</revision>
Modified: epp/docs/branches/5.2/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml
===================================================================
--- epp/docs/branches/5.2/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml 2012-03-20 17:05:38 UTC (rev 8621)
+++ epp/docs/branches/5.2/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml 2012-03-21 04:47:38 UTC (rev 8622)
@@ -556,11 +556,13 @@
</step>
</procedure>
<procedure id="proc-Reference_Guide-Java_Open_Single_Sign_On_Project-Modifying_JOSSO_server">
- <title>Modifying JOSSO server</title>
+ <title><remark>BZ#793838</remark>Modifying JOSSO server</title>
<step>
<para>
Copy the files from <filename><replaceable>PORTAL_SSO</replaceable>/josso/plugin</filename> into the <filename>JOSSO_HOME</filename> directory created in the last step.
</para>
+ <para>If you have JOSSO 1.8.1, copy the files from <filename>PORTAL_SSO/josso/josso-181/plugin</filename> into the Tomcat directory (<filename>JOSSO_HOME</filename>).</para>
+ <para>If you have JOSSO 1.8.2 or newer, copy the files from <filename>PORTAL_SSO/josso/josso-182/plugin</filename> into the Tomcat directory (<filename>JOSSO_HOME</filename>).</para>
<para>
This action should replace or add the following files to the <filename>JOSSO_HOME/webapps/josso/WEB-INF/lib</filename> directory:
</para>
@@ -606,15 +608,22 @@
</step>
</procedure>
<procedure id="proc-Reference_Guide-Java_Open_Single_Sign_On_Project-Setup_the_JOSSO_client">
- <title>Setup the JOSSO client</title>
+ <title><remark>BZ#793838</remark> Setup the JOSSO client</title>
+ <note>
+ <para>
+There are some changes in JOSSO agent API between versions 1.8.1 and 1.8.2, which require different modules for different JOSSO versions.
+This procedure uses <replaceable>josso-18X</replaceable> to substitute the directory <emphasis>josso-181</emphasis> if you
+have JOSSO 1.8.1 and <emphasis>josso-182</emphasis> if you have JOSSO 1.8.2 or newer.
+</para>
+ </note>
<step>
<para>
- Copy the library files from <filename><replaceable>PORTAL_SSO</replaceable>/josso/gatein.ear/lib</filename> into <filename>gatein.ear/lib</filename> (or into <filename>GATEIN_HOME/lib</filename> if the product is running in Tomcat).
+ Copy the library files from <filename><replaceable>PORTAL_SSO</replaceable>/josso/<remark>josso-18X</remark>/gatein.ear/lib</filename> into <filename>gatein.ear/lib</filename> (or into <filename>GATEIN_HOME/lib</filename> if the product is running in Tomcat).
</para>
</step>
<step>
<para>
- Copy the <filename><replaceable>PORTAL_SSO</replaceable>/josso/gatein.ear/portal.war/WEB-INF/classes/josso-agent-config.xml</filename> file into the <filename>gatein.ear/02portal.war/WEB-INF/classes</filename> directory (or into <filename>JBOSS_HOME/webapps/portal.war/WEB-INF/classes</filename>, or <filename>GATEIN_HOME/conf</filename> if the product is running in Tomcat).
+ Copy the <filename><replaceable>PORTAL_SSO</replaceable>/josso/<replaceable>josso-18X</replaceable>/gatein.ear/portal.war/WEB-INF/classes/josso-agent-config.xml</filename> file into the <filename>gatein.ear/02portal.war/WEB-INF/classes</filename> directory (or into <filename>JBOSS_HOME/webapps/portal.war/WEB-INF/classes</filename>, or <filename>GATEIN_HOME/conf</filename> if the product is running in Tomcat).
</para>
</step>
<step>
12 years, 9 months
gatein SVN: r8621 - components/wsrp/branches/2.1.x/admin-gui.
by do-not-reply@jboss.org
Author: chris.laprun(a)jboss.com
Date: 2012-03-20 13:05:38 -0400 (Tue, 20 Mar 2012)
New Revision: 8621
Modified:
components/wsrp/branches/2.1.x/admin-gui/pom.xml
Log:
- Updated to use PBR 2.3.0.Final.
Modified: components/wsrp/branches/2.1.x/admin-gui/pom.xml
===================================================================
--- components/wsrp/branches/2.1.x/admin-gui/pom.xml 2012-03-20 04:36:58 UTC (rev 8620)
+++ components/wsrp/branches/2.1.x/admin-gui/pom.xml 2012-03-20 17:05:38 UTC (rev 8621)
@@ -68,12 +68,12 @@
<dependency>
<groupId>org.jboss.portletbridge</groupId>
<artifactId>portletbridge-api</artifactId>
- <version>2.2.0.FINAL</version>
+ <version>2.3.0.Final</version>
</dependency>
<dependency>
<groupId>org.jboss.portletbridge</groupId>
<artifactId>portletbridge-impl</artifactId>
- <version>2.2.0.FINAL</version>
+ <version>2.3.0.Final</version>
</dependency>
<dependency>
<groupId>com.sun.facelets</groupId>
12 years, 9 months
gatein SVN: r8620 - in epp/docs/branches/5.2: Developer_Guide and 6 other directories.
by do-not-reply@jboss.org
Author: jaredmorgs
Date: 2012-03-20 00:36:58 -0400 (Tue, 20 Mar 2012)
New Revision: 8620
Modified:
epp/docs/branches/5.2/Admin_Guide/publican.cfg
epp/docs/branches/5.2/Developer_Guide/publican.cfg
epp/docs/branches/5.2/Migration_Guide/publican.cfg
epp/docs/branches/5.2/PicketLink_IDM_Reference_Guide/publican.cfg
epp/docs/branches/5.2/Site_Publisher/Installation_Guide/publican.cfg
epp/docs/branches/5.2/Site_Publisher/Release_Notes/publican.cfg
epp/docs/branches/5.2/Site_Publisher/User_Guide/publican.cfg
epp/docs/branches/5.2/User_Guide/publican.cfg
Log:
committing changes to all Publican.cfg files so they build using rhpkg
Modified: epp/docs/branches/5.2/Admin_Guide/publican.cfg
===================================================================
--- epp/docs/branches/5.2/Admin_Guide/publican.cfg 2012-03-20 04:35:30 UTC (rev 8619)
+++ epp/docs/branches/5.2/Admin_Guide/publican.cfg 2012-03-20 04:36:58 UTC (rev 8620)
@@ -1,6 +1,8 @@
-xml_lang: en-US
+
+xml_lang: "en-US"
+brand: JBoss
+debug: 1
type: Book
-brand: JBoss
-debug:1
-show_remarks:1
git_branch: docs-rhel-6
+show_remarks: 1
+
Modified: epp/docs/branches/5.2/Developer_Guide/publican.cfg
===================================================================
--- epp/docs/branches/5.2/Developer_Guide/publican.cfg 2012-03-20 04:35:30 UTC (rev 8619)
+++ epp/docs/branches/5.2/Developer_Guide/publican.cfg 2012-03-20 04:36:58 UTC (rev 8620)
@@ -1,13 +1,8 @@
-# Config::Simple 4.59
-# Wed Nov 25 09:17:17 2009
-
-xml_lang: en-US
-type: Book
+xml_lang: "en-US"
brand: JBoss
-debug:1
-#show_remarks:1
+debug: 1
+type: Book
+git_branch: docs-rhel-6
+show_remarks: 1
-cvs_branch: DOCS-RHEL-6
-cvs_root: :ext:cvs.devel.redhat.com:/cvs/dist
-cvs_pkg: JBoss_Enterprise_Portal_Platform-Developer_Guide-5.2-web-__LANG__
\ No newline at end of file
Modified: epp/docs/branches/5.2/Migration_Guide/publican.cfg
===================================================================
--- epp/docs/branches/5.2/Migration_Guide/publican.cfg 2012-03-20 04:35:30 UTC (rev 8619)
+++ epp/docs/branches/5.2/Migration_Guide/publican.cfg 2012-03-20 04:36:58 UTC (rev 8620)
@@ -1,13 +1,8 @@
-# Config::Simple 4.59
-# Wed Nov 25 09:17:17 2009
-
-xml_lang: en-US
-type: Book
+xml_lang: "en-US"
brand: JBoss
-debug:1
-#show_remarks:1
+debug: 1
+type: Book
+git_branch: docs-rhel-6
+show_remarks: 1
-cvs_branch: DOCS-RHEL-6
-cvs_root: :ext:cvs.devel.redhat.com:/cvs/dist
-cvs_pkg: JBoss_Enterprise_Portal_Platform-Migration_Guide-5.2-web-__LANG__
\ No newline at end of file
Modified: epp/docs/branches/5.2/PicketLink_IDM_Reference_Guide/publican.cfg
===================================================================
--- epp/docs/branches/5.2/PicketLink_IDM_Reference_Guide/publican.cfg 2012-03-20 04:35:30 UTC (rev 8619)
+++ epp/docs/branches/5.2/PicketLink_IDM_Reference_Guide/publican.cfg 2012-03-20 04:36:58 UTC (rev 8620)
@@ -1,12 +1,8 @@
-# Config::Simple 4.59
-# Mon Aug 1 14:37:01 2011
-xml_lang: en-US
-type: Book
+xml_lang: "en-US"
brand: JBoss
-debug:1
+debug: 1
+type: Book
+git_branch: docs-rhel-6
show_remarks: 1
-cvs_branch: DOCS-RHEL-6
-cvs_root: :ext:cvs.devel.redhat.com:/cvs/dist
-cvs_pkg: JBoss_Enterprise_Portal_Platform-PicketLink_IDM_Reference_Guide-5.2-web-__LANG__
Modified: epp/docs/branches/5.2/Site_Publisher/Installation_Guide/publican.cfg
===================================================================
--- epp/docs/branches/5.2/Site_Publisher/Installation_Guide/publican.cfg 2012-03-20 04:35:30 UTC (rev 8619)
+++ epp/docs/branches/5.2/Site_Publisher/Installation_Guide/publican.cfg 2012-03-20 04:36:58 UTC (rev 8620)
@@ -1,10 +1,8 @@
-# Config::Simple 4.59
-# Wed Nov 17 10:54:22 2010
-xml_lang: en-US
-type: Book
+xml_lang: "en-US"
brand: JBoss
-#show_remarks: 1
-cvs_branch: DOCS-RHEL-6
-cvs_root: :ext:cvs.devel.redhat.com:/cvs/dist
-cvs_pkg: JBoss_Enterprise_Portal_Platform-Site_Publisher_Installation_Guide-5.2-web-__LANG__
+debug: 1
+type: Book
+git_branch: docs-rhel-6
+show_remarks: 1
+
Modified: epp/docs/branches/5.2/Site_Publisher/Release_Notes/publican.cfg
===================================================================
--- epp/docs/branches/5.2/Site_Publisher/Release_Notes/publican.cfg 2012-03-20 04:35:30 UTC (rev 8619)
+++ epp/docs/branches/5.2/Site_Publisher/Release_Notes/publican.cfg 2012-03-20 04:36:58 UTC (rev 8620)
@@ -1,10 +1,8 @@
-# Config::Simple 4.59
-# Tue Nov 16 11:07:34 2010
-xml_lang: en-US
-type: Book
+xml_lang: "en-US"
brand: JBoss
-#show_remarks: 1
-cvs_branch: DOCS-RHEL-6
-cvs_root: :ext:cvs.devel.redhat.com:/cvs/dist
-cvs_pkg: JBoss_Enterprise_Portal_Platform-Site_Publisher_5.2.0_Release_Notes-5.2-web-__LANG__
+debug: 1
+type: Book
+git_branch: docs-rhel-6
+show_remarks: 1
+
Modified: epp/docs/branches/5.2/Site_Publisher/User_Guide/publican.cfg
===================================================================
--- epp/docs/branches/5.2/Site_Publisher/User_Guide/publican.cfg 2012-03-20 04:35:30 UTC (rev 8619)
+++ epp/docs/branches/5.2/Site_Publisher/User_Guide/publican.cfg 2012-03-20 04:36:58 UTC (rev 8620)
@@ -1,14 +1,8 @@
-# Config::Simple 4.59
-# Tue Sep 28 12:34:02 2010
-xml_lang: en-US
-type: Book
+xml_lang: "en-US"
brand: JBoss
-debug:1
-#show_remarks: 1
-#toc_section_depth:10
-max_image_width:660
-condition: redhat
-cvs_branch: DOCS-RHEL-6
-cvs_root: :ext:cvs.devel.redhat.com:/cvs/dist
-cvs_pkg: JBoss_Enterprise_Portal_Platform-Site_Publisher_User_Guide-5.2-web-__LANG__
\ No newline at end of file
+debug: 1
+type: Book
+git_branch: docs-rhel-6
+show_remarks: 1
+
Modified: epp/docs/branches/5.2/User_Guide/publican.cfg
===================================================================
--- epp/docs/branches/5.2/User_Guide/publican.cfg 2012-03-20 04:35:30 UTC (rev 8619)
+++ epp/docs/branches/5.2/User_Guide/publican.cfg 2012-03-20 04:36:58 UTC (rev 8620)
@@ -1,6 +1,8 @@
-xml_lang: en-US
+
+xml_lang: "en-US"
+brand: JBoss
+debug: 1
type: Book
-brand: JBoss
-debug:1
+git_branch: docs-rhel-6
show_remarks: 1
-git_branch: docs-rhel-6
+
12 years, 9 months
gatein SVN: r8619 - in epp/docs/branches/5.2/Reference_Guide: en-US and 3 other directories.
by do-not-reply@jboss.org
Author: jaredmorgs
Date: 2012-03-20 00:35:30 -0400 (Tue, 20 Mar 2012)
New Revision: 8619
Modified:
epp/docs/branches/5.2/Reference_Guide/en-US/Book_Info.xml
epp/docs/branches/5.2/Reference_Guide/en-US/Reference_Guide.xml
epp/docs/branches/5.2/Reference_Guide/en-US/Revision_History.xml
epp/docs/branches/5.2/Reference_Guide/en-US/extras/Authentication_Identity_SSO/default109.xml
epp/docs/branches/5.2/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml
epp/docs/branches/5.2/Reference_Guide/en-US/modules/PortalDevelopment/LocalizationConfiguration.xml
epp/docs/branches/5.2/Reference_Guide/publican.cfg
Log:
https://bugzilla.redhat.com/show_bug.cgi?id=794455 and https://bugzilla.redhat.com/show_bug.cgi?id=794466
Modified: epp/docs/branches/5.2/Reference_Guide/en-US/Book_Info.xml
===================================================================
--- epp/docs/branches/5.2/Reference_Guide/en-US/Book_Info.xml 2012-03-20 03:15:39 UTC (rev 8618)
+++ epp/docs/branches/5.2/Reference_Guide/en-US/Book_Info.xml 2012-03-20 04:35:30 UTC (rev 8619)
@@ -1,33 +1,31 @@
-<?xml version='1.0' encoding='utf-8' ?>
+<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE bookinfo PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "Reference_Guide.ent">
%BOOK_ENTITIES;
]>
<bookinfo id="book-Reference_Guide-Reference_Guide">
- <title>Reference Guide</title>
- <subtitle>An in-depth guide to Enterprise Portal Platform 5.2.0</subtitle>
- <productname>JBoss Enterprise Portal Platform</productname>
- <productnumber>5.2</productnumber>
- <edition>5.2.1</edition>
- <pubsnumber>5</pubsnumber>
- <abstract>
- <para>
+ <title>Reference Guide</title>
+ <subtitle>An in-depth guide to Enterprise Portal Platform 5.2.0</subtitle>
+ <productname>JBoss Enterprise Portal Platform</productname>
+ <productnumber>5.2</productnumber>
+ <edition>5.2.1</edition>
+ <pubsnumber>6</pubsnumber>
+ <abstract>
+ <para>
This Reference Guide is a high-level usage document. It deals with more advanced topics than the Installation and User Guides, adding new content or taking concepts discussed in the earlier documents further. It aims to provide supporting documentation for advanced users of the JBoss Enterprise Portal Platform product. Its primary focus is on advanced use of the product and it assumes an intermediate or advanced knowledge of the technology and terms.
</para>
-
- </abstract>
- <corpauthor>
- <inlinemediaobject>
- <imageobject>
- <imagedata fileref="Common_Content/images/title_logo.svg" format="SVG" />
- </imageobject>
-
- </inlinemediaobject>
-
- </corpauthor>
- <!-- FOR PUBLICAN --> <xi:include href="Common_Content/Legal_Notice.xml" xmlns:xi="http://www.w3.org/2001/XInclude"> <!-- FOR JDOCBOOK: --> <xi:fallback xmlns:xi="http://www.w3.org/2001/XInclude"> <xi:include href="fallback_content/Legal_Notice.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
+ </abstract>
+ <corpauthor>
+ <inlinemediaobject>
+ <imageobject>
+ <imagedata fileref="Common_Content/images/title_logo.svg" format="SVG"/>
+ </imageobject>
+ </inlinemediaobject>
+ </corpauthor>
+<!-- FOR PUBLICAN --> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Common_Content/Legal_Notice.xml">
+ <!-- FOR JDOCBOOK: --> <xi:fallback xmlns:xi="http://www.w3.org/2001/XInclude">
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="fallback_content/Legal_Notice.xml"/>
</xi:fallback>
- </xi:include>
- <xi:include href="Author_Group.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
+ </xi:include>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Author_Group.xml"/>
</bookinfo>
-
Modified: epp/docs/branches/5.2/Reference_Guide/en-US/Reference_Guide.xml
===================================================================
--- epp/docs/branches/5.2/Reference_Guide/en-US/Reference_Guide.xml 2012-03-20 03:15:39 UTC (rev 8618)
+++ epp/docs/branches/5.2/Reference_Guide/en-US/Reference_Guide.xml 2012-03-20 04:35:30 UTC (rev 8619)
@@ -1,26 +1,17 @@
-<?xml version='1.0' encoding='utf-8' ?>
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<?xml version='1.0' encoding='UTF-8'?>
+<!-- This document was created with Syntext Serna Free. --><!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "Reference_Guide.ent">
%BOOK_ENTITIES;
]>
- <book>
- <xi:include href="Book_Info.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
-
- <xi:include href="Preface.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
-
- <xi:include href="modules/Introduction.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
-
- <xi:include href="modules/PortalDevelopment.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
-
- <xi:include href="modules/PortletDevelopment.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
-<!-- <xi:include href="modules/GadgetDevelopment.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> -->
- <xi:include href="modules/AuthenticationAndIdentity.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
-
- <xi:include href="modules/WSRP.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
-
- <xi:include href="modules/Advanced.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
-
- <xi:include href="modules/eXoJCR.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
-
- <xi:include href="Revision_History.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
- </book>
+<book>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Book_Info.xml"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Preface.xml"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="modules/Introduction.xml"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="modules/PortalDevelopment.xml"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="modules/PortletDevelopment.xml"/>
+<!-- <xi:include href="modules/GadgetDevelopment.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> --> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="modules/AuthenticationAndIdentity.xml"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="modules/WSRP.xml"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="modules/Advanced.xml"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="modules/eXoJCR.xml"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Revision_History.xml"/>
+</book>
Modified: epp/docs/branches/5.2/Reference_Guide/en-US/Revision_History.xml
===================================================================
--- epp/docs/branches/5.2/Reference_Guide/en-US/Revision_History.xml 2012-03-20 03:15:39 UTC (rev 8618)
+++ epp/docs/branches/5.2/Reference_Guide/en-US/Revision_History.xml 2012-03-20 04:35:30 UTC (rev 8619)
@@ -1,284 +1,268 @@
-<?xml version='1.0' encoding='utf-8' ?>
+<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE appendix PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "Reference_Guide.ent">
%BOOK_ENTITIES;
]>
<appendix id="appe-Reference_Guide-Revision_History">
- <title>Revision History</title>
- <simpara>
- <revhistory>
- <revision>
- <revnumber>5.2.1-5</revnumber>
- <date>Mon Jan 09 2012</date>
- <author>
- <firstname>Scott</firstname>
- <surname>Mumford</surname>
- <email></email>
- </author>
- <revdescription>
- <simplelist>
- <member>Added new content to Authentication and Identity.</member>
- </simplelist>
- </revdescription>
- </revision>
- <revision>
- <revnumber>5.2.0-100</revnumber>
- <date>Wed Dec 14 2011</date>
- <author>
- <firstname>Scott</firstname>
- <surname>Mumford</surname>
- <email></email>
- </author>
- <revdescription>
- <simplelist>
- <member>Publication build.</member>
- </simplelist>
- </revdescription>
- </revision>
- <revision>
- <revnumber>5.2.0-19</revnumber>
- <date>Fri Dec 9 2011</date>
- <author>
- <firstname>Scott</firstname>
- <surname>Mumford</surname>
- <email></email>
- </author>
- <revdescription>
- <simplelist>
- <member>Further QE-related edits.</member>
- </simplelist>
- </revdescription>
- </revision>
- <revision>
- <revnumber>5.2.0-17</revnumber>
- <date>Thu Dec 8 2011</date>
- <author>
- <firstname>Scott</firstname>
- <surname>Mumford</surname>
- <email></email>
- </author>
- <revdescription>
- <simplelist>
- <member>Re-import GateIn WSRP content.</member>
- <member>Incorporate QE feedback (JBEPP-1431).</member>
- </simplelist>
- </revdescription>
- </revision>
- <revision>
- <revnumber>5.2.0-14</revnumber>
- <date>Wed Dec 7 2011</date>
- <author>
- <firstname>Scott</firstname>
- <surname>Mumford</surname>
- <email></email>
- </author>
- <revdescription>
- <simplelist>
- <member>JBEPP-1431: Incorporate QA feedback.</member>
- </simplelist>
- </revdescription>
- </revision>
- <revision>
- <revnumber>5.2.0-13</revnumber>
- <date>Thu Dec 1 2011</date>
- <author>
- <firstname>Scott</firstname>
- <surname>Mumford</surname>
- <email></email>
- </author>
- <revdescription>
- <simplelist>
- <member>Ported GateIn WSRP update (r8166).</member>
- </simplelist>
- </revdescription>
- </revision>
- <revision>
- <revnumber>5.2.0-12</revnumber>
- <date>Wed Nov 30 2011</date>
- <author>
- <firstname>Scott</firstname>
- <surname>Mumford</surname>
- <email></email>
- </author>
- <revdescription>
- <simplelist>
- <member>Added "Define Custom CSS File" section.</member>
- </simplelist>
- </revdescription>
- </revision>
- <revision>
- <revnumber>5.2.0-11</revnumber>
- <date>Tue Nov 29 2011</date>
- <author>
- <firstname>Scott</firstname>
- <surname>Mumford</surname>
- <email></email>
- </author>
- <revdescription>
- <simplelist>
- <member>Corrected SSO section after porting deprecated GateIn content.</member>
- </simplelist>
- </revdescription>
- </revision>
- <revision>
- <revnumber>5.2.0-10</revnumber>
- <date>Fri Nov 25 2011</date>
- <author>
- <firstname>Scott</firstname>
- <surname>Mumford</surname>
- <email></email>
- </author>
- <revdescription>
- <simplelist>
- <member>Ported latest community WSRP content.</member>
- </simplelist>
- </revdescription>
- </revision>
- <revision>
- <revnumber>5.2.0-8</revnumber>
- <date>Thu Nov 24 2011</date>
- <author>
- <firstname>Scott</firstname>
- <surname>Mumford</surname>
- <email></email>
- </author>
- <revdescription>
- <simplelist>
- <member>Finalized first edit pass of eXoJCR content.</member>
- <member>Moved eXoJCR section to Part IV.</member>
- <member>Clean element ids and fix broken linkends.</member>
- </simplelist>
- </revdescription>
- </revision>
- <revision>
- <revnumber>5.2.0-6</revnumber>
- <date>Thu Nov 17 2011</date>
- <author>
- <firstname>Scott</firstname>
- <surname>Mumford</surname>
- <email></email>
-
- </author>
- <revdescription>
- <simplelist>
- <member>Incorporated GateIn SSO updates.</member>
-
- </simplelist>
-
- </revdescription>
-
- </revision>
- <revision>
- <revnumber>5.2.0-5</revnumber>
- <date>Tue Nov 15 2011</date>
- <author>
- <firstname>Scott</firstname>
- <surname>Mumford</surname>
- <email></email>
-
- </author>
- <revdescription>
- <simplelist>
- <member>Staging for beta release.</member>
-
- </simplelist>
-
- </revdescription>
-
- </revision>
- <revision>
- <revnumber>5.2.0-4</revnumber>
- <date>Wed Nov 9 2011</date>
- <author>
- <firstname>Scott</firstname>
- <surname>Mumford</surname>
- <email></email>
-
- </author>
- <revdescription>
- <simplelist>
- <member>Republished for review/feedback.</member>
-
- </simplelist>
-
- </revdescription>
-
- </revision>
- <revision>
- <revnumber>5.2.0-3</revnumber>
- <date>Wed Nov 2 2011</date>
- <author>
- <firstname>Scott</firstname>
- <surname>Mumford</surname>
- <email></email>
-
- </author>
- <revdescription>
- <simplelist>
- <member>Staged for review of updated Foundations and eXo JCR content.</member>
-
- </simplelist>
-
- </revdescription>
-
- </revision>
- <revision>
- <revnumber>5.2.0-2</revnumber>
- <date>Tue Sep 27 2011</date>
- <author>
- <firstname>Scott</firstname>
- <surname>Mumford</surname>
- <email></email>
-
- </author>
- <revdescription>
- <simplelist>
- <member>Incorporated eXo JCR 1.14 documentation.</member>
-
- </simplelist>
-
- </revdescription>
-
- </revision>
- <revision>
- <revnumber>5.2.0-5</revnumber>
- <date>Wed Sep 14 2011</date>
- <author>
- <firstname>Scott</firstname>
- <surname>Mumford</surname>
- <email></email>
-
- </author>
- <revdescription>
- <simplelist>
- <member>Added Global Portlet Data section.</member>
-
- </simplelist>
-
- </revdescription>
-
- </revision>
- <revision>
- <revnumber>5.2.0-1</revnumber>
- <date>Mon Aug 29 2011</date>
- <author>
- <firstname>Scott</firstname>
- <surname>Mumford</surname>
- <email></email>
-
- </author>
- <revdescription>
- <simplelist>
- <member>Updating version and resetting pubs/ed numbers.</member>
-
- </simplelist>
-
- </revdescription>
-
- </revision>
-
- </revhistory>
-
- </simpara>
+ <title>Revision History</title>
+ <simpara>
+ <revhistory>
+ <revision>
+ <revnumber>5.2.1-6</revnumber>
+ <date>Tue Mar 20 2112</date>
+ <author>
+ <firstname>Jared</firstname>
+ <surname>Morgan</surname>
+ <email/>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>https://bugzilla.redhat.com/show_bug.cgi?id=794466 - Added line break to Redirect to CAS procedure code sample.</member>
+ <member>https://bugzilla.redhat.com/show_bug.cgi?id=794455 - Changed the LocalePolicy file path as declared in the diff.</member>
+ </simplelist>
+ </revdescription>
+ </revision>
+ <revision>
+ <revnumber>5.2.1-5</revnumber>
+ <date>Mon Jan 09 2012</date>
+ <author>
+ <firstname>Scott</firstname>
+ <surname>Mumford</surname>
+ <email/>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>Added new content to Authentication and Identity.</member>
+ </simplelist>
+ </revdescription>
+ </revision>
+ <revision>
+ <revnumber>5.2.0-100</revnumber>
+ <date>Wed Dec 14 2011</date>
+ <author>
+ <firstname>Scott</firstname>
+ <surname>Mumford</surname>
+ <email/>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>Publication build.</member>
+ </simplelist>
+ </revdescription>
+ </revision>
+ <revision>
+ <revnumber>5.2.0-19</revnumber>
+ <date>Fri Dec 9 2011</date>
+ <author>
+ <firstname>Scott</firstname>
+ <surname>Mumford</surname>
+ <email/>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>Further QE-related edits.</member>
+ </simplelist>
+ </revdescription>
+ </revision>
+ <revision>
+ <revnumber>5.2.0-17</revnumber>
+ <date>Thu Dec 8 2011</date>
+ <author>
+ <firstname>Scott</firstname>
+ <surname>Mumford</surname>
+ <email/>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>Re-import GateIn WSRP content.</member>
+ <member>Incorporate QE feedback (JBEPP-1431).</member>
+ </simplelist>
+ </revdescription>
+ </revision>
+ <revision>
+ <revnumber>5.2.0-14</revnumber>
+ <date>Wed Dec 7 2011</date>
+ <author>
+ <firstname>Scott</firstname>
+ <surname>Mumford</surname>
+ <email/>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>JBEPP-1431: Incorporate QA feedback.</member>
+ </simplelist>
+ </revdescription>
+ </revision>
+ <revision>
+ <revnumber>5.2.0-13</revnumber>
+ <date>Thu Dec 1 2011</date>
+ <author>
+ <firstname>Scott</firstname>
+ <surname>Mumford</surname>
+ <email/>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>Ported GateIn WSRP update (r8166).</member>
+ </simplelist>
+ </revdescription>
+ </revision>
+ <revision>
+ <revnumber>5.2.0-12</revnumber>
+ <date>Wed Nov 30 2011</date>
+ <author>
+ <firstname>Scott</firstname>
+ <surname>Mumford</surname>
+ <email/>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>Added "Define Custom CSS File" section.</member>
+ </simplelist>
+ </revdescription>
+ </revision>
+ <revision>
+ <revnumber>5.2.0-11</revnumber>
+ <date>Tue Nov 29 2011</date>
+ <author>
+ <firstname>Scott</firstname>
+ <surname>Mumford</surname>
+ <email/>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>Corrected SSO section after porting deprecated GateIn content.</member>
+ </simplelist>
+ </revdescription>
+ </revision>
+ <revision>
+ <revnumber>5.2.0-10</revnumber>
+ <date>Fri Nov 25 2011</date>
+ <author>
+ <firstname>Scott</firstname>
+ <surname>Mumford</surname>
+ <email/>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>Ported latest community WSRP content.</member>
+ </simplelist>
+ </revdescription>
+ </revision>
+ <revision>
+ <revnumber>5.2.0-8</revnumber>
+ <date>Thu Nov 24 2011</date>
+ <author>
+ <firstname>Scott</firstname>
+ <surname>Mumford</surname>
+ <email/>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>Finalized first edit pass of eXoJCR content.</member>
+ <member>Moved eXoJCR section to Part IV.</member>
+ <member>Clean element ids and fix broken linkends.</member>
+ </simplelist>
+ </revdescription>
+ </revision>
+ <revision>
+ <revnumber>5.2.0-6</revnumber>
+ <date>Thu Nov 17 2011</date>
+ <author>
+ <firstname>Scott</firstname>
+ <surname>Mumford</surname>
+ <email/>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>Incorporated GateIn SSO updates.</member>
+ </simplelist>
+ </revdescription>
+ </revision>
+ <revision>
+ <revnumber>5.2.0-5</revnumber>
+ <date>Tue Nov 15 2011</date>
+ <author>
+ <firstname>Scott</firstname>
+ <surname>Mumford</surname>
+ <email/>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>Staging for beta release.</member>
+ </simplelist>
+ </revdescription>
+ </revision>
+ <revision>
+ <revnumber>5.2.0-4</revnumber>
+ <date>Wed Nov 9 2011</date>
+ <author>
+ <firstname>Scott</firstname>
+ <surname>Mumford</surname>
+ <email/>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>Republished for review/feedback.</member>
+ </simplelist>
+ </revdescription>
+ </revision>
+ <revision>
+ <revnumber>5.2.0-3</revnumber>
+ <date>Wed Nov 2 2011</date>
+ <author>
+ <firstname>Scott</firstname>
+ <surname>Mumford</surname>
+ <email/>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>Staged for review of updated Foundations and eXo JCR content.</member>
+ </simplelist>
+ </revdescription>
+ </revision>
+ <revision>
+ <revnumber>5.2.0-2</revnumber>
+ <date>Tue Sep 27 2011</date>
+ <author>
+ <firstname>Scott</firstname>
+ <surname>Mumford</surname>
+ <email/>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>Incorporated eXo JCR 1.14 documentation.</member>
+ </simplelist>
+ </revdescription>
+ </revision>
+ <revision>
+ <revnumber>5.2.0-5</revnumber>
+ <date>Wed Sep 14 2011</date>
+ <author>
+ <firstname>Scott</firstname>
+ <surname>Mumford</surname>
+ <email/>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>Added Global Portlet Data section.</member>
+ </simplelist>
+ </revdescription>
+ </revision>
+ <revision>
+ <revnumber>5.2.0-1</revnumber>
+ <date>Mon Aug 29 2011</date>
+ <author>
+ <firstname>Scott</firstname>
+ <surname>Mumford</surname>
+ <email/>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>Updating version and resetting pubs/ed numbers.</member>
+ </simplelist>
+ </revdescription>
+ </revision>
+ </revhistory>
+ </simpara>
</appendix>
-
Modified: epp/docs/branches/5.2/Reference_Guide/en-US/extras/Authentication_Identity_SSO/default109.xml
===================================================================
--- epp/docs/branches/5.2/Reference_Guide/en-US/extras/Authentication_Identity_SSO/default109.xml 2012-03-20 03:15:39 UTC (rev 8618)
+++ epp/docs/branches/5.2/Reference_Guide/en-US/extras/Authentication_Identity_SSO/default109.xml 2012-03-20 04:35:30 UTC (rev 8619)
@@ -5,8 +5,7 @@
<!-- This should point to your SSO authentication server -->
<param-name>LOGIN_URL</param-name>
<!-- If casRenewTicket param value of InitiateLoginServlet is: not specified or false -->
- <param-value>http://localhost:8888/cas/login?service=
- http://localhost:8080/portal/initiatessologin</param-value>
+ <param-value>http://localhost:8888/cas/login?service=http://localhost:8080/portal/init...</param-value>
<!-- If casRenewTicket param value of InitiateLoginServlet is : true -->
<!-- <param-value>http://localhost:8888/cas/login?
service=http://localhost:8080/portal/initiatessologin&renew=true</param-value>
@@ -55,4 +54,4 @@
<filter-mapping>
<filter-name>InitiateLoginFilter</filter-name>
<url-pattern>/initiatessologin</url-pattern>
- </filter-mapping>
\ No newline at end of file
+ </filter-mapping>
Modified: epp/docs/branches/5.2/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml
===================================================================
--- epp/docs/branches/5.2/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml 2012-03-20 03:15:39 UTC (rev 8618)
+++ epp/docs/branches/5.2/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml 2012-03-20 04:35:30 UTC (rev 8619)
@@ -1,79 +1,70 @@
-<?xml version='1.0' encoding='utf-8' ?>
+<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "Reference_Guide.ent">
%BOOK_ENTITIES;
]>
<section id="sect-Reference_Guide-SSO_Single_Sign_On">
- <title>SSO - Single Sign On</title>
- <section id="sect-Reference_Guide-SSO_Single_Sign_On_-Overview">
- <title>Overview</title>
- <para>
+ <title>SSO - Single Sign On</title>
+ <section id="sect-Reference_Guide-SSO_Single_Sign_On_-Overview">
+ <title>Overview</title>
+ <para>
JBoss Enterprise Portal Platform provides an implementation of Single Sign On (<literal>SSO</literal>) as an integration and aggregation platform.
</para>
- <para>
+ <para>
When logging into the portal users can access many systems through portlets using a single identity. In many cases, however, the portal infrastructure must be integrated with other SSO enabled systems.
</para>
- <para>
+ <para>
There are many different Identity Management solutions available. In most cases each SSO framework provides a unique way to plug into a Java EE application.
</para>
- <para>
+ <para>
This section will cover the implementation of four different SSO plug-ins with JBoss Enterprise Portal Platform:
</para>
- <itemizedlist>
- <listitem>
- <para>
- <xref linkend="sect-Reference_Guide-SSO_Single_Sign_On_-Central_Authentication_Service" />
+ <itemizedlist>
+ <listitem>
+ <para>
+ <xref linkend="sect-Reference_Guide-SSO_Single_Sign_On_-Central_Authentication_Service"/>
</para>
-
- </listitem>
- <listitem>
- <para>
- <xref linkend="sect-Reference_Guide-SSO_Single_Sign_On_-Java_Open_Single_Sign_On_Project" />
+ </listitem>
+ <listitem>
+ <para>
+ <xref linkend="sect-Reference_Guide-SSO_Single_Sign_On_-Java_Open_Single_Sign_On_Project"/>
</para>
-
- </listitem>
- <listitem>
- <para>
- <xref linkend="sect-Reference_Guide-SSO_Single_Sign_On_-OpenSSO" />
+ </listitem>
+ <listitem>
+ <para>
+ <xref linkend="sect-Reference_Guide-SSO_Single_Sign_On_-OpenSSO"/>
</para>
-
- </listitem>
- <listitem>
- <para>
- <xref linkend="sect-Reference_Guide-SSO_Single_Sign_On_-SPNEGO_Simple_and_Protected_GSSAPI_Negotiation_Mechanism" />
+ </listitem>
+ <listitem>
+ <para>
+ <xref linkend="sect-Reference_Guide-SSO_Single_Sign_On_-SPNEGO_Simple_and_Protected_GSSAPI_Negotiation_Mechanism"/>
</para>
-
- </listitem>
-
- </itemizedlist>
- <note>
- <title>Prerequisites</title>
- <para>
- In this tutorial, the SSO server is being installed in a Tomcat environment. Tomcat can be obtained from <ulink type="http" url="http://tomcat.apache.org"> http://tomcat.apache.org </ulink> .
+ </listitem>
+ </itemizedlist>
+ <note>
+ <title>Prerequisites</title>
+ <para>
+ In this tutorial, the SSO server is being installed in a Tomcat environment. Tomcat can be obtained from <ulink url="http://tomcat.apache.org" type="http"> http://tomcat.apache.org </ulink> .
</para>
-
- </note>
- <para>
+ </note>
+ <para>
All the packages required for SSO setup can be found in a zip file located in the <filename>jboss-epp-<replaceable>VERSION</replaceable>/gatein-sso</filename> directory of the JBoss Enterprise Portal Platform binary package.
</para>
- <para>
+ <para>
In the following scenarios this directory will be referred to as <replaceable>PORTAL_SSO</replaceable>.
</para>
- <warning>
- <para>
+ <warning>
+ <para>
Users are advised to not run any portal extensions that could override the data when manipulating the <filename>gatein.ear</filename> file directly.
</para>
- <!-- Removed in GateIn reference-guide
+<!-- Removed in GateIn reference-guide
<para>
Remove <filename>JBOSS_HOME/server/PROFILE/deploy/gatein-sample-extension.ear</filename> and <filename>JBOSS_HOME/server/PROFILE/deploy/gatein-sample-portal.ear</filename> which are packaged by default with JBoss Enterprise Portal Platform.
- </para> -->
- </warning>
-
- </section>
-
- <section id="sect-Reference_Guide-SSO_Single_Sign_On_-Enabling_SSO_using_JBoss_SSO_Valve">
- <title>Enabling SSO using JBoss SSO Valve</title>
- <!-- Source Metadata
+ </para> --> </warning>
+ </section>
+ <section id="sect-Reference_Guide-SSO_Single_Sign_On_-Enabling_SSO_using_JBoss_SSO_Valve">
+ <title>Enabling SSO using JBoss SSO Valve</title>
+<!-- Source Metadata
URL: https://issues.jboss.org/browse/JBQA-4530
Author [w/email]: Marek Posolda (mposolda(a)redhat.com)
@@ -82,477 +73,397 @@
URL: https://issues.jboss.org/browse/JBEPP-615
Author [w/email]: Marek Posolda (mposolda(a)redhat.com)
- --> <para>
+ --> <para>
The JBoss SSO valve is useful to authenticate a user on one JBoss Enterprise Portal Platform node in a cluster and have that authentication automatically carry across to other nodes in the cluster.
</para>
- <para>
+ <para>
This authentication can also be used in any other web applications which may require authentication, <emphasis role="bold">provided that these applications use same roles as the main portal instance</emphasis>. Attempting to use an SSO authentication in an application that uses different roles may create authorization errors (<emphasis role="bold">403</emphasis> errors, for example).
</para>
- <note>
- <title>Reauthentication</title>
- <para>
+ <note>
+ <title>Reauthentication</title>
+ <para>
This behavior is coming from the fact that same JAAS principal is added by SSO valve to all HTTP requests, even to other web applications.
</para>
- <para>
+ <para>
So the same roles are required because of it. There is an alternative that allows you to configure the SSO valve with the <parameter>requireReauthentication=true</parameter> parameter, which will force the SSO valve to perform reauthentication with saved credentials in each HTTP request against security domain of particular web application where the request is coming.
</para>
- <para>
+ <para>
This will ensure that a new principal for that web application will be created with updated roles for that web application.
</para>
- <para>
+ <para>
In other words; when <parameter>requireReauthentication</parameter> is <emphasis role="bold">false</emphasis> (the default state), you need to have the same roles among web applications. When <parameter>requireReauthentication</parameter> is <emphasis role="bold">true</emphasis> you need to have same username and passwords.
</para>
-
- </note>
- <para>
- More info about the JBoss SSO valve can be found at <ulink type="http" url="http://docs.redhat.com/docs/en-US/JBoss_Enterprise_Web_Platform/5/html/Ad..." />.
+ </note>
+ <para>
+ More info about the JBoss SSO valve can be found at <ulink url="http://docs.redhat.com/docs/en-US/JBoss_Enterprise_Web_Platform/5/html/Ad..." type="http"/>.
</para>
- <para>
+ <para>
To successfully implement SSO integration, do the following:
</para>
- <procedure id="proc-Reference_Guide-Enabling_SSO_using_JBoss_SSO_Valve-SSO_Integration">
- <title>SSO Integration</title>
- <step>
- <para>
+ <procedure id="proc-Reference_Guide-Enabling_SSO_using_JBoss_SSO_Valve-SSO_Integration">
+ <title>SSO Integration</title>
+ <step>
+ <para>
Open the <filename><replaceable><JBOSS_HOME></replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/jbossweb.sar/server.xml</filename> file and uncomment one of the two <parameter>Valve</parameter> entries:
</para>
- <itemizedlist>
- <listitem>
- <para>
+ <itemizedlist>
+ <listitem>
+ <para>
For a <emphasis>non-clustered</emphasis> implementation, uncomment:
</para>
-
-<programlisting language="XML" role="XML"><Valve className="org.apache.catalina.authenticator.SingleSignOn" />
+ <programlisting language="XML" role="XML"><Valve className="org.apache.catalina.authenticator.SingleSignOn" />
</programlisting>
-
- </listitem>
- <listitem>
- <para>
+ </listitem>
+ <listitem>
+ <para>
For a <emphasis>clustered</emphasis> implementation, uncomment:
</para>
-
-<programlisting language="XML" role="XML"><Valve className="org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn" /></programlisting>
-
- </listitem>
-
- </itemizedlist>
-
- </step>
- <step>
- <para>
+ <programlisting language="XML" role="XML"><Valve className="org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn" /></programlisting>
+ </listitem>
+ </itemizedlist>
+ </step>
+ <step>
+ <para>
For implementation of the SSO valve among the different nodes of cluster, all the nodes must share the same domain (<emphasis>node1.yourdomain.com</emphasis> and <emphasis>node2.yourdomain.com</emphasis>, for example).
</para>
- <para>
+ <para>
This domain needs to be configured in the SSO valve parameter <parameter>cookieDomain</parameter>. This is required because the SSO valve adds the cookie <emphasis role="bold">JSESSIONIDSSO</emphasis>, which is, by default bound only to the host where the request is originating.
</para>
- <para>
+ <para>
When the <parameter>cookieDomain</parameter> parameter is used, the cookie is bound to the domain (like <emphasis>yourdomain.com</emphasis>), which will ensure that it is shared among both hosts <emphasis>node1.yourdomain.com</emphasis> and <emphasis>node2.yourdomain.com</emphasis>.
</para>
- <para>
+ <para>
So in this case, the valve configuration would be:
</para>
-
-<programlisting language="XML" role="XML"><Valve className="org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn"
-cookieDomain="yourdomain.com" />
+ <programlisting language="XML" role="XML"><Valve className="org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn"
+cookieDomain="yourdomain.com" />
</programlisting>
-
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
Another important thing is that both cluster nodes needs to be on same cluster (using same parameter <emphasis role="bold">-g</emphasis> and same parameter <emphasis role="bold">-u</emphasis> and also using parameter <emphasis role="bold">-Dexo.profiles=cluster</emphasis>).
</para>
- <para>
+ <para>
They must also share the same NFS directory and the same database and apply all the configuration needed for JBoss Enterprise Portal Platform cluster.
</para>
-
- </step>
-
- </procedure>
-
- <formalpara id="form-Reference_Guide-Enabling_SSO_using_JBoss_SSO_Valve-Testing_SSO_in_a_physical_cluster">
- <title>Testing SSO in a physical cluster</title>
- <para>
+ </step>
+ </procedure>
+ <formalpara id="form-Reference_Guide-Enabling_SSO_using_JBoss_SSO_Valve-Testing_SSO_in_a_physical_cluster">
+ <title>Testing SSO in a physical cluster</title>
+ <para>
In this example, we will try to simulate testing on more physical machines by simply using virtual hosts on single machine.
</para>
-
- </formalpara>
- <procedure id="proc-Reference_Guide-Enabling_SSO_using_JBoss_SSO_Valve-Testing_the_SSO_Valve">
- <title>Testing the SSO Valve</title>
- <step>
- <para>
+ </formalpara>
+ <procedure id="proc-Reference_Guide-Enabling_SSO_using_JBoss_SSO_Valve-Testing_the_SSO_Valve">
+ <title>Testing the SSO Valve</title>
+ <step>
+ <para>
If you are using a Linux system, you can configure file <emphasis role="bold">/etc/hosts</emphasis> to contain these lines:
</para>
-
-<programlisting>
+ <programlisting>
127.0.1.1 machine1.yourdomain.com
127.0.1.2 machine2.yourdomain.com
</programlisting>
-
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
Open the <filename><replaceable><JBOSS_HOME></replaceable>/server/all/<replaceable><PROFILE></replaceable>/jbossweb.sar/server.xml</filename> file.
</para>
-
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
Uncomment the line:
</para>
-
-<programlisting language="XML" role="XML"><!--
-<Valve className="org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn" />
+ <programlisting language="XML" role="XML"><!--
+<Valve className="org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn" />
-->
</programlisting>
-
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
And edit it to match the following:
</para>
-
-<programlisting language="XML" role="XML"><Valve className="org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn"
-cookieDomain="yourdomain.com" />
+ <programlisting language="XML" role="XML"><Valve className="org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn"
+cookieDomain="yourdomain.com" />
</programlisting>
- <para>
+ <para>
This will ensure the <literal>JSESSIONIDSSO</literal> cookie is used in the correct domain, allowing the SSO authentication to occur.
</para>
-
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
Copy server configuration <emphasis role="bold">all</emphasis> and create another two configurations <emphasis role="bold">node1</emphasis> and <emphasis role="bold">node2</emphasis> from it.
</para>
-
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
Start both cluster nodes with commands:
</para>
-
-<programlisting>
+ <programlisting>
./run.sh -c node1 -b machine1.yourdomain.com -Dexo.profiles=cluster -Djboss.messaging.ServerPeerID=0 &
./run.sh -c node2 -b machine2.yourdomain.com -Dexo.profiles=cluster -Djboss.messaging.ServerPeerID=1 &
</programlisting>
-
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
Go to <uri>http://machine1.yourdomain.com:8080/portal</uri> and login as a user.
</para>
-
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
Access a private URL on the second host, such as <uri>http://machine2.yourdomain.com:8080/portal/dologin</uri>, for example.
</para>
- <para>
+ <para>
Now you should be logged directly into <literal>machine2</literal> thanks to SSO valve.
</para>
-
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
Logout from SSO initiating machine1.yourdomain.com should also logged you out from other cluster nodes. So you should be logout directly from machine2 as well.
</para>
-
- </step>
-
- </procedure>
-
- <formalpara id="form-Reference_Guide-Enabling_SSO_using_JBoss_SSO_Valve-Enabling_SSO_with_Other_Web_Applications">
- <title>Enabling SSO with Other Web Applications</title>
- <para>
+ </step>
+ </procedure>
+ <formalpara id="form-Reference_Guide-Enabling_SSO_using_JBoss_SSO_Valve-Enabling_SSO_with_Other_Web_Applications">
+ <title>Enabling SSO with Other Web Applications</title>
+ <para>
As mentioned earlier, in order to use SSO authentication between JBoss Enterprise Portal Platform instances and other web applications, the roles defined in the web application must match those used in the portal instance (unless you have the <parameter>requireReauthentication</parameter> parameter set to <literal>true</literal>).
</para>
-
- </formalpara>
- <para>
+ </formalpara>
+ <para>
As an example, to use the SSO Valve to authenticate a user in both a portal instance and the JMX Console, the following actions would be required:
</para>
- <procedure>
- <title></title>
- <step>
- <para>
+ <procedure>
+ <title/>
+ <step>
+ <para>
Open the <filename><replaceable><JBOSS_HOME></replaceable>/server/node1/deploy/jmx-console.war/WEB-INF/web.xml</filename> file and edit it as follows:
</para>
- <substeps>
- <step>
- <para>
+ <substeps>
+ <step>
+ <para>
Change the <parameter><role-name></parameter> entry in the <parameter><auth-constraint></parameter> element (line <literal>110</literal>) from <literal>JBossAdmin</literal> to <literal>users</literal>:
</para>
-
-<programlisting language="XML" role="XML"><auth-constraint>
+ <programlisting language="XML" role="XML"><auth-constraint>
<!--<role-name>JBossAdmin</role-name>-->
<role-name>users</role-name>
</auth-constraint></programlisting>
-
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
Change the <parameter><role-name></parameter> entry in the <parameter><security-role></parameter> element (line <literal>120</literal>) from <literal>JBossAdmin</literal> to <literal>users</literal>
</para>
-
-<programlisting language="XML" role="XML"><security-role>
+ <programlisting language="XML" role="XML"><security-role>
<!--<role-name>JBossAdmin</role-name>-->
<role-name>users</role-name>
</security-role></programlisting>
-
- </step>
-
- </substeps>
-
- </step>
-
- </procedure>
-
- <formalpara id="form-Reference_Guide-Enabling_SSO_using_JBoss_SSO_Valve-Testing_SSO_With_Other_Web_Applications">
- <title>Testing SSO With Other Web Applications</title>
- <para>
+ </step>
+ </substeps>
+ </step>
+ </procedure>
+ <formalpara id="form-Reference_Guide-Enabling_SSO_using_JBoss_SSO_Valve-Testing_SSO_With_Other_Web_Applications">
+ <title>Testing SSO With Other Web Applications</title>
+ <para>
To test that SSO authentication is enabled from portal instances to other web applications (in this case, the JMX Console), do the following:
</para>
-
- </formalpara>
- <procedure id="proc-Reference_Guide-Enabling_SSO_using_JBoss_SSO_Valve-Test_SSO_Between_Portal_and_JMX_Console">
- <title>Test SSO Between Portal and JMX Console</title>
- <step>
- <para>
+ </formalpara>
+ <procedure id="proc-Reference_Guide-Enabling_SSO_using_JBoss_SSO_Valve-Test_SSO_Between_Portal_and_JMX_Console">
+ <title>Test SSO Between Portal and JMX Console</title>
+ <step>
+ <para>
Start a portal instance on one node:
</para>
-
-<programlisting>./run.sh -c node1 -b machine1.yourdomain.com -Dexo.profiles=cluster -Djboss.messaging.ServerPeerID=0 &
+ <programlisting>./run.sh -c node1 -b machine1.yourdomain.com -Dexo.profiles=cluster -Djboss.messaging.ServerPeerID=0 &
</programlisting>
-
- </step>
- <step>
- <para>
- Navigate to <uri>http://machine1.yourdomain.com:8080/portal/private/classic</uri> and authenticate with the pre-configured user account "<systemitem>root</systemitem>" (password "<systemitem>gtn </systemitem>").
+ </step>
+ <step>
+ <para>
+ Navigate to <uri>http://machine1.yourdomain.com:8080/portal/private/classic</uri> and authenticate with the pre-configured user account "<systemitem>root</systemitem>" (password "<systemitem>gtn </systemitem>").
</para>
-
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
Navigate to <uri>http://machine1.yourdomain.com:8080/jmx-console</uri>. You should be automatically authenticated into the JMX Console.
</para>
-
- </step>
-
- </procedure>
-
- <formalpara id="form-Reference_Guide-Enabling_SSO_using_JBoss_SSO_Valve-Using_SSO_to_Authenticate_From_the_Public_Page">
- <title>Using SSO to Authenticate From the Public Page</title>
- <para>
- The previous configuration changes in this section are useful if a user is using a secured URL (<ulink type="http" url="http://localhost:8080/portal/private/classic" />, for example) to log in to the portal instance.
+ </step>
+ </procedure>
+ <formalpara id="form-Reference_Guide-Enabling_SSO_using_JBoss_SSO_Valve-Using_SSO_to_Authenticate_From_the_Public_Page">
+ <title>Using SSO to Authenticate From the Public Page</title>
+ <para>
+ The previous configuration changes in this section are useful if a user is using a secured URL (<ulink url="http://localhost:8080/portal/private/classic" type="http"/>, for example) to log in to the portal instance.
</para>
-
- </formalpara>
- <para>
- Further changes are needed however, if SSO authentication is required to work with the <guilabel>Sign In</guilabel> button on the front page of the portal (<ulink type="http" url="http://localhost:8080/portal/classic" />).
+ </formalpara>
+ <para>
+ Further changes are needed however, if SSO authentication is required to work with the <guilabel>Sign In</guilabel> button on the front page of the portal (<ulink url="http://localhost:8080/portal/classic" type="http"/>).
</para>
- <para>
+ <para>
To enable this functionality, the <guilabel>Sign In</guilabel> link must redirect to some secured URL, which will ensure that JAAS authentication will be enforced directly without showing login dialog.
</para>
- <procedure id="proc-Reference_Guide-Enabling_SSO_using_JBoss_SSO_Valve-Redirect_to_Use_SSO_Valve_Authentication">
- <title>Redirect to Use SSO Valve Authentication</title>
- <step>
- <para>
+ <procedure id="proc-Reference_Guide-Enabling_SSO_using_JBoss_SSO_Valve-Redirect_to_Use_SSO_Valve_Authentication">
+ <title>Redirect to Use SSO Valve Authentication</title>
+ <step>
+ <para>
Open the <filename><replaceable><JBOSS_HOME></replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/web.war/groovy/groovy/webui/component/UIBannerPortlet.gtml</filename> file and edit the line:
</para>
-
-<programlisting language="Java" role="java"><a class="Login" onclick="$signInAction"><%=_ctx.appRes("UILoginForm.label.Signin")%></a>
+ <programlisting language="Java" role="java"><a class="Login" onclick="$signInAction"><%=_ctx.appRes("UILoginForm.label.Signin")%></a>
</programlisting>
- <para>
+ <para>
To read:
</para>
-
-<programlisting language="Java" role="java"><a class="Login" href="/portal/private/classic"><%=_ctx.appRes("UILoginForm.label.Signin")%></a>
+ <programlisting language="Java" role="java"><a class="Login" href="/portal/private/classic"><%=_ctx.appRes("UILoginForm.label.Signin")%></a>
</programlisting>
-
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
Open the <filename><replaceable><JBOSS_HOME></replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/web.war/groovy/portal/webui/component/UILogoPortlet.gtmpl</filename> file and change the line:
</para>
-
-<programlisting language="Java" role="java"><a onclick="$signInAction"><%=_ctx.appRes("UILogoPortlet.action.signin")%></a>
+ <programlisting language="Java" role="java"><a onclick="$signInAction"><%=_ctx.appRes("UILogoPortlet.action.signin")%></a>
</programlisting>
- <para>
+ <para>
To read:
</para>
-
-<programlisting language="Java" role="java"><a href="/portal/private/classic"><%=_ctx.appRes("UILogoPortlet.action.signin")%></a>
+ <programlisting language="Java" role="java"><a href="/portal/private/classic"><%=_ctx.appRes("UILogoPortlet.action.signin")%></a>
</programlisting>
-
- </step>
-
- </procedure>
-
-
- </section>
-
- <section id="sect-Reference_Guide-SSO_Single_Sign_On_-Central_Authentication_Service">
- <title>Central Authentication Service</title>
- <para>
+ </step>
+ </procedure>
+ </section>
+ <section id="sect-Reference_Guide-SSO_Single_Sign_On_-Central_Authentication_Service">
+ <title><remark>BZ#794466 </remark>Central Authentication Service</title>
+ <para>
This Single Sign On plugin enables seamless integration between JBoss Enterprise Portal Platform and the Central Authentication Service (<emphasis role="bold">CAS</emphasis>) Single Sign On Framework. Details about CAS can be found <ulink url="http://www.ja-sig.org/cas/"> here </ulink> .
</para>
- <para>
+ <para>
The integration consists of two parts; the first part consists of installing or configuring a CAS server, the second part consists of setting up the portal to use the CAS server.
</para>
- <procedure id="proc-Reference_Guide-Central_Authentication_Service-CAS_server">
- <title>CAS server</title>
- <step>
- <para>
+ <procedure id="proc-Reference_Guide-Central_Authentication_Service-CAS_server">
+ <title>CAS server</title>
+ <step>
+ <para>
Set up the server to authenticate against the portal login module.
</para>
-
- </step>
- <step>
- <para>
- Downloaded CAS from <ulink type="http" url="http://www.jasig.org/cas/download"> http://www.jasig.org/cas/download </ulink> .
+ </step>
+ <step>
+ <para>
+ Downloaded CAS from <ulink url="http://www.jasig.org/cas/download" type="http"> http://www.jasig.org/cas/download </ulink> .
</para>
- <para>
+ <para>
The version, tested with these instructions is <emphasis role="bold">CAS 3.3.5</emphasis>. Other versions may work.
</para>
-
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
Extract the downloaded file into a suitable location. This location will be referred to as <replaceable>CAS_DIR</replaceable> in the following example.
</para>
-
- </step>
-
- </procedure>
-
- <para>
+ </step>
+ </procedure>
+ <para>
The simplest way to configure the web archive is to make the necessary changes directly into the CAS codebase.
</para>
- <note>
- <para>
- To perform the final build step and complete these instructions you will need the Apache Maven 2. Download it from <ulink type="http" url="http://maven.apache.org/download.html"> here </ulink> .
+ <note>
+ <para>
+ To perform the final build step and complete these instructions you will need the Apache Maven 2. Download it from <ulink url="http://maven.apache.org/download.html" type="http"> here </ulink> .
</para>
-
- </note>
- <para>
+ </note>
+ <para>
Change the default authentication handler with the one provided by JBoss Enterprise Portal Platform.
</para>
- <para>
+ <para>
The CAS Server Plugin makes secure callbacks to a RESTful service installed on the remote JBoss Enterprise Portal Platform server to authenticate a user.
</para>
- <para>
+ <para>
In order for the plugin to function correctly, it needs to be properly configured to connect to this service. This configuration is controlled by the <filename>cas.war/WEB-INF/deployerConfigContext.xml </filename> file.
</para>
- <procedure id="proc-Reference_Guide-Central_Authentication_Service-Modifying_CAS_server">
- <title>Modifying CAS server</title>
- <step>
- <para>
+ <procedure id="proc-Reference_Guide-Central_Authentication_Service-Modifying_CAS_server">
+ <title>Modifying CAS server</title>
+ <step>
+ <para>
Open <filename><replaceable>CAS_DIR</replaceable>/cas-server-webapp/src/main/webapp/WEB-INF/deployerConfigContext.xml</filename>
</para>
-
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
Replace this code:
</para>
-
-<programlisting language="XML" role="XML"><xi:include href="../../extras/Authentication_Identity_SSO/default102.xml" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude" /></programlisting>
- <para>
+ <programlisting language="XML" role="XML"><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../extras/Authentication_Identity_SSO/default102.xml" parse="text"/></programlisting>
+ <para>
with the following (ensure you set the host, port and context with the values corresponding to your portal). Also available in <filename>PORTAL_SSO/cas/plugin/WEB-INF/deployerConfigContext.xml</filename>.):
</para>
-
-<programlisting language="XML" role="XML"><xi:include href="../../extras/Authentication_Identity_SSO/default103.xml" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude" /></programlisting>
-
- </step>
- <step>
- <para>
+ <programlisting language="XML" role="XML"><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../extras/Authentication_Identity_SSO/default103.xml" parse="text"/></programlisting>
+ </step>
+ <step>
+ <para>
Copy <filename><replaceable>PORTAL_SSO</replaceable>/cas/plugin/WEB-INF/lib/sso-cas-plugin-<VERSION>.jar</filename> and <filename><replaceable>PORTAL_SSO</replaceable>/cas/plugin/WEB-INF/lib/commons-httpclient-<VERSION>.jar</filename> into the <filename><replaceable>CAS_DIR</replaceable>/cas-server-webapp/src/main/webapp/WEB-INF/lib</filename> created directory.
</para>
-
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
If you have not already done so, download an instance of Tomcat and extract it into a suitable location (which will be called <filename>TOMCAT_HOME</filename> for these instructions).
</para>
-
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
Edit <filename>TOMCAT_HOME/conf/server.xml</filename> and change the 8080 port to 8888 to avoid a conflict with the default JBoss Enterprise Portal Platform.
</para>
- <note>
- <para>
+ <note>
+ <para>
If JBoss Enterprise Portal Platform is running on the same machine as Tomcat other ports will need to be changed in addition to 8080 in order to avoid conflicts. They can be changed to any free port. For example; you can change the admin port from 8005 to 8805 and the AJP port from 8009 to 8809.
</para>
-
- </note>
-
- </step>
- <step>
- <para>
+ </note>
+ </step>
+ <step>
+ <para>
Navigate locally to the <filename><replaceable>CAS_DIR</replaceable>/cas-server-webapp</filename> directory and execute the following command:
</para>
-
-<programlisting>mvn install
+ <programlisting>mvn install
</programlisting>
-
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
Copy the <filename><replaceable>CAS_DIR</replaceable>/cas-server-webapp/target/cas.war</filename> file into the <filename>TOMCAT_HOME/webapps</filename> directory.
</para>
- <para>
- Tomcat should start without issue and should be accessible at <ulink type="http" url="http://localhost:8888/cas"> http://localhost:8888/cas </ulink> .
+ <para>
+ Tomcat should start without issue and should be accessible at <ulink url="http://localhost:8888/cas" type="http"> http://localhost:8888/cas </ulink> .
</para>
- <note>
- <para>
+ <note>
+ <para>
At this stage the login functionality will not be available.
</para>
-
- </note>
- <mediaobject>
- <imageobject>
- <imagedata fileref="images/AuthenticationAndIdentity/SSO/cas.png" format="PNG" scale="100" width="444" />
- </imageobject>
-
- </mediaobject>
-
- </step>
-
- </procedure>
-
- <note>
- <para>
+ </note>
+ <mediaobject>
+ <imageobject>
+ <imagedata width="444" scale="100" fileref="images/AuthenticationAndIdentity/SSO/cas.png" format="PNG"/>
+ </imageobject>
+ </mediaobject>
+ </step>
+ </procedure>
+ <note>
+ <para>
On logout, the CAS server will display the CAS logout page with a link to return to the portal. To make the CAS server redirect to the portal page after a logout, modify the <filename>cas.war/WEB-INF/cas-servlet.xml</filename> to include the follow line :
</para>
-
-<programlisting>
-<bean id="logoutController" class="org.jasig.cas.web.LogoutController"
- p:centralAuthenticationService-ref="centralAuthenticationService"
- p:logoutView="casLogoutView"
- p:warnCookieGenerator-ref="warnCookieGenerator"
- p:ticketGrantingTicketCookieGenerator-ref="ticketGrantingTicketCookieGenerator"
- p:followServiceRedirects="true"/>
+ <programlisting>
+<bean id="logoutController" class="org.jasig.cas.web.LogoutController"
+ p:centralAuthenticationService-ref="centralAuthenticationService"
+ p:logoutView="casLogoutView"
+ p:warnCookieGenerator-ref="warnCookieGenerator"
+ p:ticketGrantingTicketCookieGenerator-ref="ticketGrantingTicketCookieGenerator"
+ p:followServiceRedirects="true"/>
</programlisting>
-
- </note>
- <procedure id="proc-Reference_Guide-Central_Authentication_Service-Setup_the_CAS_client">
- <title>Setup the CAS client</title>
- <step>
- <para>
+ </note>
+ <procedure id="proc-Reference_Guide-Central_Authentication_Service-Setup_the_CAS_client">
+ <title>Setup the CAS client</title>
+ <step>
+ <para>
Copy all the libraries from the <filename><replaceable>PORTAL_SSO</replaceable>/cas/gatein.ear/lib</filename> directory into the <filename>JBOSS_HOME/server/default/deploy/gatein.ear/lib</filename>) directory.
</para>
-
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
Edit the <filename>jboss-as/server/<replaceable>PROFILE</replaceable>/deploy/gatein.ear/META-INF/gatein-jboss-beans.xml</filename> and uncomment this section:
</para>
-
-<programlisting language="XML" role="XML"><xi:include href="../../extras/Authentication_Identity_SSO/default105.xml" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude" /></programlisting>
- <para>
- There's a line comment already in this source file to assist you.
+ <programlisting language="XML" role="XML"><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../extras/Authentication_Identity_SSO/default105.xml" parse="text"/></programlisting>
+ <para>
+ There's a line comment already in this source file to assist you.
</para>
- <!-- Removing as per https://issues.jboss.org/browse/JBEPP-1350
+<!-- Removing as per https://issues.jboss.org/browse/JBEPP-1350
<para>
In Tomcat, edit <filename>GATEIN_HOME/conf/jaas.conf</filename>, uncomment on this section and comment other parts:
</para>
@@ -561,554 +472,455 @@
portalContainerName=portal
realmName=gatein-domain;
</programlisting>
- -->
- </step>
- <step>
- <para>
+ --> </step>
+ <step>
+ <para>
The installation can be tested at this point (assuming the CAS server on Tomcat is running):
</para>
- <procedure>
- <step>
- <para>
- Start (or restart) JBoss Enterprise Portal Platform and direct your web browser to <ulink type="http" url="http://localhost:8888/cas"> http://localhost:8888/cas </ulink> .
+ <procedure>
+ <step>
+ <para>
+ Start (or restart) JBoss Enterprise Portal Platform and direct your web browser to <ulink url="http://localhost:8888/cas" type="http"> http://localhost:8888/cas </ulink> .
</para>
-
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
Login with the username <literal>root</literal> and the password <literal>gtn</literal> (or any other account created through the portal).
</para>
-
- </step>
-
- </procedure>
-
-
- </step>
-
+ </step>
</procedure>
-
- <para>
+ </step>
+ </procedure>
+ <para>
To utilize the Central Authentication Service, JBoss Enterprise Portal Platform needs to redirect all user authentication to the CAS server.
</para>
- <para>
+ <para>
Information about where the CAS is hosted must be properly configured within the JBoss Enterprise Portal Platform instance. The required configuration is done by modifying three files.
</para>
- <procedure id="proc-Reference_Guide-Central_Authentication_Service-Redirect_to_CAS">
- <title>Redirect to CAS</title>
- <step>
- <para>
- Modify the '<emphasis role="bold">Sign In</emphasis>' link in the <filename><replaceable><JBOSS_HOME></replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/web.war/groovy/groovy/webui/component/UIBannerPortlet.gtml</filename> file as follows:
+ <procedure id="proc-Reference_Guide-Central_Authentication_Service-Redirect_to_CAS">
+ <title><remark>BZ#794466 </remark>Redirect to CAS</title>
+ <step>
+ <para>
+ Modify the '<emphasis role="bold">Sign In</emphasis>' link in the <filename><replaceable><JBOSS_HOME></replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/web.war/groovy/groovy/webui/component/UIBannerPortlet.gtml</filename> file as follows:
</para>
-
-<programlisting language="XML" role="XML"><xi:include href="../../extras/Authentication_Identity_SSO/default106.xml" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude" /></programlisting>
-
- </step>
- <step>
- <para>
- Modify the '<emphasis role="bold">Sign In</emphasis>' link in the <filename><replaceable><JBOSS_HOME></replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/web.war/groovy/portal/webui/component/UILogoPortlet.gtmpl</filename> file as follows:
+ <programlisting language="XML" role="XML"><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../extras/Authentication_Identity_SSO/default106.xml" parse="text"/></programlisting>
+ </step>
+ <step>
+ <para>
+ Modify the '<emphasis role="bold">Sign In</emphasis>' link in the <filename><replaceable><JBOSS_HOME></replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/web.war/groovy/portal/webui/component/UILogoPortlet.gtmpl</filename> file as follows:
</para>
-
-<programlisting language="XML" role="XML"><xi:include href="../../extras/Authentication_Identity_SSO/default107.xml" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude" /></programlisting>
-
- </step>
- <step>
- <para>
+ <programlisting language="XML" role="XML"><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../extras/Authentication_Identity_SSO/default107.xml" parse="text"/></programlisting>
+ </step>
+ <step>
+ <para>
Replace the entire contents of <filename>gatein.ear/02portal.war/login/jsp/login.jsp</filename> with:
</para>
-
-<programlisting language="XML" role="XML"><xi:include href="../../extras/Authentication_Identity_SSO/default108.xml" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude" /></programlisting>
-
- </step>
- <step>
- <para>
+ <programlisting language="XML" role="XML"><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../extras/Authentication_Identity_SSO/default108.xml" parse="text"/></programlisting>
+ </step>
+ <step>
+ <para>
Add the following Filters at the top of the filter chain in <filename>gatein.ear/02portal.war/WEB-INF/web.xml</filename>:
</para>
-
-<programlisting language="XML" role="XML"><xi:include href="../../extras/Authentication_Identity_SSO/default109.xml" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude" /></programlisting>
-
- </step>
-
- </procedure>
-
- <para>
+ <remark>BZ#794466 - Updated formatting of line break. in URL</remark>
+ <programlisting language="XML" role="XML"><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../extras/Authentication_Identity_SSO/default109.xml" parse="text"/></programlisting>
+ </step>
+ </procedure>
+ <para>
Once these changes have been made, all links to the user authentication pages will redirect to the CAS centralized authentication form and CAS can be used as an SSO implementation in your portal.
</para>
-
- </section>
-
- <section id="sect-Reference_Guide-SSO_Single_Sign_On_-Java_Open_Single_Sign_On_Project">
- <title>Java Open Single Sign-On Project</title>
- <para>
+ </section>
+ <section id="sect-Reference_Guide-SSO_Single_Sign_On_-Java_Open_Single_Sign_On_Project">
+ <title>Java Open Single Sign-On Project</title>
+ <para>
This Single Sign On plugin enables seamless integration between JBoss Enterprise Portal Platform and the Java Open Single Sign-On Project (<emphasis role="bold">JOSSO</emphasis>) Single Sign On Framework. Details about JOSSO can be found at <ulink url="http://www.josso.org"> www.josso.org </ulink> .
</para>
- <para>
+ <para>
This section details setting up the JOSSO server to authenticate against the JBoss Enterprise Portal Platform login module.
</para>
- <procedure id="proc-Reference_Guide-Java_Open_Single_Sign_On_Project-JOSSO_server">
- <title>JOSSO server</title>
- <step>
- <para>
- Download JOSSO from <ulink type="http" url="http://sourceforge.net/projects/josso/files/"> http://sourceforge.net/projects/josso/files/ </ulink> .
+ <procedure id="proc-Reference_Guide-Java_Open_Single_Sign_On_Project-JOSSO_server">
+ <title>JOSSO server</title>
+ <step>
+ <para>
+ Download JOSSO from <ulink url="http://sourceforge.net/projects/josso/files/" type="http"> http://sourceforge.net/projects/josso/files/ </ulink> .
</para>
- <note>
- <para>
+ <note>
+ <para>
Use the package that embeds Apache Tomcat. The integration was tested with JOSSO-1.8.1.
</para>
-
- </note>
-
- </step>
- <step>
- <para>
+ </note>
+ </step>
+ <step>
+ <para>
Extract the package into what will be called <filename>JOSSO_HOME</filename> in this example.
</para>
-
- </step>
-
- </procedure>
-
- <procedure id="proc-Reference_Guide-Java_Open_Single_Sign_On_Project-Modifying_JOSSO_server">
- <title>Modifying JOSSO server</title>
- <step>
- <para>
+ </step>
+ </procedure>
+ <procedure id="proc-Reference_Guide-Java_Open_Single_Sign_On_Project-Modifying_JOSSO_server">
+ <title>Modifying JOSSO server</title>
+ <step>
+ <para>
Copy the files from <filename><replaceable>PORTAL_SSO</replaceable>/josso/plugin</filename> into the <filename>JOSSO_HOME</filename> directory created in the last step.
</para>
- <para>
+ <para>
This action should replace or add the following files to the <filename>JOSSO_HOME/webapps/josso/WEB-INF/lib</filename> directory:
</para>
- <itemizedlist>
- <listitem>
- <para>
+ <itemizedlist>
+ <listitem>
+ <para>
<filename>JOSSO_HOME/lib/josso-gateway-config.xml</filename>
</para>
-
- </listitem>
- <listitem>
- <para>
+ </listitem>
+ <listitem>
+ <para>
<filename>JOSSO_HOME/lib/josso-gateway-gatein-stores.xml</filename>
</para>
-
- </listitem>
- <listitem>
- <para>
+ </listitem>
+ <listitem>
+ <para>
<filename>JOSSO_HOME/webapps/josso/WEB-INF/classes/gatein.properties</filename>
</para>
-
- </listitem>
-
- </itemizedlist>
-
- </step>
- <step>
- <para>
+ </listitem>
+ </itemizedlist>
+ </step>
+ <step>
+ <para>
Edit <filename>TOMCAT_HOME/conf/server.xml</filename> file and change the 8080 port to 8888 to avoid a conflict with the default JBoss Enterprise Portal Platform port.
<note>
- <title>Port Conflicts</title>
- <para>
+ <title>Port Conflicts</title>
+ <para>
If JBoss Enterprise Portal Platform is running on the same machine as Tomcat, other ports need to be changed in addition to 8080 in order to avoid port conflicts. They can be changed to any free port. For example, you can change admin port from 8005 to 8805, and AJP port from 8009 to 8809.
</para>
+ </note>
- </note>
-
</para>
-
- </step>
- <step>
- <para>
- Tomcat will start and allow access to <ulink type="http" url="http://localhost:8888/josso/signon/login.do"> http://localhost:8888/josso/signon/login.do </ulink> but at this stage login will not be available.
+ </step>
+ <step>
+ <para>
+ Tomcat will start and allow access to <ulink url="http://localhost:8888/josso/signon/login.do" type="http"> http://localhost:8888/josso/signon/login.do </ulink> but at this stage login will not be available.
</para>
- <mediaobject>
- <imageobject>
- <imagedata fileref="images/AuthenticationAndIdentity/SSO/opensso.png" format="PNG" width="444" />
- </imageobject>
-
- </mediaobject>
-
- </step>
-
- </procedure>
-
- <procedure id="proc-Reference_Guide-Java_Open_Single_Sign_On_Project-Setup_the_JOSSO_client">
- <title>Setup the JOSSO client</title>
- <step>
- <para>
+ <mediaobject>
+ <imageobject>
+ <imagedata width="444" fileref="images/AuthenticationAndIdentity/SSO/opensso.png" format="PNG"/>
+ </imageobject>
+ </mediaobject>
+ </step>
+ </procedure>
+ <procedure id="proc-Reference_Guide-Java_Open_Single_Sign_On_Project-Setup_the_JOSSO_client">
+ <title>Setup the JOSSO client</title>
+ <step>
+ <para>
Copy the library files from <filename><replaceable>PORTAL_SSO</replaceable>/josso/gatein.ear/lib</filename> into <filename>gatein.ear/lib</filename> (or into <filename>GATEIN_HOME/lib</filename> if the product is running in Tomcat).
</para>
-
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
Copy the <filename><replaceable>PORTAL_SSO</replaceable>/josso/gatein.ear/portal.war/WEB-INF/classes/josso-agent-config.xml</filename> file into the <filename>gatein.ear/02portal.war/WEB-INF/classes</filename> directory (or into <filename>JBOSS_HOME/webapps/portal.war/WEB-INF/classes</filename>, or <filename>GATEIN_HOME/conf</filename> if the product is running in Tomcat).
</para>
-
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
Edit <filename>jboss-as/server/<replaceable>PROFILE</replaceable>/deploy/gatein.ear/META-INF/gatein-jboss-beans.xml</filename> and uncomment this section:
</para>
-
-<programlisting language="XML" role="XML"><xi:include href="../../extras/Authentication_Identity_SSO/default111.xml" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude" /></programlisting>
-
- </step>
- <step>
- <para>
+ <programlisting language="XML" role="XML"><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../extras/Authentication_Identity_SSO/default111.xml" parse="text"/></programlisting>
+ </step>
+ <step>
+ <para>
In Tomcat, edit <filename>JBOSS_HOME/conf/jaas.conf</filename> and uncomment this section:
</para>
-
-<programlisting>org.gatein.sso.agent.login.SSOLoginModule required;
+ <programlisting>org.gatein.sso.agent.login.SSOLoginModule required;
org.exoplatform.services.security.j2ee.TomcatLoginModule requiredtm
portalContainerName=portal
realmName=gatein-domain;
</programlisting>
-
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
The installation can be tested at this point.
</para>
- <substeps>
- <step>
- <para>
- Start (or restart) JBoss Enterprise Portal Platform, and (assuming the JOSSO server on Tomcat is running) direct your browser to <ulink type="http" url="http://localhost:8888/josso/signon/login.do"> http://localhost:8888/josso/signon/login.do </ulink> .
+ <substeps>
+ <step>
+ <para>
+ Start (or restart) JBoss Enterprise Portal Platform, and (assuming the JOSSO server on Tomcat is running) direct your browser to <ulink url="http://localhost:8888/josso/signon/login.do" type="http"> http://localhost:8888/josso/signon/login.do </ulink> .
</para>
-
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
Login with the username <literal>root</literal> and the password <literal>gtn</literal> or any account created through the portal.
</para>
-
- </step>
-
- </substeps>
-
- </step>
-
- </procedure>
-
- <para>
+ </step>
+ </substeps>
+ </step>
+ </procedure>
+ <para>
The next part of the process is to redirect all user authentication to the JOSSO server.
</para>
- <para>
+ <para>
Information about where the JOSSO server is hosted must be properly configured within the JBoss Enterprise Portal Platform instance. The required configuration is done by modifying four files:
</para>
- <procedure id="proc-Reference_Guide-Java_Open_Single_Sign_On_Project-Setup_the_portal_to_redirect_to_JOSSO">
- <title>Setup the portal to redirect to JOSSO</title>
- <step>
- <para>
- In the <filename><replaceable><JBOSS_HOME></replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/web.war/groovy/groovy/webui/component/UIBannerPortlet.gtml</filename> file modify the 'Sign In' link as follows:
+ <procedure id="proc-Reference_Guide-Java_Open_Single_Sign_On_Project-Setup_the_portal_to_redirect_to_JOSSO">
+ <title>Setup the portal to redirect to JOSSO</title>
+ <step>
+ <para>
+ In the <filename><replaceable><JBOSS_HOME></replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/web.war/groovy/groovy/webui/component/UIBannerPortlet.gtml</filename> file modify the 'Sign In' link as follows:
</para>
-
-<programlisting language="XML" role="XML"><xi:include href="../../extras/Authentication_Identity_SSO/default112.xml" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude" /></programlisting>
-
- </step>
- <step>
- <para>
- Modify the '<emphasis role="bold">Sign In</emphasis>' link in the <filename>gatein.ear/web.war/groovy/portal/webui/component/UILogoPortlet.gtmpl</filename> file as follows:
+ <programlisting language="XML" role="XML"><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../extras/Authentication_Identity_SSO/default112.xml" parse="text"/></programlisting>
+ </step>
+ <step>
+ <para>
+ Modify the '<emphasis role="bold">Sign In</emphasis>' link in the <filename>gatein.ear/web.war/groovy/portal/webui/component/UILogoPortlet.gtmpl</filename> file as follows:
</para>
-
-<programlisting language="XML" role="XML"><xi:include href="../../extras/Authentication_Identity_SSO/default113.xml" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude" /></programlisting>
-
- </step>
- <step>
- <para>
+ <programlisting language="XML" role="XML"><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../extras/Authentication_Identity_SSO/default113.xml" parse="text"/></programlisting>
+ </step>
+ <step>
+ <para>
Replace the entire contents of <filename>gatein.ear/02portal.war/login/jsp/login.jsp</filename> with:
</para>
-
-<programlisting language="XML" role="XML"><xi:include href="../../extras/Authentication_Identity_SSO/default114.xml" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude" /></programlisting>
-
- </step>
- <step>
- <para>
+ <programlisting language="XML" role="XML"><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../extras/Authentication_Identity_SSO/default114.xml" parse="text"/></programlisting>
+ </step>
+ <step>
+ <para>
Add the following Filters to the top of the filter chain in <filename>gatein.ear/02portal.war/WEB-INF/web.xml</filename>:
</para>
-
-<programlisting language="XML" role="XML"><xi:include href="../../extras/Authentication_Identity_SSO/default115.xml" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude" /></programlisting>
-
- </step>
-
- </procedure>
-
- <para>
+ <programlisting language="XML" role="XML"><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../extras/Authentication_Identity_SSO/default115.xml" parse="text"/></programlisting>
+ </step>
+ </procedure>
+ <para>
From now on, all links redirecting to the user authentication pages will redirect to the JOSSO centralized authentication form.
</para>
-
- </section>
-
- <section id="sect-Reference_Guide-SSO_Single_Sign_On_-OpenSSO">
- <title>OpenSSO</title>
- <para>
+ </section>
+ <section id="sect-Reference_Guide-SSO_Single_Sign_On_-OpenSSO">
+ <title>OpenSSO</title>
+ <para>
This section details the setting up of OpenSSO server to authenticate against the JBoss Enterprise Portal Platform login module.
</para>
- <procedure id="proc-Reference_Guide-OpenSSO-Obtaining_OpenSSO">
- <title>Obtaining OpenSSO</title>
- <step>
- <para>
- OpenSSO must be purchased from <ulink type="http" url="http://www.oracle.com/technetwork/middleware/id-mgmt/overview/index.html"> Oracle </ulink> .
+ <procedure id="proc-Reference_Guide-OpenSSO-Obtaining_OpenSSO">
+ <title>Obtaining OpenSSO</title>
+ <step>
+ <para>
+ OpenSSO must be purchased from <ulink url="http://www.oracle.com/technetwork/middleware/id-mgmt/overview/index.html" type="http"> Oracle </ulink> .
</para>
- <para>
- For testing purposes, use OpenSSO_80U2, which can be downloaded from <ulink type="http" url="http://download.oracle.com/otn/nt/middleware/11g/oracle_opensso_80U2.zip">Oracle </ulink> .
+ <para>
+ For testing purposes, use OpenSSO_80U2, which can be downloaded from <ulink url="http://download.oracle.com/otn/nt/middleware/11g/oracle_opensso_80U2.zip" type="http">Oracle </ulink> .
</para>
-
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
Extract the package into a suitable location. This location will be referred to as <filename>OPENSSO_HOME</filename> in this example.
</para>
-
- </step>
-
- </procedure>
-
- <note>
- <para>
- It is also possible to use OpenAM instead of OpenSSO server. OpenAM is free and the integration steps between Enterprise Portal Platform and OpenAM are very similar as with OpenSSO. More info is available <ulink type="http" url="http://community.jboss.org/wiki/GateInAndOpenAMIntegration"> here </ulink> .
+ </step>
+ </procedure>
+ <note>
+ <para>
+ It is also possible to use OpenAM instead of OpenSSO server. OpenAM is free and the integration steps between Enterprise Portal Platform and OpenAM are very similar as with OpenSSO. More info is available <ulink url="http://community.jboss.org/wiki/GateInAndOpenAMIntegration" type="http"> here </ulink> .
</para>
-
- </note>
-
- <section id="sect-Reference_Guide-SSO_Single_Sign_On_-Modifying_the_OpenSSO_server">
- <title>Modifying the OpenSSO server</title>
- <para>
+ </note>
+ <section id="sect-Reference_Guide-SSO_Single_Sign_On_-Modifying_the_OpenSSO_server">
+ <title>Modifying the OpenSSO server</title>
+ <para>
To configure the web server as required, it is simpler to directly modify the source files.
</para>
- <para>
+ <para>
The first step is to add the JBoss Enterprise Portal Platform Authentication Plugin.
</para>
- <para>
+ <para>
The plugin makes secure callbacks to a RESTful service installed on the remote JBoss Enterprise Portal Platform server to authenticate a user.
</para>
- <para>
+ <para>
In order for the plugin to function correctly, it needs to be properly configured to connect to this service. This configuration is done via the <filename>opensso.war/config/auth/default/AuthenticationPlugin.xml</filename> file.
</para>
- <procedure id="proc-Reference_Guide-Modifying_the_OpenSSO_server-Modifying_OpenSSO_server">
- <title>Modifying OpenSSO server</title>
- <step>
- <para>
+ <procedure id="proc-Reference_Guide-Modifying_the_OpenSSO_server-Modifying_OpenSSO_server">
+ <title>Modifying OpenSSO server</title>
+ <step>
+ <para>
Obtain a copy of Tomcat and extract it into a suitable location. This location will be referred to as <filename>TOMCAT_HOME</filename> in this example.
</para>
-
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
Edit <filename>TOMCAT_HOME/conf/server.xml</filename> and change the 8080 port to 8888 to avoid a conflict with the default JBoss Enterprise Portal Platform port.
<note>
- <para>
+ <para>
If JBoss Enterprise Portal Platform is running on the same machine as Tomcat, other ports need to be changed in addition to 8080 in order to avoid port conflicts. They can be changed to any free port. For example, you can change the admin port from 8005 to 8805 and the AJP port from 8009 to 8809.
</para>
+ </note>
- </note>
-
</para>
-
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
Ensure the <filename>TOMCAT_HOME/webapps/opensso/config/auth/default/AuthenticationPlugin.xml</filename> file matches the following:
</para>
-
-<programlisting language="XML" role="XML"><xi:include href="../../extras/Authentication_Identity_SSO/default117.xml" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude" /></programlisting>
-
- </step>
- <step>
- <para>
+ <programlisting language="XML" role="XML"><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../extras/Authentication_Identity_SSO/default117.xml" parse="text"/></programlisting>
+ </step>
+ <step>
+ <para>
Copy the following files into the Tomcat directory at <filename>TOMCAT_HOME/webapps/opensso/WEB-INF/lib</filename>:
</para>
- <itemizedlist>
- <listitem>
- <para>
+ <itemizedlist>
+ <listitem>
+ <para>
<filename><replaceable>PORTAL_SSO</replaceable>/opensso/plugin/WEB-INF/lib/sso-opensso-plugin-<VERSION>.jar</filename>
</para>
-
- </listitem>
- <listitem>
- <para>
+ </listitem>
+ <listitem>
+ <para>
<filename><replaceable>PORTAL_SSO</replaceable>/opensso/plugin/WEB-INF/lib/commons-httpclient-<VERSION>.jar</filename>
</para>
-
- </listitem>
- <listitem>
- <para>
+ </listitem>
+ <listitem>
+ <para>
<filename><replaceable>PORTAL_SSO</replaceable>/opensso/plugin/WEB-INF/lib/commons-logging-<VERSION>.jar</filename>
</para>
-
- </listitem>
-
- </itemizedlist>
-
- </step>
- <step>
- <para>
+ </listitem>
+ </itemizedlist>
+ </step>
+ <step>
+ <para>
Copy the <filename><replaceable>PORTAL_SSO</replaceable>/opensso/plugin/WEB-INF/classes/gatein.properties</filename> file into the <filename>TOMCAT_HOME/webapps/opensso/WEB-INF/classes</filename> directory.
</para>
-
- </step>
- <step>
- <para>
- Tomcat should start and be able to access <ulink type="http" url="http://localhost:8888/opensso/UI/Login?realm=gatein"> http://localhost:8888/opensso/UI/Login?realm=gatein </ulink> .
+ </step>
+ <step>
+ <para>
+ Tomcat should start and be able to access <ulink url="http://localhost:8888/opensso/UI/Login?realm=gatein" type="http"> http://localhost:8888/opensso/UI/Login?realm=gatein </ulink> .
</para>
- <mediaobject>
- <imageobject role="html">
- <imagedata align="center" fileref="images/AuthenticationAndIdentity/SSO/opensso-shot.png" format="PNG" scale="110" width="444" />
- </imageobject>
- <imageobject role="fo">
- <imagedata align="center" contentwidth="150mm" fileref="images/AuthenticationAndIdentity/SSO/opensso-shot.png" format="PNG" width="444" />
- </imageobject>
-
- </mediaobject>
- <note>
- <para>
+ <mediaobject>
+ <imageobject role="html">
+ <imagedata width="444" align="center" scale="110" fileref="images/AuthenticationAndIdentity/SSO/opensso-shot.png" format="PNG"/>
+ </imageobject>
+ <imageobject role="fo">
+ <imagedata width="444" contentwidth="150mm" align="center" fileref="images/AuthenticationAndIdentity/SSO/opensso-shot.png" format="PNG"/>
+ </imageobject>
+ </mediaobject>
+ <note>
+ <para>
Login will not be available at this point.
</para>
-
- </note>
-
- </step>
-
- </procedure>
-
- <procedure id="proc-Reference_Guide-Modifying_the_OpenSSO_server-Configure_the_gatein_realm">
- <title>Configure the "gatein" realm</title>
- <step>
- <para>
- Direct your browser to <ulink type="http" url="http://localhost:8888/opensso"> http://localhost:8888/opensso </ulink>
+ </note>
+ </step>
+ </procedure>
+ <procedure id="proc-Reference_Guide-Modifying_the_OpenSSO_server-Configure_the_gatein_realm">
+ <title>Configure the "gatein" realm</title>
+ <step>
+ <para>
+ Direct your browser to <ulink url="http://localhost:8888/opensso" type="http"> http://localhost:8888/opensso </ulink>
</para>
-
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
Create a default configuration.
</para>
-
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
Login as <literal>amadmin</literal>.
</para>
- <important>
- <para>
- Go to <menuchoice><guimenu>Configuration</guimenu> <guimenuitem> Authentication </guimenuitem> </menuchoice> and follow the link to <guilabel>Core</guilabel>
+ <important>
+ <para>
+ Go to <menuchoice>
+ <guimenu>Configuration</guimenu>
+ <guimenuitem> Authentication </guimenuitem>
+ </menuchoice> and follow the link to <guilabel>Core</guilabel>
</para>
- <para>
+ <para>
Add a new value with the class name <literal>org.gatein.sso.opensso.plugin.AuthenticationPlugin</literal>.
</para>
- <para>
+ <para>
If this is not done <literal>AuthenticationPlugin</literal> is not available among other OpenSSO authentication modules.
</para>
-
- </important>
-
- </step>
- <step>
- <para>
+ </important>
+ </step>
+ <step>
+ <para>
Go to the <guilabel>Access control</guilabel> tab and create new realm called <literal>gatein</literal>.
</para>
-
- </step>
- <step>
- <substeps>
- <step>
- <para>
+ </step>
+ <step>
+ <substeps>
+ <step>
+ <para>
Go to the new <literal>gatein</literal> realm and click on the <guilabel>Authentication</guilabel> tab.
</para>
-
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
Click on <guilabel>LDAPService</guilabel> (at the bottom in the <guilabel>Authentication chaining</guilabel> section).
</para>
-
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
Change the selection from <literal>Datastore</literal>, which is the default module in the authentication chain, to <literal>AuthenticationPlugin</literal>.
</para>
-
- </step>
-
- </substeps>
- <para>
+ </step>
+ </substeps>
+ <para>
These changes enable authentication of the <literal>gatein</literal> realm using the <literal>GateIn REST</literal> service instead of the OpenSSO LDAP server.
</para>
-
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
Go to <guilabel>Advanced properties</guilabel> and change <literal>UserProfile</literal> from <parameter>Required</parameter> to <parameter>Dynamic</parameter> to ensure all new users are automatically created in the OpenSSO datastore after successful authentication.
</para>
-
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
Increase the user privileges to allow REST access with the following procedure:
</para>
- <substeps>
- <step>
- <para>
- Go to <menuchoice><guimenu>Access control</guimenu> <guimenuitem> Top level realm </guimenuitem> <guimenuitem> Privileges </guimenuitem> <guimenuitem> All authenticated users </guimenuitem> </menuchoice>.
+ <substeps>
+ <step>
+ <para>
+ Go to <menuchoice>
+ <guimenu>Access control</guimenu>
+ <guimenuitem> Top level realm </guimenuitem>
+ <guimenuitem> Privileges </guimenuitem>
+ <guimenuitem> All authenticated users </guimenuitem>
+ </menuchoice>.
</para>
-
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
Check the last two checkboxes:
</para>
- <itemizedlist>
- <listitem>
- <para>
+ <itemizedlist>
+ <listitem>
+ <para>
Read and write access only for policy properties
</para>
-
- </listitem>
- <listitem>
- <para>
+ </listitem>
+ <listitem>
+ <para>
Read and write access to all realm and policy properties
</para>
-
- </listitem>
-
- </itemizedlist>
-
- </step>
-
- </substeps>
-
+ </listitem>
+ </itemizedlist>
</step>
- <step>
- <para>
- Repeat step 7 for the '<literal>gatein</literal>' realm as well.
+ </substeps>
+ </step>
+ <step>
+ <para>
+ Repeat step 7 for the '<literal>gatein</literal>' realm as well.
</para>
-
- </step>
-
- </procedure>
-
-
+ </step>
+ </procedure>
</section>
-
- <section id="sect-Reference_Guide-SSO_Single_Sign_On_-Setup_the_OpenSSO_Client">
- <title>Setup the OpenSSO Client</title>
- <procedure id="proc-Reference_Guide-Setup_the_OpenSSO_Client-Setup_the_OpenSSO_client">
- <title>Setup the OpenSSO client</title>
- <step>
- <para>
+ <section id="sect-Reference_Guide-SSO_Single_Sign_On_-Setup_the_OpenSSO_Client">
+ <title>Setup the OpenSSO Client</title>
+ <procedure id="proc-Reference_Guide-Setup_the_OpenSSO_Client-Setup_the_OpenSSO_client">
+ <title>Setup the OpenSSO client</title>
+ <step>
+ <para>
Copy all libraries from the <filename><replaceable>PORTAL_SSO</replaceable>/opensso/gatein.ear/lib</filename> directory into the <filename>JBOSS_HOME/server/default/deploy/gatein.ear/lib</filename> directory.
</para>
- <para>
+ <para>
Alternatively, in a Tomcat environment, copy the libraries into the <filename>JBOSS_HOME/lib</filename> directory.
</para>
-
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
Edit the <filename>jboss-as/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/META-INF/gatein-jboss-beans.xml</filename> and uncomment this section:
</para>
-
-<programlisting language="XML" role="XML"><xi:include href="../../extras/Authentication_Identity_SSO/default118.xml" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude" /></programlisting>
-
- </step>
- <!-- Removed as per https://issues.jboss.org/browse/JBEPP-1350
+ <programlisting language="XML" role="XML"><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../extras/Authentication_Identity_SSO/default118.xml" parse="text"/></programlisting>
+ </step>
+<!-- Removed as per https://issues.jboss.org/browse/JBEPP-1350
<step>
<para>
If you are running the product in Tomcat, edit <replaceable><JBOSS_HOME></replaceable>/conf/jaas.conf, uncomment the following section and comment all other sections:
@@ -1119,189 +931,154 @@
realmName=gatein-domain;
</programlisting>
</step>
- --> <step>
- <para>
+ --> <step>
+ <para>
Test the installation:
</para>
- <procedure>
- <step>
- <para>
- Access JBoss Enterprise Portal Platform by going to <ulink type="http" url="http://localhost:8888/opensso/UI/Login?realm=gatein"> http://localhost:8888/opensso/UI/Login?realm=gatein </ulink> (assuming that the OpenSSO server using Tomcat is still running).
+ <procedure>
+ <step>
+ <para>
+ Access JBoss Enterprise Portal Platform by going to <ulink url="http://localhost:8888/opensso/UI/Login?realm=gatein" type="http"> http://localhost:8888/opensso/UI/Login?realm=gatein </ulink> (assuming that the OpenSSO server using Tomcat is still running).
</para>
-
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
Login with the username <literal>root</literal> and the password <literal>gtn</literal> or any account created through the portal.
</para>
-
- </step>
-
- </procedure>
-
-
</step>
-
- </procedure>
-
-
+ </procedure>
+ </step>
+ </procedure>
</section>
-
- <section id="sect-Reference_Guide-SSO_Single_Sign_On_-Setup_the_portal_to_redirect_to_OpenSSO">
- <title>Setup the portal to redirect to OpenSSO</title>
- <para>
+ <section id="sect-Reference_Guide-SSO_Single_Sign_On_-Setup_the_portal_to_redirect_to_OpenSSO">
+ <title>Setup the portal to redirect to OpenSSO</title>
+ <para>
The next part of the process is to redirect all user authentication to the OpenSSO server.
</para>
- <para>
+ <para>
Information about where the OpenSSO server is hosted must be properly configured within the Enterprise Portal Platform instance. The required configuration is done by modifying three files:
</para>
- <procedure id="proc-Reference_Guide-Setup_the_portal_to_redirect_to_OpenSSO-Setup_the_portal_to_redirect_to_OpenSSO">
- <title>Setup the portal to redirect to OpenSSO</title>
- <step>
- <para>
- Modify the '<emphasis role="bold">Sign In</emphasis>' link in the <filename><replaceable><JBOSS_HOME></replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/web.war/groovy/groovy/webui/component/UIBannerPortlet.gtml</filename> file as follows:
+ <procedure id="proc-Reference_Guide-Setup_the_portal_to_redirect_to_OpenSSO-Setup_the_portal_to_redirect_to_OpenSSO">
+ <title>Setup the portal to redirect to OpenSSO</title>
+ <step>
+ <para>
+ Modify the '<emphasis role="bold">Sign In</emphasis>' link in the <filename><replaceable><JBOSS_HOME></replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/web.war/groovy/groovy/webui/component/UIBannerPortlet.gtml</filename> file as follows:
</para>
-
-<programlisting language="XML" role="XML"><xi:include href="../../extras/Authentication_Identity_SSO/default119.xml" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude" /></programlisting>
-
- </step>
- <step>
- <para>
- Modify the '<emphasis role="bold">Sign In</emphasis>' link in the <filename>gatein.ear/web.war/groovy/portal/webui/component/UILogoPortlet.gtmpl</filename> file as follows:
+ <programlisting language="XML" role="XML"><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../extras/Authentication_Identity_SSO/default119.xml" parse="text"/></programlisting>
+ </step>
+ <step>
+ <para>
+ Modify the '<emphasis role="bold">Sign In</emphasis>' link in the <filename>gatein.ear/web.war/groovy/portal/webui/component/UILogoPortlet.gtmpl</filename> file as follows:
</para>
-
-<programlisting language="XML" role="XML"><xi:include href="../../extras/Authentication_Identity_SSO/default120.xml" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude" /></programlisting>
-
- </step>
- <step>
- <para>
+ <programlisting language="XML" role="XML"><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../extras/Authentication_Identity_SSO/default120.xml" parse="text"/></programlisting>
+ </step>
+ <step>
+ <para>
Replace the entire contents of <filename>gatein.ear/02portal.war/login/jsp/login.jsp</filename> with:
</para>
-
-<programlisting language="XML" role="XML"><xi:include href="../../extras/Authentication_Identity_SSO/default121.xml" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude" /></programlisting>
-
- </step>
- <step>
- <para>
+ <programlisting language="XML" role="XML"><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../extras/Authentication_Identity_SSO/default121.xml" parse="text"/></programlisting>
+ </step>
+ <step>
+ <para>
Add the following Filters to the top of the filter chain in <filename>gatein.ear/02portal.war/WEB-INF/web.xml</filename>:
</para>
-
-<programlisting language="XML" role="XML"><xi:include href="../../extras/Authentication_Identity_SSO/default122.xml" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude" /></programlisting>
-
- </step>
-
- </procedure>
-
- <para>
+ <programlisting language="XML" role="XML"><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../extras/Authentication_Identity_SSO/default122.xml" parse="text"/></programlisting>
+ </step>
+ </procedure>
+ <para>
From now on, all links redirecting to the user authentication pages will redirect to the OpenSSO centralized authentication form.
</para>
-
</section>
- </section>
- <section id="sect-Reference_Guide-SSO_Single_Sign_On_-SPNEGO_Simple_and_Protected_GSSAPI_Negotiation_Mechanism">
- <title>SPNEGO - Simple and Protected GSSAPI Negotiation Mechanism</title>
- <para>
+ </section>
+ <section id="sect-Reference_Guide-SSO_Single_Sign_On_-SPNEGO_Simple_and_Protected_GSSAPI_Negotiation_Mechanism">
+ <title>SPNEGO - Simple and Protected GSSAPI Negotiation Mechanism</title>
+ <para>
The Simple and Protected GSSAPI Negotiation Mechanism (<emphasis role="bold">SPNEGO</emphasis>) uses desktop credentials provided during a desktop login to transparently authenticate a portal user through a web browser.
</para>
- <para>
+ <para>
For illustrative purposes; a typical use case would be:
</para>
- <procedure>
- <step>
- <para>
+ <procedure>
+ <step>
+ <para>
A user logs into their desktop computer with a login that is governed by an Active Directory domain.
</para>
-
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
The user then launches a web browser to access a web application (that uses JBoss Negotiation) hosted on JBoss Enterprise Portal Platform.
</para>
-
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
The browser transfers the desktop credentials to the web application.
</para>
-
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
JBoss EAP/AS uses background GSS messages with the Active Directory (or any Kerberos Server) to validate the Kerberos ticket from user.
</para>
-
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
The user experiences a seamless single sign on (SSO) into the web application.
</para>
-
- </step>
-
- </procedure>
-
- <section id="sect-Reference_Guide-SPNEGO_Simple_and_Protected_GSSAPI_Negotiation_Mechanism-SPNEGO_Server_Configuration">
- <title>SPNEGO Server Configuration</title>
- <para>
+ </step>
+ </procedure>
+ <section id="sect-Reference_Guide-SPNEGO_Simple_and_Protected_GSSAPI_Negotiation_Mechanism-SPNEGO_Server_Configuration">
+ <title>SPNEGO Server Configuration</title>
+ <para>
In this section, we will describe some necessary steps for setup Kerberos server on Linux. This server will then be used for SPNEGO authentication against JBoss Enterprise Portal Platform.
</para>
- <note>
- <title>SPNEGO Basics</title>
- <para>
- The procedure below only describes the basic steps to configure the SPNEGO server in a Linux environment. If you are already familiar with SPNEGO, or if you are using Windows and Active Directory domain, you can jump to the <xref linkend="proc-Reference_Guide-JBoss_Enterprise_Portal_Platform_Configuration-Advanced_SPNEGO_Configuration" /> to see how to integrate SPNEGO with JBoss Enterprise Portal Platform.
+ <note>
+ <title>SPNEGO Basics</title>
+ <para>
+ The procedure below only describes the basic steps to configure the SPNEGO server in a Linux environment. If you are already familiar with SPNEGO, or if you are using Windows and Active Directory domain, you can jump to the <xref linkend="proc-Reference_Guide-JBoss_Enterprise_Portal_Platform_Configuration-Advanced_SPNEGO_Configuration"/> to see how to integrate SPNEGO with JBoss Enterprise Portal Platform.
</para>
- <para>
+ <para>
Please note that Kerberos setup is also dependent on your Linux distribution and so steps can be slightly different in your environment.
</para>
-
- </note>
- <procedure id="proc-Reference_Guide-SPNEGO_Server_Configuration-SPNEGO_Basics">
- <title>SPNEGO Basics</title>
- <step>
- <para>
- Correct the setup of network on the machine. For example, if you are using the "server.local.network" domain as your machine where Kerberos and JBoss Enterprise Portal Platform are localed, add the line containing the machine's IP address to the <emphasis role="bold">/etc/host </emphasis> file.
+ </note>
+ <procedure id="proc-Reference_Guide-SPNEGO_Server_Configuration-SPNEGO_Basics">
+ <title>SPNEGO Basics</title>
+ <step>
+ <para>
+ Correct the setup of network on the machine. For example, if you are using the "server.local.network" domain as your machine where Kerberos and JBoss Enterprise Portal Platform are localed, add the line containing the machine's IP address to the <emphasis role="bold">/etc/host </emphasis> file.
</para>
-
-<programlisting>
+ <programlisting>
192.168.1.88 server.local.network
</programlisting>
- <note>
- <para>
+ <note>
+ <para>
It is not recommended you use loopback addresses.
</para>
-
- </note>
-
- </step>
- <step>
- <para>
+ </note>
+ </step>
+ <step>
+ <para>
Install Kerberos with these packages: krb5-admin-server, krb5-kdc, krb5-config, krb5-user, krb5-clients, and krb5-rsh-server.
</para>
-
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
Edit the Kerberos configuration file at <emphasis role="bold">/etc/krb5.config</emphasis>, including:
</para>
- <itemizedlist>
- <listitem>
- <para>
+ <itemizedlist>
+ <listitem>
+ <para>
Uncomment on these lines:
</para>
-
-<programlisting>
+ <programlisting>
default_tgs_enctypes = des3-hmac-sha1
default_tkt_enctypes = des3-hmac-sha1
permitted_enctypes = des3-hmac-sha1
</programlisting>
-
- </listitem>
- <listitem>
- <para>
+ </listitem>
+ <listitem>
+ <para>
Add <emphasis role="bold">local.network</emphasis> as a default realm and it is also added to the list of realms and remove the remains of realms. The content looks like:
</para>
-
-<programlisting>
+ <programlisting>
[libdefaults]
default_realm = LOCAL.NETWORK
@@ -1320,7 +1097,7 @@
#
# Thie only time when you might need to uncomment these lines and change
# the enctypes is if you have local software that will break on ticket
-# caches containing ticket encryption types it doesn't know about (such as
+# caches containing ticket encryption types it doesn't know about (such as
# old versions of Sun Java).
default_tgs_enctypes = des3-hmac-sha1
@@ -1354,18 +1131,14 @@
krb4_convert = true
krb4_get_tickets = false
</programlisting>
-
- </listitem>
-
- </itemizedlist>
-
- </step>
- <step>
- <para>
+ </listitem>
+ </itemizedlist>
+ </step>
+ <step>
+ <para>
Edit the KDC configuraton file at <emphasis role="bold">/etc/krb5kdc/kdc.conf</emphasis> that looks like.
</para>
-
-<programlisting>
+ <programlisting>
[kdcdefaults]
kdc_ports = 750,88
@@ -1387,199 +1160,159 @@
kdc = FILE:/home/gatein/krb5logs/kdc.log
admin_server = FILE:/home/gatein/krb5logs/kadmin.log
</programlisting>
- <itemizedlist>
- <listitem>
- <para>
+ <itemizedlist>
+ <listitem>
+ <para>
Create krb5kdc and krb5logs directory for Kerberos database as shown in the configuration file above.
</para>
-
- </listitem>
- <listitem>
- <para>
+ </listitem>
+ <listitem>
+ <para>
Next, create a KDC database using the following command.
</para>
-
-<programlisting>
+ <programlisting>
sudo krb5_newrealm
</programlisting>
-
- </listitem>
- <listitem>
- <para>
+ </listitem>
+ <listitem>
+ <para>
Start the KDC and Kerberos admin servers using these commands:
</para>
-
-<programlisting>
+ <programlisting>
sudo /etc/init.d/krb5-kdc restart
sudo /etc/init.d/krb-admin-server restart
</programlisting>
-
- </listitem>
-
- </itemizedlist>
-
- </step>
- <step>
- <para>
+ </listitem>
+ </itemizedlist>
+ </step>
+ <step>
+ <para>
Add Principals and create Keys.
</para>
- <itemizedlist>
- <listitem>
- <para>
- Start an interactive 'kadmin' session and create the necessary Principals.
+ <itemizedlist>
+ <listitem>
+ <para>
+ Start an interactive 'kadmin' session and create the necessary Principals.
</para>
-
-<programlisting>
+ <programlisting>
sudo kadmin.local
</programlisting>
-
- </listitem>
- <listitem>
- <para>
+ </listitem>
+ <listitem>
+ <para>
Add the JBoss Enterprise Portal Platform machine and keytab file that need to be authenticated.
</para>
-
-<programlisting>
+ <programlisting>
addprinc -randkey HTTP/server.local.network(a)LOCAL.NETWORK
ktadd HTTP/server.local.network(a)LOCAL.NETWORK
</programlisting>
-
- </listitem>
- <listitem>
- <para>
+ </listitem>
+ <listitem>
+ <para>
Add the default JBoss Enterprise Portal Platform user accounts and enter the password for each created user that will be authenticated.
</para>
-
-<programlisting>
+ <programlisting>
addprinc john
addprinc demo
addprinc root
</programlisting>
-
- </listitem>
-
- </itemizedlist>
-
- </step>
- <step>
- <para>
+ </listitem>
+ </itemizedlist>
+ </step>
+ <step>
+ <para>
Test your changed setup by using the command.
</para>
-
-<programlisting>
+ <programlisting>
kinit -A demo
</programlisting>
- <itemizedlist>
- <listitem>
- <para>
- If the setup works well, you are required to enter the password created for this user in Step 5. Without the -A, the kerberos ticket validation involved reverse DNS lookups, which can get very cumbersome to debug if your network's DNS setup is not great. This is a production level security feature, which is not necessary in this development setup. In production environment, it will be better to avoid -A option.
+ <itemizedlist>
+ <listitem>
+ <para>
+ If the setup works well, you are required to enter the password created for this user in Step 5. Without the -A, the kerberos ticket validation involved reverse DNS lookups, which can get very cumbersome to debug if your network's DNS setup is not great. This is a production level security feature, which is not necessary in this development setup. In production environment, it will be better to avoid -A option.
</para>
-
- </listitem>
- <listitem>
- <para>
+ </listitem>
+ <listitem>
+ <para>
After successful login to Kerberos, you can see your Kerberos ticket when using this command.
</para>
-
-<programlisting>
+ <programlisting>
klist
</programlisting>
-
- </listitem>
- <listitem>
- <para>
+ </listitem>
+ <listitem>
+ <para>
If you want to logout and destroy your ticket, use this command.
</para>
-
-<programlisting>
+ <programlisting>
kdestroy
</programlisting>
-
- </listitem>
-
- </itemizedlist>
-
- </step>
-
- </procedure>
-
-
- </section>
-
- <section id="sect-Reference_Guide-SPNEGO_Simple_and_Protected_GSSAPI_Negotiation_Mechanism-SPNEGO_Server_Configuration-Clients">
- <title>Clients</title>
- <para>
+ </listitem>
+ </itemizedlist>
+ </step>
+ </procedure>
+ </section>
+ <section id="sect-Reference_Guide-SPNEGO_Simple_and_Protected_GSSAPI_Negotiation_Mechanism-SPNEGO_Server_Configuration-Clients">
+ <title>Clients</title>
+ <para>
After performing all configurations above, you need to enable the <emphasis role="bold">Negotiate authentication </emphasis> of Firefox in client machines so that clients could be authenticated by JBoss Enterprise Portal Platform as follows:
</para>
- <procedure>
- <step>
- <para>
+ <procedure>
+ <step>
+ <para>
Start Firefox, then enter the command: <emphasis role="bold">about:config </emphasis> into the address field.
</para>
-
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
Enter <emphasis role="bold">network.negotiate-auth</emphasis> and set the value as below:
</para>
-
-<programlisting>
+ <programlisting>
network.negotiate-auth.allow-proxies = true
network.negotiate-auth.delegation-uris = .local.network
network.negotiate-auth.gsslib (no-value)
network.negotiate-auth.trusted-uris = .local.network
network.negotiate-auth.using-native-gsslib = true
</programlisting>
-
- </step>
-
- </procedure>
-
- <note>
- <para>
+ </step>
+ </procedure>
+ <note>
+ <para>
Consult documentation of your OS or web browser if using different browser than Firefox.
</para>
-
- </note>
-
- </section>
-
- <section id="sect-Reference_Guide-SPNEGO_Simple_and_Protected_GSSAPI_Negotiation_Mechanism-JBoss_Enterprise_Portal_Platform_Configuration">
- <title>JBoss Enterprise Portal Platform Configuration</title>
- <para>
+ </note>
+ </section>
+ <section id="sect-Reference_Guide-SPNEGO_Simple_and_Protected_GSSAPI_Negotiation_Mechanism-JBoss_Enterprise_Portal_Platform_Configuration">
+ <title>JBoss Enterprise Portal Platform Configuration</title>
+ <para>
JBoss Enterprise Portal Platform uses JBoss Negotiation to enable SPNEGO-based desktop SSO for the portal. Here are the steps to integrate SPNEGO with JBoss Enterprise Portal Platform.
</para>
- <procedure id="proc-Reference_Guide-JBoss_Enterprise_Portal_Platform_Configuration-Advanced_SPNEGO_Configuration">
- <title>Advanced SPNEGO Configuration</title>
- <step>
- <para>
+ <procedure id="proc-Reference_Guide-JBoss_Enterprise_Portal_Platform_Configuration-Advanced_SPNEGO_Configuration">
+ <title>Advanced SPNEGO Configuration</title>
+ <step>
+ <para>
Activate the Host authentication. Add the following host login module to the <filename>jboss-as/server/<replaceable>PROFILE</replaceable>/conf/login-config.xml</filename>:
</para>
-
-<programlisting language="XML" role="XML"><xi:include href="../../extras/Authentication_Identity_SSO/default124.xml" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude" /></programlisting>
- <para>
- The '<literal>keyTab</literal>' value should point to the keytab file that was generated by the <literal>kadmin</literal> Kerberos tool. When using Kerberos on Linux, it should be value of parameter <emphasis role="bold">admin_keytab</emphasis> from kdc.conf file. See the <xref linkend="proc-Reference_Guide-SPNEGO_Server_Configuration-SPNEGO_Basics" /> for more details.
+ <programlisting language="XML" role="XML"><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../extras/Authentication_Identity_SSO/default124.xml" parse="text"/></programlisting>
+ <para>
+ The '<literal>keyTab</literal>' value should point to the keytab file that was generated by the <literal>kadmin</literal> Kerberos tool. When using Kerberos on Linux, it should be value of parameter <emphasis role="bold">admin_keytab</emphasis> from kdc.conf file. See the <xref linkend="proc-Reference_Guide-SPNEGO_Server_Configuration-SPNEGO_Basics"/> for more details.
</para>
-
- </step>
- <step>
- <para>
- Extend the core authentication mechanisms to support SPNEGO. Under <filename>deployers/jbossweb.deployer/META-INF/war-deployers-jboss-beans.xml</filename>, add a '<literal>SPNEGO</literal>' authenticators property
+ </step>
+ <step>
+ <para>
+ Extend the core authentication mechanisms to support SPNEGO. Under <filename>deployers/jbossweb.deployer/META-INF/war-deployers-jboss-beans.xml</filename>, add a '<literal>SPNEGO</literal>' authenticators property
</para>
-
-<programlisting language="XML" role="XML"><xi:include href="../../extras/Authentication_Identity_SSO/default125.xml" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude" /></programlisting>
-
- </step>
- <step>
- <para>
+ <programlisting language="XML" role="XML"><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../extras/Authentication_Identity_SSO/default125.xml" parse="text"/></programlisting>
+ </step>
+ <step>
+ <para>
Add the SSO module binaries by copying <emphasis role="bold">PORTAL_SSO/spnego/gatein.ear/lib/sso-agent.jar</emphasis> to the <emphasis role="bold">JBOSS_HOME/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/lib/</emphasis> directory.
</para>
- <para>
+ <para>
Copy the <emphasis role="bold">PORTAL_SSO/spnego/gatein.ear/lib/sso-spnego.jar</emphasis> file to the <emphasis role="bold">JBOSS_HOME/server/<replaceable><PROFILE></replaceable>/lib</emphasis> directory.
</para>
-
- </step>
- <!-- This step not required as EPP already has the correct version of Negotiation 2.0.4.GA
+ </step>
+<!-- This step not required as EPP already has the correct version of Negotiation 2.0.4.GA
<step>
<para>
Download library <filename>jboss-negotiation-2.0.4.GA</filename> from location
@@ -1587,39 +1320,36 @@
and copy this file to <filename>JBOSS_HOME/server/default/lib</filename> directory as well.
</para>
</step>
- --> <step>
- <para>
+ --> <step>
+ <para>
Modify the <filename><replaceable><JBOSS_HOME></replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/META-INF/gatein-jboss-beans.xml</filename> file to match the following:
</para>
-
-<programlisting language="XML" role="XML"><xi:include href="../../extras/Authentication_Identity_SSO/default126.xml" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude" /></programlisting>
- <para>
+ <programlisting language="XML" role="XML"><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../extras/Authentication_Identity_SSO/default126.xml" parse="text"/></programlisting>
+ <para>
This activates SPNEGO LoginModules with fallback to FORM authentication. When SPNEGO is not available and it needs to fallback to FORM, it will use <emphasis role="bold">gatein-form-auth-domain</emphasis> security domain.
</para>
-
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
Modify <filename><replaceable><JBOSS_HOME></replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/02portal.war/WEB-INF/web.xml</filename> to match:
</para>
-
-<programlisting language="XML" role="XML"><xi:include href="../../extras/Authentication_Identity_SSO/default127.xml" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude" /></programlisting>
- <para>
- This integrates SPNEGO support into the Portal web archive by switching the authentication mechanism from the default "FORM"-based to "SPNEGO"-based authentication.
+ <programlisting language="XML" role="XML"><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../extras/Authentication_Identity_SSO/default127.xml" parse="text"/></programlisting>
+ <para>
+ This integrates SPNEGO support into the Portal web archive by switching the authentication mechanism from the default "FORM"-based to "SPNEGO"-based authentication.
</para>
- <para>
+ <para>
You can see that the SPNEGO portion also contains the element <code>form-login-config</code>, which is required if you want to enable a fallback to FORM based authentication function.
</para>
- <para>
+ <para>
In this case, the portal will attempt to authenticate the user with their Kerberos ticket through SPNEGO. If the user does not have a Kerberos ticket, they will be redirected to FORM authentication and via the login screen.
</para>
- <para>
+ <para>
This configuration ensures the first authentication attempt is though SPNEGO and, if this attempt is unsuccessful, another attempt is made using the FORM method. This could occur if the user does not have a valid Kerberos ticket or if the web browser in use does not support SPNEGO authentication with the Kerberos server.
</para>
- <para>
+ <para>
If the fallback to FORM function is not required, the <code>form-login-config</code> configuration can be disabled like so:
</para>
-<programlisting language="XML" role="XML"><![CDATA[<login-config>
+ <programlisting language="XML" role="XML"><![CDATA[<login-config>
<auth-method>SPNEGO</auth-method>
<realm-name>SPNEGO</realm-name>
<!-- <form-login-config>
@@ -1629,64 +1359,48 @@
-->
</login-config>
]]></programlisting>
- <para>
+ <para>
In this case the user needs to authenticate through SPNEGO and if that fails, the user will receive an authentication error with HTTP code <literal>401</literal>. The FORM fallback will not be offered.
</para>
- </step>
- <step>
- <para>
+ </step>
+ <step>
+ <para>
Integrate the request pre-processing needed for SPNEGO via filters by adding the following filters to the <filename><replaceable><JBOSS_HOME></replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/02portal.war/WEB-INF/web.xml</filename> at the top of the Filter chain.
</para>
-
-<programlisting language="XML" role="XML"><xi:include href="../../extras/Authentication_Identity_SSO/default128.xml" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude" /></programlisting>
-
- </step>
- <step>
- <para>
- Edit the '<emphasis role="bold">Sign In</emphasis>' link in <filename><replaceable><JBOSS_HOME></replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/web.war/groovy/groovy/webui/component/UIBannerPortlet.gtmpl</filename> to match the following:
+ <programlisting language="XML" role="XML"><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../extras/Authentication_Identity_SSO/default128.xml" parse="text"/></programlisting>
+ </step>
+ <step>
+ <para>
+ Edit the '<emphasis role="bold">Sign In</emphasis>' link in <filename><replaceable><JBOSS_HOME></replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/web.war/groovy/groovy/webui/component/UIBannerPortlet.gtmpl</filename> to match the following:
</para>
-
-<programlisting language="Java" role="Java"><xi:include href="../../extras/Authentication_Identity_SSO/default129.java" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude" /></programlisting>
-
- </step>
- <step>
- <para>
+ <programlisting language="Java" role="Java"><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../extras/Authentication_Identity_SSO/default129.java" parse="text"/></programlisting>
+ </step>
+ <step>
+ <para>
Start the JBoss Enterprise Portal Platform;
</para>
-
-<programlisting language="Java" role="Java"><xi:include href="../../extras/Authentication_Identity_SSO/default130.java" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude" /></programlisting>
- <note>
- <title>Note</title>
- <para>
+ <programlisting language="Java" role="Java"><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../extras/Authentication_Identity_SSO/default130.java" parse="text"/></programlisting>
+ <note>
+ <title>Note</title>
+ <para>
The <replaceable>PROFILE</replaceable> parameter in the above command should be replaced with the server profile modified with the above configuration.
</para>
- </note>
-
- </step>
- <step>
- <para>
+ </note>
+ </step>
+ <step>
+ <para>
Login to Kerberos:
</para>
-
-<programlisting>kinit -A demo
+ <programlisting>kinit -A demo
</programlisting>
-
- </step>
-
- </procedure>
-
- <para>
- Clicking the 'Sign In' link on the JBoss Enterprise Portal Platform should automatically sign the 'demo' user into the portal.
+ </step>
+ </procedure>
+ <para>
+ Clicking the 'Sign In' link on the JBoss Enterprise Portal Platform should automatically sign the 'demo' user into the portal.
</para>
- <para>
- If you destroy your kerberos ticket with command <command>kdestroy</command>, then try to login again, you will directed to the login screen of JBoss Enterprise Portal Product because you don't have active Kerberos ticket. You can login with predefined account and password "demo"/"gtn" .
+ <para>
+ If you destroy your kerberos ticket with command <command>kdestroy</command>, then try to login again, you will directed to the login screen of JBoss Enterprise Portal Product because you don't have active Kerberos ticket. You can login with predefined account and password "demo"/"gtn" .
</para>
-
- </section>
-
</section>
-
-
+ </section>
</section>
-
-
Modified: epp/docs/branches/5.2/Reference_Guide/en-US/modules/PortalDevelopment/LocalizationConfiguration.xml
===================================================================
--- epp/docs/branches/5.2/Reference_Guide/en-US/modules/PortalDevelopment/LocalizationConfiguration.xml 2012-03-20 03:15:39 UTC (rev 8618)
+++ epp/docs/branches/5.2/Reference_Guide/en-US/modules/PortalDevelopment/LocalizationConfiguration.xml 2012-03-20 04:35:30 UTC (rev 8619)
@@ -1,222 +1,191 @@
-<?xml version='1.0' encoding='utf-8' ?>
+<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "Reference_Guide.ent">
%BOOK_ENTITIES;
]>
<chapter id="chap-Reference_Guide-Localization_Configuration">
- <title>Localization Configuration</title>
- <section id="sect-Reference_Guide-Localization_Configuration-Pluggable_Locale_Policy">
- <title>Pluggable Locale Policy</title>
- <para>
- Every request processed by every portlet is invoked within a context of the current <literal>Locale</literal>.
- </para>
- <para>
- The current <literal>Locale</literal> can be retrieved by calling the <literal>getLocale()</literal> method of <literal>javax.portlet.PortletRequest</literal> interface.
- </para>
- <para>
- The exact algorithm for determining the current <literal>Locale</literal> is not specified by Portlet Specification. Portlet containers implement this the way they deem most appropriate.
- </para>
- <para>
- In JBoss Enterprise Portal Platform, each portal instance has a default language which can be used to present content for new users. Another option is to use each user’s browser language preference, provided it matches one of the available localizations that JBoss Enterprise Portal Platform supports, and only fallback to the portal's default language if no match is found.
- </para>
- <para>
- Every user, while visiting a portal, has an option to change the language of the user interface by using a Language chooser. The choice can be remembered for the duration of the session, or it can be remembered for a longer period using a browser cookie, or, for registered and logged-in users, it can be saved into the user’s profile.
- </para>
- <para>
- As there is more than one way to determine the <literal>Locale</literal> to be used for displaying a portal page, the mechanism for determining the current <literal>Locale</literal> of the request is pluggable in JBoss Enterprise Portal Platform, and the exact algorithm can be customized.
- </para>
- <section id="sect-Reference_Guide-Pluggable_Locale_Policy-LocalePolicy_API">
- <title>LocalePolicy API</title>
- <para>
- Customization is achieved by using LocalePolicy API, which is a simple API consisting of one interface, and one class:
- </para>
- <itemizedlist>
- <listitem>
- <para>
- <literal>org.exoplatform.services.resources.LocalePolicy</literal> interface
- </para>
-
- </listitem>
- <listitem>
- <para>
- <literal>org.exoplatform.services.resources.LocaleContextInfo</literal> class
- </para>
-
- </listitem>
-
- </itemizedlist>
- <para>
- The <literal>LocalePolicy</literal> interface defines a single method that is invoked on the installed <literal>LocalePolicy</literal> service implementation:
- </para>
-
-<programlisting language="Java" role="Java">public interface LocalePolicy
+ <title>Localization Configuration</title>
+ <section id="sect-Reference_Guide-Localization_Configuration-Pluggable_Locale_Policy">
+ <title>Pluggable Locale Policy</title>
+ <para>
+ Every request processed by every portlet is invoked within a context of the current <literal>Locale</literal>.
+ </para>
+ <para>
+ The current <literal>Locale</literal> can be retrieved by calling the <literal>getLocale()</literal> method of <literal>javax.portlet.PortletRequest</literal> interface.
+ </para>
+ <para>
+ The exact algorithm for determining the current <literal>Locale</literal> is not specified by Portlet Specification. Portlet containers implement this the way they deem most appropriate.
+ </para>
+ <para>
+ In JBoss Enterprise Portal Platform, each portal instance has a default language which can be used to present content for new users. Another option is to use each user’s browser language preference, provided it matches one of the available localizations that JBoss Enterprise Portal Platform supports, and only fallback to the portal's default language if no match is found.
+ </para>
+ <para>
+ Every user, while visiting a portal, has an option to change the language of the user interface by using a Language chooser. The choice can be remembered for the duration of the session, or it can be remembered for a longer period using a browser cookie, or, for registered and logged-in users, it can be saved into the user’s profile.
+ </para>
+ <para>
+ As there is more than one way to determine the <literal>Locale</literal> to be used for displaying a portal page, the mechanism for determining the current <literal>Locale</literal> of the request is pluggable in JBoss Enterprise Portal Platform, and the exact algorithm can be customized.
+ </para>
+ <section id="sect-Reference_Guide-Pluggable_Locale_Policy-LocalePolicy_API">
+ <title>LocalePolicy API</title>
+ <para>
+ Customization is achieved by using LocalePolicy API, which is a simple API consisting of one interface, and one class:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ <literal>org.exoplatform.services.resources.LocalePolicy</literal> interface
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <literal>org.exoplatform.services.resources.LocaleContextInfo</literal> class
+ </para>
+ </listitem>
+ </itemizedlist>
+ <para>
+ The <literal>LocalePolicy</literal> interface defines a single method that is invoked on the installed <literal>LocalePolicy</literal> service implementation:
+ </para>
+ <programlisting language="Java" role="Java">public interface LocalePolicy
{
public Locale determineLocale(LocaleContextInfo localeContext);
}
</programlisting>
- <para>
- The <literal>Locale</literal> returned by determineLocale() method is the <literal>Locale</literal> that will be returned to portlets when they call <literal>javax.portlet.PortletRequest.getLocale()</literal> method.
- </para>
- <para>
- The returned <literal>Locale</literal> has to be one of the locales supported by portal, otherwise it will fall back to the portal default <literal>Locale</literal>.
- </para>
- <para>
- The supported locales are listed in <filename><replaceable>JBOSS_HOME</replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/02portal.war/WEB-INF/conf/common/locales-config.xml</filename> file as described in <xref linkend="sect-Reference_Guide-Internationalization_Configuration-Locales_Configuration" /> .
- </para>
- <para>
- The <literal>determineLocale()</literal> method takes a parameter of type <literal>LocaleContextInfo</literal>, which represents a compilation of preferred locales from different sources; user’s profile, portal default, browser language settings, current session, browser cookie.
- </para>
- <para>
- All these different sources of <literal>Locale</literal> configuration or preference are used as input to <literal>LocalePolicy</literal> implementation that decides which <literal>Locale</literal> should be used.
- </para>
-
- </section>
-
- <section id="sect-Reference_Guide-Pluggable_Locale_Policy-Default_LocalePolicy">
- <title>Default <literal>LocalePolicy</literal></title>
- <para>
- By default, <literal>org.exoplatform.portal.application.localization.DefaultLocalePolicyService</literal>, an implementation of <literal>LocalePolicy</literal>, is installed to provide the default behavior. This, however, can easily be extended and overridden. A completely new implementation can also be written from scratch.
- </para>
- <para>
- <literal>DefaultLocalePolicyService</literal> treats logged-in users slightly differently than anonymous users. Logged-in users have a profile that can contain language preference, while anonymous users do not.
- </para>
- <para>
- Here is an algorithm used for anonymous users.
- </para>
- <procedure id="proc-Reference_Guide-Default_LocalePolicy-An_algorithm_for_anonymous_users">
- <title>An algorithm for anonymous users</title>
- <step>
- <para>
- Iterate over <literal>LocaleContextInfo</literal> properties in the following order:
- </para>
- <itemizedlist>
- <listitem>
- <para>
- <literal>cookieLocales</literal>
- </para>
-
- </listitem>
- <listitem>
- <para>
- <literal>sessionLocale</literal>
- </para>
-
- </listitem>
- <listitem>
- <para>
- <literal>browserLocales</literal>
- </para>
-
- </listitem>
- <listitem>
- <para>
- <literal>portalLocale</literal>
- </para>
-
- </listitem>
-
- </itemizedlist>
-
- </step>
- <step>
- <para>
- Get each property's value. If it's a collection, get the first value.
- </para>
-
- </step>
- <step>
- <para>
- If value is one of the supported locales return it as a result.
- </para>
-
- </step>
- <step>
- <para>
- If the value is not in the supported locales set, try to remove country information and check if a language matching locale is in the list of supported locales. If so, return it as a result.
- </para>
-
- </step>
- <step>
- <para>
- Otherwise, continue with the next property.
- </para>
-
- </step>
-
- </procedure>
-
- <para>
- If no supported locale is found the return locale eventually defaults to <literal>portalLocale</literal>.
- </para>
- <para>
- The algorithm for logged-in users is virtually the same except that the first <literal>Locale</literal> source checked is user's profile.
- </para>
- <procedure id="proc-Reference_Guide-Default_LocalePolicy-An_algorithm_for_logged_in_users">
- <title>An algorithm for logged-in users</title>
- <step>
- <para>
- Iterate over <literal>LocaleContextInfo</literal> properties in the following order:
- </para>
- <itemizedlist>
- <listitem>
- <para>
- <literal>userProfile</literal>
- </para>
-
- </listitem>
- <listitem>
- <para>
- <literal>cookieLocales</literal>
- </para>
-
- </listitem>
- <listitem>
- <para>
- <literal>sessionLocale</literal>
- </para>
-
- </listitem>
- <listitem>
- <para>
- <literal>browserLocales</literal>
- </para>
-
- </listitem>
- <listitem>
- <para>
- <literal>portalLocale</literal>
- </para>
-
- </listitem>
-
- </itemizedlist>
-
- </step>
- <step>
- <para>
- Perform the rest of the steps in <xref linkend="proc-Reference_Guide-Default_LocalePolicy-An_algorithm_for_anonymous_users" />.
- </para>
-
- </step>
-
- </procedure>
-
-
- </section>
-
- <section id="sect-Reference_Guide-Pluggable_Locale_Policy-Custom_LocalePolicy">
- <title>Custom <literal>LocalePolicy</literal></title>
- <para>
- The easiest way to customize the <literal>LocalePolicy</literal> is to extend <literal>DefaultLocalePolicyService</literal>. A study of the source code is required. JavaDocs provide thorough information on this.
- </para>
- <para>
- Most customizations will involve simply overriding one or more of its protected methods.
- </para>
- <para>
- An example of a customization is an already provided <literal>NoBrowserLocalePolicyService</literal>. By overriding just one method, it skips any use of browser language preference.
- </para>
-
-<programlisting language="Java" role="Java">public class NoBrowserLocalePolicyService extends DefaultLocalePolicyService
+ <para>
+ The <literal>Locale</literal> returned by determineLocale() method is the <literal>Locale</literal> that will be returned to portlets when they call <literal>javax.portlet.PortletRequest.getLocale()</literal> method.
+ </para>
+ <para>
+ The returned <literal>Locale</literal> has to be one of the locales supported by portal, otherwise it will fall back to the portal default <literal>Locale</literal>.
+ </para>
+ <para>
+ The supported locales are listed in <filename><replaceable>JBOSS_HOME</replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/02portal.war/WEB-INF/conf/common/locales-config.xml</filename> file as described in <xref linkend="sect-Reference_Guide-Internationalization_Configuration-Locales_Configuration"/> .
+ </para>
+ <para>
+ The <literal>determineLocale()</literal> method takes a parameter of type <literal>LocaleContextInfo</literal>, which represents a compilation of preferred locales from different sources; user’s profile, portal default, browser language settings, current session, browser cookie.
+ </para>
+ <para>
+ All these different sources of <literal>Locale</literal> configuration or preference are used as input to <literal>LocalePolicy</literal> implementation that decides which <literal>Locale</literal> should be used.
+ </para>
+ </section>
+ <section id="sect-Reference_Guide-Pluggable_Locale_Policy-Default_LocalePolicy">
+ <title>Default LocalePolicy</title>
+ <para>
+ By default, <literal>org.exoplatform.portal.application.localization.DefaultLocalePolicyService</literal>, an implementation of <literal>LocalePolicy</literal>, is installed to provide the default behavior. This, however, can easily be extended and overridden. A completely new implementation can also be written from scratch.
+ </para>
+ <para>
+ <literal>DefaultLocalePolicyService</literal> treats logged-in users slightly differently than anonymous users. Logged-in users have a profile that can contain language preference, while anonymous users do not.
+ </para>
+ <para>
+ Here is an algorithm used for anonymous users.
+ </para>
+ <procedure id="proc-Reference_Guide-Default_LocalePolicy-An_algorithm_for_anonymous_users">
+ <title>An algorithm for anonymous users</title>
+ <step>
+ <para>
+ Iterate over <literal>LocaleContextInfo</literal> properties in the following order:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ <literal>cookieLocales</literal>
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <literal>sessionLocale</literal>
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <literal>browserLocales</literal>
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <literal>portalLocale</literal>
+ </para>
+ </listitem>
+ </itemizedlist>
+ </step>
+ <step>
+ <para>
+ Get each property's value. If it's a collection, get the first value.
+ </para>
+ </step>
+ <step>
+ <para>
+ If value is one of the supported locales return it as a result.
+ </para>
+ </step>
+ <step>
+ <para>
+ If the value is not in the supported locales set, try to remove country information and check if a language matching locale is in the list of supported locales. If so, return it as a result.
+ </para>
+ </step>
+ <step>
+ <para>
+ Otherwise, continue with the next property.
+ </para>
+ </step>
+ </procedure>
+ <para>
+ If no supported locale is found the return locale eventually defaults to <literal>portalLocale</literal>.
+ </para>
+ <para>
+ The algorithm for logged-in users is virtually the same except that the first <literal>Locale</literal> source checked is user's profile.
+ </para>
+ <procedure id="proc-Reference_Guide-Default_LocalePolicy-An_algorithm_for_logged_in_users">
+ <title>An algorithm for logged-in users</title>
+ <step>
+ <para>
+ Iterate over <literal>LocaleContextInfo</literal> properties in the following order:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ <literal>userProfile</literal>
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <literal>cookieLocales</literal>
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <literal>sessionLocale</literal>
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <literal>browserLocales</literal>
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <literal>portalLocale</literal>
+ </para>
+ </listitem>
+ </itemizedlist>
+ </step>
+ <step>
+ <para>
+ Perform the rest of the steps in <xref linkend="proc-Reference_Guide-Default_LocalePolicy-An_algorithm_for_anonymous_users"/>.
+ </para>
+ </step>
+ </procedure>
+ </section>
+ <section id="sect-Reference_Guide-Pluggable_Locale_Policy-Custom_LocalePolicy">
+ <title>Custom LocalePolicy</title>
+ <para>
+ The easiest way to customize the <literal>LocalePolicy</literal> is to extend <literal>DefaultLocalePolicyService</literal>. A study of the source code is required. JavaDocs provide thorough information on this.
+ </para>
+ <para>
+ Most customizations will involve simply overriding one or more of its protected methods.
+ </para>
+ <para>
+ An example of a customization is an already provided <literal>NoBrowserLocalePolicyService</literal>. By overriding just one method, it skips any use of browser language preference.
+ </para>
+ <programlisting language="Java" role="Java">public class NoBrowserLocalePolicyService extends DefaultLocalePolicyService
{
/**
* Override super method with no-op.
@@ -231,63 +200,54 @@
}
}
</programlisting>
-
- </section>
-
- <section id="sect-Reference_Guide-Pluggable_Locale_Policy-LocalePolicy_Configuration">
- <title>LocalePolicy Configuration</title>
- <para>
- The <literal>LocalePolicy</literal> framework is enabled for portlets by configuring <literal>LocalizationLifecycle</literal> class in portal's webui configuration file: <filename><replaceable>JBOSS_HOME</replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/02portal.war/WEB-INF/webui-configuration.xml</filename>:
- </para>
-
-<programlisting language="XML" role="XML"><application-life-cycle-listeners>
+ </section>
+ <section id="sect-Reference_Guide-Pluggable_Locale_Policy-LocalePolicy_Configuration">
+ <title><remark>BZ#794455 </remark>LocalePolicy Configuration</title>
+ <para>
+ The <literal>LocalePolicy</literal> framework is enabled for portlets by configuring <literal>LocalizationLifecycle</literal> class in portal's webui configuration file: <filename><replaceable>JBOSS_HOME</replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/02portal.war/WEB-INF/webui-configuration.xml</filename>:
+ </para>
+ <programlisting language="XML" role="XML"><application-life-cycle-listeners>
...
<listener>org.exoplatform.portal.application.localization.LocalizationLifecycle</listener>
</application-life-cycle-listeners>
</programlisting>
- <para>
- The default <literal>LocalePolicy</literal> implementation is installed as an eXo Kernel portal service via <filename><replaceable>JBOSS_HOME</replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/lib/exo.portal.webui.portal-VERSION.jar/conf/portal/configuration.xml</filename>.
- </para>
- <para>
- The following excerpt is responsible for installing the service:
- </para>
-
-<programlisting language="XML" role="XML"><component>
+ <remark>BZ#794455 - 20120319 - Updated the location of LocalePolicy as prescribed.</remark>
+ <para>
+ The default <literal>LocalePolicy</literal> implementation is installed as an eXo Kernel portal service via <filename><replaceable>JBOSS_HOME</replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/02portal.war/WEB-INF/conf/portal/web-configuration.xml</filename>.
+ </para>
+ <para>
+ The following excerpt is responsible for installing the service:
+ </para>
+ <programlisting language="XML" role="XML"><component>
<key>org.exoplatform.services.resources.LocalePolicy</key>
<type>org.exoplatform.portal.application.localization.DefaultLocalePolicyService</type>
</component>
</programlisting>
- <para>
- Besides implementing <literal>LocalePolicy</literal>, the service class also needs to implement <literal>org.picocontainer.Startable</literal> interface in order to get installed.
- </para>
- <para>
- This configuration file should not be changed. The configuration in it can be overridden by placing it into portal's .war file: <filename><replaceable>JBOSS_HOME</replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/02portal.war/WEB-INF/conf/configuration.xml</filename> (usually as another file included into this one).
- </para>
-
- </section>
-
- <section id="sect-Reference_Guide-Pluggable_Locale_Policy-Keeping_non_bridged_resources_in_sync_with_current_Locale">
- <title>Keeping non-bridged resources in sync with current Locale</title>
- <para>
- All the resources in portals that are not portlets themselves, but are accessed through portlets - reading data through <literal>PortletRequest</literal>, and writing to <literal>PortletResponse</literal> - are referred to as 'bridged'. Any resources that are accessed directly, bypassing portal filters and servlets, are referred to as 'non-bridged'.
- </para>
- <para>
- Non-bridged servlets, and .jsps have no access to <literal>PortalRequest</literal>. They don't use <literal>PortletRequest.getLocale()</literal> to determine current <literal>Locale</literal>. Instead, they use <literal>ServletRequest.getLocale()</literal> which is subject to precise semantics defined by Servlet specification - it reflects browser's language preference.
- </para>
- <para>
- In other words, non-bridged resources do not have a notion of current <literal>Locale</literal> in the same sense that portlets do. The result is that when mixing portlets and non-bridged resources there may be a localization mismatch, an inconsistency in the language used by different resources composing your portal page.
- </para>
- <para>
- This problem is addressed by <literal>LocalizationFilter</literal>. This is a filter that changes the behavior of <literal>ServletRequest.getLocale()</literal> method so that it behaves the same way as <literal>PortletRequest.getLocale()</literal>.
- </para>
- <para>
- That way even localization of servlets, and .jsps accessed in a non-bridged manner can stay in sync with portlet localization.
- </para>
- <para>
- <literal>LocalizationFilter</literal> is installed through the portal's web.xml file: <filename><replaceable>JBOSS_HOME</replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/02portal.war/WEB-INF/web.xml</filename>.
- </para>
-
-<programlisting language="XML" role="XML"><filter>
+ <para>
+ Besides implementing <literal>LocalePolicy</literal>, the service class also needs to implement <literal>org.picocontainer.Startable</literal> interface in order to get installed.
+ </para>
+ </section>
+ <section id="sect-Reference_Guide-Pluggable_Locale_Policy-Keeping_non_bridged_resources_in_sync_with_current_Locale">
+ <title>Keeping non-bridged resources in sync with current Locale</title>
+ <para>
+ All the resources in portals that are not portlets themselves, but are accessed through portlets - reading data through <literal>PortletRequest</literal>, and writing to <literal>PortletResponse</literal> - are referred to as 'bridged'. Any resources that are accessed directly, bypassing portal filters and servlets, are referred to as 'non-bridged'.
+ </para>
+ <para>
+ Non-bridged servlets, and .jsps have no access to <literal>PortalRequest</literal>. They don't use <literal>PortletRequest.getLocale()</literal> to determine current <literal>Locale</literal>. Instead, they use <literal>ServletRequest.getLocale()</literal> which is subject to precise semantics defined by Servlet specification - it reflects browser's language preference.
+ </para>
+ <para>
+ In other words, non-bridged resources do not have a notion of current <literal>Locale</literal> in the same sense that portlets do. The result is that when mixing portlets and non-bridged resources there may be a localization mismatch, an inconsistency in the language used by different resources composing your portal page.
+ </para>
+ <para>
+ This problem is addressed by <literal>LocalizationFilter</literal>. This is a filter that changes the behavior of <literal>ServletRequest.getLocale()</literal> method so that it behaves the same way as <literal>PortletRequest.getLocale()</literal>.
+ </para>
+ <para>
+ That way even localization of servlets, and .jsps accessed in a non-bridged manner can stay in sync with portlet localization.
+ </para>
+ <para>
+ <literal>LocalizationFilter</literal> is installed through the portal's web.xml file: <filename><replaceable>JBOSS_HOME</replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/02portal.war/WEB-INF/web.xml</filename>.
+ </para>
+ <programlisting language="XML" role="XML"><filter>
<filter-name>LocalizationFilter</filter-name>
<filter-class>org.exoplatform.portal.application.localization.LocalizationFilter</filter-class>
</filter>
@@ -303,11 +263,10 @@
<dispatcher>ERROR</dispatcher>
</filter-mapping>
</programlisting>
- <para>
- There is a minor limitation with this mechanism in that it is unable to determine the current portal,and consequently, its default language. As a result the portalLocale defaults to <literal>English</literal>, but can be configured to something else by using the filter's <literal>PortalLocale</literal> init param. For example:
- </para>
-
-<programlisting language="XML" role="XML"><filter>
+ <para>
+ There is a minor limitation with this mechanism in that it is unable to determine the current portal,and consequently, its default language. As a result the portalLocale defaults to <literal>English</literal>, but can be configured to something else by using the filter's <literal>PortalLocale</literal> init param. For example:
+ </para>
+ <programlisting language="XML" role="XML"><filter>
<filter-name>LocalizationFilter</filter-name>
<filter-class>org.exoplatform.portal.application.localization.LocalizationFilter</filter-class>
<init-param>
@@ -316,24 +275,18 @@
</init-param>
</filter>
</programlisting>
- <para>
- By default, <literal>LocalizationFilter</literal> is applied very broadly to cover all the resources automatically.
- </para>
- <para>
- JBoss Enterprise Portal Platform uses some non-bridged .jsps that require <literal>LocalizationFilter</literal>, so narrowing the mapping to *.jsp is enough for JBoss Enterprise Portal Platform to function correctly.
- </para>
- <para>
- Additionally deployed portlets, and portal applications, however, may require broader mapping to cover their non-bridged resources.
- </para>
- <para>
- Narrowing the mapping might improve performance. This is something to consider, when optimizing for speed.
- </para>
-
- </section>
-
-
- </section>
-
-
+ <para>
+ By default, <literal>LocalizationFilter</literal> is applied very broadly to cover all the resources automatically.
+ </para>
+ <para>
+ JBoss Enterprise Portal Platform uses some non-bridged .jsps that require <literal>LocalizationFilter</literal>, so narrowing the mapping to *.jsp is enough for JBoss Enterprise Portal Platform to function correctly.
+ </para>
+ <para>
+ Additionally deployed portlets, and portal applications, however, may require broader mapping to cover their non-bridged resources.
+ </para>
+ <para>
+ Narrowing the mapping might improve performance. This is something to consider, when optimizing for speed.
+ </para>
+ </section>
+ </section>
</chapter>
-
Modified: epp/docs/branches/5.2/Reference_Guide/publican.cfg
===================================================================
--- epp/docs/branches/5.2/Reference_Guide/publican.cfg 2012-03-20 03:15:39 UTC (rev 8618)
+++ epp/docs/branches/5.2/Reference_Guide/publican.cfg 2012-03-20 04:35:30 UTC (rev 8619)
@@ -1,13 +1,8 @@
-# Config::Simple 4.59
-# Tue Sep 27 14:25:48 2011
-cvs_root: ":ext:cvs.devel.redhat.com:/cvs/dist"
-cvs_branch: "DOCS-RHEL-6"
-#show_remarks: 1
-cvs_pkg: "JBoss_Enterprise_Portal_Platform-Reference_Guide-5.2-web-__LANG__"
xml_lang: "en-US"
brand: JBoss
debug: 1
type: Book
-#toc_section_depth: 10
-#generate_section_toc_level: 3
\ No newline at end of file
+git_branch: docs-rhel-6
+show_remarks: 1
+
12 years, 9 months
gatein SVN: r8618 - epp/docs/branches/5.2/Installation_Guide/en-US.
by do-not-reply@jboss.org
Author: jaredmorgs
Date: 2012-03-19 23:15:39 -0400 (Mon, 19 Mar 2012)
New Revision: 8618
Modified:
epp/docs/branches/5.2/Installation_Guide/en-US/Book_Info.xml
epp/docs/branches/5.2/Installation_Guide/en-US/ClusteringConfiguration.xml
epp/docs/branches/5.2/Installation_Guide/en-US/Revision_History.xml
Log:
https://bugzilla.redhat.com/show_bug.cgi?id=804839 - updated directive block and specified users must set a local swap space for each node in a cluster.
Modified: epp/docs/branches/5.2/Installation_Guide/en-US/Book_Info.xml
===================================================================
--- epp/docs/branches/5.2/Installation_Guide/en-US/Book_Info.xml 2012-03-19 14:02:19 UTC (rev 8617)
+++ epp/docs/branches/5.2/Installation_Guide/en-US/Book_Info.xml 2012-03-20 03:15:39 UTC (rev 8618)
@@ -9,7 +9,7 @@
<productname>JBoss Enterprise Portal Platform</productname>
<productnumber>5.2</productnumber>
<edition>5.2.1</edition>
- <pubsnumber>11</pubsnumber>
+ <pubsnumber>12</pubsnumber>
<abstract>
<para>This book provides information about obtaining, installing and running JBoss Enterprise Portal Platform and its add-ons. It forms part of the complete document suite along with the <citetitle>User Guide</citetitle> and <citetitle>Reference Guide</citetitle> available at <ulink url="http://docs.redhat.com/docs/en-US/JBoss_Enterprise_Portal_Platform/index...." type="http"/>.
</para>
Modified: epp/docs/branches/5.2/Installation_Guide/en-US/ClusteringConfiguration.xml
===================================================================
--- epp/docs/branches/5.2/Installation_Guide/en-US/ClusteringConfiguration.xml 2012-03-19 14:02:19 UTC (rev 8617)
+++ epp/docs/branches/5.2/Installation_Guide/en-US/ClusteringConfiguration.xml 2012-03-20 03:15:39 UTC (rev 8618)
@@ -21,6 +21,9 @@
<listitem>
<para>All cluster nodes must be configured to point to the IDM and JCR shared databases. Refer to <xref linkend="sect-Reference_Guide-Database_Configuration"/> for detailed database set up procedures.</para>
</listitem>
+ <listitem>
+ <para>Each cluster node must have its own local swap directory configured.<remark>BZ#804839 - 20120320 - specified this to ensure customers are aware of specific requirement.</remark></para>
+ </listitem>
</itemizedlist>
<section id="Clustering_Configure">
<title>Configure</title>
@@ -94,8 +97,7 @@
<title>Default configuration.properties clustering directives</title>
<para>
The code sample depicts a <filename>configuration.properties</filename> directive file with the required clustering configuration set.
-
- </para>
+<remark>BZ#804839 - 20120320 - updated code block with specific information and replaceable formatting to ensure customers specify the correct data. </remark> </para>
<programlisting>#
gatein.conf.dir=${jboss.server.home.dir}/conf/gatein
gatein.data.dir=${jboss.server.data.dir}/gatein
@@ -104,16 +106,17 @@
gatein.db.data.dir=${gatein.data.dir}/db
# JCR
-gatein.jcr.config.type=local
+gatein.jcr.config.type=cluster
+gatein.jcr.storage.data.dir=/<replaceable>SHARED_DIRECTORY_PATH</replaceable>/values
+gatein.jcr.index.data.dir=/<replaceable>SHARED_DIRECTORY_PATH</replaceable>/lucene
+gatein.jcr.index.changefilterclass=org.exoplatform.services.jcr.impl.core.query.jbosscache.JBossCacheIndexChangesFilter
+
+# Other JCR settings
gatein.jcr.datasource.name=java:gatein-jcr
gatein.jcr.datasource.dialect=auto
-
gatein.jcr.data.dir=${gatein.data.dir}/jcr
-gatein.jcr.storage.data.dir=${gatein.jcr.data.dir}/values
gatein.jcr.cache.config=war:/conf/jcr/jbosscache/${gatein.jcr.config.type}/config.xml
gatein.jcr.lock.cache.config=war:/conf/jcr/jbosscache/${gatein.jcr.config.type}/lock-config.xml
-gatein.jcr.index.data.dir=${gatein.jcr.data.dir}/lucene
-gatein.jcr.index.changefilterclass=org.exoplatform.services.jcr.impl.core.query.DefaultChangesFilter
gatein.jcr.index.cache.config=war:/conf/jcr/jbosscache/cluster/indexer-config.xml
gatein.jcr.jgroups.config=classpath:/jgroups/gatein-${gatein.default.jgroups.stack:udp}.xml
gatein.jcr.workspace.default=collaboration
Modified: epp/docs/branches/5.2/Installation_Guide/en-US/Revision_History.xml
===================================================================
--- epp/docs/branches/5.2/Installation_Guide/en-US/Revision_History.xml 2012-03-19 14:02:19 UTC (rev 8617)
+++ epp/docs/branches/5.2/Installation_Guide/en-US/Revision_History.xml 2012-03-20 03:15:39 UTC (rev 8618)
@@ -9,6 +9,20 @@
<simpara>
<revhistory>
<revision>
+ <revnumber>5.2.1-12</revnumber>
+ <date>Tue Mar 20 2012</date>
+ <author>
+ <firstname>Jared</firstname>
+ <surname>Morgan</surname>
+ <email/>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>https://bugzilla.redhat.com/show_bug.cgi?id=804839 - updated directive block and specified users must set a local swap space for each node in a cluster.</member>
+ </simplelist>
+ </revdescription>
+ </revision>
+ <revision>
<revnumber>5.2.1-11</revnumber>
<date>Mon Mar 12 2012</date>
<author>
12 years, 9 months
gatein SVN: r8617 - epp/portal/branches/EPP_5_2_Branch/portlet/web/src/main/webapp/groovy/portal/webui/component.
by do-not-reply@jboss.org
Author: theute
Date: 2012-03-19 10:02:19 -0400 (Mon, 19 Mar 2012)
New Revision: 8617
Modified:
epp/portal/branches/EPP_5_2_Branch/portlet/web/src/main/webapp/groovy/portal/webui/component/UIPortalNavigation.gtmpl
Log:
Bug 804648 - Failure when a node has a long name
Modified: epp/portal/branches/EPP_5_2_Branch/portlet/web/src/main/webapp/groovy/portal/webui/component/UIPortalNavigation.gtmpl
===================================================================
--- epp/portal/branches/EPP_5_2_Branch/portlet/web/src/main/webapp/groovy/portal/webui/component/UIPortalNavigation.gtmpl 2012-03-19 11:42:41 UTC (rev 8616)
+++ epp/portal/branches/EPP_5_2_Branch/portlet/web/src/main/webapp/groovy/portal/webui/component/UIPortalNavigation.gtmpl 2012-03-19 14:02:19 UTC (rev 8617)
@@ -108,7 +108,7 @@
<span class="$arrowIcon">
<%
String label = node.getEncodedResolvedLabel();
- if(node.getResolvedLabel().length() > 30) label = EntityEncoder.encode(node.getResolvedLavel().substring(0,27) + "...");
+ if(node.getResolvedLabel().length() > 30) label = EntityEncoder.encode(node.getResolvedLabel().substring(0,27) + "...");
if(node.getPageRef() != null) {
nodeURL.setNode(node);
nodeURL.setAjax(uicomponent.isUseAjax());
12 years, 9 months
gatein SVN: r8616 - epp/portal/branches/EPP_5_2_Branch/distribution/jboss-epp/serverAddon/gatein.ear.
by do-not-reply@jboss.org
Author: hfnukal
Date: 2012-03-19 07:42:41 -0400 (Mon, 19 Mar 2012)
New Revision: 8616
Modified:
epp/portal/branches/EPP_5_2_Branch/distribution/jboss-epp/serverAddon/gatein.ear/pom.xml
Log:
Bug 803469 - Warning Unexpected error during load of:org.xmlpull.v1.XmlPullParserFactory when starting portal
Modified: epp/portal/branches/EPP_5_2_Branch/distribution/jboss-epp/serverAddon/gatein.ear/pom.xml
===================================================================
--- epp/portal/branches/EPP_5_2_Branch/distribution/jboss-epp/serverAddon/gatein.ear/pom.xml 2012-03-19 10:27:14 UTC (rev 8615)
+++ epp/portal/branches/EPP_5_2_Branch/distribution/jboss-epp/serverAddon/gatein.ear/pom.xml 2012-03-19 11:42:41 UTC (rev 8616)
@@ -1126,6 +1126,10 @@
<groupId>com.google.inject.extensions</groupId>
<artifactId>guice-jmx</artifactId>
</exclusion>
+ <exclusion>
+ <artifactId>xpp3_min</artifactId>
+ <groupId>xpp3</groupId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
@@ -1144,6 +1148,10 @@
<artifactId>oauth-provider</artifactId>
<groupId>net.oauth.core</groupId>
</exclusion>
+ <exclusion>
+ <artifactId>xpp3_min</artifactId>
+ <groupId>xpp3</groupId>
+ </exclusion>
</exclusions>
</dependency>
12 years, 9 months
gatein SVN: r8615 - in epp/portal/branches/EPP_5_2_Branch/web/eXoResources/src/main/webapp/skin/DefaultSkin: webui/component/UIPopup/UIRightClickPopupMenu and 1 other directories.
by do-not-reply@jboss.org
Author: hfnukal
Date: 2012-03-19 06:27:14 -0400 (Mon, 19 Mar 2012)
New Revision: 8615
Modified:
epp/portal/branches/EPP_5_2_Branch/web/eXoResources/src/main/webapp/skin/DefaultSkin/portal/webui/component/UIPortalApplicationSkin.css
epp/portal/branches/EPP_5_2_Branch/web/eXoResources/src/main/webapp/skin/DefaultSkin/webui/component/UIPopup/UIRightClickPopupMenu/Stylesheet.css
epp/portal/branches/EPP_5_2_Branch/web/eXoResources/src/main/webapp/skin/DefaultSkin/webui/component/UITabSystem/UITabs/Stylesheet.css
Log:
Bug 804570 - CSS updates
Modified: epp/portal/branches/EPP_5_2_Branch/web/eXoResources/src/main/webapp/skin/DefaultSkin/portal/webui/component/UIPortalApplicationSkin.css
===================================================================
--- epp/portal/branches/EPP_5_2_Branch/web/eXoResources/src/main/webapp/skin/DefaultSkin/portal/webui/component/UIPortalApplicationSkin.css 2012-03-16 12:26:50 UTC (rev 8614)
+++ epp/portal/branches/EPP_5_2_Branch/web/eXoResources/src/main/webapp/skin/DefaultSkin/portal/webui/component/UIPortalApplicationSkin.css 2012-03-19 10:27:14 UTC (rev 8615)
@@ -143,3 +143,13 @@
.ClearBoth {
clear: both;
}
+
+.FL {
+ float: left; /* orientation=lt */
+ float: right; /* orientation=rt */
+}
+
+.FR {
+ float: right; /* orientation=lt */
+ float: left; /* orientation=rt */
+}
Modified: epp/portal/branches/EPP_5_2_Branch/web/eXoResources/src/main/webapp/skin/DefaultSkin/webui/component/UIPopup/UIRightClickPopupMenu/Stylesheet.css
===================================================================
--- epp/portal/branches/EPP_5_2_Branch/web/eXoResources/src/main/webapp/skin/DefaultSkin/webui/component/UIPopup/UIRightClickPopupMenu/Stylesheet.css 2012-03-16 12:26:50 UTC (rev 8614)
+++ epp/portal/branches/EPP_5_2_Branch/web/eXoResources/src/main/webapp/skin/DefaultSkin/webui/component/UIPopup/UIRightClickPopupMenu/Stylesheet.css 2012-03-19 10:27:14 UTC (rev 8615)
@@ -27,8 +27,6 @@
cursor: pointer;
white-space: nowrap;
display: block;
- background-position: 6px center; /* orientation=lt */
- background-position: 95% center; /* orientation=rt */
}
.UIRightClickPopupMenu .UIRightPopupMenuContainer a:hover {
@@ -95,4 +93,4 @@
.UIRightClickPopupMenu .SaveNavigation16x16Icon {
background: url('/eXoResources/skin/DefaultSkin/skinIcons/16x16/icons/FloppyDisk.gif') no-repeat left center; /* orientation=lt */
background: url('/eXoResources/skin/DefaultSkin/skinIcons/16x16/icons/FloppyDisk.gif') no-repeat right center; /* orientation=rt */
-}
\ No newline at end of file
+}
Modified: epp/portal/branches/EPP_5_2_Branch/web/eXoResources/src/main/webapp/skin/DefaultSkin/webui/component/UITabSystem/UITabs/Stylesheet.css
===================================================================
--- epp/portal/branches/EPP_5_2_Branch/web/eXoResources/src/main/webapp/skin/DefaultSkin/webui/component/UITabSystem/UITabs/Stylesheet.css 2012-03-16 12:26:50 UTC (rev 8614)
+++ epp/portal/branches/EPP_5_2_Branch/web/eXoResources/src/main/webapp/skin/DefaultSkin/webui/component/UITabSystem/UITabs/Stylesheet.css 2012-03-19 10:27:14 UTC (rev 8615)
@@ -307,7 +307,7 @@
.UIHorizontalTabs .GrayTabStyle .NormalTab .MiddleTab {
background: url(background/TabEditInline.gif) repeat-x left -25px;
- line-height: 25px;
+ line-height: 24px;
color: #000;
padding: 0px 8px;
font-weight: normal;
@@ -326,8 +326,8 @@
.UIHorizontalTabs .GrayTabStyle .SelectedTab .MiddleTab {
background: url(background/TabEditInline.gif) repeat-x left -75px;
- line-height: 25px;
+ line-height: 24px;
color: #000;
padding: 0px 8px;
font-weight: normal;
-}
\ No newline at end of file
+}
12 years, 9 months