gatein SVN: r9110 - in epp/docs/branches/6.0/Reference_Guide/en-US: modules/AuthenticationAndIdentity and 1 other directory.
by do-not-reply@jboss.org
Author: ppenicka
Date: 2013-02-01 10:13:00 -0500 (Fri, 01 Feb 2013)
New Revision: 9110
Modified:
epp/docs/branches/6.0/Reference_Guide/en-US/Revision_History.xml
epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml
Log:
BZ#856450 - Implemented all JOSSO review comments from Tomas K. Ready for verification.
Modified: epp/docs/branches/6.0/Reference_Guide/en-US/Revision_History.xml
===================================================================
--- epp/docs/branches/6.0/Reference_Guide/en-US/Revision_History.xml 2013-02-01 00:18:07 UTC (rev 9109)
+++ epp/docs/branches/6.0/Reference_Guide/en-US/Revision_History.xml 2013-02-01 15:13:00 UTC (rev 9110)
@@ -8,6 +8,20 @@
<simpara>
<revhistory>
<revision>
+ <revnumber>6.0.0-45</revnumber>
+ <date>Fri Feb 01 2013</date>
+ <author>
+ <firstname>Petr</firstname>
+ <surname>Penicka</surname>
+ <email/>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>BZ#856450 - Implemented all JOSSO review comments from Tomas K. Ready for verification.</member>
+ </simplelist>
+ </revdescription>
+ </revision>
+ <revision>
<revnumber>6.0.0-44</revnumber>
<date>Wed Jan 30 2013</date>
<author>
Modified: epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml
===================================================================
--- epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml 2013-02-01 00:18:07 UTC (rev 9109)
+++ epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml 2013-02-01 15:13:00 UTC (rev 9110)
@@ -558,26 +558,23 @@
</section>
</section>
<section id="sect-Reference_Guide-SSO_Single_Sign_On_-Java_Open_Single_Sign_On_Project">
- <title><remark>BZ#856430</remark>Java Open Single Sign-On Project (JOSSO)</title>
+ <title><remark>BZ#856430</remark>Java Open Single Sign-On (JOSSO)</title>
<para>
- Configuring JOSSO for JBoss Enterprise Application Platform requires an Apache server instance to host JOSSO. JBoss Enterprise Application Platform communicates with the JOSSO Apache instance through the single sign-on plug-in.
+ Java Open Single Sign-On (JOSSO) is an open-source single sign-on solution based on Java EE. It allows multiple web servers or web applications to authenticate users with a credential store. Detailed information about JOSSO can be found at <ulink url="http://www.josso.org"/>.
+ </para>
+ <para>
+ JOSSO integration with JBoss Portal Platform requires an Apache Tomcat server instance to host JOSSO. JBoss Portal Platform communicates with the JOSSO server through a single sign-on plug-in.
+ </para>
+ <para>
+ Setting up the integration consists of two steps – setting up the JOSSO server and setting up the portal to use the JOSSO server. These two steps differ depending on the used version of JOSSO, as described in <xref linkend="sect-JOSSO-1.8" /> and <xref linkend="sect-JOSSO-2.2" />. After completing the procedures described in either section, all links redirecting to user authentication pages will redirect to the JOSSO centralized authentication form.
</para>
- <para>
- This single sign-on plug-in enables seamless integration between JBoss Portal Platform and the Java Open Single Sign-On (JOSSO) framework. Details about JOSSO can be found at <ulink url="http://www.josso.org"/> .
- </para>
- <para>
- The procedures in this section detail setting up the JOSSO server to authenticate against the JBoss Portal Platform login module.
- </para>
- <para>
- After completing the procedures in this section, all links redirecting to the user authentication pages will redirect to the JOSSO centralized authentication form.
- </para>
- <section>
+ <section id="sect-Reference_Guide-SSO_Single_Sign_On_-Java_Open_Single_Sign_On_Project-Auth_Process">
<title>Authentication Process</title>
<para>
- The login workflow for JOSSO is quite similar to that used for CAS authentications (specific details can be found in <xref linkend="sect-CAS-Authentication_Process"/>).
+ The login workflow for JOSSO is quite similar to that used for CAS authentication (specific details can be found in <xref linkend="sect-CAS-Authentication_Process"/>).
</para>
<para>
- Briefly; when a user clicks to sign in to a portal they are redirected to the JOSSO login screen, where they supply the appropriate credentials. They are then redirected (with access authorization) back to the Portal.
+ Briefly – when a user clicks to sign in to a portal they are redirected to the JOSSO login screen, where they supply the appropriate credentials. They are then redirected (with access authorization) back to the Portal.
</para>
<para>
The <systemitem>JOSSOAgent</systemitem> component performs a validation of the authorization ticket with the JOSSO server via a back channel after the <systemitem>InitiateLoginFilter</systemitem> has delegated the <parameter>josso_assertion_id</parameter> request to it. The JOSSO agent and JOSSO server communicate via web services.
@@ -592,7 +589,7 @@
While the authentication plug-in (which is able to send REST requests to the portal, receive the response, and authenticate the user on the JOSSO side) is supported, this support is only for JOSSO 1.8 (not JOSSO 2.2 as at this release).
</para>
<para>
- In this section, we will assume that JBoss Portal Platform will be running on JBoss Enterprise Application Platform 6 using port <emphasis role="italics">localhost:8080</emphasis> and that the JOSSO server will be running on Tomcat, using <emphasis role="italics">localhost:8888</emphasis>.
+ In this section, we will assume that JBoss Portal Platform will be running on JBoss Enterprise Application Platform 6 using <emphasis role="italics">localhost:8080</emphasis> and that the JOSSO server will be running on Tomcat, using <emphasis role="italics">localhost:8888</emphasis>.
</para>
<note>
<para>
@@ -600,17 +597,13 @@
</para>
</note>
</section>
- <section>
+ <section id="sect-JOSSO-1.8">
<title>JOSSO 1.8</title>
<section id="sid-55477376_JOSSO-ObtainingJOSSO">
<title>Obtaining JOSSO</title>
<para>
- JOSSO can be downloaded from <ulink url="http://sourceforge.net/projects/josso/files/"/>. Use the package that embeds Apache Tomcat.
+ JOSSO can be downloaded from <ulink url="http://sourceforge.net/projects/josso/files/"/>. Use any 1.8.z version in a package that embeds Apache Tomcat. Once downloaded, extract the package into what will be called <replaceable>JOSSO_HOME</replaceable> in this example.
</para>
- <remark>Docs Note; JOSSO versions up to 1.8.7 are available from this URL. I assume any after 1.8.2 are unsupported. Should we call this out in the docs?</remark>
- <para>
- Once downloaded, extract the package into what will be called <replaceable>JOSSO_HOME</replaceable> in this example.
- </para>
</section>
<section id="sid-55477376_JOSSO-JOSSOserver">
<title>Setting up the JOSSO Server</title>
@@ -620,34 +613,37 @@
<procedure>
<step>
<para>
- <emphasis role="bold">Optional:</emphasis> To use the SSO authentication plug-in with JOSSO (not-mandatory but recommended. See <xref linkend="sect-CAS-Authentication_Process"/> for details):
+ <emphasis role="bold">Optional:</emphasis> To use the SSO authentication plug-in with JOSSO (not mandatory but recommended, see <xref linkend="sect-Reference_Guide-SSO_Single_Sign_On_-Java_Open_Single_Sign_On_Project-Auth_Process"/> for details):
</para>
<substeps>
<step>
<para>
- Copy the files from <filename>SSO_HOME/josso/josso-<replaceable><version></replaceable>/plugin/</filename> into <replaceable>JOSSO_HOME</replaceable> directory, as shown below:
- </para>
- <para>
- Keep in mind that <replaceable>SSO_HOME</replaceable> refers to the JOSSO directory within JBoss Portal Platform as mentioned in <xref linkend="sect-Reference_Guide-SSO_Single_Sign_On"/>.
+ Copy the contents of the <filename>JPP_DIST/gatein-sso/josso/josso-<replaceable><version></replaceable>/plugin/</filename> directory into the <replaceable>JOSSO_HOME</replaceable> directory. Among the files that will be copied, the following ones are the most important:
</para>
<itemizedlist>
<listitem>
<para>
- Copy <filename><replaceable>SSO_HOME</replaceable>/josso/josso-<replaceable><version></replaceable>/plugin/lib/josso-gateway-config.xml</filename> to <filename><replaceable>JOSSO_HOME</replaceable>/lib/josso-gateway-config.xml</filename>. The original file is being replaced. You should consider creating a backup of it before adding the new file.
- </para>
+ <filename><replaceable>JOSSO_HOME</replaceable>/lib/josso-gateway-config.xml</filename>
+ </para>
+ <para>
+ The original file is being replaced. You should consider creating a backup of it before adding the new file.
+ </para>
</listitem>
<listitem>
<para>
- Add <filename><replaceable>SSO_HOME</replaceable>/josso/josso-<replaceable><version></replaceable>/plugin/lib/josso-gateway-config.xml</filename> to <filename><replaceable>JOSSO_HOME</replaceable>/lib/</filename>. This file is not present in the original <replaceable>JOSSO_HOME</replaceable> download.
- </para>
+ <filename><replaceable>JOSSO_HOME</replaceable>/lib/josso-gateway-gatein-stores.xml</filename>
+ </para>
+ <para>
+ This file is not present in the original <replaceable>JOSSO_HOME</replaceable> download.
+ </para>
</listitem>
<listitem>
<para>
- Add <filename>SSO_HOME/josso/josso-<replaceable><version></replaceable>/plugin/webapps/josso/WEB-INF/classes/gatein.properties</filename> to <filename>JOSSO_HOME/webapps/josso/WEB-INF/classes/</filename>. This file is not present in the original <replaceable>JOSSO_HOME</replaceable> download.
- </para>
- <para>
- This file may need to be reconfigured according to your JBoss Portal Platform environment (you need to use the host and port of your JBoss Portal Platform instance as this will be used by the Authentication plug-in to send REST requests over HTTP).
- </para>
+ <filename>JOSSO_HOME/webapps/josso/WEB-INF/classes/gatein.properties</filename>
+ </para>
+ <para>
+ This file is not present in the original <replaceable>JOSSO_HOME</replaceable> download. You may need to edit the file and change the host and port to match your JBoss Portal Platform instance. The values will be used by the authentication plug-in when sending REST requests over HTTP.
+ </para>
</listitem>
</itemizedlist>
</step>
@@ -762,18 +758,18 @@
</para>
</section>
</section>
- <section>
+ <section id="sect-JOSSO-2.2">
<title>JOSSO 2.2</title>
<para>
JOSSO 2.2 takes a different approach to SSO than JOSSO 1.8. It is designed to allow users to create their own SSO environment by modelling it in a flash web application called <emphasis role="strong">atricore-console</emphasis>.
</para>
<para>
- Unfortunately this make it more difficult to use the SSO Authentication plug-in as it is not easily possible to configure an existing JOSSO 2.2 environment via Spring XML files. Using the <systemitem>AuthenticationPlugin</systemitem> with JOSSO 2.2 is not supported.
+ Unfortunately, this makes it more difficult to use the SSO Authentication plug-in as it is not easily possible to configure an existing JOSSO 2.2 environment via Spring XML files. Using the <systemitem>AuthenticationPlugin</systemitem> with JOSSO 2.2 is not supported.
</para>
<section id="sid-55477376_JOSSO-JOSSO2.2serversetup">
<title>JOSSO 2.2 Server Setup</title>
<para>
- You can downloaded JOSSO 2.2.0 from <ulink url="http://www.josso.org">JOSSO site</ulink> and follow the instructions from the JOSSO 2 quickstart in <ulink url="http://www.josso.org/confluence/display/JOSSO1/JOSSO2+Quick+start"/> .
+ You can download JOSSO 2.2.0 from <ulink url="http://www.josso.org">JOSSO site</ulink> and follow the instructions from the JOSSO 2 quickstart in <ulink url="http://www.josso.org/confluence/display/JOSSO1/JOSSO2+Quick+start"/> .
</para>
<para>
After unzipping the download and running the JOSSO, you can access the <application>atricore</application> console at <uri>http://<replaceable>server.local.network</replaceable>:8081/atricore-console</uri> (<replaceable>server.local.network</replaceable> is the virtual host defined in <filename>/etc/hosts</filename>).
@@ -882,11 +878,8 @@
</step>
<step>
<para>
- Wire <emphasis role="italics">SP1</emphasis> and <emphasis role="italics">SP1EE</emphasis> via an <emphasis role="italics">Activation</emphasis> connection.
+ Wire <emphasis role="italics">SP1</emphasis> and <emphasis role="italics">SP1EE</emphasis> via an <emphasis role="italics">Activation</emphasis> connection. All parameters of the connection can keep their default values, with the exception of the <guilabel>Partner application location</guilabel> parameter, whose value needs to be changed to <ulink url="http://localhost:8080/portal"/>.
</para>
- <para>
- <remark>Docs note: I don't even know what this sentence is trying to say.</remark> Left default values of parameters instead of parameter <emphasis role="italics">Partner application location</emphasis> needs to be configured to <ulink url="http://localhost:8080/portal"/>
- </para>
</step>
<step>
<para>
@@ -972,22 +965,20 @@
</substeps>
</step>
<step>
+ <para>Test the configuration:</para>
<substeps>
<step>
<para>
Start the Portal.
- </para>
+ </para>
+ </step>
+ <step>
<para>
- Access <uri>http://localhost:8080/portal</uri> and click <emphasis role="italics">Sign in</emphasis>.
- </para>
- <para>
- You will be redirected to the JOSSO instance, but you will need to login with the username/password account created via the JOSSO console (for example <literal>john</literal>/<literal>password</literal>) as REST callbacks are not supported.
- </para>
- <para>
- After a successful login to JOSSO, you will be redirected to the Portal as <literal>john</literal>.
- </para>
+ Access <uri>http://localhost:8080/portal</uri> and click <emphasis role="italics">Sign in</emphasis>. You will be redirected to the JOSSO instance, but you will need to login with the username and password created via the JOSSO console (for example <literal>john</literal>/<literal>password</literal>) as REST callbacks are not supported.
+ </para>
</step>
</substeps>
+ <para>After a successful login to JOSSO, you will be redirected to the portal authenticated as <literal>john</literal>.</para>
</step>
</procedure>
</section>