Author: smumford
Date: 2011-11-28 17:07:42 -0500 (Mon, 28 Nov 2011)
New Revision: 8151
Modified:
epp/docs/branches/5.2/Reference_Guide/en-US/extras/Authentication_Identity_SSO/default125.xml
epp/docs/branches/5.2/Reference_Guide/en-US/extras/Authentication_Identity_SSO/default126.xml
epp/docs/branches/5.2/Reference_Guide/en-US/extras/Authentication_Identity_SSO/default127.xml
epp/docs/branches/5.2/Reference_Guide/en-US/extras/Authentication_Identity_SSO/default128.xml
epp/docs/branches/5.2/Reference_Guide/en-US/extras/Authentication_Identity_SSO/default129.java
epp/docs/branches/5.2/Reference_Guide/en-US/extras/Authentication_Identity_SSO/default130.java
epp/docs/branches/5.2/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml
Log:
JBEPP-1406: Corrected SSO issues as per QA feedback
Modified:
epp/docs/branches/5.2/Reference_Guide/en-US/extras/Authentication_Identity_SSO/default125.xml
===================================================================
---
epp/docs/branches/5.2/Reference_Guide/en-US/extras/Authentication_Identity_SSO/default125.xml 2011-11-27
23:56:55 UTC (rev 8150)
+++
epp/docs/branches/5.2/Reference_Guide/en-US/extras/Authentication_Identity_SSO/default125.xml 2011-11-28
22:07:42 UTC (rev 8151)
@@ -1,31 +1,30 @@
-<deployment xmlns="urn:jboss:bean-deployer:2.0">
-<property name="authenticators">
- <map class="java.util.Properties" keyClass="java.lang.String"
valueClass="java.lang.String">
- <entry>
- <key>BASIC</key>
-
<value>org.apache.catalina.authenticator.BasicAuthenticator</value>
- </entry>
- <entry>
- <key>CLIENT-CERT</key>
-
<value>org.apache.catalina.authenticator.SSLAuthenticator</value>
- </entry>
- <entry>
- <key>DIGEST</key>
-
<value>org.apache.catalina.authenticator.DigestAuthenticator</value>
- </entry>
- <entry>
- <key>FORM</key>
-
<value>org.apache.catalina.authenticator.FormAuthenticator</value>
- </entry>
- <entry>
- <key>NONE</key>
-
<value>org.apache.catalina.authenticator.NonLoginAuthenticator</value>
- </entry>
-
- <!-- Add this entry -->
+ <property name="authenticators">
+ <map keyClass="java.lang.String"
valueClass="java.lang.String">
<entry>
- <key>SPNEGO</key>
-
<value>org.jboss.security.negotiation.NegotiationAuthenticator</value>
+ <key>BASIC</key>
+
<value>org.apache.catalina.authenticator.BasicAuthenticator</value>
</entry>
- </map>
-</property>
\ No newline at end of file
+ <entry>
+ <key>CLIENT-CERT</key>
+ <value>org.apache.catalina.authenticator.SSLAuthenticator</value>
+ </entry>
+ <entry>
+ <key>DIGEST</key>
+
<value>org.apache.catalina.authenticator.DigestAuthenticator</value>
+ </entry>
+ <entry>
+ <key>FORM</key>
+
<value>org.apache.catalina.authenticator.FormAuthenticator</value>
+ </entry>
+ <entry>
+ <key>NONE</key>
+
<value>org.apache.catalina.authenticator.NonLoginAuthenticator</value>
+ </entry>
+
+ <!-- Add this entry -->
+ <entry>
+ <key>SPNEGO</key>
+ <value>org.jboss.security.negotiation.NegotiationAuthenticator</value>
+ </entry>
+ </map>
+ </property>
\ No newline at end of file
Modified:
epp/docs/branches/5.2/Reference_Guide/en-US/extras/Authentication_Identity_SSO/default126.xml
===================================================================
---
epp/docs/branches/5.2/Reference_Guide/en-US/extras/Authentication_Identity_SSO/default126.xml 2011-11-27
23:56:55 UTC (rev 8150)
+++
epp/docs/branches/5.2/Reference_Guide/en-US/extras/Authentication_Identity_SSO/default126.xml 2011-11-28
22:07:42 UTC (rev 8151)
@@ -1,9 +1,20 @@
-<login-module code="org.gatein.sso.spnego.SPNEGOLoginModule"
flag="required">
- <module-option
name="password-stacking">useFirstPass</module-option>
- <module-option name="serverSecurityDomain">host</module-option>
-</login-module>
-<login-module code="org.gatein.sso.agent.login.SPNEGORolesModule"
flag="required">
- <module-option
name="password-stacking">useFirstPass</module-option>
- <module-option name="portalContainerName">portal</module-option>
- <module-option name="realmName">gatein-domain</module-option>
-</login-module>
\ No newline at end of file
+<deployment xmlns="urn:jboss:bean-deployer:2.0">
+ <application-policy xmlns="urn:jboss:security-beans:1.0"
name="gatein-domain">
+ <!-- Uncomment this for Kerberos based SSO integration -->
+ <authentication>
+ <login-module
+ code="org.gatein.sso.spnego.SPNEGOLoginModule"
+ flag="requisite">
+ <module-option
name="password-stacking">useFirstPass</module-option>
+ <module-option
name="serverSecurityDomain">host</module-option>
+ </login-module>
+ <login-module
+ code="org.gatein.sso.agent.login.SPNEGORolesModule"
+ flag="required">
+ <module-option
name="password-stacking">useFirstPass</module-option>
+ <module-option
name="portalContainerName">portal</module-option>
+ <module-option
name="realmName">gatein-domain</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+</deployment>
\ No newline at end of file
Modified:
epp/docs/branches/5.2/Reference_Guide/en-US/extras/Authentication_Identity_SSO/default127.xml
===================================================================
---
epp/docs/branches/5.2/Reference_Guide/en-US/extras/Authentication_Identity_SSO/default127.xml 2011-11-27
23:56:55 UTC (rev 8150)
+++
epp/docs/branches/5.2/Reference_Guide/en-US/extras/Authentication_Identity_SSO/default127.xml 2011-11-28
22:07:42 UTC (rev 8151)
@@ -1,4 +1,4 @@
- <!--
+ <!--
<login-config>
<auth-method>FORM</auth-method>
<realm-name>gatein-domain</realm-name>
@@ -11,4 +11,4 @@
<login-config>
<auth-method>SPNEGO</auth-method>
<realm-name>SPNEGO</realm-name>
- </login-config>
+ </login-config>
\ No newline at end of file
Modified:
epp/docs/branches/5.2/Reference_Guide/en-US/extras/Authentication_Identity_SSO/default128.xml
===================================================================
---
epp/docs/branches/5.2/Reference_Guide/en-US/extras/Authentication_Identity_SSO/default128.xml 2011-11-27
23:56:55 UTC (rev 8150)
+++
epp/docs/branches/5.2/Reference_Guide/en-US/extras/Authentication_Identity_SSO/default128.xml 2011-11-28
22:07:42 UTC (rev 8151)
@@ -1,13 +1,22 @@
<filter>
<filter-name>LoginRedirectFilter</filter-name>
<filter-class>org.gatein.sso.agent.filter.LoginRedirectFilter</filter-class>
- <init-param>
- <!-- This should point to your SSO authentication server -->
- <param-name>LOGIN_URL</param-name>
- <param-value>/portal/private/classic</param-value>
- </init-param>
+ <init-param>
+ <!-- This should point to your SSO authentication server -->
+ <param-name>LOGIN_URL</param-name>
+ <param-value>/portal/private/classic</param-value>
+ </init-param>
</filter>
+<filter>
+ <filter-name>SPNEGOFilter</filter-name>
+ <filter-class>org.gatein.sso.agent.filter.SPNEGOFilter</filter-class>
+</filter>
+
<filter-mapping>
<filter-name>LoginRedirectFilter</filter-name>
- <url-pattern>/*</url-pattern>
+ <url-pattern>/*</url-pattern>
+</filter-mapping>
+<filter-mapping>
+ <filter-name>SPNEGOFilter</filter-name>
+ <url-pattern>/*</url-pattern>
</filter-mapping>
\ No newline at end of file
Modified:
epp/docs/branches/5.2/Reference_Guide/en-US/extras/Authentication_Identity_SSO/default129.java
===================================================================
---
epp/docs/branches/5.2/Reference_Guide/en-US/extras/Authentication_Identity_SSO/default129.java 2011-11-27
23:56:55 UTC (rev 8150)
+++
epp/docs/branches/5.2/Reference_Guide/en-US/extras/Authentication_Identity_SSO/default129.java 2011-11-28
22:07:42 UTC (rev 8151)
@@ -1,2 +1,4 @@
-<!--<a
onclick="$signInAction"><%=_ctx.appRes("UILoginForm.label.Signin")%></a>-->
+<!--
+<a
onclick="$signInAction"><%=_ctx.appRes("UILoginForm.label.Signin")%></a>
+-->
<a
href="/portal/sso"><%=_ctx.appRes("UILoginForm.label.Signin")%></a>
\ No newline at end of file
Modified:
epp/docs/branches/5.2/Reference_Guide/en-US/extras/Authentication_Identity_SSO/default130.java
===================================================================
---
epp/docs/branches/5.2/Reference_Guide/en-US/extras/Authentication_Identity_SSO/default130.java 2011-11-27
23:56:55 UTC (rev 8150)
+++
epp/docs/branches/5.2/Reference_Guide/en-US/extras/Authentication_Identity_SSO/default130.java 2011-11-28
22:07:42 UTC (rev 8151)
@@ -1 +1 @@
-sudo ./run.sh -Djava.security.krb5.realm=LOCAL.NETWORK
-Djava.security.krb5.kdc=server.local.network -c spnego -b server.local.network
+sudo ./run.sh -Djava.security.krb5.realm=LOCAL.NETWORK
-Djava.security.krb5.kdc=server.local.network -c PROFILE -b server.local.network
\ No newline at end of file
Modified:
epp/docs/branches/5.2/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml
===================================================================
---
epp/docs/branches/5.2/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml 2011-11-27
23:56:55 UTC (rev 8150)
+++
epp/docs/branches/5.2/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml 2011-11-28
22:07:42 UTC (rev 8151)
@@ -458,7 +458,7 @@
<programlisting language="XML" role="XML"><xi:include
href="../../extras/Authentication_Identity_SSO/default102.xml"
parse="text"
xmlns:xi="http://www.w3.org/2001/XInclude"
/></programlisting>
<para>
- with the following (ensure you set the host, port and context with
the values corresponding to your portal). Also available in
<filename>GATEIN_SSO_HOME/cas/plugin/WEB-INF/deployerConfigContext.xml</filename>.):
+ with the following (ensure you set the host, port and context with
the values corresponding to your portal). Also available in
<filename>PORTAL_SSO/cas/plugin/WEB-INF/deployerConfigContext.xml</filename>.):
</para>
<programlisting language="XML" role="XML"><xi:include
href="../../extras/Authentication_Identity_SSO/default103.xml"
parse="text"
xmlns:xi="http://www.w3.org/2001/XInclude"
/></programlisting>
@@ -868,8 +868,6 @@
</para>
</note>
-
- </section>
<section
id="sect-Reference_Guide-SSO_Single_Sign_On_-Modifying_the_OpenSSO_server">
<title>Modifying the OpenSSO server</title>
@@ -1200,7 +1198,7 @@
</para>
</section>
-
+ </section>
<section
id="sect-Reference_Guide-SSO_Single_Sign_On_-SPNEGO_Simple_and_Protected_GSSAPI_Negotiation_Mechanism">
<title>SPNEGO - Simple and Protected GSSAPI Negotiation
Mechanism</title>
<para>
@@ -1575,7 +1573,10 @@
</step>
<step>
<para>
- Add the GateIn SSO module binaries by copying <emphasis
role="bold">GATEIN_SSO_HOME/spnego/gatein.ear/lib/sso-agent-VERSION.jar</emphasis>
to the <emphasis
role="bold">JBOSS_HOME/server/default/deploy/gatein.ear/lib</emphasis>
directory. File <emphasis
role="bold">GATEIN_SSO_HOME/spnego/gatein.ear/lib/spnego-VERSION.jar</emphasis>
needs to be copied to the <emphasis
role="bold">JBOSS_HOME/server/default/lib</emphasis> directory.
+ Add the SSO module binaries by copying <emphasis
role="bold">PORTAL_SSO/spnego/gatein.ear/lib/sso-agent.jar</emphasis>
to the <emphasis
role="bold">JBOSS_HOME/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/lib/</emphasis>
directory.
+ </para>
+ <para>
+ Copy the <emphasis
role="bold">PORTAL_SSO/spnego/gatein.ear/lib/sso-spnego.jar</emphasis>
file to the <emphasis
role="bold">JBOSS_HOME/server/<replaceable><PROFILE></replaceable>/lib</emphasis>
directory.
</para>
</step>
@@ -1589,7 +1590,7 @@
</step>
--> <step>
<para>
- Modify the
<filename>deploy/gatein.ear/META-INF/gatein-jboss-beans.xml</filename> file to
match the following:
+ Modify the
<filename><replaceable><JBOSS_HOME></replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/META-INF/gatein-jboss-beans.xml</filename>
file to match the following:
</para>
<programlisting language="XML" role="XML"><xi:include
href="../../extras/Authentication_Identity_SSO/default126.xml"
parse="text"
xmlns:xi="http://www.w3.org/2001/XInclude"
/></programlisting>
@@ -1600,23 +1601,20 @@
</step>
<step>
<para>
- Modify
<filename>gatein.ear/02portal.war/WEB-INF/web.xml</filename> to match:
+ Modify
<filename><replaceable><JBOSS_HOME></replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/02portal.war/WEB-INF/web.xml</filename>
to match:
</para>
<programlisting language="XML" role="XML"><xi:include
href="../../extras/Authentication_Identity_SSO/default127.xml"
parse="text"
xmlns:xi="http://www.w3.org/2001/XInclude"
/></programlisting>
<para>
- Integrate the request pre-processing needed for SPNEGO via
filters by adding the following filters to the <emphasis
role="bold">JBOSS_HOME/server/default/deploy/gatein.ear/02portal.war/WEB-INF/web.xml</emphasis>
at the top of the Filter chain.
+ Integrate the request pre-processing needed for SPNEGO via
filters by adding the following filters to the
<filename><replaceable><JBOSS_HOME></replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/02portal.war/WEB-INF/web.xml</filename>
at the top of the Filter chain.
</para>
<programlisting language="XML" role="XML"><xi:include
href="../../extras/Authentication_Identity_SSO/default128.xml"
parse="text"
xmlns:xi="http://www.w3.org/2001/XInclude"
/></programlisting>
- <para>
- This integrates request pre-processing needed for SPNEGO.
- </para>
</step>
<step>
<para>
- Edit the '<emphasis role="bold">Sign
In</emphasis>' link in
<filename><replaceable>JBOSS_HOME</replaceable>/server/<replaceable>PROFILE</replaceable>/deploy/gatein.ear/web.war/groovy/groovy/webui/component/UIBannerPortlet.gtmpl</filename>
to match the following:
+ Edit the '<emphasis role="bold">Sign
In</emphasis>' link in
<filename><replaceable><JBOSS_HOME></replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/web.war/groovy/groovy/webui/component/UIBannerPortlet.gtmpl</filename>
to match the following:
</para>
<programlisting language="Java" role="Java"><xi:include
href="../../extras/Authentication_Identity_SSO/default129.java"
parse="text"
xmlns:xi="http://www.w3.org/2001/XInclude"
/></programlisting>
@@ -1653,40 +1651,7 @@
</para>
</section>
-
- <section
id="sect-Reference_Guide-SPNEGO_Simple_and_Protected_GSSAPI_Negotiation_Mechanism-JBoss_Enterprise_Portal_Platform_Configuration-Clients">
- <title>Clients</title>
- <para>
- After performing all configurations above, you need to enable the
<emphasis role="bold">Negotiate authentication </emphasis> of
Firefox in clients so that clients can be authenticated by JBoss Enterprise Portal
Platform as follows:
- </para>
- <procedure>
- <step>
- <para>
- Start Firefox, then enter the command: <emphasis
role="bold">about:config </emphasis> into the address field.
- </para>
- </step>
- <step>
- <para>
- Enter <emphasis
role="bold">network.negotiate-auth</emphasis> and set the value as
below:
- </para>
-
-<programlisting>
-network.negotiate-auth.allow-proxies = true
-network.negotiate-auth.delegation-uris = .local.network
-network.negotiate-auth.gsslib (no-value)
-network.negotiate-auth.trusted-uris = .local.network
-network.negotiate-auth.using-native-gsslib = true
-</programlisting>
-
- </step>
-
- </procedure>
-
-
- </section>
-
-
</section>