gatein SVN: r8083 - epp/docs/branches/5.2/Reference_Guide-eXoJCR-1.14/en-US/modules/AuthenticationAndIdentity.
11:08 p.m.
Author: smumford
Date: 2011-11-17 00:08:55 -0500 (Thu, 17 Nov 2011)
New Revision: 8083
Modified:
epp/docs/branches/5.2/Reference_Guide-eXoJCR-1.14/en-US/modules/AuthenticationAndIdentity/SSO.xml
Log:
JBEPP-1363: Incorporating GateIn SSO revisions 8080,8081,8082
Modified:
epp/docs/branches/5.2/Reference_Guide-eXoJCR-1.14/en-US/modules/AuthenticationAndIdentity/SSO.xml
===================================================================
---
epp/docs/branches/5.2/Reference_Guide-eXoJCR-1.14/en-US/modules/AuthenticationAndIdentity/SSO.xml 2011-11-16
16:15:59 UTC (rev 8082)
+++
epp/docs/branches/5.2/Reference_Guide-eXoJCR-1.14/en-US/modules/AuthenticationAndIdentity/SSO.xml 2011-11-17
05:08:55 UTC (rev 8083)
@@ -4,7 +4,7 @@
%BOOK_ENTITIES;
]>
<section id="sect-Reference_Guide_eXo_JCR_1.14-SSO_Single_Sign_On">
- <title>SSO - Single Sign On</title>
+ <title><remark>SSO - Single Sign On</remark></title>
<section
id="sect-Reference_Guide_eXo_JCR_1.14-SSO_Single_Sign_On-Overview">
<title>Overview</title>
@@ -98,6 +98,26 @@
This authentication can also be used in any other web applications which may
require authentication, <emphasis role="bold">provided that these
applications use same roles as the main portal instance</emphasis>. Attempting to
use an SSO authentication in an application that uses different roles may create
authorization errors (<emphasis role="bold">403</emphasis> errors,
for example).
</para>
+ <note>
+ <title>Reauthentication</title>
+
+ <para>
+ This behavior is coming from the fact that same JAAS principal is added by
SSO valve to all HTTP requests, even to other web applications.
+ </para>
+
+ <para>
+ So the same roles are required because of it. There is an alternative that
allows you to configure the SSO valve with the
<parameter>requireReauthentication=true</parameter> parameter, which will
force the SSO valve to perform reauthentication with saved credentials in each HTTP
request against security domain of particular web application where the request is
coming.
+ </para>
+
+ <para>
+ This will ensure that a new principal for that web application will be
created with updated roles for that web application.
+ </para>
+
+ <para>
+ In other words; when
<parameter>requireReauthentication</parameter> is <emphasis
role="bold">false</emphasis> (the default state), you need to have the
same roles among web applications. When
<parameter>requireReauthentication</parameter> is <emphasis
role="bold">true</emphasis> you need to have same username and
passwords.
+ </para>
+ </note>
+
<para>
More info about the JBoss SSO valve can be found at <ulink
type="http"
url="http://docs.redhat.com/docs/en-US/JBoss_Enterprise_Web_Platform...
/>.
</para>
@@ -120,104 +140,53 @@
For a <emphasis>non-clustered</emphasis>
implementation, uncomment:
</para>
<programlisting language="XML" role="XML"><Valve
className="org.apache.catalina.authenticator.SingleSignOn" />
-</programlisting>
+ </programlisting>
</listitem>
<listitem>
<para>
For a <emphasis>clustered</emphasis> implementation,
uncomment:
</para>
-<programlisting language="XML" role="XML"><Valve
className="org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn" />
-</programlisting>
+<programlisting language="XML" role="XML"><Valve
className="org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn"
/></programlisting>
</listitem>
</itemizedlist>
</step>
<step>
<para>
- To integrate with the JBoss SSO valve, follow <emphasis
role="bold">one</emphasis> of the procedures below to make the
necessary configuration changes in the Java Authentication and Authorization Service
(<emphasis role="bold">JAAS</emphasis>):
+ For implementation of the SSO valve among the different nodes of
cluster, all the nodes must share the same domain
(<emphasis>node1.yourdomain.com</emphasis> and
<emphasis>node2.yourdomain.com</emphasis>, for example).
</para>
- <itemizedlist>
- <listitem>
- <procedure
id="proc-Reference_Guide_eXo_JCR_1.14-SSO_Integration-Call_the_JAAS_authentication_directly">
- <title>Call the JAAS authentication directly</title>
-
- <step>
- <para>
- Open the
<filename>/<replaceable><JBOSS_HOME></replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/02portal.war/login/jsp/login.jsp</filename>
file.
- </para>
- </step>
-
- <step>
- <para>
- Change the line that reads:
- </para>
-<programlisting language="XML" role="XML"><form
name="loginForm" action="<%= contextPath +
"/login"%>" method="post" style="margin:
0px;">
+ <para>
+ This domain needs to be configured in the SSO valve parameter
<parameter>cookieDomain</parameter>. This is required because the SSO valve
adds the cookie <emphasis role="bold">JSESSIONIDSSO</emphasis>,
which is, by default bound only to the host where the request is originating.
+ </para>
+
+ <para>
+ When the <parameter>cookieDomain</parameter> parameter is
used, the cookie is bound to the domain (like
<emphasis>yourdomain.com</emphasis>), which will ensure that it is shared
among both hosts <emphasis>node1.yourdomain.com</emphasis> and
<emphasis>node2.yourdomain.com</emphasis>.
+ </para>
+
+ <para>
+ So in this case, the valve configuration would be:
+ </para>
+<programlisting language="XML" role="XML"><Valve
className="org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn"
+cookieDomain="yourdomain.com" />
</programlisting>
- <para>
- to read:
- </para>
-<programlisting language="XML" role="XML"><form
name="loginForm" action="<%= contextPath +
"/private/j_security_check"%>" method="post"
style="margin: 0px;">
-</programlisting>
- </step>
-
- <step>
- <para>
- Change the line that reads:
- </para>
-<programlisting language="XML"
role="XML"><td><input class="UserName"
name="username"
value="<%=username%>"/></td>
-</programlisting>
- <para>
- to read:
- </para>
-<programlisting language="XML"
role="XML"><td><input class="UserName"
name="j_username"
value="<%=username%>"/></td>
-</programlisting>
- </step>
-
- <step>
- <para>
- Change the line that reads:
- </para>
-<programlisting language="XML"
role="XML"><td><input class="Password"
type="password" name="password"
value=""/></td>
-</programlisting>
- <para>
- to read:
- </para>
-<programlisting language="XML"
role="XML"><td><input class="Password"
type="password" name="j_password"
value=""/></td>
-</programlisting>
- </step>
- </procedure>
- </listitem>
-
- <listitem>
- <procedure
id="proc-Reference_Guide_eXo_JCR_1.14-SSO_Integration-Switch_to_BASIC_authentication">
- <title>Switch to <emphasis
role="bold">BASIC</emphasis> authentication</title>
-
- <step>
- <para>
- Change the <parameter>auth-method</parameter>
element in
<filename><replaceable><JBOSS_HOME></replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/gatein.ear/02portal.war/WEB-INF/web.xml</filename>
from <parameter>FORM</parameter> to <parameter>BASIC</parameter>:
- </para>
-<programlisting language="XML"
role="XML"><login-config>
-<auth-method>BASIC</auth-method>
-<realm-name>gatein-domain</realm-name>
-<form-login-config>
- <form-login-page>/initiatelogin</form-login-page>
- <form-error-page>/errorlogin</form-error-page>
-</form-login-config>
-</programlisting>
- </step>
- </procedure>
- </listitem>
- </itemizedlist>
</step>
+
+ <step>
+ <para>
+ Another important thing is that both cluster nodes needs to be on same
cluster (using same parameter <emphasis role="bold">-g</emphasis>
and same parameter <emphasis role="bold">-u</emphasis> and also
using parameter <emphasis
role="bold">-Dexo.profiles=cluster</emphasis>).
+ </para>
+
+ <para>
+ They must also share the same NFS directory and the same database and
apply all the configuration needed for JBoss Enterprise Portal Platform cluster.
+ </para>
+ </step>
</procedure>
- <formalpara
id="form-Reference_Guide_eXo_JCR_1.14-Enabling_SSO_using_JBoss_SSO_Valve-Testing_the_SSO_Valve">
- <title>Testing the SSO Valve</title>
-
- <para>
- Once the JBoss SSO Valve has been enabled, it can be tested with the
following steps:
+ <formalpara
id="form-Reference_Guide_eXo_JCR_1.14-Enabling_SSO_using_JBoss_SSO_Valve-Enabling_SSO_in_a_physical_cluster">
+ <title>Testing SSO in a physical cluster</title> <para>
+ In this example, we will try to simulate testing on more physical machines
by simply using virtual hosts on single machine.
</para>
</formalpara>
@@ -226,91 +195,84 @@
<step>
<para>
- Copy the <replaceable><PROFILE></replaceable>
you enabled the valve in (<literal>all</literal>, for example) into two new
profiles called <literal>node1</literal> and
<literal>node2</literal>.
+ If you are using a Linux system, you can configure file <emphasis
role="bold">/etc/hosts</emphasis> to contain these lines:
</para>
+<programlisting>
+127.0.1.1 machine1.yourdomain.com
+127.0.1.2 machine2.yourdomain.com
+</programlisting>
</step>
<step>
<para>
- Run an instance of JBoss Enterprise Portal Platform using the
<literal>node1</literal> profile on a local machine:
+ Open the
<filename><replaceable><JBOSS_HOME></replaceable>/server/all/deploy/jbossweb.sar/server.xml</filename>
file.
</para>
-<programlisting>./run.sh -c node1 -Djboss.service.binding.set=ports-default
-Dexo.profiles=cluster -Djboss.messaging.ServerPeerID=0 &
-</programlisting>
</step>
<step>
<para>
- Start another instance using the <literal>node2</literal>
profile:
+ Uncomment the line:
</para>
-<programlisting>./run.sh -c node2 -Djboss.service.binding.set=ports-01
-Dexo.profiles=cluster -Djboss.messaging.ServerPeerID=1 &
-</programlisting>
+<programlisting language="XML" role="XML"><!--
+<Valve
className="org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn" />
+-->
+ </programlisting>
</step>
<step>
<para>
- Navigate to <ulink type="http"
url="http://localhost:8080/portal/private/classic" /> and authenticate with
the pre-configured user account " <systemitem> root </systemitem> "
(password " <systemitem> gtn </systemitem> ").
+ And edit it to match the following:
</para>
+<programlisting language="XML" role="XML"><Valve
className="org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn"
+cookieDomain="yourdomain.com" />
+</programlisting>
+ <para>
+ This will ensure the <literal>JSESSIONIDSSO</literal>
cookie is used in the correct domain, allowing the SSO authentication to occur.
+ </para>
</step>
<step>
<para>
- Navigate to <ulink type="http"
url="http://localhost:8180/portal/private/classic" /> . You should be
automatically authenticated as user <systemitem> root </systemitem> on this
node as well.
+ Copy server configuration <emphasis
role="bold">all</emphasis> and create another two configurations
<emphasis role="bold">node1</emphasis> and <emphasis
role="bold">node2</emphasis> from it.
</para>
</step>
- </procedure>
-
- <formalpara
id="form-Reference_Guide_eXo_JCR_1.14-Enabling_SSO_using_JBoss_SSO_Valve-Enabling_SSO_in_a_physical_cluster">
- <title>Enabling SSO in a physical cluster</title>
- <para>
- If you require SSO to work across a physical cluster of separate machines
you will need to use the <parameter>cookieDomain</parameter> attribute of the
SSO valve.
- </para>
- </formalpara>
-
- <procedure>
<step>
<para>
- Open the
<filename><replaceable><JBOSS_HOME></replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/jbossweb.sar/server.xml</filename>
file.
+ Start both cluster nodes with commands:
</para>
+<programlisting>
+./run.sh -c node1 -b machine1.yourdomain.com -Dexo.profiles=cluster
-Djboss.messaging.ServerPeerID=0 &
+./run.sh -c node2 -b machine2.yourdomain.com -Dexo.profiles=cluster
-Djboss.messaging.ServerPeerID=1 &
+</programlisting>
</step>
<step>
<para>
- Uncomment the line:
+ Go to <ulink type="http"
url="http://machine1.yourdomain.com:8080/portal">http://machine1.yourdomain.com:8080/portal</ulink>
and login as a user.
</para>
-<programlisting language="XML" role="XML"><!--
-<Valve
className="org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn" />
--->
-</programlisting>
</step>
<step>
<para>
- And edit it to match the following:
+ Access a private URL on the second host, such as <ulink
type="http"
url="http://machine2.yourdomain.com:8080/portal/dologin">http://machine2.yourdomain.com:8080/portal/dologin</ulink>,
for example.
</para>
-<programlisting language="XML" role="XML"><Valve
className="org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn"
cookieDomain="yourdomain.com" />
-</programlisting>
+
<para>
- (Where <literal>yourdomain.com</literal> is the domain used
in your cluster. For example; <ulink type="http"
url="http://machine1.yourdomain.com:8080/portal/private/classic" /> and
<ulink type="http"
url="http://machine2.yourdomain.com:8080/portal/private/classic" /> )
+ Now you should be logged directly into
<literal>machine2</literal> thanks to SSO valve.
</para>
</step>
<step>
<para>
- Repeat the process in the other nodes in the cluster.
+ Logout from SSO initiating machine1.yourdomain.com should also logged
you out from other cluster nodes. So you should be logout directly from machine2 as well.
</para>
</step>
</procedure>
- <para>
- This will ensure the <literal>JSESSIONIDSSO</literal> cookie is
used in the correct domain, allowing the SSO authentication to occur.
- </para>
-
<formalpara
id="form-Reference_Guide_eXo_JCR_1.14-Enabling_SSO_using_JBoss_SSO_Valve-Enabling_SSO_with_Other_Web_Applications">
- <title>Enabling SSO with Other Web Applications</title>
-
- <para>
- As mentioned earlier, in order to use SSO authentication between JBoss
Enterprise Portal Platform instances and other web applications, the roles defined in the
web application must match those used in the portal instance.
+ <title>Enabling SSO with Other Web Applications</title>
<para>
+ As mentioned earlier, in order to use SSO authentication between JBoss
Enterprise Portal Platform instances and other web applications, the roles defined in the
web application must match those used in the portal instance (unless you have the
<parameter>requireReauthentication</parameter> parameter set to
<literal>true</literal>).
</para>
</formalpara>
@@ -323,7 +285,7 @@
<step>
<para>
- Open the
<filename><replaceable><JBOSS_HOME></replaceable>/server/<replaceable><PROFILE></replaceable>/deploy/jmx-console.war/WEB-INF/web.xml</filename>
file and edit it as follows:
+ Open the
<filename><replaceable><JBOSS_HOME></replaceable>/server/node1/deploy/jmx-console.war/WEB-INF/web.xml</filename>
file and edit it as follows:
</para>
<substeps>
@@ -351,9 +313,7 @@
</procedure>
<formalpara
id="form-Reference_Guide_eXo_JCR_1.14-Enabling_SSO_using_JBoss_SSO_Valve-Testing_SSO_With_Other_Web_Applications">
- <title>Testing SSO With Other Web Applications</title>
-
- <para>
+ <title>Testing SSO With Other Web Applications</title>
<para>
To test that SSO authentication is enabled from portal instances to other
web applications (in this case, the JMX Console), do the following:
</para>
</formalpara>
@@ -365,37 +325,35 @@
<para>
Start a portal instance on one node:
</para>
-<programlisting>./run.sh -c node1 -Djboss.service.binding.set=ports-default
-Dexo.profiles=cluster -Djboss.messaging.ServerPeerID=0 &
+<programlisting>./run.sh -c node1 -b machine1.yourdomain.com -Dexo.profiles=cluster
-Djboss.messaging.ServerPeerID=0 &
</programlisting>
</step>
<step>
<para>
- Navigate to <ulink type="http"
url="http://localhost:8080/portal/private/classic" /> and authenticate with
the pre-configured user account "<systemitem> root </systemitem>"
(password "<systemitem> gtn </systemitem>").
+ Navigate to <ulink type="http"
url="http://machine1.yourdomain.com:8080/portal/private/classic" /> and
authenticate with the pre-configured user account
"<systemitem>root</systemitem>" (password
"<systemitem>gtn </systemitem>").
</para>
</step>
<step>
<para>
- Navigate to <ulink type="http"
url="http://localhost:8080/jmx-console" />. You should be automatically
authenticated into the JMX Console.
+ Navigate to <ulink type="http"
url="http://machine1.yourdomain.com:8080/jmx-console" />. You should be
automatically authenticated into the JMX Console.
</para>
</step>
</procedure>
<formalpara
id="form-Reference_Guide_eXo_JCR_1.14-Enabling_SSO_using_JBoss_SSO_Valve-Using_SSO_to_Authenticate_From_the_Public_Page">
- <title>Using SSO to Authenticate From the Public Page</title>
-
- <para>
- The previous configuration changes in this section are useful if a user is
using a private URL ( <ulink type="http"
url="http://localhost:8080/portal/private/classic" />, for example) to log in
to the portal instance.
+ <title>Using SSO to Authenticate From the Public Page</title>
<para>
+ The previous configuration changes in this section are useful if a user is
using a secured URL (<ulink type="http"
url="http://localhost:8080/portal/private/classic" />, for example) to log in
to the portal instance.
</para>
</formalpara>
<para>
- Further changes are needed however, if SSO authentication is required to work
with the <guilabel>Sign In</guilabel> button on the front page of the portal (
<ulink type="http"
url="http://localhost:8080/portal/public/classic" /> ).
+ Further changes are needed however, if SSO authentication is required to work
with the <guilabel>Sign In</guilabel> button on the front page of the portal
(<ulink type="http" url="http://localhost:8080/portal/classic"
/>).
</para>
<para>
- To enable this functionality, the <guilabel>Sign In</guilabel>
link must redirect to the <filename>login.jsp</filename> file edited earlier
to call the JAAS authentication directly.
+ To enable this functionality, the <guilabel>Sign In</guilabel>
link must redirect to some secured URL, which will ensure that JAAS authentication will be
enforced directly without showing login dialog.
</para>
<procedure
id="proc-Reference_Guide_eXo_JCR_1.14-Enabling_SSO_using_JBoss_SSO_Valve-Redirect_to_Use_SSO_Valve_Authentication">
@@ -594,8 +552,7 @@
<para>
There's a line comment already in this source file to assist you.
</para>
-
- <!-- Removing as per https://issues.jboss.org/browse/JBEPP-1350
+<!-- Removing as per https://issues.jboss.org/browse/JBEPP-1350
<para>
In Tomcat, edit
<filename>GATEIN_HOME/conf/jaas.conf</filename>, uncomment on this section and
comment other parts:
</para>
@@ -786,16 +743,18 @@
</para>
<programlisting language="XML" role="XML"><xi:include
href="../../extras/Authentication_Identity_SSO/default111.xml"
parse="text" xmlns:xi="http://www.w3.org/2001/XInclude"
/></programlisting>
</step>
- <step>
- <para>
- In Tomcat, edit
<filename>JBOSS_HOME/conf/jaas.conf</filename> and uncomment this section:
- </para>
+
+ <step>
+ <para>
+ In Tomcat, edit
<filename>JBOSS_HOME/conf/jaas.conf</filename> and uncomment this section:
+ </para>
<programlisting>org.gatein.sso.agent.login.SSOLoginModule required;
org.exoplatform.services.security.j2ee.TomcatLoginModule requiredtm
portalContainerName=portal
realmName=gatein-domain;
</programlisting>
- </step>
+ </step>
+
<step>
<para>
The installation can be tested at this point.
@@ -1019,10 +978,15 @@
<important>
<para>
- Go to
<menuchoice><guimenu>Configuration</guimenu><guimenuitem>Authentication</guimenuitem></menuchoice>
and follow the link to <guilabel>Core</guilabel>
+ Go to <menuchoice><guimenu>Configuration</guimenu>
+ <guimenuitem>
+ Authentication
+ </guimenuitem>
+ </menuchoice> and follow the link to
<guilabel>Core</guilabel>
</para>
+
<para>
- Add a new value with the class name
<literal>org.gatein.sso.opensso.plugin.AuthenticationPlugin</literal>.
+ Add a new value with the class name
<literal>org.gatein.sso.opensso.plugin.AuthenticationPlugin</literal>.
</para>
<para>
@@ -1077,7 +1041,19 @@
<substeps>
<step>
<para>
- Go to <menuchoice><guimenu>Access
control</guimenu><guimenuitem>Top level
realm</guimenuitem><guimenuitem>Privileges</guimenuitem><guimenuitem>All
authenticated users</guimenuitem></menuchoice>.
+ Go to <menuchoice><guimenu>Access
control</guimenu>
+ <guimenuitem>
+ Top level realm
+ </guimenuitem>
+
+ <guimenuitem>
+ Privileges
+ </guimenuitem>
+
+ <guimenuitem>
+ All authenticated users
+ </guimenuitem>
+ </menuchoice>.
</para>
</step>
@@ -1133,8 +1109,7 @@
</para>
<programlisting language="XML" role="XML"><xi:include
href="../../extras/Authentication_Identity_SSO/default118.xml"
parse="text" xmlns:xi="http://www.w3.org/2001/XInclude"
/></programlisting>
</step>
-
- <!-- Removed as per https://issues.jboss.org/browse/JBEPP-1350
+<!-- Removed as per https://issues.jboss.org/browse/JBEPP-1350
<step>
<para>
If you are running the product in Tomcat, edit
<replaceable><JBOSS_HOME></replaceable>/conf/jaas.conf,
uncomment the following section and comment all other sections:
@@ -1146,7 +1121,6 @@
</programlisting>
</step>
-->
-
<step>
<para>
Test the installation:
@@ -1271,9 +1245,7 @@
<title>SPNEGO Basics</title>
<para>
- The procedure below only describes the basic steps to configure the
SPNEGO server in a Linux environment. If you are already familiar with SPNEGO, or if you
are using Windows and Active Directory domain, you can jump to the
- <xref
linkend="proc-Reference_Guide_eXo_JCR_1.14-SPNEGO_Simple_and_Protected_GSSAPI_Negotiation_Mechanism-Advanced_SPNEGO_Configuration"
/>
- to see how to integrate SPNEGO with JBoss Enterprise Portal Platform.
+ The procedure below only describes the basic steps to configure the
SPNEGO server in a Linux environment. If you are already familiar with SPNEGO, or if you
are using Windows and Active Directory domain, you can jump to the <xref
linkend="proc-Reference_Guide_eXo_JCR_1.14-SPNEGO_Simple_and_Protected_GSSAPI_Negotiation_Mechanism-Advanced_SPNEGO_Configuration"
/> to see how to integrate SPNEGO with JBoss Enterprise Portal Platform.
</para>
<para>
@@ -1561,9 +1533,7 @@
</para>
<programlisting language="XML" role="XML"><xi:include
href="../../extras/Authentication_Identity_SSO/default124.xml"
parse="text" xmlns:xi="http://www.w3.org/2001/XInclude"
/></programlisting>
<para>
- The '<literal>keyTab</literal>' value should
point to the keytab file that was generated by the <literal>kadmin</literal>
Kerberos tool. When using Kerberos on Linux, it should be value of parameter <emphasis
role="bold">admin_keytab</emphasis> from kdc.conf file. See the
- <xref
linkend="proc-Reference_Guide_eXo_JCR_1.14-SPNEGO_Simple_and_Protected_GSSAPI_Negotiation_Mechanism-SPNEGO_Basics"/>
- for more details.
+ The '<literal>keyTab</literal>' value should
point to the keytab file that was generated by the <literal>kadmin</literal>
Kerberos tool. When using Kerberos on Linux, it should be value of parameter <emphasis
role="bold">admin_keytab</emphasis> from kdc.conf file. See the
<xref
linkend="proc-Reference_Guide_eXo_JCR_1.14-SPNEGO_Simple_and_Protected_GSSAPI_Negotiation_Mechanism-SPNEGO_Basics"/>
for more details.
</para>
</step>
@@ -1646,20 +1616,25 @@
If you destroy your kerberos ticket with command
<command>kdestroy</command>, then try to login again, you will directed to the
login screen of JBoss Enterprise Portal Product because you don't have active Kerberos
ticket. You can login with predefined account and password
"demo"/"gtn" .
</para>
</section>
- <section>
- <title>Clients</title>
- <para>After performing all configurations above, you need to enable the
<emphasis role="bold">Negotiate authentication </emphasis> of
Firefox in clients so that clients can be authenticated by JBoss Enterprise Portal
Platform as follows:
- </para>
- <procedure>
- <step>
+
+ <section>
+ <title>Clients</title>
+
<para>
- Start Firefox, then enter the command: <emphasis
role="bold">about:config </emphasis> into the address field.
+ After performing all configurations above, you need to enable the
<emphasis role="bold">Negotiate authentication </emphasis> of
Firefox in clients so that clients can be authenticated by JBoss Enterprise Portal
Platform as follows:
</para>
- </step>
- <step>
- <para>
- Enter <emphasis
role="bold">network.negotiate-auth</emphasis> and set the value as
below:
- </para>
+
+ <procedure>
+ <step>
+ <para>
+ Start Firefox, then enter the command: <emphasis
role="bold">about:config </emphasis> into the address field.
+ </para>
+ </step>
+
+ <step>
+ <para>
+ Enter <emphasis
role="bold">network.negotiate-auth</emphasis> and set the value as
below:
+ </para>
<programlisting>
network.negotiate-auth.allow-proxies = true
network.negotiate-auth.delegation-uris = .local.network
@@ -1667,8 +1642,8 @@
network.negotiate-auth.trusted-uris = .local.network
network.negotiate-auth.using-native-gsslib = true
</programlisting>
- </step>
- </procedure>
- </section>
+ </step>
+ </procedure>
+ </section>
</section>
</section>
4806
days inactive
4806
days old
gatein-commits@lists.jboss.org
0 comments
1 participants
participants (1)
-
do-not-reply@jboss.org