Author: ppenicka
Date: 2013-01-04 10:23:42 -0500 (Fri, 04 Jan 2013)
New Revision: 9033
Modified:
epp/docs/branches/6.0/Reference_Guide/en-US/Preface.xml
epp/docs/branches/6.0/Reference_Guide/en-US/Revision_History.xml
epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml
Log:
BZ#886289 and BZ#886298 - Final version of OpenAM and SPNEGO single sign-on docs as
submitted for SME review. Bonus: cleaned up File Name Conventions in Preface - removed
unused abbreviations and made the descriptions more accurate.
Modified: epp/docs/branches/6.0/Reference_Guide/en-US/Preface.xml
===================================================================
--- epp/docs/branches/6.0/Reference_Guide/en-US/Preface.xml 2013-01-03 04:58:33 UTC (rev
9032)
+++ epp/docs/branches/6.0/Reference_Guide/en-US/Preface.xml 2013-01-04 15:23:42 UTC (rev
9033)
@@ -7,9 +7,7 @@
<title>Preface</title>
<section id="sect-File_Name_Conventions">
<title>File Name Conventions</title>
- <para>The following naming conventions are used in file paths for readability.
Each convention is styled so that it stands out from the rest of text:
-
-
+ <para>The following naming conventions are used in file paths to improve their
readability. Each convention is styled so that it stands out from the rest of the text:
</para>
<variablelist id="vari-Reference_Guide-Introduction-Devices">
<varlistentry>
@@ -17,24 +15,25 @@
<replaceable>CAS_DIR</replaceable>
</term>
<listitem>
- <para>The installation root of the Central Authentication Service (CAS)
Single Sign-on Framework. This directory is an arbitrary location chosen when CAS is
downloaded and installed.</para>
+ <para>
+ The installation root of the Central Authentication Service (CAS) single sign-on
framework. This directory is an arbitrary location chosen when CAS is downloaded and
installed.
+ </para>
+ <para>
+ This convention is mainly used in <xref
linkend="sect-SSO_Single_Sign_On_-Central_Authentication_Service" />.
+ </para>
</listitem>
</varlistentry>
<varlistentry>
<term>
- <replaceable>HTTPD_DIST</replaceable>
- </term>
- <listitem>
- <para>The installation root of the Apache httpd server. Apache httpd is a
web server used to deploy non-java based applications such as CGI or PHP. This directory
contains the main folders that comprise the server such as
<filename>/conf</filename>, <filename>/webapps</filename>, and
<filename>/bin</filename>. </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>
<replaceable>ID_HOME</replaceable>
</term>
<listitem>
<para>
-The
<filename>JPP_SERVER/gatein/gatein.ear/portal.war/WEB-INF/conf/organization/</filename>
directory, which contains identity-related configuration resources. This abbreviation is
used primarily in <xref linkend="chap-LDAP_Integration"/>.</para>
+ The
<filename>JPP_SERVER/gatein/gatein.ear/portal.war/WEB-INF/conf/organization/</filename>
directory, which contains identity-related configuration resources.
+ </para>
+ <para>
+ This convention is mainly used in <xref
linkend="chap-LDAP_Integration" />.
+ </para>
</listitem>
</varlistentry>
<varlistentry>
@@ -42,10 +41,12 @@
<replaceable>JPP_DIST</replaceable>
</term>
<listitem>
- <para>The installation root of the JBoss Enterprise Application Platform
instance. This folder contains the application server directory, as well as supplemental
folders containing resources necessary for gatein-management and gatein-sso. that
comprise the server such as <filename>/bin</filename>,
<filename>/standalone</filename>, and
<filename>/gatein</filename>.
- </para>
- <para>For example, if the JBoss Portal Platform binary is extracted to
<filename>/opt/jboss/JPP/</filename> directory, the
<replaceable>JPP_DIST</replaceable> directory is
<filename>/opt/jboss/JPP</filename>.
- </para>
+ <para>
+ The installation root of the JBoss Portal Platform instance. For example, if the
JBoss Portal Platform distribution archive is extracted to the
<filename>/opt/jboss/JPP/</filename> directory, the
<replaceable>JPP_DIST</replaceable> directory is
<filename>/opt/jboss/JPP</filename>.
+ </para>
+ <para>
+ This directory contains the
<filename>jboss-jpp-<replaceable><VERSION></replaceable></filename>,
<filename>gatein-management</filename> and
<filename>gatein-sso</filename> directories.
+ </para>
</listitem>
</varlistentry>
<varlistentry>
@@ -53,28 +54,24 @@
<replaceable>JPP_SERVER</replaceable>
</term>
<listitem>
- <para>The directory containing the application server, and the
configuration files necessary to run JBoss Portal Platform.</para>
- <para>This directory contains directories such as
<filename>/bin</filename>, <filename>/standalone</filename>, and
<filename>/gatein</filename>.
-</para>
- <para>Using the example in
<replaceable>JPP_DIST</replaceable>, the
<replaceable>JPP_SERVER</replaceable> directory is
<filename>/opt/jboss/JPP/jboss-jpp-&VY;/</filename>. </para>
+ <para>
+ The
<filename>JPP_DIST/jboss-jpp-<replaceable><VERSION></replaceable></filename>
directory, which contains the application server and the configuration files necessary to
run JBoss Portal Platform.
+ </para>
</listitem>
</varlistentry>
<varlistentry>
<term>
- <replaceable>PORTAL_SSO</replaceable>
+ <replaceable>TOMCAT_HOME</replaceable>
</term>
<listitem>
- <para>The directories and files located in the
<filename><filename>JPP_DIST</filename>/gatein-sso</filename>
directory of the JBoss Portal Platform binary package. Used throughout <xref
linkend="sect-Reference_Guide-SSO_Single_Sign_On"/>.</para>
+ <para>
+ The installation root of the Apache Tomcat server. Apache Tomcat is a simple
Java-based web server that can host servlets or JSP applications. It is not a part of
JBoss Portal Platform, however, it is used in various examples in this guide to host
single sign-on authentication services.
+ </para>
+ <para>
+ This convention is mainly used in <xref
linkend="sect-Reference_Guide-SSO_Single_Sign_On"/>.
+ </para>
</listitem>
</varlistentry>
- <varlistentry>
- <term>
- <replaceable>TOMCAT_DIST</replaceable>
- </term>
- <listitem>
- <para>The installation root of the Apache Tomcat server. Apache Tomcat is
a simple Java-based web server that can host servlet or JSP applications. This directory
contains the main folders that comprise the server such as
<filename>/bin</filename>, <filename>/conf</filename>,
<filename>/webapps</filename>, and
<filename>/lib</filename>.</para>
- </listitem>
- </varlistentry>
</variablelist>
</section>
<!-- FOR PUBLICAN --> <xi:include
xmlns:xi="http://www.w3.org/2001/XInclude"
href="Common_Content/Conventions.xml">
Modified: epp/docs/branches/6.0/Reference_Guide/en-US/Revision_History.xml
===================================================================
--- epp/docs/branches/6.0/Reference_Guide/en-US/Revision_History.xml 2013-01-03 04:58:33
UTC (rev 9032)
+++ epp/docs/branches/6.0/Reference_Guide/en-US/Revision_History.xml 2013-01-04 15:23:42
UTC (rev 9033)
@@ -8,6 +8,20 @@
<simpara>
<revhistory>
<revision>
+ <revnumber>6.0.0-27</revnumber>
+ <date>Fri Jan 4 2012</date>
+ <author>
+ <firstname>Petr</firstname>
+ <surname>Penicka</surname>
+ <email/>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>BZ#886289 and BZ#886298 - Final version of OpenAM and SPNEGO
single sign-on docs as submitted for SME review. Bonus: cleaned up File Name Conventions
in Preface - removed unused abbreviations and made the descriptions more
accurate.</member>
+ </simplelist>
+ </revdescription>
+ </revision>
+ <revision>
<revnumber>6.0.0-26</revnumber>
<date>Mon Dec 21 2012</date>
<author>
Modified:
epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml
===================================================================
---
epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml 2013-01-03
04:58:33 UTC (rev 9032)
+++
epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml 2013-01-04
15:23:42 UTC (rev 9033)
@@ -64,10 +64,6 @@
All the packages required for SSO setup can be found in the
<filename><filename>JPP_DIST</filename>/gatein-sso</filename>
directory of the JBoss Portal Platform binary package.
</para>
- <para>
- In the following scenarios this directory will be referred to as
<replaceable>PORTAL_SSO</replaceable>.
- </para>
-
<warning>
<para>
Users are advised to not run any portal extensions that could override the
data when manipulating the <filename>gatein.ear</filename> file directly.
@@ -83,7 +79,7 @@
<title><remark>BZ#856430</remark>Central Authentication
Service (CAS)</title>
<para>
- The CAS single sign-on (SSO) plug-in enables seamless integration between the
platform and the CAS SSO framework. General information about CAS can be found on the
<ulink
url="http://www.jasig.org/cas">Jasig website</ulink> .
+ The CAS single sign-on (SSO) plug-in enables seamless integration between the
platform and the CAS SSO framework. General information about CAS can be found on the
<ulink
url="http://www.jasig.org/cas">Jasig website</ulink>.
</para>
<section id="sect-CAS-Authentication_Process">
@@ -295,7 +291,7 @@
<step>
<para>
- Open
<code>CAS_DIR/cas-server-webapp/src/main/webapp/WEB-INF/deployerConfigContext.xml</code>
.
+ Open
<code>CAS_DIR/cas-server-webapp/src/main/webapp/WEB-INF/deployerConfigContext.xml</code>.
</para>
</step>
@@ -306,7 +302,7 @@
<note>
<para>
- This configuration is available in the
<code><replaceable>PORTAL_SSO</replaceable>/cas.war/WEB-INF/deployerConfigContext.xml</code>.
If you choose to take this configuration file, ensure the default host, port and context
parameters are adjusted to match the values corresponding to the remote portal instance.
+ This configuration is available in the
<code><replaceable>JPP_DIST</replaceable>gatein-sso/cas/plugin/WEB-INF/deployerConfigContext.xml</code>
file. If you choose to take this configuration file, ensure the default host, port and
context parameters are adjusted to match the values corresponding to the remote portal
instance.
</para>
</note>
<programlisting>
@@ -324,7 +320,7 @@
<step>
<para>
- Copy all jars from <code>PORTAL_SSO/cas/plugin/WEB-INF/lib/
</code>to the
<code>CAS_DIR/cas-server-webapp/src/main/webapp/WEB-INF/lib</code> directory.
+ Copy all jars from
<code><replaceable>JPP_DIST</replaceable>gatein-sso/cas/plugin/WEB-INF/lib/</code>
to the <code>CAS_DIR/cas-server-webapp/src/main/webapp/WEB-INF/lib</code>
directory.
</para>
</step>
</procedure>
@@ -435,13 +431,13 @@
<step>
<para>
- Extract and install the binary on the server that is required to
host CAS. This directory is now referred to as
<replaceable>TOMCAT_DIST</replaceable>.
+ Extract and install the binary on the server that is required to
host CAS. This directory is now referred to as
<replaceable>TOMCAT_HOME</replaceable>.
</para>
</step>
<step>
<para>
- Edit <filename>TOMCAT_DIST/conf/server.xml</filename>
and change port 8080 to 8888 to avoid a conflict with the default JBoss Portal Platform
listen port.
+ Edit <filename>TOMCAT_HOME/conf/server.xml</filename>
and change port 8080 to 8888 to avoid a conflict with the default JBoss Portal Platform
listen port.
</para>
<remark>BZ#856430 - jmorgan - Added the new ports from the
Confluence SSO Server Setup section</remark>
<important>
@@ -663,7 +659,7 @@
<step>
<para>
- Copy
<filename>CAS_DIR/cas-server-webapp/target/cas.war</filename> to
<filename>TOMCAT_DIST/webapps</filename>.
+ Copy
<filename>CAS_DIR/cas-server-webapp/target/cas.war</filename> to
<filename>TOMCAT_HOME/webapps</filename>.
</para>
</step>
@@ -1246,15 +1242,15 @@
<section id="sect-Reference_Guide-SSO_Single_Sign_On_-OpenAM">
<title>OpenAM</title>
<para>
- OpenAM is an open source access management, entitlements and federation server
platform. It is a successor of OpenSSO, the access management and federation server
platform by Oracle. Integration with OpenSSO is supported in JBoss Enterprise Portal
Platform 5. As the development of OpenSSO has been discontinued, the OpenSSO integration
has been replaced with OpenAM integration in JBoss Portal Platform 6.
+ OpenAM is an open source access management, entitlements and federation server
platform. It is a successor of OpenSSO, the access management and federation server
platform whose integration was available in JBoss Enterprise Portal Platform 5. As the
development of OpenSSO has been discontinued, the OpenSSO integration has been replaced
with OpenAM integration in JBoss Portal Platform 6.
</para>
<section
id="sect-Reference_Guide-SSO_Single_Sign_On_-OpenAM-Login-Workflow">
<title>Login and Logout Workflow</title>
<para>
- When the OpenAM integration is configured and a user clicks the <guibutton>Sign
in</guibutton> link on a JBoss Portal Platform page, they are redirected to the
OpenAM login screen, where they provide their login credentials. Authentication on the
OpenAM server side is performed by the JBoss Portal Platform SSO Authentication Plugin.
The plugin sends a REST request to JBoss Portal Platform, obtains a response and
authenticates the user on the OpenAM side based on the response.
+ When the OpenAM integration is configured and a user clicks the <guibutton>Sign
in</guibutton> link on a JBoss Portal Platform page, they are redirected to the
OpenAM login screen, where they provide their login credentials. Authentication on the
OpenAM server side is performed by the JBoss Portal Platform SSO Authentication Plugin.
The plugin sends a REST request to JBoss Portal Platform, obtains a response, and
authenticates the user on the OpenAM side based on the response.
</para>
<para>
- After successful authentication with OpenAM, an OpenAM authentication ticket is stored
in the <systemitem>iPlanetDirectoryPro</systemitem> cookie in the client
browser and the user is redirected back to the portal page. When the portal page is
requested, the <systemitem>InitiateLoginFilter</systemitem> iterceptor
delegates validation of the OpenAM ticket to the
<systemitem>OpenSSOAgent</systemitem> component. The component uses the OpenAM
REST API to perform validation of the ticket with the OpenAM server via a back channel.
After successful validation, user identity is established and the user is logged in to
JBoss Portal Platform.
+ After successful authentication with OpenAM, an OpenAM authentication ticket is stored
in the <systemitem>iPlanetDirectoryPro</systemitem> cookie in the client
browser and the user is redirected back to the portal page. When the portal page is
requested, the <systemitem>InitiateLoginFilter</systemitem> iterceptor
delegates validation of the OpenAM ticket to the
<systemitem>OpenSSOAgent</systemitem> component. The
<systemitem>OpenSSOAgent</systemitem> then uses the OpenAM REST API to perform
back channel validation of the ticket with the OpenAM server. After successful validation,
user identity is established and the user is logged in to JBoss Portal Platform.
</para>
<para>
When logout is requested by clicking the <guibutton>Sign out</guibutton>
button on a portal page, the <emphasis
role="italics">OpenSSOLogoutFilter</emphasis> interceptor performs
logout on both JBoss Portal Platform and the OpenAM server.
@@ -1275,7 +1271,12 @@
<section
id="sect-Reference_Guide-SSO_Single_Sign_On_-OpenAM-OpenAMserversetup">
<title>OpenAM Server Setup</title>
<para>
- This section contains procedures that need to be followed to set up an OpenAM
server for authentication against JBoss Portal Platform. The authentication set up by
these procedures is ensured by the JBoss Portal Platform SSO Authentication Plugin. The
plugin will be installed in OpenAM and configured to to perform authentication against the
portal using a REST callback. <!-- TODO: add info about other means of authentication
on OpenAM side that are mentioned in the Confluence doc -->
+ This section contains procedures that need to be followed to set up an OpenAM
server for authentication against JBoss Portal Platform. The authentication set up by
these procedures is ensured by the JBoss Portal Platform SSO Authentication Plugin. The
plugin will be installed in OpenAM and configured to to perform authentication against the
portal using a REST callback.
+ <note>
+ <para>
+ Using the REST callback as presented in this section is not mandatory. You can
achieve authentication on the OpenAM side by any other means according to your
preference.
+ </para>
+ </note>
</para>
<para>
To achieve the setup, perform the procedures in the following order:
@@ -1323,12 +1324,12 @@
<title>Adding the Authentication Plug-in</title>
<step>
<para>
- Copy the contents of the <code>GATEIN_SSO_HOME/opensso/plugin/</code>
directory to <code>TOMCAT_HOME/webapps/opensso/</code>. <!-- TODO: correct
location of source files, I can't find them in BETA, I can only see some of the files
in the SRC package --> This will add:
+ Copy the contents of the
<code>JPP_DIST/gatein-sso/opensso/plugin/</code> directory to
<code>TOMCAT_HOME/webapps/opensso/</code>. This will add:
</para>
<itemizedlist>
<listitem>
<para>
- the <filename>AuthenticationPlugin.xml</filename> file
<filename>TOMCAT_HOME/webapps/opensso/config/auth/default/</filename>
directory. The file contains the following configuration:
+ the <filename>AuthenticationPlugin.xml</filename> file to the
<filename>TOMCAT_HOME/webapps/opensso/config/auth/default/</filename>
directory. The file contains the following configuration:
</para>
<informalexample>
<programlisting language="XML">
@@ -1354,12 +1355,12 @@
</listitem>
<listitem>
<para>
- <!-- TODO: obtain correct list of files --> the
<filename>sso-opensso-plugin-<VERSION>.jar</filename> and
<filename>commons-httpclient-<VERSION>.jar</filename> archives
to the <filename>TOMCAT_HOME/webapps/opensso/WEB-INF/lib</filename>
directory.
+ the
<filename>sso-opensso-plugin-<VERSION>.jar</filename> and
<filename>commons-httpclient-<VERSION>.jar</filename> archives
to the <filename>TOMCAT_HOME/webapps/opensso/WEB-INF/lib</filename>
directory.
</para>
</listitem>
<listitem>
<para>
- the <filename>gatein.properties</filename> file to the
<filename>TOMCAT_HOME/webapps/opensso/WEB-INF/classes/</filename> directory.
You may need to configure the host, port, protocol, and other properties in this file
according to your JBoss Portal Platform location. These values will be used by the
authentication plugin to establish the REST connection to the portal over the HTTP
protocol.
+ the <filename>gatein.properties</filename> file to the
<filename>TOMCAT_HOME/webapps/opensso/WEB-INF/classes/</filename> directory.
You may need to change the values specified in this file to match the configuration of the
JBoss Portal Platform instance. The values will be used by the authentication plugin to
establish the REST connection to the portal.
</para>
</listitem>
</itemizedlist>
@@ -1435,7 +1436,7 @@
<section
id="sect-Reference_Guide-SSO_Single_Sign_On_-OpenAM-SetuptheOpenAMclient">
<title>JBoss Portal Platform Setup as OpenAM Client</title>
<para>
- On the JBoss Portal Platform server, you need to ensure proper configuration of single
sign-on properties in the
<code>JPP_DIST/standalone/configuration/gatein/configuration.properties</code>
file. Locate the SSO section in this file and change/add properties in the section as
follows:
+ On the JBoss Portal Platform server, you need to ensure proper configuration of single
sign-on properties in the
<code>JPP_SERVER/standalone/configuration/gatein/configuration.properties</code>
file. Locate the SSO section in this file and change/add properties in the section as
follows:
</para>
<programlisting># SSO
gatein.sso.enabled=true
@@ -1868,7 +1869,7 @@
<title>Configuring SPNEGO Integration with JBoss Portal
Platform</title>
<step>
<para>
- Modify the <literal># SSO</literal> section of the
<filename><replaceable>JPP_DIST</replaceable>/standalone/configuration/gatein/configuration.properties</filename>
file, replacing the original content with the following properties:
+ Modify the <literal># SSO</literal> section of the
<filename><replaceable>JPP_SERVER</replaceable>/standalone/configuration/gatein/configuration.properties</filename>
file, replacing the original content with the following properties:
</para>
<programlisting>
<xi:include
xmlns:xi="http://www.w3.org/2001/XInclude"
href="../../extras/Authentication_Identity_SSO/default124.xml"
parse="text"/>
@@ -1912,7 +1913,7 @@
<term>gatein.sso.filter.login.sso.url</term>
<listitem>
<para>
- This value ensures that clicking the <guibutton>Sign
in</guibutton> link will redirect users to the
<literal>/portal/dologin</literal> URL, which is a secured URL declared in the
<filename>security-constraint section of
JPP_DIST/gatein/gatein.ear/portal.war/WEB-INF/web.xml</filename> file, allowing the
<systemitem>GateInNegotiationAuthenticator</systemitem> valve to intercept the
HTTP request.
+ This value ensures that clicking the <guibutton>Sign
in</guibutton> link will redirect users to the
<literal>/portal/dologin</literal> URL, which is a secured URL declared in the
<filename>security-constraint section of
JPP_SERVER/gatein/gatein.ear/portal.war/WEB-INF/web.xml</filename> file, allowing
the <systemitem>GateInNegotiationAuthenticator</systemitem> valve to intercept
the HTTP request.
</para>
</listitem>
</varlistentry>
@@ -1929,7 +1930,7 @@
<term>gatein.sso.valve.enabled</term>
<listitem>
<para>
- SPNEGO integration requires a custom Tomcat valve to intercept
HTTP requests for secured URLs. The <systemitem>SSODelegateValve</systemitem>
is defined in the
<filename>JPP_DIST/gatein/gatein.ear/portal.war/WEB-INF/jboss-web.xml</filename>
file and is used only if this option is set to <literal>true</literal>. The
purpose of the valve is to delegate the real work to another valve declared in the
<literal>gatein.sso.valve.class</literal> property. This eliminates the need
to edit configuration in the <filename>jboss-web.xml</filename> file.
+ SPNEGO integration requires a custom Tomcat valve to intercept
HTTP requests for secured URLs. The <systemitem>SSODelegateValve</systemitem>
is defined in the
<filename>JPP_SERVER/gatein/gatein.ear/portal.war/WEB-INF/jboss-web.xml</filename>
file and is used only if this option is set to <literal>true</literal>. The
purpose of the valve is to delegate the real work to another valve declared in the
<literal>gatein.sso.valve.class</literal> property. This eliminates the need
to edit configuration in the <filename>jboss-web.xml</filename> file.
</para>
</listitem>
</varlistentry>
@@ -1946,7 +1947,7 @@
</step>
<step>
<para>
- Modify configuration of the
<systemitem>security</systemitem> subsystem in the
<filename><replaceable>JPP_DIST</replaceable>/standalone/configuration/standalone.xml</filename>
file:
+ Modify configuration of the
<systemitem>security</systemitem> subsystem in the
<filename><replaceable>JPP_SERVER</replaceable>/standalone/configuration/standalone.xml</filename>
file:
</para>
<substeps>
<step>
@@ -2053,7 +2054,7 @@
As demonstrated in <xref
linkend="proc-Reference_Guide-JBoss_Enterprise_Portal_Platform_Configuration-SPNEGO_Testing"
/>, users trying to sign in without a valid Kerberos ticket are automatically
redirected to the JBoss Portal Platform logon page. There, they can perform standard FORM
authentication using their user name and password.
</para>
<para>
- If you want to disable FORM authentication to allow only users with a valid
Kerberos ticket to sign in, you need to comment out the
<parameter>usernamePasswordDomain</parameter> option in the
<literal>SPNEGOLoginModule</literal> configuration in the
<filename><replaceable>JPP_DIST</replaceable>/standalone/configuration/standalone.xml</filename>
file.
+ If you want to disable FORM authentication to allow only users with a valid
Kerberos ticket to sign in, you need to comment out the
<parameter>usernamePasswordDomain</parameter> option in the
<literal>SPNEGOLoginModule</literal> configuration in the
<filename><replaceable>JPP_SERVER</replaceable>/standalone/configuration/standalone.xml</filename>
file.
</para>
<programlisting language="XML"><![CDATA[<login-module
code="org.gatein.sso.spnego.SPNEGOLoginModule"
flag="requisite">
@@ -2067,7 +2068,7 @@
<section>
<title>Enabling Logging</title>
<para>
- To enable logging of events related to SPNEGO authentication, you can add the
following entries to the <systemitem>logging</systemitem> subsystem in the
<filename><replaceable>JPP_DIST</replaceable>/standalone/configuration/standalone.xml</filename>
file:
+ To enable logging of events related to SPNEGO authentication, you can add the
following entries to the <systemitem>logging</systemitem> subsystem in the
<filename><replaceable>JPP_SERVER</replaceable>/standalone/configuration/standalone.xml</filename>
file:
</para>
<programlisting language="XML"><![CDATA[<logger
category="org.gatein.sso">
<level name="TRACE"/>
@@ -2105,7 +2106,7 @@
<title>Default Configuration</title>
<para>
- The JBoss SSO valve is enabled by default. The enablement is ensured by
the following JBoss Web subsystem configuration entry in the
<filename>JPP_DIST/standalone/configuration/standalon-ha.xml</filename> file:
+ The JBoss SSO valve is enabled by default. The enablement is ensured by
the following JBoss Web subsystem configuration entry in the
<filename>JPP_SERVER/standalone/configuration/standalon-ha.xml</filename>
file:
</para>
<programlisting language="XML"><![CDATA[
<sso cache-container="web" cache-name="sso"
reauthenticate="false" />
@@ -2147,7 +2148,7 @@
<step>
<para>
- On both servers, open the
<filename><replaceable>JPP_DIST</replaceable>/standalone/configuration/standalone-ha.xml</filename>
file. Add the <parameter>domain</parameter> parameter to the
<parameter>sso</parameter> entry and specify the name of the shared DNS domain
in its value.
+ On both servers, open the
<filename><replaceable>JPP_SERVER</replaceable>/standalone/configuration/standalone-ha.xml</filename>
file. Add the <parameter>domain</parameter> parameter to the
<parameter>sso</parameter> entry and specify the name of the shared DNS domain
in its value.
</para>
<programlisting language="XML"><![CDATA[
<sso cache-container="web" cache-name="sso"
reauthenticate="false" domain="yourdomain.com"/>