|
||||||||||||||
|
This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira |
||||||||||||||
|
||||||||||||||
|
This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira |
||||||||||||||
Validation was done on EAP 6.2.0 downloaded from http://jboss.org
No code changes were necessary.
The following changes are necessary in idp.war
WEB-INF/jboss-web.xml
=============================================
<jboss-web>
<security-domain>SPNEGO</security-domain>
<context-root>idp</context-root>
<disable-audit>false</disable-audit>
<valve>
<class-name>org.picketlink.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve</class-name>
</valve>
<valve>
<class-name>org.jboss.security.negotiation.NegotiationAuthenticator</class-name>
</valve>
</jboss-web>
===============================
META-INF/jboss-deployment-structure.xml
===================================
<jboss-deployment-structure>
<deployment>
<!-- Add picketlink module dependency -->
<dependencies>
<module name="org.picketlink" />
<module name="org.jboss.security.negotiation" />
</dependencies>
</deployment>
</jboss-deployment-structure>
================================
In jboss-eap-6.2/standalone/configuration/standalone.xml
==========================
<security-domain name="SPNEGO" cache-type="default">
<authentication>
<login-module code="SPNEGO" flag="required">
<module-option name="serverSecurityDomain" value="host"/>
</login-module>
</authentication>
<mapping>
<mapping-module code="SimpleRoles" type="role">
<module-option name="jduke@JBOSS.ORG" value="Admin"/>
<module-option name="hnelson@JBOSS.ORG" value="User,Sales,manager"/>
</mapping-module>
</mapping>
</security-domain>
<security-domain name="host" cache-type="default">
<authentication>
<login-module code="com.sun.security.auth.module.Krb5LoginModule" flag="required">
<module-option name="debug" value="true"/>
<module-option name="storeKey" value="true"/>
<module-option name="refreshKrb5Config" value="true"/><module-option name="useKeyTab" value="true"/>
<module-option name="doNotPrompt" value="true"/>
<module-option name="keyTab" value="/tmp/spnego-in-as7/http.keytab"/>
<module-option name="principal" value="HTTP/localhost@JBOSS.ORG"/>
</login-module>
</authentication>
</security-domain>
===============================
You may replace the use of SimpleRoles mapping module above in SPNego security domain with another role seeking login module such as AdvancedADLoginModule from JBoss Negotiation project.