From teiid-commits at lists.jboss.org Fri Aug 27 17:19:36 2010
Content-Type: multipart/mixed; boundary="===============2500217766630186833=="
MIME-Version: 1.0
From: teiid-commits at lists.jboss.org
To: teiid-commits at lists.jboss.org
Subject: [teiid-commits] teiid SVN: r2498 -
 branches/7.1.x/documentation/admin-guide/src/main/docbook/en-US/content.
Date: Fri, 27 Aug 2010 17:19:35 -0400
Message-ID: <201008272119.o7RLJZgc029199@svn01.web.mwc.hst.phx2.redhat.com>

--===============2500217766630186833==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

Author: rareddy
Date: 2010-08-27 17:19:35 -0400 (Fri, 27 Aug 2010)
New Revision: 2498

Modified:
   branches/7.1.x/documentation/admin-guide/src/main/docbook/en-US/content/=
security.xml
Log:
TEIID-1048: adding doc about how to configure Teiid for pass-through auth.

Modified: branches/7.1.x/documentation/admin-guide/src/main/docbook/en-US/c=
ontent/security.xml
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- branches/7.1.x/documentation/admin-guide/src/main/docbook/en-US/content=
/security.xml	2010-08-27 19:00:01 UTC (rev 2497)
+++ branches/7.1.x/documentation/admin-guide/src/main/docbook/en-US/content=
/security.xml	2010-08-27 21:19:35 UTC (rev 2498)
@@ -10,7 +10,8 @@
 		<para>Typically a user name is required, however user names may be consi=
dered optional if the
 			identity of the user can be discerned by the password credential alone.=
 =C2=A0In
 			any case it is up to the configured security domain to determine whethe=
r a user can be
-			authenticated.</para>
+			authenticated. If you need authentication, the administrator must confi=
gure a LoginModule to be used with Teiid. =

+            See below for more information on how configure the Login modu=
le in JBoss AS.</para>
 			=

 			<note><para>By default, access to Teiid is NOT secure. The default logi=
n modules are only =

 	        backed by file based authentication, which has a well known user =

@@ -18,6 +19,18 @@
 	        The same is true for making connections to the Admin Console appl=
ication. =

 	        We DO NOT recommend leaving the default security profile as defin=
ed when you =

 	        are exposing sensitive data.</para></note>
+            <section>
+                <title>Pass-through Authentication</title>
+                <para>If your client application (web application or Web s=
ervice) resides in the same JBoss AS instance as Teiid and =

+                client application uses a security-domain to handle the se=
curity concerns, then you can configure Teiid to use the =

+                same security-domain and not force the user to re-authenti=
cate for using Teiid. In this case Teiid looks for a authenticated =

+                subject in the calling thread context and uses for its ses=
sion and authorization purposes. To configure Teiid for this
+                pass-through authentication mechanism, you need change the=
 Teiid's security-domain name to same name as your =

+                application's security domain name in the "teiid-jboss-bea=
ns.xml" file in the SessionService section. =

+                Please note that for this to work, the security-domain =

+                must be a JAAS based Login Module and your client applicat=
ion MUST obtain Teiid connection =

+                using <emphasis>Local</emphasis> Connection.</para>
+            </section>
 	</section>
 	<section>
 		<title>Authorization</title>


--===============2500217766630186833==--