[jboss-cvs] JBossAS SVN: r74806 - in projects/security/security-negotiation/trunk/docs/userguide/en: images and 1 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Jun 18 12:51:57 EDT 2008
Author: darran.lofthouse at jboss.com
Date: 2008-06-18 12:51:56 -0400 (Wed, 18 Jun 2008)
New Revision: 74806
Added:
projects/security/security-negotiation/trunk/docs/userguide/en/images/nt-basic-failed.png
projects/security/security-negotiation/trunk/docs/userguide/en/images/nt-basic-success.png
projects/security/security-negotiation/trunk/docs/userguide/en/images/nt-domain-authenticated.png
projects/security/security-negotiation/trunk/docs/userguide/en/images/nt-domain-entry.png
projects/security/security-negotiation/trunk/docs/userguide/en/images/nt-secured.png
Modified:
projects/security/security-negotiation/trunk/docs/userguide/en/master.xml
projects/security/security-negotiation/trunk/docs/userguide/en/modules/general_installation.xml
Log:
[SECURITY-154] Added additional negotiation toolkit documentation.
Added: projects/security/security-negotiation/trunk/docs/userguide/en/images/nt-basic-failed.png
===================================================================
(Binary files differ)
Property changes on: projects/security/security-negotiation/trunk/docs/userguide/en/images/nt-basic-failed.png
___________________________________________________________________
Name: svn:executable
+ *
Name: svn:mime-type
+ application/octet-stream
Added: projects/security/security-negotiation/trunk/docs/userguide/en/images/nt-basic-success.png
===================================================================
(Binary files differ)
Property changes on: projects/security/security-negotiation/trunk/docs/userguide/en/images/nt-basic-success.png
___________________________________________________________________
Name: svn:executable
+ *
Name: svn:mime-type
+ application/octet-stream
Added: projects/security/security-negotiation/trunk/docs/userguide/en/images/nt-domain-authenticated.png
===================================================================
(Binary files differ)
Property changes on: projects/security/security-negotiation/trunk/docs/userguide/en/images/nt-domain-authenticated.png
___________________________________________________________________
Name: svn:executable
+ *
Name: svn:mime-type
+ application/octet-stream
Added: projects/security/security-negotiation/trunk/docs/userguide/en/images/nt-domain-entry.png
===================================================================
(Binary files differ)
Property changes on: projects/security/security-negotiation/trunk/docs/userguide/en/images/nt-domain-entry.png
___________________________________________________________________
Name: svn:executable
+ *
Name: svn:mime-type
+ application/octet-stream
Added: projects/security/security-negotiation/trunk/docs/userguide/en/images/nt-secured.png
===================================================================
(Binary files differ)
Property changes on: projects/security/security-negotiation/trunk/docs/userguide/en/images/nt-secured.png
___________________________________________________________________
Name: svn:executable
+ *
Name: svn:mime-type
+ application/octet-stream
Modified: projects/security/security-negotiation/trunk/docs/userguide/en/master.xml
===================================================================
--- projects/security/security-negotiation/trunk/docs/userguide/en/master.xml 2008-06-18 16:43:36 UTC (rev 74805)
+++ projects/security/security-negotiation/trunk/docs/userguide/en/master.xml 2008-06-18 16:51:56 UTC (rev 74806)
@@ -91,12 +91,16 @@
<xi:include href="modules/microsoft_ad.xml"
xmlns:xi="http://www.w3.org/2001/XInclude" xpointer="element(/1)" />
+ <!--
<xi:include href="modules/mit_kdc.xml"
xmlns:xi="http://www.w3.org/2001/XInclude" xpointer="element(/1)" />
+ -->
+ <!--
<xi:include href="modules/free_ipa.xml"
xmlns:xi="http://www.w3.org/2001/XInclude" xpointer="element(/1)" />
-
+ -->
+
<xi:include href="modules/internet_explorer.xml"
xmlns:xi="http://www.w3.org/2001/XInclude" xpointer="element(/1)" />
Modified: projects/security/security-negotiation/trunk/docs/userguide/en/modules/general_installation.xml
===================================================================
--- projects/security/security-negotiation/trunk/docs/userguide/en/modules/general_installation.xml 2008-06-18 16:43:36 UTC (rev 74805)
+++ projects/security/security-negotiation/trunk/docs/userguide/en/modules/general_installation.xml 2008-06-18 16:51:56 UTC (rev 74806)
@@ -205,7 +205,7 @@
flag="required">
<module-option name="storeKey">true</module-option>
<module-option name="useKeyTab">true</module-option>
- <module-option name="principal">host/testserver.kerberos.jboss.org at KERBEROS.JBOSS.ORG</module-option>
+ <module-option name="principal">host/testserver at KERBEROS.JBOSS.ORG</module-option>
<module-option name="keyTab">/home/jboss_user/testserver.keytab</module-option>
<module-option name="doNotPrompt">true</module-option>
<module-option name="debug">true</module-option>
@@ -258,6 +258,13 @@
</listitem>
</itemizedlist>
+ <note>
+ <para>
+ Once everything is working you may want to set debug to false
+ as it logs to STDOUT.
+ </para>
+ </note>
+
</section>
<section>
@@ -488,7 +495,129 @@
</mediaobject>
</figure>
+ <note>
+ <para>
+ Before using the Negotiation Toolkit you should have completed
+ the installation process, a number of the actions in the
+ toolkit involve either the application server or the web
+ browser communicating with the KDC which needs to be correctly
+ configured.
+ </para>
+ </note>
+
</section>
+ <section>
+ <title>Basic Negotiation</title>
+
+ <para>
+ The 'Basic Negotiation' servlet can be used to test that the web
+ browser does trust the application server to attempt negotation.
+ The servlet simply prompts the web browser to negotiation and
+ outputs if a SPNEGO token was received or not.
+ </para>
+
+ <para>
+ An unsucsessful negotation would result in output similar to the
+ following.
+ </para>
+
+ <figure id="nt-basic-failed">
+ <title>Basic Negotiation Failure</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata align="center"
+ fileref="images/nt-basic-failed.png" />
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>
+ If the web browser successfully sends a SPNEGO token you should
+ see output similar to the following.
+ </para>
+
+
+ <figure id="nt-basic-success">
+ <title>Basic Negotiation Success</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata align="center"
+ fileref="images/nt-basic-success.png" />
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>
+ The resulting web page shows a breakdown of some of the
+ information contained within the negotiation token.
+ </para>
+
+ </section>
+
+ <section>
+ <title>Security Domain Test</title>
+
+ <para>
+ It is important that the application server can authenticate
+ against the KDC using it's own security domain, the 'Security
+ Domain Test' servlet is a servlet that can be used to test that
+ the security domain can authenticate.
+ </para>
+
+ <para>
+ On the first page you will need to enter the name of the
+ security domain being used, in these examples the security
+ domain is called 'host'.
+ </para>
+
+ <figure id="nt-domain-entry">
+ <title>Security Domain Test</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata align="center"
+ fileref="images/nt-domain-entry.png" />
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>
+ If the authentication is successful you should see output
+ similar to the following.
+ </para>
+
+ <figure id="nt-domain-authenticated">
+ <title>Security Domain Test - Authenticated</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata align="center"
+ fileref="images/nt-domain-authenticated.png" />
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ </section>
+
+ <section>
+ <title>Secured</title>
+
+ <para>
+ The final servlet in the toolkit is the 'Secured' servlet, this
+ servlet is configured to require full SPNEGO authentication, if
+ you get output similar to the following output this means you
+ have everything configured correctly.
+ </para>
+
+ <figure id="nt-secured">
+ <title>Secured</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata align="center" fileref="images/nt-secured.png" />
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+
+ </section>
</section>
</chapter>
More information about the jboss-cvs-commits
mailing list