Bug 1001531

Summary: [Doc Bug Fix] SSO documentation is unclear/outdated
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Tair Sabirgaliev <ts>
Component: DocumentationAssignee: David Michael <dmichael>
Status: CLOSED WONTFIX QA Contact: Russell Dickenson <rdickens>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.1.0CC: dmichael, fbogyai, jcacek, lcosti, myarboro, pskopek, smumford
Target Milestone: post-GAKeywords: Documentation
Target Release: EAP 6.3.2   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Build: CSProcessor Builder Version 1.11 Build Name: 13944, Security Guide-6.1-2 Build Date: 12-07-2013 01:28:12 Topic ID: 7502-460023 [Specified]
Last Closed: 2015-07-22 05:01:09 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Tair Sabirgaliev 2013-08-27 08:48:43 UTC 
Title: Choose the Right SSO Implementation

Describe the issue:

1) The docs don't make a clear distinction between clustered web-app session (aka. <distributable/>) and clustered SSO.

2) The docs are not updated with latest changes in EAP, where most of config went down to domain/standalone.xml, eg. 'Example 13.5. Example Clustered SSO Configuration' is no more relevant.

3) Docs don't tell that out of the box EAP 6 ships everything preconfigured and only thing a sysadmin has to do is add <sso/> element in appropriate virtual host.

4) SSO behavior explanation is not migrated from eap-5 to eap-6.1 docs

Suggestions for improvement:

1) Please mention that clustered-web-session and clustered-sso are orthogonal features and outline the technologies that they build upon.

2) Update docs with latest changes in EAP 6.1/AS7.2

3) Simplify the SSO configuration guide in section '13.4. Use Single Sign On (SSO) In A Web Application'

4) Add missing SSO parts from eap-5.1 SSO docs. 

Additional information:

https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Web_Platform/5/html/Administration_And_Configuration_Guide/clustering-http-sso.html
Comment 8 Tair Sabirgaliev 2014-04-23 11:41:42 UTC 
Hi Russel,

I'm not sure if reply-by-mail worked, so let me comment here:

> 1) The docs don't make a clear distinction between clustered web-app session (aka. <distributable/>) and clustered SSO.

This should rather be: ... between clustered web-app session and clustered security domain. I think, they are independent in JBoss, eg. you don't need to make an app <distributable/> and yet have authentication distributed across cluster.

> 2) The docs are not updated with latest changes in EAP, where most of config went down to domain/standalone.xml, eg. 'Example 13.5. Example Clustered SSO Configuration' is no more relevant.

I’m not sure, but looks like <valve> of jboss-web.xml repeats the <sso> of web subsystem. That is confusing. "Table 13.1. SSO Configuration Options" lists options that are also available down at <sso>.

Which one do I choose?

IMHO SSO is a platform-level concern. I shouldn’t deal with it inside my WAR file.