Bug 1075693

Summary: [RFE] EAP6-88 Prompt user to select Account at the Service Provider missing documentation
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Ondrej Lukas <olukas>
Component: DocumentationAssignee: Lucas Costi <lcosti>
Status: CLOSED CURRENTRELEASE QA Contact: Russell Dickenson <rdickens>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.3.0CC: asaldhan, jkudrnac, lcosti, sgilda
Target Milestone: ER4Keywords: Documentation, Triaged
Target Release: EAP 6.3.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-28 15:41:04 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1051640    

Description Ondrej Lukas 2014-03-12 15:29:42 UTC 
Describe the issue:
* In chapter PicketLink Identity Management in part SAML Web Browser Based SSO is missing documentation of new [RFE] Prompt user to select Account at the Service Provider.

Suggestions for improvement:
* Document setting and using of Domain Chooser in SP and org.picketlink.identity.federation.bindings.tomcat.sp.AccountChooserValve for EAP 6.3. It is a new feature - https://issues.jboss.org/browse/EAP6-88.

Additional information:
* Some basic information are in https://docs.jboss.org/author/display/PLINK/Domain+Chooser+At+Service+Provider but you need to ask developers for technical informations and settings.
Comment 1 Lucas Costi 2014-05-07 06:13:17 UTC 
I think part of this bug may have already been covered in the fixes for BZ#1075982 and BZ#1074994.

Anil: Would some extra information in the "Configure Service Provider" procedure [1] satisfy this for documentation?

If so, from reading the info in [2], I assume what is required is: 
1. Adding the org.picketlink.identity.federation.bindings.tomcat.sp.AccountChooserValve valve to step 2 (Configure the SP Valve).
2. Adding a note (and possibly an extra example) at step 3 (Configure the PicketLink Configuration File (picketlink.xml)) to explain that multiple IDPs can be configured for a SP.

Could you please confirm?

[1] http://documentation-devel.engineering.redhat.com/site/documentation/en-US/JBoss_Enterprise_Application_Platform/6.3/html-single/Security_Guide/index.html#Configure_Service_Provider

[2] https://docs.jboss.org/author/display/PLINK/Domain+Chooser+At+Service+Provider
Comment 2 Anil Saldhana 2014-05-07 19:21:01 UTC 
https://issues.jboss.org/browse/PLINK-344  has a comment at the end with the doc text.
Comment 3 Lucas Costi 2014-05-08 03:55:22 UTC 
Thanks for the content, Anil!

I have created a new topic based on that content, "Configure Dynamic Account Chooser at a Service Provider [30888]", and inserted it into the Security Guide (map 22558, rev 639073). 

Preview available on docbuilder: http://docbuilder.usersys.redhat.com/22558/#Configure_Dynamic_Account_Chooser_at_a_Service_Provider
Comment 4 sgilda 2014-05-08 16:49:45 UTC 
This topic can be reviewed on DocStage here:

http://documentation-devel.engineering.redhat.com/site/documentation/en-US/JBoss_Enterprise_Application_Platform/6.3/html-single/Security_Guide/index.html#Configure_Dynamic_Account_Chooser_at_a_Service_Provider
Comment 5 Ondrej Lukas 2014-05-12 15:10:52 UTC 
Verified on stage in Revision 6.3.0-15.