| Summary: | Document: JBoss SSO valve integration improvement | ||
|---|---|---|---|
| Product: | [JBoss] JBoss Enterprise Portal Platform 5 | Reporter: | mposolda |
| Component: | Documentation | Assignee: | Jared MORGAN <jmorgan> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 5.2.0.ER06 | CC: | epp-bugs, mmurray, mposolda |
| Target Milestone: | --- | ||
| Target Release: | 5.2.1.Docs.GA | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| URL: | http://jira.jboss.org/jira/browse/JBEPP-1365 | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-02-17 03:31:20 UTC | Type: | Enhancement |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
|
Description
mposolda
2011-11-16 02:57:36 UTC
Link: Added: This issue Cloned from JBEPP-1361 From Release Note text on the dev issue:
{quote}
The fix introduces JBossClusteredSSOValveFilter, which removes the patching and workarounds customers had to implement in earlier versions of the product, and increases overall platform security.{quote}
Hi Marek
The new ValveFilter sounds like a good thing to document, and replace the current workaround documented in the Reference Guide (which uses BASIC authentication, currently the subject of that worm).
Can you link me to any info about the Filter, and what parameters it accepts?
Even better, would it be possible to get a real-world configuration example of the ValveFilter in a directive file?
Cheers
Jared
Primary SME: Added: mposolda NEEDINFO: Removed: Nobody Added: Reporter Release Notes Docs Status: Removed: Documented as Resolved Issue Added: Not Required Release Notes Text: Removed: The JBoss Clustered Single Sign On (SSO) Valve must authenticate on all clustered nodes using the same password. The login process in Enterprise Portal Platform differed from normal authentication methods, and customers had to bypass standard authentication by enabling BASIC authentication, or patch login.jsp as described in the Reference Guide. The fix introduces JBossClusteredSSOValveFilter, which removes the patching and workarounds customers had to implement in earlier versions of the product, and increases overall platform security. Hi Jared, there are two things to mention: 1) I've made some minor changes in implementation and decided that it will be better to introduce new helper Valve at JBossWeb context level instead of using servlet filter. It's better also because this valve is not enabled by default in Tomcat or Jetty, which makes integration easier in GateIn as well, because GateIn needs to run on JBoss, Tomcat and Jetty. I've updated Release notes for JBEPP-1361 (I only changed name of filter to "PortalClusteredSSOSupportValve") 2) PortalClusteredSSOSupportValve itself is enabled by default in EPP. When ClusteredSingleSignOn valve is disabled, this valve only forward HTTP request down to servlet layer. Please note that valve itself does not have any parameters and it's not something which customers should directly configure or interact with. It only helps that customers don't need to apply workaround with BASIC authentication and with login.jsp. I've applied all needed documentation changes into GateIn trunk documentation (See jira GTNPORTAL-2277 for details) and I assigned SSO valve documentation change to Scott (Jira for it is JBEPP-1363 ). You can change release notes of JBEPP-1361 if you think that it should contain more informations. From my side, I am ok with how it is right now. I am assigning this JIRA back to you. Let me know if more info or other actions are needed from me. Thanks, Marek |