Bug 846820

Summary: war-deployers-jboss-beans.xml contains PicketLinkAuthenticator, which is not in classpath
Product: [JBoss] JBoss Enterprise Application Platform 5 Reporter: mposolda
Component: distributionAssignee: Christopher O'Brien <cobrien>
Status: CLOSED NEXTRELEASE QA Contact: Len DiMaggio <ldimaggi>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 5.1.2   
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-08-02 16:04:56 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 846743    

Description mposolda 2012-08-08 19:54:02 UTC 
in server/default/deployers/jbossweb.deployer/META-INF/war-deployers-jboss-beans.xml there is declaration of new authenticator in "authenticators" configuration:

<entry>
  <key>SECURITY_DOMAIN</key
  <value>org.picketlink.identity.federation.bindings.tomcat.PicketLinkAuthenticator</value>
</entry>

Problem is that this authenticator is not available in EAP classpath by default. It's available in EAP in attached picketlink component under $EAP_HOME/picketlink/picketlink-federation/picketlink-core-2.0.2.jar, but this JAR is not in EAP classpath by default. So it seems that PicketLinkAuthenticator should be commented by default and EAP users can uncomment only in case when they want to use picketlink and add picketlink JAR into classpath.


The main problem with current configuration in EAP 5.1.2-GA is, that if user adds another authenticator into the end of the authenticators chain - like SPNEGO authenticator for instance:

<entry>
  <key>SPNEGO</key>
  <value>org.jboss.security.negotiation.NegotiationAuthenticator</value>
</entry>

then the server startup ends with the confusing error message:
ERROR [ContextConfig] Cannot configure an authenticator for method SPNEGO

which is actually not caused by SPNEGO itself but it's caused by the fact that previous authenticator (PicketLinkAuthenticator) is not in classpath.