Bug 970458

Summary: Wrong authenticator class in Example 13.5. Example Clustered SSO Configuration
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Josef Cacek <jcacek>
Component: DocumentationAssignee: Tom WELLS <twells>
Status: CLOSED CURRENTRELEASE QA Contact: Russell Dickenson <rdickens>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.1.0CC: hmlnarik, lcarlon, lcosti, nsurtani, smumford
Target Milestone: GAKeywords: Documentation, Triaged
Target Release: EAP 6.2.2   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Instance Name: Not Defined Build: CSProcessor Builder Version 1.8 Build Name: 13944, Security Guide-6.1-1 Build Date: 19-04-2013 15:46:54
Last Closed: 2014-06-02 12:50:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 958572, 1035353    

Description Josef Cacek 2013-06-04 05:25:10 UTC 
Security guide / Example 13.5. Example Clustered SSO Configuration

The example should be fixed, there is no class org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn in the EAP 6.x.
Comment 1 Josef Cacek 2013-06-04 11:55:40 UTC 
The Example should be removed at all.

The SSO Valves are configured by the AS automatically, when the "sso" is present under web/virtual-hosts in a server profile. The ClusteredSingleSignOn version is used, when attribute "cache-container" is present, otherwise standard "SingleSignOn" class is used.

* Clustered example:

/subsystem=web/virtual-server=default-host/sso=configuration:add(cache-container="web",cache-name="sso",reauthenticate="false",domain="domain.com")

<sso cache-container="web" cache-name="sso" domain="domain.com" reauthenticate="false"/>


* Non-clustered:

/subsystem=web/virtual-server=default-host/sso=configuration:add(reauthenticate="false")

<sso reauthenticate="false"/>
Comment 2 Navin Surtani 2013-07-09 02:25:26 UTC 
Adding anything about ClusteredSSO into a jboss-web.xml will cause InstantiationExceptions thrown by the WarDeploymentProcessor. Josef is right, we configure the ClusteredSSO via the web subsystem and not through jboss-web.xml.
Comment 8 Josef Cacek 2014-04-22 17:52:17 UTC 
The changes are OK in SG-CC-edition in docbuilder. But there is still one missing point.

The table 17.1 SSO Configuration options should be removed too.
Or it can be replaced by attributes from the configuration model:

"domain" => {
	"type" => STRING,
	"description" => "The cookie domain that will be used.",
},
"cache-container" => {
	"type" => STRING,
	"description" => "Enables clustered SSO using the specified clustered cache container.",
},
"reauthenticate" => {
	"type" => BOOLEAN,
	"description" => "Enables reauthentication with the realm when using SSO.",
},
"cache-name" => {
	"type" => STRING,
	"description" => "Name of the cache to use in the cache container.",
}
Comment 11 Josef Cacek 2014-04-23 08:37:39 UTC 
Verified on stage:
Revision 6.2.2-6
Revision 6.3.0-12