Red Hat Bugzilla – Bug 1001531
[Doc Bug Fix] SSO documentation is unclear/outdated
Last modified: 2015-07-22 01:01:09 EDT
Title: Choose the Right SSO Implementation
Describe the issue:
1) The docs don't make a clear distinction between clustered web-app session (aka. <distributable/>) and clustered SSO.
2) The docs are not updated with latest changes in EAP, where most of config went down to domain/standalone.xml, eg. 'Example 13.5. Example Clustered SSO Configuration' is no more relevant.
3) Docs don't tell that out of the box EAP 6 ships everything preconfigured and only thing a sysadmin has to do is add <sso/> element in appropriate virtual host.
4) SSO behavior explanation is not migrated from eap-5 to eap-6.1 docs
Suggestions for improvement:
1) Please mention that clustered-web-session and clustered-sso are orthogonal features and outline the technologies that they build upon.
2) Update docs with latest changes in EAP 6.1/AS7.2
3) Simplify the SSO configuration guide in section '13.4. Use Single Sign On (SSO) In A Web Application'
4) Add missing SSO parts from eap-5.1 SSO docs.
I'm not sure if reply-by-mail worked, so let me comment here:
> 1) The docs don't make a clear distinction between clustered web-app session (aka. <distributable/>) and clustered SSO.
This should rather be: ... between clustered web-app session and clustered security domain. I think, they are independent in JBoss, eg. you don't need to make an app <distributable/> and yet have authentication distributed across cluster.
> 2) The docs are not updated with latest changes in EAP, where most of config went down to domain/standalone.xml, eg. 'Example 13.5. Example Clustered SSO Configuration' is no more relevant.
I’m not sure, but looks like <valve> of jboss-web.xml repeats the <sso> of web subsystem. That is confusing. "Table 13.1. SSO Configuration Options" lists options that are also available down at <sso>.
Which one do I choose?
IMHO SSO is a platform-level concern. I shouldn’t deal with it inside my WAR file.