Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1074582

Summary: Missing documentation about configuring custom path to picketlink.xml
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: FIlip Bogyai <fbogyai>
Component: DocumentationAssignee: Lucas Costi <lcosti>
Status: CLOSED CURRENTRELEASE QA Contact: Russell Dickenson <rdickens>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.3.0CC: fbogyai, hmlnarik, jkudrnac
Target Milestone: GA   
Target Release: EAP 6.3.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-28 15:44:42 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1074994    
Bug Blocks:    

Description FIlip Bogyai 2014-03-10 15:14:59 UTC 
There is missing documentation of new feature in Picketlink:
https://issues.jboss.org/browse/EAP6-25

Configuration of Picketlink Identity Provider(IDP) and Service Provider(SP) can be referenced out of deployed application and time interval can be used to reload this configuration.
Configuration file picketlink.xml is by default in the WEB-INF directory of deployed application. There is new option that this configuration can be placed also out of deployed application.

To use custom location of picketlink.xml it is needed to add parameter "configFile" and to reload this configuration there is second new parameter "timerInterval" with value in milliseconds. These attributes must be added inside of valve element in WEB-INF/jboss-web.xml file.

Here is example:

 <valve>
     <class-name>...</class-name>
     <param>
       <param-name>timerInterval</param-name>
       <param-value>5000</param-value>
     </param>
     <param>
       <param-name>configFile</param-name>
       <param-value>path-to/picketlink.xml</param-value>
     </param>
  </valve>

This information about new feature should be added into chapters 5.6.3. Configure Identity Provider and 5.6.4. Configure Service Provider
Comment 1 Lucas Costi 2014-04-02 05:03:26 UTC 
Optional substep added to 'Configure Identity Provider' ([24284]) (revision 626981.)

Preview available here: http://docbuilder.usersys.redhat.com/22558/#Configure_Identity_Provider

Filip: I'm not sure where the change should go in "5.6.4. Configure Service Provider"; I don't see any configuration for picketlink.xml in that procedure?
Comment 2 FIlip Bogyai 2014-04-02 09:40:16 UTC 
In section 5.6.4. Configure Service Provider, steps 3 and 4 are wrong. 

There is only one configuration file: picketlink.xml, same as in Configure Identity Provider. Change these two wrong steps to:

3. Configure the PicketLink Configuration File (picketlink.xml)

The following is an example of picketlink.xml configuration for Service Provider. In this configuration file you provide the URL for this Service Provider and for Identity Provider, with corresponding handlers for Service Provider.

Example picketlink.xml configuration:

<PicketLink xmlns="urn:picketlink:identity-federation:config:2.1">
	<PicketLinkSP xmlns="urn:picketlink:identity-federation:config:2.1"
		ServerEnvironment="tomcat" BindingType="POST">
		<IdentityURL>${idp.url::http://localhost:8080/idp/}</IdentityURL>
		<ServiceURL>${sales-post.url::http://localhost:8080/sales-post/}</ServiceURL>
	</PicketLinkSP>
	<Handlers xmlns="urn:picketlink:identity-federation:handler:config:2.1">
		<Handler
			class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler" />
		<Handler
			class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler" />
		<Handler
			class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler" />
	</Handlers>
</PicketLink>

--> After this should go the information about configuring custom path to picketlink.xml, same as in chapter Configure Identity Provider
Comment 3 Lucas Costi 2014-04-03 00:44:58 UTC 
Thanks Filip.

Topic 24286 has been modified to incorporate the changes in Comment 2 (revision 627169).

Preview available here: http://docbuilder.usersys.redhat.com/22558/#Configure_Service_Provider

The changes will be reflected in the next document build, and the status will be changed to ON_QA when it is ready for review.