Hide Forgot
Affects: Release Notes project_key: JBEPP JBoss clustered SSO valve require to do reauthentication on second cluster node and it needs to authenticate with same password on both cluster nodes. Bad thing is that EPP login process is not standard and so that user credentials seen by JBossWeb and by SSO valve is not something like "root"/"gtn" but something like "root"/"wci-ticket-123456" . So integration with clustered SSO valve require workaround by customers. They need to switch to BASIC http authentication or patch login.jsp to call directly "/portal/j_security_check" instead of "/portal/login" and bypass standard EPP login process (which is described in JBEPP-615 and in EPP reference guide)
I have a solution for SSO valve by adding new servlet filter, which update SSO valve with real credential of user when it detect login of user. This will help people to avoid workaround currently needed for SSO valve (switch to BASIC or edit login.jsp). I am attaching patch with new filter . I've tested with EPP 5.2.0 branch and also with GateIn on JBoss and there should not be risk with adding it to EPP 5.2 branch (filter is working correctly with valve enabled and disabled). Still I am not sure if it can be added at this stage of testing or add it later to have the fix for EPP 5.2.1 ? It will also require some changes in documentation (Deleting some parts related to patch login.jsp and switch to BASIC authentication as these won't be needed anymore)
Attachment: Added: ClusteredSSOValve_patch.patch
Release Notes Text: Added: Added JBossClusteredSSOValveFilter to help integration with JBoss SSO valve and avoid bypass of standard EPP authentication process.
Link: Added: This issue relates to JBEPP-1363
Link: Added: This issue is related to GTNPORTAL-2276
Release Notes Docs Status: Added: Not Required Affects: Added: Release Notes
Release Notes Docs Status: Removed: Not Required Security: Removed: RHT+eXo
Hi Jared, This jira is not something, which needs to be secure. I set it with security level RH+EXO probably by accident, sorry for that:-/ Now I made it public. I returned release notes status back to "None". Is some more info needed from me? Because "Release notes text" already have some value, which can be used to identify purpose of this jira.
Release Notes Docs Status: Added: Documented as Resolved Issue Release Notes Text: Removed: Added JBossClusteredSSOValveFilter to help integration with JBoss SSO valve and avoid bypass of standard EPP authentication process. Added: The JBoss Clustered Single Sign On (SSO) Valve must authenticate on all clustered nodes using the same password. The login process in Enterprise Portal Platform differed from normal authentication methods, and customers had to bypass standard authentication by enabling BASIC authentication, or patch login.jsp as described in the Reference Guide. The fix introduces JBossClusteredSSOValveFilter, which removes the patching and workarounds customers had to implement in earlier versions of the product, and increases overall platform security. Security: Added: Public
Link: Added: This issue Cloned to JBEPP-1365
Release Notes Text: Removed: The JBoss Clustered Single Sign On (SSO) Valve must authenticate on all clustered nodes using the same password. The login process in Enterprise Portal Platform differed from normal authentication methods, and customers had to bypass standard authentication by enabling BASIC authentication, or patch login.jsp as described in the Reference Guide. The fix introduces JBossClusteredSSOValveFilter, which removes the patching and workarounds customers had to implement in earlier versions of the product, and increases overall platform security. Added: The JBoss Clustered Single Sign On (SSO) Valve must authenticate on all clustered nodes using the same password. The login process in Enterprise Portal Platform differed from normal authentication methods, and customers had to bypass standard authentication by enabling BASIC authentication, or patch login.jsp as described in the Reference Guide. The fix introduces PortalClusteredSSOSupportValve, which removes the patching and workarounds customers had to implement in earlier versions of the product, and increases overall platform security.