http://docs.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/6/html-single/Development_Guide/index.html#Use_Single_Sign_On_SSO_In_A_Web_Application section 14.4 is completely wrong. Here is a proposed replacement: Overview: SSO is provided by the web + infinispan subsystems Prerequisites: - You need to have a configured security domain which handles authentication and authorization. - the infinispan subsystem needs to be present. The example configuration files already contain the needed "web" cache-container. If not, you can add it with: /subsystem=infinispan/cache-container=web:add(aliases=["standard-session-cache"],default-cache="repl",module="org.jboss.as.clustering.web.infinispan") /subsystem=infinispan/cache-container=web/transport=TRANSPORT:add(lock-timeout=60000) /subsystem=infinispan/cache-container=web/replicated-cache=repl:add(mode="ASYNC",batching=true) Some of the example configuration files already have the SSO cache-container, if not add it with: /subsystem=infinispan/cache-container=web/replicated-cache=sso:add(mode="SYNC", batching=true) Lastly, the web subsystem needs to be told to enable SSO: /subsystem=web/virtual-server=default-host/sso=configuration:add(cache-container="web",cache-name="sso",reauthenticate="false",domain="domain.com") with "domain.com" being the desired cookie domain.
the main section is good now, but the text in the overview is still wrong as it's still talking about valves. Something like the below should replace it: Overview: SSO is provided by the web + infinispan subsystems
Changed the overview to: Single Sign On (SSO) capabilities are provided by the web and Infinispan subsystems. Use this proceure to configure SSO in web applications. Tom, please move to VERIFIED if this is good with you. Thanks!
JBoss_Enterprise_Application_Platform-Development_Guide-6-en-US-0.0-3 Example 14.3. Check for the SSO cache-container Look for output like the following: "sso" => { If you do not find it, the SSO cache-container is not present in your configuration. [comment] Is there meant to be an empty screen tag following this line?
No, I've removed it. This is very minor and doesn't affect any procedures so I'll set this to VERIFIED.