Bug 970458 - Wrong authenticator class in Example 13.5. Example Clustered SSO Configuration
Wrong authenticator class in Example 13.5. Example Clustered SSO Configuration
Status: CLOSED CURRENTRELEASE
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Documentation (Show other bugs)
6.1.0
Unspecified Unspecified
unspecified Severity high
: GA
: EAP 6.2.2
Assigned To: Tom WELLS
Russell Dickenson
: Documentation, Triaged
Depends On:
Blocks: 958572 1035353
  Show dependency treegraph
 
Reported: 2013-06-04 01:25 EDT by Josef Cacek
Modified: 2015-05-17 21:29 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Instance Name: Not Defined Build: CSProcessor Builder Version 1.8 Build Name: 13944, Security Guide-6.1-1 Build Date: 19-04-2013 15:46:54
Last Closed: 2014-06-02 08:50:43 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Josef Cacek 2013-06-04 01:25:10 EDT
Security guide / Example 13.5. Example Clustered SSO Configuration

The example should be fixed, there is no class org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn in the EAP 6.x.
Comment 1 Josef Cacek 2013-06-04 07:55:40 EDT
The Example should be removed at all.

The SSO Valves are configured by the AS automatically, when the "sso" is present under web/virtual-hosts in a server profile. The ClusteredSingleSignOn version is used, when attribute "cache-container" is present, otherwise standard "SingleSignOn" class is used.

* Clustered example:

/subsystem=web/virtual-server=default-host/sso=configuration:add(cache-container="web",cache-name="sso",reauthenticate="false",domain="domain.com")

<sso cache-container="web" cache-name="sso" domain="domain.com" reauthenticate="false"/>


* Non-clustered:

/subsystem=web/virtual-server=default-host/sso=configuration:add(reauthenticate="false")

<sso reauthenticate="false"/>
Comment 2 Navin Surtani 2013-07-08 22:25:26 EDT
Adding anything about ClusteredSSO into a jboss-web.xml will cause InstantiationExceptions thrown by the WarDeploymentProcessor. Josef is right, we configure the ClusteredSSO via the web subsystem and not through jboss-web.xml.
Comment 8 Josef Cacek 2014-04-22 13:52:17 EDT
The changes are OK in SG-CC-edition in docbuilder. But there is still one missing point.

The table 17.1 SSO Configuration options should be removed too.
Or it can be replaced by attributes from the configuration model:

"domain" => {
	"type" => STRING,
	"description" => "The cookie domain that will be used.",
},
"cache-container" => {
	"type" => STRING,
	"description" => "Enables clustered SSO using the specified clustered cache container.",
},
"reauthenticate" => {
	"type" => BOOLEAN,
	"description" => "Enables reauthentication with the realm when using SSO.",
},
"cache-name" => {
	"type" => STRING,
	"description" => "Name of the cache to use in the cache container.",
}
Comment 11 Josef Cacek 2014-04-23 04:37:39 EDT
Verified on stage:
Revision 6.2.2-6
Revision 6.3.0-12

Note You need to log in before you can comment on or make changes to this bug.