Security guide / Example 13.5. Example Clustered SSO Configuration The example should be fixed, there is no class org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn in the EAP 6.x.
The Example should be removed at all. The SSO Valves are configured by the AS automatically, when the "sso" is present under web/virtual-hosts in a server profile. The ClusteredSingleSignOn version is used, when attribute "cache-container" is present, otherwise standard "SingleSignOn" class is used. * Clustered example: /subsystem=web/virtual-server=default-host/sso=configuration:add(cache-container="web",cache-name="sso",reauthenticate="false",domain="domain.com") <sso cache-container="web" cache-name="sso" domain="domain.com" reauthenticate="false"/> * Non-clustered: /subsystem=web/virtual-server=default-host/sso=configuration:add(reauthenticate="false") <sso reauthenticate="false"/>
Adding anything about ClusteredSSO into a jboss-web.xml will cause InstantiationExceptions thrown by the WarDeploymentProcessor. Josef is right, we configure the ClusteredSSO via the web subsystem and not through jboss-web.xml.
The changes are OK in SG-CC-edition in docbuilder. But there is still one missing point. The table 17.1 SSO Configuration options should be removed too. Or it can be replaced by attributes from the configuration model: "domain" => { "type" => STRING, "description" => "The cookie domain that will be used.", }, "cache-container" => { "type" => STRING, "description" => "Enables clustered SSO using the specified clustered cache container.", }, "reauthenticate" => { "type" => BOOLEAN, "description" => "Enables reauthentication with the realm when using SSO.", }, "cache-name" => { "type" => STRING, "description" => "Name of the cache to use in the cache container.", }
Verified on stage: Revision 6.2.2-6 Revision 6.3.0-12