Uploaded image for project: 'JBoss Enterprise Application Platform 4 and 5'
  1. JBoss Enterprise Application Platform 4 and 5
  2. JBPAPP-10736

Provide JBossWeb SSO valve that will work when only the WebAuthentication login module is used

    Details

    • Release Notes Text:
      Hide
      Possible draft release notes content:
      Cause and Consequence:
      Customers that are attempting to implement a custom login process using only the WebAuthentication for their web application run into problems when this approach is used in a Clustered SSO environment. This is because the SSO re-authentication logic is implemented in the Form and Basic authenticators. These authenticators are not used in the case when only the WebAuthentication module is used. There is no valve/authenticator that should be used if the customer is only using the WebAuthentication approach

      Fix:
      a new CustomNonLoginAuthenticator which extends AuthenticatorBase is provided and it will work when only the WebAuthentication login module is used.

      Result: the new CustomNonLoginAuthenticator allows customers to implement a custom login process using only the WebAuthentication(non Form/Basic authenticators) for their web application in a Clustered SSO environment. They can enable CustomNonLoginAuthenticator in context.xml of their application if they only want to use the WebAuthentication approach like follows:

      <Context cookies="true" crossContext="true">
         <Valve className="org.jboss.web.tomcat.security.authenticators.CustomNonLoginAuthenticator" />
      </Context>
      Show
      Possible draft release notes content: Cause and Consequence: Customers that are attempting to implement a custom login process using only the WebAuthentication for their web application run into problems when this approach is used in a Clustered SSO environment. This is because the SSO re-authentication logic is implemented in the Form and Basic authenticators. These authenticators are not used in the case when only the WebAuthentication module is used. There is no valve/authenticator that should be used if the customer is only using the WebAuthentication approach Fix: a new CustomNonLoginAuthenticator which extends AuthenticatorBase is provided and it will work when only the WebAuthentication login module is used. Result: the new CustomNonLoginAuthenticator allows customers to implement a custom login process using only the WebAuthentication(non Form/Basic authenticators) for their web application in a Clustered SSO environment. They can enable CustomNonLoginAuthenticator in context.xml of their application if they only want to use the WebAuthentication approach like follows: <Context cookies="true" crossContext="true">    <Valve className="org.jboss.web.tomcat.security.authenticators.CustomNonLoginAuthenticator" /> </Context>
    • Release Notes Docs Status:
      Not Yet Documented
    • Docs QE Status:
      NEW

      Description

      Allow customers to implement a custom login process using only the WebAuthentication(non Form/Basic authenticators) for their web application in a Clustered SSO environment. They can use the CustomNonLoginAuthenticator in context.xml of their application if they only want to use the WebAuthentication approach.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                soul2zimate Chao Wang
                Reporter:
                soul2zimate Chao Wang
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: