Red Hat JBoss Portal 6.2

Administration and Configuration Guide

For use with Red Hat JBoss Portal 6.2 and its patch releases.

Jared Morgan

Red Hat, Ltd. Customer Content Services

Aakanksha Singh

Red Hat, Ltd. Customer Content Services

Legal Notice

Copyright © 2015 Red Hat, Inc.
This document is licensed by Red Hat under the Creative Commons Attribution-ShareAlike 3.0 Unported License. If you distribute this document, or a modified version of it, you must provide attribution to Red Hat, Inc. and provide a link to the original. If the document is modified, all Red Hat trademarks must be removed.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat Software Collections is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack Logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.


This book provides information to administrators for configuring and running Red Hat JBoss Portal. It forms part of the complete document suite available at
1. Document Conventions
1.1. Typographic Conventions
1.2. Pull-quote Conventions
1.3. Notes and Warnings
2. Getting Help and Giving Feedback
2.1. Do You Need Help?
2.2. We Need Feedback
I. Management
1. Portal Management
1.1. Important Terms used in Portal Management
1.2. Goals for Portal Management
1.3. Operations for Management Extensions
1.4. Content Type for Portal Management
1.5. Path Templates used by Management Extensions
2. REST Interface
2.1. Accessing REST Interface
2.2. Resource URLs for REST Interface
2.3. HTTP Method
2.4. Using Request Parameter
2.5. Using URL Extension
2.6. Management Attributes
2.6.1. Multivalue Attributes
2.7. Content Control
2.7.1. Browser Content Control
2.7.2. Operation Control
3. Command Line Interface
3.1. Deploying the Command Line Interface
3.2. Running the Command Line Interface
3.3. Management Commands
3.3.1. Using the mgmt command
3.3.2. Using the cat command
3.3.3. Using the cd command
3.3.4. Using the ls command
3.3.5. Using the pwd command
3.3.6. Using the export command
3.3.7. Using the import command
3.3.8. Using the Secure copy (SCP) command
4. Model Object for Portal (MOP) Management Extension
4.1. Types of Operations
4.1.1. Understanding read-config-as-xml Operation
4.1.2. Understanding export-resource Operation
4.1.3. Understanding import-resource Operation
4.2. Using Path Template Variables
4.3. REST API Management
4.3.1. MOP Component Resource
4.3.2. Site Layout Resource
4.3.3. Page Resource
4.3.4. Navigation Resource
4.3.5. Exporting and Filtering
4.4. Command Line Interface
4.4.1. Resource Paths
4.4.2. Exporting and Filtering
4.5. Using Secure Copy Command
II. Domain Mode
5. Configuring JBoss Portal Domain Mode
5.1. Deployment Notes for Domain Configurations
5.2. Domain Configuration Variables
5.3. Individual Domain Configuration
5.4. Shared Domain Configuration
5.5. Domain Mode Quickstart
5.6. Multiple Node Domain Scenario
5.6.1. Environment Assumptions
5.6.2. Configure the Domain Controller (Machine A)
5.6.3. Configure Host Controller One (Machine B)
5.6.4. Configure Host Controller Two (Machine C)
III. Administration and Monitoring
6. JBoss Operations Network (JON) Plug-in
6.1. Metrics Collected by JON Plug-in
6.2. About JBoss Operation Network Plug-in
IV. Authentication and Authorization
7. Authentication and Authorization
7.1. Authentication Methods
7.2. Authentication Workflow
7.2.1. RememberMe Authentication
7.2.2. Re-authentication
7.2.3. RemindPasswordToken Service
7.3. Login Modules
7.3.1. Types of Login Modules
7.3.2. About Custommembership Login Module
7.3.3. Configuring Custommembership Login Module
7.3.4. Creating a Login Module
7.3.5. Levels of Authentication
7.3.6. Authenticator Interface
7.3.7. RolesExtractor Interface
7.4. Authorization
7.4.1. Servlet Container Authorization
7.4.2. Portal Authorization
8. Password Encryption using PicketLink IDM Framework
8.1. Hashing and Salting of Passwords in PicketLink IDM
8.2. Implementing Credential Encoder
8.2.1. Default Implementation of CredentialEncoder
8.2.2. Choosing CredentialEncoder Implementation
8.2.3. Configuring Hashing Encoder
8.2.4. Configuring DatabaseReadingSaltEncoder
8.2.5. Configuring FileReadingSaltEncoder
8.2.6. Migration of Credential Encoder
9. PicketLink IDM Integration
9.1. Introduction to PicketLink IDM
9.2. Configuring Picketlink IDM
9.2.1. PicketlinkIDmServiceImpl Service
9.2.2. PicketlinkIDMOrganizationServiceImpl Service
10. Token Service
10.1. Implementing Token Service API
10.2. Configuring Token Services
11. Predefined User Configuration
11.1. Monitoring User Creating
12. Single Sign-on
12.1. File Name Conventions
12.2. Single Sign-on (SSO) Configuration
12.3. Central Authentication Service (CAS)
12.3.1. Authentication Process with Central Authentication Service integration
12.3.2. Logging out Process with Central Authentication Service integration
12.3.3. Configuration Result
12.4. Configuration for Central Authentication Service (CAS)
12.4.1. Downloading Central Authentication Service
12.4.2. Modifying the Central Authentication Service (CAS) Server
12.4.3. Authentication Plugin for Central Authentication Service (CAS)
12.4.4. Configuring the Authentication Plugin
12.4.5. Setting up Logout Redirection
12.4.6. Cookie Configuration for Central Authentication Service (CAS) Single Sign-on
12.4.7. Portal Authentication using Central Authentication Service Ticket Granting Cookie (CASTGC)
12.4.8. Installing Apache Tomcat Server
12.5. Modifying the Portal
12.5.1. Configuring Portal Single Sign-on
12.5.2. Configuration properties for Portal Single Sign-on
12.6. Building and Deploying Central Authentication Service (CAS)
13. Java Open Single Sign-on
13.1. Authenticating Java Open Single Sign-on
13.2. Java Open Single Sign-on Version 1.8
13.2.1. Setting up Java Open Single Sign-on Server
13.2.2. Setting up Java Open Single Sign-on Client
13.3. Java Open Single Sign-on Version 2.2
13.3.1. Setting up Java Open Single Sign-on Server
13.3.2. Setting up Java Open Single Sign-on Client
14. OpenAM
14.1. Downloading OpenAM
14.2. OpenAM Workflow
14.3. OpenAM Server
14.3.1. Setting up OpenAM Server
14.3.2. Deploying the OpenAM Server
14.3.3. Adding the Authentication Plugin
14.3.4. Configuring a Realm in OpenAM User Interface
14.4. Configuring the Platform as an OpenAM Client
14.5. Cross-domain with OpenAM
14.5.1. Authenticating Cross-domain with OpenAM
14.5.2. Configuring Cross-domain Authentication
15. Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO)
15.1. SPNEGO Server
15.1.1. Configuring the SPNEGO Server
15.2. Configuring the SPNEGO Client
15.3. Configuring SPNEGO
15.4. Testing SPNEGO Configuration
15.5. Disabling Fallback to FORM Authentication
15.6. Enabling Logging
16. Single Sign-on in a Cluster
16.1. Clustered Single Sign-on in a Shared DNS Domain
16.1.1. Configuring and Testing Single Sign-on in a Shared DNS Domain
16.2. Reauthentication
17. LDAP Integration
17.1. Setting up LDAP
17.2. LDAP in Read only mode
17.2.1. Setting up LDAP Read-only Mode
17.2.2. Setting up Red Hat Directory Server or OpenDS
17.2.3. Setting up Microsoft Active Directory
17.2.4. Setting up OpenLDAP
17.3. LDAP as Default Store
17.3.1. Setting up LDAP as Default Identity Store
17.3.2. Setting up RHDS and OpenDS
17.3.3. Setting up Microsoft Active Directory
17.3.4. Setting up OpenLDAP
17.4. Integration Examples
17.4.1. Example 1 LDAP Configuration
17.4.2. Example 2 Read-only groupType Mappings
17.4.3. Example 3 Default groupType Mappings
18. Security Assertion Markup Language (SAML2)
18.1. Authentication in SAML2
18.2. Configuring a Basic SAML2 Instance
18.2.1. SAML2 Configuration Scenario
18.2.2. Configuring a SAML2 Service Provider
18.2.3. Configuring a SAML2 Identity Provider
18.2.4. Testing the Configuration
18.3. Disabling SAML2 Single Logout
18.4. Implementing Keystores
18.5. Setting up PicketLink IDP using REST callback
18.6. Additional Information for SAML2
19. Using JBoss Portal SSO with Salesforce and Google Apps
19.1. JBoss Portal as the Identity Provider (IDP) and Salesforce as the Service Provider (SP)
19.1.1. IDP (JBoss Portal) and SP (Salesforce) Prerequisites
19.1.2. Obtain a Salesforce developerforce Account
19.1.3. Creating a Salesforce Domain
19.1.4. Configure SAML SSO SP Settings
19.1.5. Import Message Signing Certificate into Salesforce
19.1.6. Create Salesforce and Portal Users
19.1.7. Obtain the Salesforce Client Certificate
19.1.8. Configure JBoss Portal as the IDP
19.1.9. Test the IDP (JBoss Portal) and SP (Salesforce) Configuration
19.2. JBoss Portal as the Identity Provider (IDP) and Google Apps as the Service Provider (SP)
19.2.1. IDP (JBoss Portal) and SP (Google Apps) Prerequisites
19.2.2. Create A Google Apps for Business Account
19.2.3. Create Default Google Apps for Business Users
19.2.4. Configuring Google Apps as the SP
19.2.5. Configuring JBoss Portal as the IDP
19.2.6. Testing the IDP (JBoss Portal) and SP (Google Apps) Configuration
19.3. Salesforce as the Identity Provider (IDP) and JBoss Portal as the Service Provider (SP)
19.3.1. IDP (Salesforce) and SP (JBoss Portal) Prerequisites
19.3.2. Obtain a Salesforce developerforce Account
19.3.3. Creating a Salesforce Domain
19.3.4. Disable SP Single Sign-on in Salesforce
19.3.5. Create and Apply a Salesforce IDP Message Signing Certificate
19.3.6. Create Salesforce and Portal Users
19.3.7. Configuring Salesforce as the IDP
19.3.8. Configuring JBoss Portal as the SP
19.3.9. Testing the IDP (Salesforce) and SP (JBoss Portal) Configuration
20. OAuth - Authentication with Social Network accounts
20.1. Working of OAuth Protocol
20.2. OAuth Protocol User Interface
20.2.1. User Registration
20.2.2. Login Workflow
20.3. Integrating OAuth with the Portal
20.4. Integration of OAuth with Facebook
20.4.1. Registration of Portal application on Facebook
20.4.2. Configuring JBoss Portal for using OAuth Protocol with Facebook
20.5. Integration of OAuth with Google plus
20.5.1. Registration of Portal application on Google
20.5.2. Configuring JBoss Portal for using OAuth Protocol with Google plus
20.6. Integration of OAuth with Twitter
20.6.1. Registration of Portal application on Twitter
20.6.2. Configuring JBoss Portal for using OAuth Protocol with Twitter
21. Impersonation
21.1. Using Impersonation
22. Wildcard Membership Type
22.1. Wildcard Membership Configuration and Initialization
22.2. Wildcard Membership API
V. Mobile and Responsive Portal
23. Mobile and Responsive Portal Site
23.1. Issues and Limitations
23.1.1. Administration Functionality on Mobile Devices
23.1.2. Container Layouts and Page Configurations
23.1.3. Group and User Sites
23.1.4. Interchanging Mobile and Responsive Site Skins
23.2. Configuring the Mobile Site
24. Site Redirection
24.1. Configuring Site Redirections in XML
24.1.1. Adding a Redirectable Site
24.2. Automatic Redirection Based on User Agent String
24.3. Automatic Redirection Based on Device Properties
24.3.1. The Device Detection Page
24.3.2. Device Properties Based Redirection XML Configuration
24.3.3. Multiple Redirect Conditions
24.4. Mapping Page Nodes In Redirects
24.4.1. Explicit Node Mappings
24.4.2. Node Name Matching
24.5. Resolving Unresolved Nodes
24.6. Disabling Redirect Handler
VI. Portal Configuration
25. Portal Configuration
25.1. Configuring Permissions
25.2. Overwrite Portal Default Permissions
25.3. Portal Navigation
25.3.1. Configuring Portal Navigation
25.3.2. Setting up Navigation
25.3.3. Portal Navigation
25.3.4. Group Navigation
25.3.5. User Navigation
25.4. Default Configuration for JBoss Portal
25.4.1. Setting up Default Configuration for JBoss Portal
25.4.2. Configuring Classic Portal
25.4.3. Using Component Plugins
25.4.4. Setting up Information Bar
25.4.5. Disabling Portal Container
25.5. Internationalization Configuration
25.5.1. Configuring Locales
25.5.2. Configuring Resource Bundle Service
25.5.3. Configuring Navigation Resource Bundles
25.6. Portlets
25.6.1. Configuring Portlets
25.6.2. Standard Portlet Resource Keys
25.6.3. Debugging Resource Bundle Usage
25.6.4. Translating the Language Selection Form
25.6.5. Overriding Default JDK API Language Values
26. Localization Configuration
26.1. Pluggable Locale policy
26.1.1. Locale Policy API
26.1.2. Default Locale Policy
26.1.3. Customize LocalePolicy
26.1.4. Configuring Locale Policy
26.2. Bridged and Nonbridged Resources
26.2.1. Installing LocalizationFilter
VII. Gadget Configuration
27. Gadget Importer Tool
27.1. Importing Gadgets
27.1.1. Importing Gadgets
27.1.2. Creating a Standard WebApp Folder to Import Gadgets
27.1.3. Configuring the WebApp Files
27.2. Virtual Servers for Gadgets
27.2.1. Setting up Virtual Servers for Gadget Rendering
27.2.2. Configuring Gadget Server
27.2.3. Configuring Gadget Proxy and Concat
27.3. Shindig Server
27.3.1. Configuring Shindig Container
27.3.2. Configuring Shindig Container for Offline access
VIII. Web Services for Remote Portlets
28. Web Services for Remote Portlets
28.1. WSRP Support
28.2. Deploying Services
28.2.1. Deploying Web Services for Remote Portlets services
28.2.2. Considerations to use WSRP
28.3. Remote Portlets
28.3.1. Making a Remote Portlet
28.3.2. Making a Single Remote Portlet
28.3.3. Making Multiple Remote Portlets
28.3.4. Make portlets aware of WSRP requests
28.3.5. Using WSRP Portlets from a Remote Consumer
29. Securing Web Services for Remote Portlets
29.1. Web Services for Remote Portlets over SSL with HTTP endpoints
29.1.1. Configuration For Enabling SSL With WSRP
29.1.2. Configuring the Producer to Use HTTPS
29.1.3. Configuring the Consumer to Access the WSRP Endpoint over HTTPS
29.2. Web Services for Remote Portlets and Web Services Security
30. Credentials for Web Services Security
30.1. About Web Services Security Configuration
30.2. WSS4J Interceptors and WSRP
30.2.1. User Propagation
30.3. WS-Security Consumer Configuration
30.3.1. Portal-specific Configuration Options for User Propagation
30.4. Producer Configuration
30.4.1. Special Configuration Options for User Propagation
30.4.2. Custom 'action' option
30.5. Configuring WSRP using the User name Token and User Propagation
30.5.1. Producer Setup
30.5.2. Consumer Setup
30.6. Securing WSRP Endpoints using Encryption and Signing
30.6.1. Sample Configuration for securing the Endpoints using Encryption and Signing
30.6.2. Password Callback Class
30.6.3. Configuring the Keystores
30.6.4. Configuring the Producer
30.6.5. Configuring the Consumer
30.7. Configuring WSRP using User name Token, Encryption and Signing with User Propagation
30.7.1. Sample Configuration using User name Token, Encryption and Signing with User Propagation
30.7.2. Configure the Producer
30.7.3. Configure the Consumer
31. Using Remote WSRP Portlets
31.1. Configuring a Remote Producer using the Configuration Portlet
31.2. Access Remote Producers
31.2.1. Configuring Access to Remote Producers using XML
31.2.2. Additional Configuration to Remote Producers
31.3. Configuration Examples
31.3.1. Consumer Configuration
31.3.2. Example 2: Registration Data and Cache Expiry
31.4. Adding remote portlets to categories
31.5. Adding remote portlets to pages
31.5.1. Example: Adding Portlets
32. Maintaining Consumers
32.1. Modifying a registration
32.1.1. Registration Modification for Service Upgrade
32.1.2. Registration modification on producer error
32.2. Consumer Operations
32.3. Importing and Exporting Portlets
32.4. Erasing Local Registration Data
33. Working with WSRP Extensions
33.1. Using WSRP Extensions
33.1.1. Infrastructure for InvocationHandlerDelegate
33.1.2. Injecting InvocationHandlerDelegate implementations
33.1.3. Accessing extensions from client code
33.2. WSRP Implementation Example
34. Configuring the WSRP Producer
34.1. Default Producer Configuration
34.2. Registration Configuration
34.2.1. Customization of Registration handling behavior
34.3. WSRP Validation Mode
A. Revision History