Merge branch '2024.2' into 2024.3

modules/identity/pages/single-sign-on-with-cas.adoc

@@ -44,15 +44,15 @@ The method https://docs.oracle.com/javaee/7/api/javax/servlet/http/HttpServletRe
 
 If you need more fine tuning or if you cannot update the reverse proxy configuration, you can consult the official documentation for https://tomcat.apache.org/connectors-doc/common_howto/proxy.html[Tomcat].
 
+
 == Configure Bonita Engine and Tomcat for CAS
 
-. The CAS implementation relies on JAAS, and is defined in the BonitaAuthentication module of the JAAS configuration file. +
+The CAS implementation relies on JAAS, and is defined in the BonitaAuthentication module of the JAAS configuration file. +
 Set the Java system property `java.security.auth.login.config` in the Tomcat startup script to point to the JAAS configuration file, xref:runtime:bonita-platform-setup.adoc[`BUNDLE_HOME/server/conf/jaas-standard.cfg`].
-+
+
 For example, on Linux, edit `BUNDLE_HOME/setup/tomcat-templates/setenv.sh`, uncomment the line that defines `SECURITY_OPTS`, and insert the variable `SECURITY_OPTS` in the line `CATALINA_OPTS=..`.
-+
-The `BUNDLE_HOME/server/conf/jaas-standard.cfg` file contains the following (replace `ip_address:port` with the relevant IP addresses and port numbers, in two places):
-+
+
+The `BUNDLE_HOME/server/conf/jaas-standard.cfg` file contains the following (replace `ip_address:port` with the relevant IP addresses and port numbers, in two places): +
 
 [source,conf]
 ----
@@ -91,6 +91,7 @@ If the platform has already been initialized, every update to the configuration
 * `setup pull`
 * edit configuration file(s)
 * `setup push`
+* restart your server to apply the changes
 ====
 +
  .. You must perform the following changes:
@@ -111,16 +112,17 @@ Specify the relevant IP address and port number.
 [discrete]
 ==== Configure the Bonita Runtime for CAS SSO
 
-. For each tenant, edit `authenticationManager-config.properties` to enable the CASRemoteAuthenticationManager and its properties.
+For your active tenant, edit `authenticationManager-config.properties` to enable the CASRemoteAuthenticationManager and its properties.
 Edit the `authenticationManager-config.properties` located in `platform_conf/initial/tenant_template_portal` for not initialized platform or `platform_conf/current/tenant_template_portal` and `platform_conf/current/tenants/[TENANT_ID]/tenant_portal/`.
 
 [NOTE]
 ====
 If the platform has already been initialized, every update to the configuration files under `setup/platform_conf/current` must be done using the `setup` tool:
 
  * `setup pull`
- * edit configuration file(s)
- * `setup push`
+* edit configuration file(s)
+* `setup push`
+* restart your server to apply the changes
 ====
 
 Make sure that `auth.AuthenticationManager` property is set to `org.bonitasoft.console.common.server.auth.impl.jaas.cas.CASRemoteAuthenticationManagerImpl`
@@ -140,6 +142,8 @@ Cas.bonitaServiceURL = http://ip_address:port/bonita/apps/appDirectoryBonita
 logout.link.hidden=true
 ----
 
+Restart your server to apply the changes.
+
 [discrete]
 ==== CAS SSO and Java client application
 
@@ -173,6 +177,7 @@ If the platform has already been initialized, every update to the configuration
 * `setup pull`
 * edit configuration file(s)
 * `setup push`
+* restart your server to apply the changes
 ====
 
 If this option is set, when users navigate away from the Bonita Applications, they are still logged in to CAS.

modules/identity/pages/single-sign-on-with-kerberos.adoc

@@ -128,7 +128,7 @@ Trust this user for delegation to any service (Kerberos only).
 
 == Configure Bonita Bundle for Kerberos
 
-You need to execute the following actions in the folder of each tenant for which you want to support authentication over Kerberos.
+You need to execute the following actions in the folder of each tenant for which you want to support authentication over Kerberos. Files are located in `<BUNDLE_HOME>/setup/platform_conf/current/tenants/<TENANT_ID>`. +
 If you want this configuration to also apply to each tenant created later, make sure to also perform those actions in the _template_ tenant configuration folder:
 `<BUNDLE_HOME>/setup/platform_conf/current/tenant_template_*` (if you have not started the Bonita bundle yet, the files are located in `<BUNDLE_HOME>/setup/platform_conf/initial/tenant_template_*`)
 
@@ -289,6 +289,8 @@ If you want Bonita engine to create the accounts on the fly when a user accessin
 +
 NOTE: Activating this option means any user logged in on the domain trying to access Bonita will have an account created automatically in Bonita Database.
 
+. Restart your server to apply the changes. +
+
 . Confirm that your Domain Controller is correctly configured. +
 Then you can start the bundle and try to access any Bonita Application page, an app page or a form URL (or just `http ://<host>:<port>/bonita[?tenant=<tenantId>]`) and make sure that you are automatically logged in.
 

modules/identity/pages/single-sign-on-with-saml.adoc

@@ -52,7 +52,7 @@ Bonita "username" should match the NameId or one of the attributes returned by t
 
 == Configure Bonita Bundle for SAML
 
-You need to execute the following actions in the folder of each tenant for which you want to support authentication over SAML.
+You need to execute the following actions in the folder of each tenant for which you want to support authentication over SAML. Files are located in `<BUNDLE_HOME>/setup/platform_conf/current/tenants/<TENANT_ID>`. +
 If you want this configuration to also apply to each tenant created later, make sure to also perform those actions in the _template_ tenant configuration folder:
 `<BUNDLE_HOME>/setup/platform_conf/current/tenant_template_*` (if you have not started the Bonita bundle yet, the files are located in `<BUNDLE_HOME>/setup/platform_conf/initial/tenant_template_*`)
 
@@ -198,6 +198,8 @@ The policy can either be FROM_NAME_ID or FROM_ATTRIBUTE (in that case you need t
  ** If you want to use the SAML logout feature, the URL of your Bonita server needs to be defined by replacing the following string (otherwise, you can remove this attribute):
   *** http://bonita.server.url.to.change
 
+. restart your server to apply the changes
+
 
 [NOTE]
 ====