The orbeon-auth.war is deployed as a separate web app, at the same level as orbeon.war, e.g.:
- orbeon-auth.war deployed on /orbeon-auth
- orbeon.war deployed on /orbeon
So you won't be "merging" the web.xml of orbeon.war and orbeon-auth.war.
And on the local server, you don't have any setup for the `orbeon-service` role. Instead, from the Form Runner home page, when publishing a form to a remote server, you log into that server using a user that has this role, which in your case would be orbeon/orbeon. Does this make sense?
Follow Orbeon on Twitter: @orbeon
Follow me on Twitter: @avernet
I have tried this approach as well. Placed the orbeon-auth.war at the same root level of Orbeon.
Configured the properties.xml to point to two different environments.
When I try to navigate to the /orbeon/fr services page it asks for a UserName/Password combination. As I key in the credentials the pop up just refreshes in the UI and no re-direction happens (Either to a non authorized page or to a authorized page).
The user name and password are configured in tomcat-users.xml for the orbeon-service role.
I do not see any erros or authorization issues in the log files either.