...
In uportal-impl/src/main/resources/properties/security.properties
add the property:
Code Block |
---|
root.remote=org.jasig.portal.security.provider.RemoteUserSecurityContextFactory
|
To ensure the Shibbolized uPortal instance has no chance of using anything but Shibboleth for authN, comment out root and other existing root.* and use RemoteUserSecurityContextFactory
as root like:
Code Block |
---|
## This is the factory that supplies the concrete authentication class |
...
#root=org.jasig.portal.security.provider.UnionSecurityContextFactory |
...
#root.cas=org.jasig.portal.security.provider.cas.CasFilteredSecurityContextFactory |
...
#root.simple=org.jasig.portal.security.provider.SimpleSecurityContextFactory |
...
root=org.jasig.portal.security.provider.RemoteUserSecurityContextFactory
|
Step 2 - Person Manager
Configure uPortal to create user's on demand based on the REMOTE_USER
header.
In uportal-impl/src/main/resources/properties/contexts/userContext.xml
replace SimplePersonManager
bean<bean bean
Code Block |
---|
|
<bean id="personManager" class="org.jasig.portal.security.provider.SimplePersonManager" />
|
with the RemoteUserPersonManager
bean. Note that the bean id stays the same.
Code Block |
---|
|
<bean id="personManager" class="org.jasig.portal.security.provider.RemoteUserPersonManager" />
|
Step 3 - Person Attributes
...
In pom.xml
update the line:
Code Block |
---|
|
<person-directory.version>1.5.0-RC3</person-directory.version> |
...
To
Code Block |
---|
|
<person-directory.version>1.5.0-RC8</person-directory.version>
|
In uportal-impl/src/main/resources/properties/contexts/personDirectoryContext.xml
add the following beans<beans
...
| Servlet filter that creates an attribute for the serverName |
...
...
<bean id="requestAttributeSourceFilter" class="org.jasig.services.persondir.support.web.RequestAttributeSourceFilter"> |
...
<property name="additionalDescriptors" ref="requestAdditionalDescriptors" /> |
...
<property name="usernameAttribute" value="remoteUser" /> |
...
<property name="remoteUserAttribute" value="remoteUser" /> |
...
<property name="serverNameAttribute" value="serverName" /> |
...
<property name="processingPosition" value="BOTH" /> |
...
<property name="headerAttributeMapping"> |
...
<map>
<!-- MODIFY THESE MAPPINGS TO EXPOSE HEADERS FROM SHIB AS USER ATTRIBUTES --> |
...
...
<list>
<value>cn</value>
<value>displayName</value>
</list>
</entry>
<entry key="givenName" value="givenName" /> |
...
...
...
...
...
| Session-scoped descriptors object. One of these will exist for each user in their session. It will store the |
...
| attributes from the reques set by the requestAttributeSourceFilter |
...
...
<bean id="requestAdditionalDescriptors" class="org.jasig.services.persondir.support.MediatingAdditionalDescriptors"> |
...
<property name="delegateDescriptors"> |
...
<list>
<bean class="org.jasig.services.persondir.support.AdditionalDescriptors" scope="globalSession"> |
...
...
...
<bean class="org.jasig.services.persondir.support.AdditionalDescriptors" scope="request"> |
...
...
...
...
...
In uportal-war/src/main/webapp/WEB-INF/web.xml
add the following servlet filter<filter>
filter
Code Block |
---|
|
<filter>
<filter-name>requestAttributeSourceFilter</filter-name> |
...
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> |
...
...
...
<filter-name>requestAttributeSourceFilter</filter-name> |
...
<url-pattern>/Login</url-pattern> |
...
Step 4 - Login Link
This step is only needed if you're using the uPortal rendered login link.
Modify uportal-war/src/main/resources/org/jasig/portal/channels/CLogin/html.xsl
to change the Login and Logout UIs to something appropriate to your institution.
References