Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

Support for delegated authentication with Shibboleth comes with the Web Proxy Portlet from version 1.1.1 on.

Steps for updating the Web Proxy Portlet included with the uPortal EAR package

Step 1

...

: Updating the Web Proxy Portlet Version

In pom.xml file and update the WebProxyPortlet.version line to specify 1.1.1

Code Block
xml
xml

<WebProxyPortlet.version>1.1.1</WebProxyPortlet.version>

Step 2

...

: Enabling the Shibboleth Http Manager

Add the file uportal-portlets-overlay/WebProxyPortlet/src/main/webapp/WEB-INF/applicationContextOverrides.xml with contents:
You'll need to set the spPrivateKey, spCertificate, and portalEntityID properties appropriately for your institution.

Code Block
xml
xml

<?xml version="1.0" encoding="UTF-8"?>
<!--
 | Override specific bean(s) from applicationContext.xml
 +-->
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:util="http://www.springframework.org/schema/util"
    xmlns:tx="http://www.springframework.org/schema/tx"
    xmlns:aop="http://www.springframework.org/schema/aop"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
    http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd
    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.0.xsd
    http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.0.xsd">

    <bean id="HttpManagerBean" class="edu.wisc.my.webproxy.beans.http.ShibbolethEnabledHttpManagerImpl" scope="prototype">
      <property name="spPrivateKey" value="/opt/shibboleth-sp/etc/shibboleth/sp-key.pem"/>
      <property name="spCertificate" value="/opt/shibboleth-sp/etc/shibboleth/sp-cert.pem"/>
      <property name="portalEntityID" value="https://my.example.com/shibboleth"/>
    </bean>
</beans>

Step 3

...

: Enable the SAML User Attributes

Copy the portlet.xml file from the release to uportal-portlets-overlay/WebProxyPortlet/src/main/webapp/WEB-INF/portlet.xml and add the following user attributes:

Code Block
xml
xml

<user-attribute>
    <description>idpPublicKeys</description>
    <name>idpPublicKeys</name>
</user-attribute>

<user-attribute>
    <description>samlAssertion</description>
    <name>samlAssertion</name>
</user-attribute>

Optional - Modifying uPortal's Web Proxy Portlet CPD

To list Shibboleth as an authentication option in uPortal's administrative interface, add "SHIBBOLETH" as an option for the PORTLET.edu.wisc.my.webproxy.webproxy.httpclient.sAuthType parameter in uPortal's Web Proxy Portlet CPD.

In uportal-war/src/main/resources/edu/wisc/my/portlets/WebProxy/WebProxyPortlet.cpd add <value>SHIBBOLETH</value>

Code Block
xml
xml

<parameter modify="publish">
    <name>PORTLET.edu.wisc.my.webproxy.webproxy.httpclient.sAuthType</name>
    <label>Type of authentication (optional)</label>
    <type base="string" input="single-choice" display="drop-down">
    <restriction type="enumeration">
        <value></value>
        <value>SHIBBOLETH</value>
        <value>FORM</value>
        <value>BASIC</value>
        <value>NTLM</value>
    </restriction>
    </type>
    <defaultValue></defaultValue>
    <description>Select the type of authentication the web-based application requires.</description>
</parameter>