Overview
Integration Support for delegated authentication with Shibboleth comes with the new Delegated SAML Authentication library required the Web Proxy Portlet to be updated to httpclient 4.0-beta2. This integration involved significant refactoring of the Web Proxy Portlet's proxying implementation, as well as an update to its state persistence API. All work performed as part of the httpclient upgrade has been contributed to the trunk of the public project (currently available in the Jasig repository at https://www.ja-sig.org/svn/portlets/WebproxyPortlet/trunk).
In order to perform the Shibboleth integration itself, a new subclass of HttpManagerImpl has been created for the University of Chicago. This implementation is capable of constructing a new SAMLSession for the current portlet request and returning an HttpClient instance created by this SAMLSession for any portlet requiring SAML authentication.
While we anticipate eventually open-sourcing the new Shibboleth-enabling HttpManager implementation, this work will not be publicly available until the Delegated SAML library dependency is publicly available.
Modifying and Configuring the Web Proxy Portlet
The Delegated SAML Authentication library must be added as a dependency. To add this dependency, the following should be added as a dependency in the portlet's pom.xml file:
...
<dependency>
<groupId>org.jasig.service</groupId>
<artifactId>delegated-saml-authentication</artifactId>
<version>1.0</version>
<type>jar</type>
<scope>compile</scope>
<exclusions>
<exclusion>
<artifactId>xml-apis</artifactId>
<groupId>xml-apis</groupId>
</exclusion>
</exclusions>
</dependency>
The exclusion is meant to avoid getting two different versions of the excluded artifact.
And modify the following dependency to add the exclusions section as follows:
...
<dependency>
<groupId>nekohtml</groupId>
<artifactId>nekohtml</artifactId>
<version>0.9.5</version>
<type>jar</type>
<scope>compile</scope>
<exclusions>
<exclusion>
<groupId>xerces</groupId>
<artifactId>xercesImpl</artifactId>
</exclusion>
</exclusions>
</dependency>
As with the previous exclusion, this is meant to avoid getting duplicate versions of the same library.
Optionally, you may add the following plugin to allow building of the portlet war file that can be simply dropped into Tomcat's webapps directory instead of using "ant deployPortletApp" method. To add the pluto plugin, couple of additions need to be made to pom.xml as follows:from version 1.1.0 on.
Step 1 - Updating the Web Proxy Portlet Version
If the uPortal EAR packaging is used edit the uPortal pom.xml file and update the WebProxyPortlet.version line to specify 1.1.0
| Code Block | ||||
|---|---|---|---|---|
| ||||
<properties> <pluto<WebProxyPortlet.version>1.1.7<0</pluto.version> <!-- Add this just before the dependencies section --> </properties> <!-- Add the following two plugins to the end of the plugins section --> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-war-plugin</artifactId> <configuration> <webXml>${project.build.directory}/pluto-resources/web.xml</webXml> </configuration> </plugin> <plugin> <groupId>org.apache.pluto</groupId> <artifactId>maven-pluto-plugin</artifactId> <version>${pluto.version}</version> <executions> <execution> <phase>generate-resources</phase> <goals> <goal>assemble</goal> </goals> </execution> </executions> </plugin>WebProxyPortlet.version> |
Next, the existing HttpManager bean in the Spring configuration should be updated to use this new implementation with the appropriate Shibboleth-related parameters.
...