USC was the first university to integrate Shibboleth with uPortal (2005). Kent university also integrated with Shibboleth about a year ago (2007). Kent used work done from SPIE. Unfortunately SPIE's development site is no longer available.
At USC, Shibboleth and uPortal integration involved developing a custom authentication module, an off-shoot of uPortal's remote user authentication module. However using uPortal's remote user security context provider is sufficient by itself.
There is another potential use of Shibboleth for attribute release. Shibboleth could provide user attributes for portal attributes (ie uid, mail, display name) and portal groups. James Hong at USC once had this working with a further customized authentication module and used uPortals PAGS (person attribute group store).
In short, Shibboleth integration into uPortal is trivial. The most difficult part is configuring your Shibboleth (IdP/SP) system.
Here are the steps (skipping a lot of detail):
...
Skipping a lot of detail here is an overview of the steps involved with using Shibboleth with uPortal. The uPortal configuration step is very small and generally trivial. In the list below steps 1 through 4 are covered by the Shibboleth Documentation.
- Install and configure Shibboleth SP - configure SP to pass uid via REMOTE_USER to get it working faster.
- install Install and configure uPortal - get it running on its own without Shib.
- install Install and configure Apache httpd server. Configure httpd with Shib and validate that Shib can protect resource AND pass attributes. Also configure httpd to work with tomcat (mod_jk).
- configure uPortal authentication - use the RemoteUserSecurityContext for (Shib) authentication
- configure Configure httpd server to protect uri '/uPortal/Login'
...
- Configure uPortal authentication - use the RemoteUserSecurityContext for (Shib) authentication
Shibbolizing uPortal 3.1.1
...