...
Step 1 - Security Context
Configure uPortal to get the username from the REMOTE_USER
header.
In uportal-impl/src/main/resources/properties/security.properties
configure support for getting the username from the REMOTE_USER
header. add the property:
Code Block |
---|
root.remote=org.jasig.portal.security.provider.RemoteUserSecurityContextFactory |
...
Code Block |
---|
## This is the factory that supplies the concrete authentication class #root=org.jasig.portal.security.provider.UnionSecurityContextFactory #root.cas=org.jasig.portal.security.provider.cas.CasFilteredSecurityContextFactory #root.simple=org.jasig.portal.security.provider.SimpleSecurityContextFactory root=org.jasig.portal.security.provider.RemoteUserSecurityContextFactory |
Step 2 - Person Manager
Configure uPortal to create user's on demand based on the REMOTE_USER
header.
In uportal-impl/src/main/resources/properties/contexts/userContext.xml
replace SimplePersonManager
bean
Code Block |
---|
<bean id="personManager" class="org.jasig.portal.security.provider.SimplePersonManager" />
|
with the RemoteUserPersonManager
bean. Note that the bean id stays the same.
Code Block |
---|
<bean id="personManager" class="org.jasig.portal.security.provider.RemoteUserPersonManager" /> |
Step 3 - Person Attributes
...
Configure uPortal to populate user's attributes based on headers from Shibboleth.
In pom.xml
update the line:
Code Block |
---|
<person-directory.version>1.5.0-RC3</person-directory.version>
|
To
Code Block |
---|
<person-directory.version>1.5.0-RC8</person-directory.version>
|
In uportal-impl/src/main/resources/properties/contexts/personDirectoryContext.xml
add the following beans
Code Block |
---|
<!--
| Servlet filter that creates an attribute for the serverName
+-->
<bean id="requestAttributeSourceFilter" class="org.jasig.services.persondir.support.web.RequestAttributeSourceFilter">
<property name="additionalDescriptors" ref="requestAdditionalDescriptors" />
<property name="usernameAttribute" value="remoteUser" />
<property name="remoteUserAttribute" value="remoteUser" />
<property name="serverNameAttribute" value="serverName" />
<property name="processingPosition" value="BOTH" />
<property name="headerAttributeMapping">
<map>
<!-- MODIFY THESE MAPPINGS TO EXPOSE HEADERS FROM SHIB AS USER ATTRIBUTES -->
<entry key="cn">
<list>
<value>cn</value>
<value>displayName</value>
</list>
</entry>
<entry key="givenName" value="givenName" />
</map>
</property>
</bean>
<!--
| Session-scoped descriptors object. One of these will exist for each user in their session. It will store the
| attributes from the reques set by the requestAttributeSourceFilter
+-->
<bean id="requestAdditionalDescriptors" class="org.jasig.services.persondir.support.MediatingAdditionalDescriptors">
<property name="delegateDescriptors">
<list>
<bean class="org.jasig.services.persondir.support.AdditionalDescriptors" scope="globalSession">
<aop:scoped-proxy />
</bean>
<bean class="org.jasig.services.persondir.support.AdditionalDescriptors" scope="request">
<aop:scoped-proxy />
</bean>
</list>
</property>
</bean>
|
In uportal-war/src/main/webapp/WEB-INF/web.xml
add the following servlet filter
Code Block |
---|
<filter>
<filter-name>requestAttributeSourceFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>requestAttributeSourceFilter</filter-name>
<url-pattern>/Login</url-pattern>
</filter-mapping>
|
Step 4 - Login Link
This step is only needed if you're using the uPortal rendered login link.
...