Versions Compared

Old Version 6

changes.mady.by.user Eric Dalquist

Saved on

compared with

New Version 7

changes.mady.by.user Eric Dalquist

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Step 1 - Security Context

Configure uPortal to get the username from the REMOTE_USER header.

In uportal-impl/src/main/resources/properties/security.properties configure support for getting the username from the REMOTE_USER header. add the property:

Code Block
root.remote=org.jasig.portal.security.provider.RemoteUserSecurityContextFactory

...

Code Block
## This is the factory that supplies the concrete authentication class
#root=org.jasig.portal.security.provider.UnionSecurityContextFactory
#root.cas=org.jasig.portal.security.provider.cas.CasFilteredSecurityContextFactory
#root.simple=org.jasig.portal.security.provider.SimpleSecurityContextFactory
root=org.jasig.portal.security.provider.RemoteUserSecurityContextFactory

Step 2 - Person Manager

Configure uPortal to create user's on demand based on the REMOTE_USER header.

In uportal-impl/src/main/resources/properties/contexts/userContext.xml replace SimplePersonManager bean

Code Block

   
<bean id="personManager" class="org.jasig.portal.security.provider.SimplePersonManager" />

with the RemoteUserPersonManager bean. Note that the bean id stays the same.

Code Block

 
  <bean id="personManager" class="org.jasig.portal.security.provider.RemoteUserPersonManager" />

Step 3 - Person Attributes

...

Configure uPortal to populate user's attributes based on headers from Shibboleth.

In pom.xml update the line:

Code Block

<person-directory.version>1.5.0-RC3</person-directory.version>

To

Code Block

<person-directory.version>1.5.0-RC8</person-directory.version>

In uportal-impl/src/main/resources/properties/contexts/personDirectoryContext.xml add the following beans

Code Block

<!-- 
 | Servlet filter that creates an attribute for the serverName
 +-->
<bean id="requestAttributeSourceFilter" class="org.jasig.services.persondir.support.web.RequestAttributeSourceFilter">
    <property name="additionalDescriptors" ref="requestAdditionalDescriptors" />
    <property name="usernameAttribute" value="remoteUser" />
    <property name="remoteUserAttribute" value="remoteUser" />
    <property name="serverNameAttribute" value="serverName" />
    <property name="processingPosition" value="BOTH" />
    <property name="headerAttributeMapping">
        <map>
            <!-- MODIFY THESE MAPPINGS TO EXPOSE HEADERS FROM SHIB AS USER ATTRIBUTES -->
            <entry key="cn">
                <list>
                    <value>cn</value>
                    <value>displayName</value>
                </list>
            </entry>
            <entry key="givenName" value="givenName" />
        </map>
    </property>
</bean>

<!-- 
 | Session-scoped descriptors object. One of these will exist for each user in their session. It will store the
 | attributes from the reques set by the requestAttributeSourceFilter
 +-->
<bean id="requestAdditionalDescriptors" class="org.jasig.services.persondir.support.MediatingAdditionalDescriptors">
    <property name="delegateDescriptors">
        <list>
            <bean class="org.jasig.services.persondir.support.AdditionalDescriptors" scope="globalSession">
                <aop:scoped-proxy />
            </bean>
            <bean class="org.jasig.services.persondir.support.AdditionalDescriptors" scope="request">
                <aop:scoped-proxy />
            </bean>
        </list>
    </property>
</bean>

In uportal-war/src/main/webapp/WEB-INF/web.xml add the following servlet filter

Code Block

<filter>
    <filter-name>requestAttributeSourceFilter</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>requestAttributeSourceFilter</filter-name>
    <url-pattern>/Login</url-pattern>
</filter-mapping>

This step is only needed if you're using the uPortal rendered login link.

...