...
Support for delegated authentication with Shibboleth comes with the Web Proxy Portlet from version 1.1.0 1 on.
Steps for updating the Web Proxy Portlet included with the uPortal EAR package
...
In pom.xml
file and update the WebProxyPortlet.version
line to specify 1.1.01
Code Block | ||||
---|---|---|---|---|
| ||||
<WebProxyPortlet.version>1.1.0<1</WebProxyPortlet.version> |
Step 2 - Enabling the Shibboleth Http Manager
Next, the existing HttpManager bean in the Spring configuration should be updated to use this new implementation with the appropriate Shibboleth-related parametersAdd the file uportal-portlets-overlay/WebProxyPortlet/src/main/webapp/WEB-INF/applicationContextOverrides.xml
with contents:
You'll need to set the spPrivateKey
, spCertificate
, and portalEntityID
properties appropriately for your institution.
Code Block | ||||
---|---|---|---|---|
| ||||
<?xml version="1.0" encoding="UTF-8"?> <!-- | Override specific bean(s) from applicationContext.xml +--> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:util="http://www.springframework.org/schema/util" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:aop="http://www.springframework.org/schema/aop" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.0.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.0.xsd"> <bean id="HttpManagerBean" class="edu.wisc.my.webproxy.beans.http.ShibbolethEnabledHttpManagerImpl" scope="prototype"> <property name="spPrivateKey" value="/opt/shibboleth-sp/etc/shibboleth/sp-key.pem"/> <!-- This property and the one below are optional to provide client-side TLS authentication to the IdP --> <property name="spCertificate" value="/opt/shibboleth-sp/etc/shibboleth/sp-cert.pem"/> <property name="portalEntityID" value="https://canadaspismy.uchicagoexample.educom/shibboleth"/> <!-- This property is required --> </bean> </bean>beans> |
...
Step 3 - Enable the SAML User Attributes
Copy the portlet.xml file from the release to uportal-portlets-overlay/WebProxyPortlet/src/main/webapp/WEB-INF/portlet.xml
and add the following user attributes:
Code Block | ||||
---|---|---|---|---|
| ||||
<user-attribute> <description>idpPublicKeys</description> <name>idpPublicKeys</name> </user-attribute> <user-attribute> <description>samlAssertion</description> <name>samlAssertion</name> </user-attribute> |
Modifying uPortal's Web Proxy Portlet CPD
...