Versions Compared

Old Version 5

changes.mady.by.user Eric Dalquist

Saved on

compared with

New Version 6

changes.mady.by.user Eric Dalquist

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Support for delegated authentication with Shibboleth comes with the Web Proxy Portlet from version 1.1.0 1 on.

Steps for updating the Web Proxy Portlet included with the uPortal EAR package

...

In pom.xml file and update the WebProxyPortlet.version line to specify 1.1.01

Code Block
xml
xml
<WebProxyPortlet.version>1.1.0<1</WebProxyPortlet.version>

Step 2 - Enabling the Shibboleth Http Manager

Next, the existing HttpManager bean in the Spring configuration should be updated to use this new implementation with the appropriate Shibboleth-related parametersAdd the file uportal-portlets-overlay/WebProxyPortlet/src/main/webapp/WEB-INF/applicationContextOverrides.xml with contents:
You'll need to set the spPrivateKey, spCertificate, and portalEntityID properties appropriately for your institution.

Code Block
xml
xml

<?xml version="1.0" encoding="UTF-8"?>
<!--
 | Override specific bean(s) from applicationContext.xml
 +-->
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:util="http://www.springframework.org/schema/util"
    xmlns:tx="http://www.springframework.org/schema/tx"
    xmlns:aop="http://www.springframework.org/schema/aop"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
    http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd
    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.0.xsd
    http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.0.xsd">
    
    <bean id="HttpManagerBean" class="edu.wisc.my.webproxy.beans.http.ShibbolethEnabledHttpManagerImpl" scope="prototype">
      <property name="spPrivateKey" value="/opt/shibboleth-sp/etc/shibboleth/sp-key.pem"/>
 <!-- This property and the one below are optional to provide client-side TLS authentication to the IdP -->
  <property name="spCertificate" value="/opt/shibboleth-sp/etc/shibboleth/sp-cert.pem"/>
      <property name="portalEntityID" value="https://canadaspismy.uchicagoexample.educom/shibboleth"/>
 <!-- This property is required -->
</bean>
</bean>beans>

...

Step 3 - Enable the SAML User Attributes

Copy the portlet.xml file from the release to uportal-portlets-overlay/WebProxyPortlet/src/main/webapp/WEB-INF/portlet.xml and add the following user attributes:

Code Block
xml
xml


   <user-attribute>
        <description>idpPublicKeys</description>
        <name>idpPublicKeys</name>

   </user-attribute>

    <user-attribute>
   
    <description>samlAssertion</description>
        <name>samlAssertion</name>
   
</user-attribute>

Modifying uPortal's Web Proxy Portlet CPD

...