Shibboleth Overview

...

Step 1 - Security Context

Shibboleth only configuration

Configure uPortal to get the username from the REMOTE_USER header. Update the uportal-war/src/main/resources/properties/security.properties file:

## This is the factory that supplies the concrete authentication class
root=org.jasig.portal.security.provider.UnionSecurityContextFactory
#root.cas=org.jasig.portal.security.provider.cas.CasAssertionSecurityContextFactory
#root.cas=org.jasig.portal.security.provider.cas.clearpass.PasswordCachingCasAssertionSecurityContextFactory
root.remote=org.jasig.portal.security.provider.RemoteUserSecurityContextFactory
root.simple=org.jasig.portal.security.provider.SimpleSecurityContextFactory

Shibboleth only configuration

Optionally, to ensure the Shibbolized uPortal instance has no chance of using anything but Shibboleth for authN, comment out the root.simple context as well.

...

Multiple Authentication Systems

To enable multiple authentication systems use UnionSecurityContextFactory as root. With multiple authentication systems, uPortal will attempt to authenticate the user to all systems until one is successful.

...

With multiple authentication systems, you will need to design a login template that will allow users to select a specific authentication system to login. To initiate a Shibboleth session, you will need to construct a Shibboleth WAYF login url, for example the format for our school's WAYF is - https://host.school.edu/Shibboleth.sso/WAYF/shibboleth.school.edu?target=http%3A%2F%2Fhost.school.edu%2FuPortal%2FLogin

...