| Note |
|---|
| title | Documentation Work In Progress |
|---|
|
Warning: You may see some periodical changes as we are working hard to reorganize the content. If you have any concerns please submit feedback to the uportal-user@lists.ja-sig.org mailing list. Thank you so much for your patience. |
Using the bundled CAS server in uPortal you can use the preferred maven overlay approach to integrating the clearPass feature. There is a patch available to accomplish this, below describes the steps to perform the integration after applying the above patch. By default, the clearPass feature is not activated.
Step 1:
...
Edit the cas deployerConfigContext.xml file
- Open the deployerConfigContext.file for editing located at ../uportal-portlets-overlay/src/main/webapp/WEB-INF/deployerConfigContext.xml
- Uncomment the following piece of code AuthenticationMetaDataPopulators property.
| Code Block |
|---|
|
</list>
</property>
<!-- |
...
...
authenticationMetaDataPopulators |
...
...
-->
<property name="authenticationMetaDataPopulators">
<list>
<bean class="org.jasig.cas3.extensions.clearpass.CacheCredentialsMetaDataPopulator">
<constructor-arg index="0" ref="credentialsCache" />
</bean>
</list>
</ |
...
property>
</bean>
<bean id="userPasswordDao" class="org.jasig.portal.cas.authentication.handler.support.PortalPersonDirUserPasswordDao"
p:data-source-ref="dataSource" />
|
Step 2: Edit the security.properties file
- Open the security.properties file for editing (located at ../uportal-war/src/main/resources/properties/security.properties)
- Make the following changes to the file. You'll see that we switched (comment/uncomment) the CasAssertionSecurityContextFactory with PasswordCachingCasAssertionSecurityContextFactory. Also, you will need to uncomment the section where you need to insert the URL of the CAS cleartext password service (...PasswordCachingCasAsserttionSecurityContextFactory.clearPassCasUrl=http://..../cas/clearPass)
| Code Block |
|---|
|
## This is the factory that supplies the concrete authentication class
root=org.jasig.portal.security.provider.UnionSecurityContextFactory
#root.cas=org.jasig.portal.security.provider.cas.CasAssertionSecurityContextFactory
root.cas=org.jasig.cas3.extensions.clearpass.integration.uportal.PasswordCachingCasAssertionSecurityContextFactory
root.simple=org.jasig.portal.security.provider.SimpleSecurityContextFactory
.....
## URL of the CAS cleartext password service
##### REPLACE THE URL WITH YOUR CAS SERVER ####
org.jasig.cas3.extensions.clearpass.integration.uportal.PasswordCachingCasAssertionSecurityContextFactory.clearPassCasUrl=http://localhost:8080/cas/clearPass
|
Step 3: Edit the bundled cas web.xml file
- Open the web.xml file for editing located at ../uportal-portlets-overlay/cas/src/main.webapp/WEB-INF/web.xml.
- Uncomment the allowedProxyChains section. (You will probably want to replace the localhost url with your server name)
| Code Block |
|---|
|
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>http://localhost:8080/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://localhost:8080</param-value>
</init-param>
<init-param>
<param-name>exceptionOnValidationFailure</param-name>
<param-value>false</param-value>
</init-param>
<!-- UNCOMMENTED allowedProxyChains -->
<init-param>
<param-name>allowedProxyChains</param-name>
<param-value>http://localhost:8080/uPortal/CasProxyServlet</param-value>
</init-param>
<init-param>
<param-name>useSession</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>false</param-value>
</init-param>
</filter>
|
Step 4: Redeploy uPortal
| No Format |
|---|
ant clean deploy-ear |
Step 5: Restart Tomcat
| Info |
|---|
| icon | false |
|---|
| title | Additional References |
|---|
|
|
...