Versions Compared

Old Version 2

changes.mady.by.user Laura McCord

Saved on

compared with

New Version Current

changes.mady.by.user Laura McCord

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

Shibboleth Overview

Skipping a lot of detail here is an overview of the steps involved with using Shibboleth with uPortal. The uPortal configuration step is very small and generally trivial. In the list below steps 1 through 4 are covered by the Shibboleth Documentation. Step 5 is the only uPortal specific part and described below.

...

In uportal-impl/src/main/resources/properties/security.properties add the property:

Code Block

root.remote=org.jasig.portal.security.provider.RemoteUserSecurityContextFactory

To ensure the Shibbolized uPortal instance has no chance of using anything but Shibboleth for authN, comment out root and other existing root.* and use RemoteUserSecurityContextFactory as root like:

Code Block

## This is the factory that supplies the concrete authentication class

...


#root=org.jasig.portal.security.provider.UnionSecurityContextFactory

...


#root.cas=org.jasig.portal.security.provider.cas.CasFilteredSecurityContextFactory

...


#root.simple=org.jasig.portal.security.provider.SimpleSecurityContextFactory

...


root=org.jasig.portal.security.provider.RemoteUserSecurityContextFactory

Step 2 - Person Manager

Configure uPortal to create user's on demand based on the REMOTE_USER header.

In uportal-impl/src/main/resources/properties/contexts/userContext.xml replace SimplePersonManager bean<bean bean

Code Block
xml
xml

<bean id="personManager" class="org.jasig.portal.security.provider.SimplePersonManager" />

with the RemoteUserPersonManager bean. Note that the bean id stays the same.

Code Block
xml
xml

<bean id="personManager" class="org.jasig.portal.security.provider.RemoteUserPersonManager" />

Step 3 - Person Attributes

...

In pom.xml update the line:

Code Block
xml
xml

<person-directory.version>1.5.0-

...

RC6</person-directory.version>

...

To

Code Block
xml
xml

<person-directory.version>1.5.0-RC8</person-directory.version>

In uportal-impl/src/main/resources/properties/contexts/personDirectoryContext.xml add the following beans<beans

Code Block
xml
xml

<!--

...


 | Servlet filter that creates an attribute for the serverName

...


 +-->

...


<bean id="requestAttributeSourceFilter" class="org.jasig.services.persondir.support.web.RequestAttributeSourceFilter">

...


    <property name="additionalDescriptors" ref="requestAdditionalDescriptors" />

...


    <property name="usernameAttribute" value="remoteUser" />

...


    <property name="remoteUserAttribute" value="remoteUser" />

...


    <property name="serverNameAttribute" value="serverName" />

...


    <property name="processingPosition" value="BOTH" />

...


    <property name="headerAttributeMapping">

...


        <map>
            <!-- MODIFY THESE MAPPINGS TO EXPOSE HEADERS FROM SHIB AS USER ATTRIBUTES -->

...


            <entry key="cn">

...


                <list>
                    <value>cn</value>
                    <value>displayName</value>
                </list>
            </entry>
            <entry key="givenName" value="givenName" />

...


        </map>

...


    </property>

...


</bean>

...



<!--

...


 | Session-scoped descriptors object. One of these will exist for each user in their session. It will store the

...


 | attributes from the reques set by the requestAttributeSourceFilter

...


 +-->

...


<bean id="requestAdditionalDescriptors" class="org.jasig.services.persondir.support.MediatingAdditionalDescriptors">

...


    <property name="delegateDescriptors">

...


        <list>
            <bean class="org.jasig.services.persondir.support.AdditionalDescriptors" scope="globalSession">

...


                <aop:scoped-proxy />

...


            </bean>

...


            <bean class="org.jasig.services.persondir.support.AdditionalDescriptors" scope="request">

...


                <aop:scoped-proxy />

...


            </bean>

...


        </list>

...


    </property>

...


</bean>

In uportal-war/src/main/webapp/WEB-INF/web.xml add the following servlet filter<filter>
filter

Code Block
xml
xml

<filter>
    <filter-name>requestAttributeSourceFilter</filter-name>

...


    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

...


</filter>

...



<filter-mapping>

...


    <filter-name>requestAttributeSourceFilter</filter-name>

...


    <url-pattern>/Login</url-pattern>

...


</filter-mapping>

This step is only needed if you're using the uPortal rendered login link.

Modify uportal-war/src/main/resources/org/jasig/portal/channels/CLogin/html.xsl to change the Login and Logout UIs to something appropriate to your institution.

Info
iconfalse

   Additional References

Warning
iconfalse
titleHaving problems with these instructions?

Please send us feedback at uportal-user@lists.ja-sig.org