Versions Compared

Old Version 3

changes.mady.by.user Andrew Petro

Saved on

compared with

New Version Current

changes.mady.by.user ScottS

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

...

An explanation of how to go from a fresh download of uPortal 2.3.2 to a CASified uPortal instance.

Panel
borderColor#ccc
bgColor#FFFFCE
titleBGColor#F7D6C1
Warning
titleUse the right code with these instructions
borderStylesolid

These instructions are intended for use only with the attached code. They aren't quite right for use with a newer uPortal CAS security provider, such as the version 3.x release.

Discussion:

CASifying a deployment of uPortal requires, of course, an available CAS server. The CAS server must be able to receive https: requests, as the connection for ticket validation between a CAS client (in this case, uPortal) and the CAS server must be secure.

...

In the security.properties file in the uPortal properties directory, set the property "root" = "org.jasig.portal.security.provider.YaleCasContextFactory". This specifies that you want to use the YaleCasContext (which will be produced by this factory) as your root security context. A more complex configuration would be to allow the union of CAS authentication and other (say, simple) authentication, but let's start simple:

No Format

# Comment out the existing value for "root":
#root=org.jasig.portal.security.provider.SimpleSecurityContextFactory

# and instead use this value:
root=org.jasig.portal.security.provider.YaleCasContextFactory

In the same security.properties file, set the property "credentialToken.root" = "ticket". Comment out all other principalToken and credentialToken entries. This specifies that you want uPortal to remember the request parameter "ticket" on the Login request – which CAS will send along – and make it available to YaleCasContext, which will validate it.

No Format
# Answers what tokens are examined in the request for each context during authentication.


# A subcontext only needs to set it's tokens if it differs from those of the root context.


#principalToken.root=userName


#credentialToken.root=password


#credentialToken.root.cas=ticketid


credentialToken.root=ticket

At the end of portal.properties, add the following properties, which specify parameters that YaleCasContext requires:

No Format

org.jasig.portal.security.provider.YaleCasContext.CasValidateUrl=https://localhost:8443/cas/proxyValidate


org.jasig.portal.security.provider.YaleCasContext.CasProxyCallbackUrl=https://localhost:8443/uPortal/CasProxyServlet


org.jasig.portal.security.provider.YaleCasContext.PortalServiceUrl=http://localhost:8080/uPortal/Login

...

From here, you will need to replace the default authentication handler declared in the CAS application web.xml with a handler that authenticates your population. You may with wish to visit ESUP-Portail's CAuthGenericHandler project for several handler options.