Overview
Support for delegated authentication with Shibboleth comes with the Web Proxy Portlet from version 1.1.0 1 on.
Steps for updating the Web Proxy Portlet included with the uPortal EAR package
Step 1 - Updating the Web Proxy Portlet Version
In pom.xml
file and update the WebProxyPortlet.version
line to specify 1.1.01
Code Block |
---|
|
<WebProxyPortlet.version>1.1.0<1</WebProxyPortlet.version>
|
Step 2 - Enabling the Shibboleth Http Manager
Next, the existing HttpManager bean in the Spring configuration should be updated to use this new implementation with the appropriate Shibboleth-related parametersAdd the file uportal-portlets-overlay/WebProxyPortlet/src/main/webapp/WEB-INF/applicationContextOverrides.xml
with contents:
You'll need to set the spPrivateKey
, spCertificate
, and portalEntityID
properties appropriately for your institution.
Code Block |
---|
|
<?xml version="1.0" encoding="UTF-8"?>
<!--
| Override specific bean(s) from applicationContext.xml
+-->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.0.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.0.xsd">
<bean id="HttpManagerBean" class="edu.wisc.my.webproxy.beans.http.ShibbolethEnabledHttpManagerImpl" scope="prototype">
<property name="spPrivateKey" value="/opt/shibboleth-sp/etc/shibboleth/sp-key.pem"/> <!-- This property
and the one below are optional to provide client-side TLS authentication to the IdP --> <property name="spCertificate" value="/opt/shibboleth-sp/etc/shibboleth/sp-cert.pem"/>
<property name="portalEntityID" value="https://canadaspismy.uchicagoexample.educom/shibboleth"/>
<!-- This property is required -->
</bean>
</bean>
|
...
Step 3 - Enable the SAML User Attributes
Copy the portlet.xml file from the release to uportal-portlets-overlay/WebProxyPortlet/src/main/webapp/WEB-INF/portlet.xml
and add the following user attributes:
Code Block |
---|
|
<user-attribute>
<description>idpPublicKeys</description>
<name>idpPublicKeys</name>
</user-attribute>
<user-attribute>
<description>samlAssertion</description>
<name>samlAssertion</name>
</user-attribute>
|
Optional - Modifying uPortal's Web Proxy Portlet CPD
To list Shibboleth as an authentication option in uPortal's administrative interface, add "SHIBBOLETH" as an option for the "PORTLET.edu.wisc.my.webproxy.webproxy.httpclient.sAuthType
" parameter in uPortal's Web Proxy Portlet CPD. This file is located within uPortal at
In uportal-war/src/main/resources/edu/wisc/my/portlets/WebProxy/WebProxyPortlet.cpd
. add <value>SHIBBOLETH</value>
Code Block |
---|
|
<parameter modify="publish">
<name>PORTLET.edu.wisc.my.webproxy.webproxy.httpclient.sAuthType</name>
<label>Type of authentication (optional)</label>
<type base="string" input="single-choice" display="drop-down">
<restriction type="enumeration">
<value></value>
<value>SHIBBOLETH</value>
<value>FORM</value>
<value>BASIC</value>
<value>NTLM</value>
</restriction>
</type>
<defaultValue></defaultValue>
<description>Select the type of authentication the web-based application requires.</description>
</parameter>
|