Versions Compared

Old Version 8

changes.mady.by.user Eric Dalquist

Saved on

compared with

New Version Current

changes.mady.by.user Eric Dalquist

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

...

Skipping a lot of detail here is an overview of the steps involved with using Shibboleth with uPortal. The uPortal configuration step is very small and generally trivial. In the list below steps 1 through 4 are covered by the Shibboleth Documentation. Step 5 is the only uPortal specific part and described below.

  1. Install and configure Shibboleth SP - configure SP to pass uid via REMOTE_USER to get it working faster.
  2. Install and configure uPortal - get it running on its own without Shib.
  3. Install and configure Apache httpd server.  Configure httpd with Shib and validate that Shib can protect resource AND pass attributes.  Also configure httpd to work with tomcat (mod_jk).
  4. Configure httpd server to protect uri '/uPortal/Login' 
  5. Configure uPortal authentication - use the RemoteUserSecurityContext for (Shib) authentication

...

In uportal-impl/src/main/resources/properties/contexts/userContext.xml replace SimplePersonManager bean

Code Block
xml
xml
<bean id="personManager" class="org.jasig.portal.security.provider.SimplePersonManager" />

with the RemoteUserPersonManager bean. Note that the bean id stays the same.

Code Block
xml
xml
<bean id="personManager" class="org.jasig.portal.security.provider.RemoteUserPersonManager" />

...

In pom.xml update the line:

Code Block
xml
xml
<person-directory.version>1.5.0-RC3</person-directory.version>

To

Code Block
xml
xml
<person-directory.version>1.5.0-RC8</person-directory.version>

In uportal-impl/src/main/resources/properties/contexts/personDirectoryContext.xml add the following beans

Code Block
xml
xml
<!-- 
 | Servlet filter that creates an attribute for the serverName
 +-->
<bean id="requestAttributeSourceFilter" class="org.jasig.services.persondir.support.web.RequestAttributeSourceFilter">
    <property name="additionalDescriptors" ref="requestAdditionalDescriptors" />
    <property name="usernameAttribute" value="remoteUser" />
    <property name="remoteUserAttribute" value="remoteUser" />
    <property name="serverNameAttribute" value="serverName" />
    <property name="processingPosition" value="BOTH" />
    <property name="headerAttributeMapping">
        <map>
            <!-- MODIFY THESE MAPPINGS TO EXPOSE HEADERS FROM SHIB AS USER ATTRIBUTES -->
            <entry key="cn">
                <list>
                    <value>cn</value>
                    <value>displayName</value>
                </list>
            </entry>
            <entry key="givenName" value="givenName" />
        </map>
    </property>
</bean>

<!-- 
 | Session-scoped descriptors object. One of these will exist for each user in their session. It will store the
 | attributes from the reques set by the requestAttributeSourceFilter
 +-->
<bean id="requestAdditionalDescriptors" class="org.jasig.services.persondir.support.MediatingAdditionalDescriptors">
    <property name="delegateDescriptors">
        <list>
            <bean class="org.jasig.services.persondir.support.AdditionalDescriptors" scope="globalSession">
                <aop:scoped-proxy />
            </bean>
            <bean class="org.jasig.services.persondir.support.AdditionalDescriptors" scope="request">
                <aop:scoped-proxy />
            </bean>
        </list>
    </property>
</bean>

In uportal-war/src/main/webapp/WEB-INF/web.xml add the following servlet filter

Code Block
xml
xml
<filter>
    <filter-name>requestAttributeSourceFilter</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>requestAttributeSourceFilter</filter-name>
    <url-pattern>/Login</url-pattern>
</filter-mapping>

...