Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3
Note
titleDocumentation Work In Progress

Warning: You may see some periodical changes as we are working hard to reorganize the content. If you have any concerns please submit feedback to the uportal-user@lists.ja-sig.org mailing list. Thank you so much for your patience.

Using the bundled CAS server in uPortal you can use the preferred maven overlay approach to integrating the clearPass feature. There is a patch available in truck to accomplish this but , below describes the steps to perform the integration manually. Let's take a look at the steps to integrate clearPass in detail using the Maven Overlay...after applying the patch. By default, the clearPass feature is not activated.

Step 1: Edit the cas deployerConfigContext.xml file

  1. Open the deployerConfigContext.file for editing located at ../uportal-portlets-overlay/src/main/webapp/WEB-INF/deployerConfigContext.xml
  2. Uncomment the AuthenticationMetaDataPopulators property.
Code Block
langxml

                        </list>
                </property>
       
       <!-- UNCOMMENTED authenticationMetaDataPopulators property -->
       <property name="authenticationMetaDataPopulators">
           <list>
              <bean class="org.jasig.cas3.extensions.clearpass.CacheCredentialsMetaDataPopulator">
                 <constructor-arg index="0" ref="credentialsCache" />
              </bean>
           </list>
        </property>

     </bean>
   
   <bean id="userPasswordDao" class="org.jasig.portal.cas.authentication.handler.support.PortalPersonDirUserPasswordDao"
        p:data-source-ref="dataSource" />

Step 2: Edit the security.properties file

  1. Open the security.properties file for editing (located at ../uportal-war/src/main/resources/properties/security.properties)
  2. Make the following changes to the file. You'll see that we switched (comment/uncomment) the CasAssertionSecurityContextFactory with PasswordCachingCasAssertionSecurityContextFactory. Also, you will need to uncomment the section where you need to insert the URL of the CAS cleartext password service (...PasswordCachingCasAsserttionSecurityContextFactory.clearPassCasUrl=http://..../cas/clearPass)
Code Block
langxml

## This is the factory that supplies the concrete authentication class
root=org.jasig.portal.security.provider.UnionSecurityContextFactory
#root.cas=org.jasig.portal.security.provider.cas.CasAssertionSecurityContextFactory
root.cas=org.jasig.cas3.extensions.clearpass.integration.uportal.PasswordCachingCasAssertionSecurityContextFactory
root.simple=org.jasig.portal.security.provider.SimpleSecurityContextFactory

.....


## URL of the CAS cleartext password service
##### REPLACE THE URL WITH YOUR CAS SERVER ####
org.jasig.cas3.extensions.clearpass.integration.uportal.PasswordCachingCasAssertionSecurityContextFactory.clearPassCasUrl=http://localhost:8080/cas/clearPass

Step 3: Edit the bundled cas web.xml file

  1. Open the web.xml file for editing located at ../uportal-portlets-overlay/cas/src/main.webapp/WEB-INF/web.xml.
  2. Uncomment the allowedProxyChains section. (You will probably want to replace the localhost url with your server name)
    Code Block
    langxml
    
       <filter>
           <filter-name>CAS Validation Filter</filter-name>
           <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
           <init-param>
               <param-name>casServerUrlPrefix</param-name>
               <param-value>http://localhost:8080/cas</param-value>
           </init-param>
           <init-param>
               <param-name>serverName</param-name>
               <param-value>http://localhost:8080</param-value>
           </init-param>
           <init-param>
               <param-name>exceptionOnValidationFailure</param-name>
               <param-value>false</param-value>
           </init-param>
           <!-- UNCOMMENTED allowedProxyChains  -->
           <init-param>
                <param-name>allowedProxyChains</param-name>
                <param-value>http://localhost:8080/uPortal/CasProxyServlet</param-value>
            </init-param>
           <init-param>
               <param-name>useSession</param-name>
               <param-value>false</param-value>
           </init-param>
           <init-param>
               <param-name>redirectAfterValidation</param-name>
               <param-value>false</param-value>
           </init-param>
       </filter>
    
    

Step 4: Redeploy uPortal

No Format
ant clean deploy-ear

Step 5: Restart Tomcat

Info
iconfalse
titleAdditional References

...