Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

...

The following are steps to configure uPortal to authenticate against Active Directory (AD), pull user attributes from AD and other sources, and place users into groups based on those attributes.

 

Step 1

...

: Authenticate against Active Directory

You need to tell uPortal to authenticate against AD instead of the bundled CAS server by amending the security.properties and ldapContext.xml files. 

...

Code Block
titleuportal-war/pom.xml
 <dependency>
   <groupId>org.springmodules</groupId>
   <artifactId>spring-modules-cache</artifactId>
 </dependency>

Step 2

...

: Configure User Attributes

Having changed the authentication source, you now need to configure uPortal to pickup person attributes from wherever they are stored – presumably at least some will come from AD, but others may come from other sources such as different databases.  

...

Step 3

...

: Data Source Configuration

If one or more of your attribute sources are other databases, you need to configure the datasource details. This is done in uportal-war/src/main/resources/properties/contexts/datasourceContext.xml, by default as a direct connection to the database. This is great for builds but at runtime you probably want to use a JNDI datasource.

Step 4

...

: Configure Groups

Now you need to change how uPortal puts users into groups to test against the attributes you declared in the uportal-war/src/main/resources/properties/contexts/personDirectoryContext.xml (step 2). The group testing is configured in uportal-war/src/main/resources/properties/groups/PAGSGroupStoreConfig.xml – change this to put users in groups that are relevant to your institution. 

  1. Person Attribute Groups Store (PAGS) explains how to setup group stores, how they work, and the different tests available
  2. Amend uportal-war/src/main/data/default_entities/group_membership/Everyone.group-membership.xml to remove any groups that were in the quickstart PAGSGroupStoreConfig but aren’t in your institution's list of groups (Leave the PAGS Root group though as this is required).
  3. If you have changed the name of the group that admin users go into, you also need to add the name of this group as a child uportal-war/src/main/data/default_entities/group_membership/Portal_Administrators.group-membership.xml
Note

Note – Some of the quickstart portlets look for a group called all_authenticated. If you don’t require this for your institution but still have some of the quickstart portlets deployed, leave it in until you have removed any pre-packaged portlets you don't want.

Step 5

...

: Configure Layout Assignment to Use New Groups

  • Amend Modify uportal-war/src/main/resources/properties/dlm.xml to assign fragments to users based on the groups defined in PAGSGroupStoreConfig.

Step 6

...

:  Allow Users to Login

The existing ‘Sign in’ button takes users to the CAS sign in page, so to allow users to login using the uPortal authentication (now configured to authenticate against AD) you need to add the login channel to the guest user layout. To do this add the following line to an appropriate place within guest-lo.fragment-layout.xml (but change the ID to be unique in that layout).

Code Block
titleuportal-war/src/main/data/default_entities/fragment-layout
 <channel fname="login" unremovable="false" hidden="false" immutable="false" ID="n11"/>

Step 7

...

: Rebuild/Redeploy uPortal

Code Block
ant clean deploy-earwar  

Then, manually import the individual data files that have been updated. These are any files you changed under uportal-war/src/main/data, and you can do the imports using 'ant data-import'. See Import Export Data Migration Tools for instructions on this ant task.

 

Warning

DISCLAIMER: If you don't mind having your uportal database reinitialize where your database tables are dropped and recreated, the quickest way to deploy the above changes is to run 'ant initportal' command. This deploys the ear and updates the database as required. However, it's always recommended to use the deploy-ear command if you have customizations already configured.

Step 8

...

: Restart Tomcat

Code Block
$TOMCAT_HOME/bin/shutdown.sh
$TOMCAT_HOME/bin/startup.sh

...