Versions Compared

Old Version 9

changes.mady.by.user Eric Dalquist

Saved on

compared with

New Version Current

changes.mady.by.user Eric Dalquist

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Corrected links that should have been relative instead of absolute.

...

For a more detailed explanation of details and interactions needed to accomplish this multi-tier authentication, please refer to this page in the Internet2 Wiki.

Configuring uPortal to provide SAML Assertion to Portlets

For portlets to perform delegated authentication they must have access to the SAML assertion that was issued to the portal when the user authenticated. uPortal can provide this and other needed information via the USER_INFO Map. The uportal-shibboleth-delegation-integration library makes this happen via a servlet filter and a plugin for the uPortal USER_INFO services.

Step 1 - Add the Dependency

The following changes will result in uportal-shibboleth-delegation-integration-1.1.0.jar being included in the final uPortal WAR.

In pom.xml add the version property

...


<servlet-api.version>2.5</servlet-api.version>
<!-- This is the new line inserted here in its alphabetically ordered place. -->
<uportal-shibboleth-delegation-integration.version>1.1.0</uportal-shibboleth-delegation-integration.version>
<slf4j.version>1.5.8</slf4j.version>

and the dependency in the dependencyManagement section

...


<dependency>
    <groupId>org.jasig.service.persondir</groupId>
    <artifactId>person-directory-impl</artifactId>
    <version>${person-directory.version}</version>
</dependency>
<!-- This is the new dependency element added -->
<dependency>
    <groupId>org.jasig.service</groupId>
    <artifactId>uportal-shibboleth-delegation-integration</artifactId>
    <version>${uportal-shibboleth-delegation-integration.version}</version>
</dependency>
<dependency>
    <groupId>org.springframework</groupId>
    <artifactId>spring-aop</artifactId>
    <version>${spring-framework.version}</version>
</dependency>

In uportal-impl/pom.xml add the dependency in the dependency section

...


<dependency>
    <groupId>org.jasig.service.persondir</groupId>
    <artifactId>person-directory-impl</artifactId>
    <scope>compile</scope>
</dependency>

<!-- This is the new dependency element added -->
<dependency>
    <groupId>org.jasig.service</groupId>
    <artifactId>uportal-shibboleth-delegation-integration</artifactId>
    <scope>compile</scope>
</dependency>

<dependency>
    <groupId>org.slf4j</groupId>
    <artifactId>slf4j-jcl</artifactId>
    <scope>compile</scope>
</dependency>

Step 2 - Add the Servlet Filter

In uportal-war/src/main/webapp/WEB-INF/web.xml add

...


<filter>
    <filter-name>SamlAssertionFilter</filter-name>
    <filter-class>org.jasig.portal.security.provider.SamlAssertionFilter</filter-class>
    <init-param>
        <param-name>samlAssertionSessionAttributeName</param-name>
        <param-value>SAML Assertion</param-value>
    </init-param>
    <init-param>
        <param-name>idpPublicKeysSessionAttributeName</param-name>
        <param-value>IdP Public Keys</param-value>
    </init-param>
</filter>

<filter-mapping>
    <filter-name>SamlAssertionFilter</filter-name>
    <servlet-name>Login</servlet-name>
</filter-mapping>

Using Delegated Authentication in the Web Proxy Portlet

...

To get delegated SAML Authentication working the following steps are required:

  1. Configure the IdP
  2. Configure uPortal's SP
  3. Configure uPortal to pass the SAML Assertion to portlets
  4. Then depending on your specific need for delegated authentication
    1. Configure the Web Proxy Portlet with Delegated SAML Authentication
    2. Using the Delegated Authentication Integration Library in a custom portlet

Steps 1 & 2 are Shibboleth specific and questions related to those steps should be directed to the shibboleth-users email list.