Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Real-world portals often need to perform credential replay in order to access interesting information on behalf of an end user. For example, an email preview portlet might need to authenticate to an IMAP store using the logged-in user's institutional username and password.

Enabling Credential Caching

To enable credential caching, you will need to use the CacheSecurityContext. Add a line for each context you'd like to cache like the following:

<security.context.name>.cache=org.jasig.portal.security.provider.CacheSecurityContextFactory

The following example shows a portal installation modified to cache credentials for both local and LDAP login:

## This is the factory that supplies the concrete authentication class
root=org.jasig.portal.security.provider.UnionSecurityContextFactory
root.ldap=org.jasig.portal.security.provider.SimpleLdapSecurityContextFactory
root.ldap.cache=org.jasig.portal.security.provider.CacheLdapSecurityContextFactory
root.simple=org.jasig.portal.security.provider.SimpleSecurityContextFactory
root.simple.cache=org.jasig.portal.security.provider.CacheSecurityContextFactory

To replay user credentials from a portlet, you will need to add the CachedPasswordUserInfo service to uportal-impl/src/main/resources/properties/contexts/portletContainerContext.xml. First add the following bean declaration:

    <bean id="cachedPasswordUserInfoService" class="org.jasig.portal.portlet.container.services.CachedPasswordUserInfoService">
        <property name="userInstanceManager" ref="userInstanceManager" />
        <property name="portletWindowRegistry" ref="portletWindowRegistry" />
        <property name="portletEntityRegistry" ref="portletEntityRegistry" />
        <property name="portletDefinitionRegistry" ref="portletDefinitionRegistry" />
        <property name="portalRequestUtils" ref="portalRequestUtils" />
        <property name="stringEncryptionService" ref="stringEncryptionService" />
    </bean>

Next, add this newly-configured service to the list of merged user info services:

    <bean id="userInfoService" class="org.jasig.portal.portlet.container.services.MergingUserInfoService">
        <property name="userInfoServices">
            <list>
                <ref bean="personDirectoryUserInfoService"/>
                <ref bean="casTicketUserInfoService"/>
                <ref bean="cachedPasswordUserInfoService"/>
            </list>
        </property>
    </bean>

CAS Clearpass

Performing credential caching for CAS authentication is more complex, since when a user logs in via CAS, uPortal never sees the user's credentials. Luckily an interesting extension to CAS has been developed to allow the portal to query the CAS server and retrieve these credentials.

Some instructions for installing CAS Clearpass are documented in the CAS manual.

  • No labels