Documentation Work In Progress
Warning: You may see some periodical changes as we are working hard to reorganize the content. If you have any concerns please submit feedback to the uportal-user@lists.ja-sig.org mailing list. Thank you so much for your patience.
Using the bundled CAS server in uPortal you can use the preferred maven overlay approach to integrating the clearPass feature. There is a patch available to accomplish this, below describes the steps to perform the integration after applying the patch. By default, the clearPass feature is not activated.
Step 1: Edit the cas deployerConfigContext.xml file
- Open the deployerConfigContext.file for editing located at ../uportal-portlets-overlay/src/main/webapp/WEB-INF/deployerConfigContext.xml
- Uncomment the AuthenticationMetaDataPopulators property.
</list>
</property>
<!-- UNCOMMENTED authenticationMetaDataPopulators property -->
<property name="authenticationMetaDataPopulators">
<list>
<bean class="org.jasig.cas3.extensions.clearpass.CacheCredentialsMetaDataPopulator">
<constructor-arg index="0" ref="credentialsCache" />
</bean>
</list>
</property
</bean>
<bean id="userPasswordDao" class="org.jasig.portal.cas.authentication.handler.support.PortalPersonDirUserPasswordDao"
p:data-source-ref="dataSource" />
Step 2: Edit the security.properties file
- Open the security.properties file for editing (located at ../uportal-war/src/main/resources/properties/security.properties)
- Make the following changes to the file. You'll see that we switched (comment/uncomment) the CasAssertionSecurityContextFactory with PasswordCachingCasAssertionSecurityContextFactory. Also, you will need to uncomment the section where you need to insert the URL of the CAS cleartext password service (...PasswordCachingCasAsserttionSecurityContextFactory.clearPassCasUrl=http://..../cas/clearPass)
## This is the factory that supplies the concrete authentication class root=org.jasig.portal.security.provider.UnionSecurityContextFactory #root.cas=org.jasig.portal.security.provider.cas.CasAssertionSecurityContextFactory root.cas=org.jasig.cas3.extensions.clearpass.integration.uportal.PasswordCachingCasAssertionSecurityContextFactory root.simple=org.jasig.portal.security.provider.SimpleSecurityContextFactory ..... ## URL of the CAS cleartext password service ##### REPLACE THE URL WITH YOUR CAS SERVER #### org.jasig.cas3.extensions.clearpass.integration.uportal.PasswordCachingCasAssertionSecurityContextFactory.clearPassCasUrl=http://localhost:8080/cas/clearPass
Step 3: Edit the bundled cas web.xml file
- Open the web.xml file for editing located at ../uportal-portlets-overlay/cas/src/main.webapp/WEB-INF/web.xml.
- Uncomment the allowedProxyChains section. (You will probably want to replace the localhost url with your server name)
<filter> <filter-name>CAS Validation Filter</filter-name> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>http://localhost:8080/cas</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://localhost:8080</param-value> </init-param> <init-param> <param-name>exceptionOnValidationFailure</param-name> <param-value>false</param-value> </init-param> <!-- UNCOMMENTED allowedProxyChains --> <init-param> <param-name>allowedProxyChains</param-name> <param-value>http://localhost:8080/uPortal/CasProxyServlet</param-value> </init-param> <init-param> <param-name>useSession</param-name> <param-value>false</param-value> </init-param> <init-param> <param-name>redirectAfterValidation</param-name> <param-value>false</param-value> </init-param> </filter>