Overview
The concept of delegated SAML authentication is similar to proxy CAS, where a delegate is able to authenticate and act on behalf of a user. This type of authentication is needed for portlets, which need to authenticate on behalf of the portal's user to a downstream application.
For a more detailed explanation of details and interactions needed to accomplish this multi-tier authentication, please refer to this page in the Internet2 Wiki.
Configuring uPortal to provide SAML Assertion to Portlets
For portlets to perform delegated authentication they must have access to the SAML assertion that was issued to the portal when the user authenticated. uPortal can provide this and other needed information via the USER_INFO Map. The uportal-shibboleth-delegation-integration library makes this happen via a servlet filter and a plugin for the uPortal USER_INFO services.
Step 1 - Add the Dependency
The following changes will result in uportal-shibboleth-delegation-integration-1.1.0.jar
being included in the final uPortal WAR.
In pom.xml
add the version property
<servlet-api.version>2.5</servlet-api.version> <!-- This is the new line inserted here in its alphabetically ordered place. --> <uportal-shibboleth-delegation-integration.version>1.1.0</uportal-shibboleth-delegation-integration.version> <slf4j.version>1.5.8</slf4j.version>
and the dependency in the dependencyManagement
section
<dependency> <groupId>org.jasig.service.persondir</groupId> <artifactId>person-directory-impl</artifactId> <version>${person-directory.version}</version> </dependency> <!-- This is the new dependency element added --> <dependency> <groupId>org.jasig.service</groupId> <artifactId>uportal-shibboleth-delegation-integration</artifactId> <version>${uportal-shibboleth-delegation-integration.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-aop</artifactId> <version>${spring-framework.version}</version> </dependency>
In uportal-impl/pom.xml
add the dependency in the dependency
section
<dependency> <groupId>org.jasig.service.persondir</groupId> <artifactId>person-directory-impl</artifactId> <scope>compile</scope> </dependency> <!-- This is the new dependency element added --> <dependency> <groupId>org.jasig.service</groupId> <artifactId>uportal-shibboleth-delegation-integration</artifactId> <scope>compile</scope> </dependency> <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-jcl</artifactId> <scope>compile</scope> </dependency>