Overview
Support for delegated authentication with Shibboleth comes with the Web Proxy Portlet from version 1.1.0 on.
Steps for updating the Web Proxy Portlet included with the uPortal EAR package
Step 1 - Updating the Web Proxy Portlet Version
In pom.xml
file and update the WebProxyPortlet.version
line to specify 1.1.0
<WebProxyPortlet.version>1.1.0</WebProxyPortlet.version>
Step 2 - Enabling the Shibboleth Http Manager
Next, the existing HttpManager bean in the Spring configuration should be updated to use this new implementation with the appropriate Shibboleth-related parameters.
<bean id="HttpManagerBean" class="edu.wisc.my.webproxy.beans.http.ShibbolethEnabledHttpManagerImpl" scope="prototype"> <property name="spPrivateKey" value="/etc/shibboleth/sp-key.pem"/> <!-- This property and the one below are optional to provide client-side TLS authentication to the IdP --> <property name="spCertificate" value="/etc/shibboleth/sp-cert.pem"/> <property name="portalEntityID" value="https://canadaspis.uchicago.edu/shibboleth"/> <!-- This property is required --> </bean>
In order for the portlet to properly obtain UserInfo data from the portal, the following items must also be added to the Web Proxy Portlet's portlet.xml file:
<user-attribute> <description>idpPublicKeys</description> <name>idpPublicKeys</name> </user-attribute> <user-attribute> <description>samlAssertion</description> <name>samlAssertion</name> </user-attribute>
Modifying uPortal's Web Proxy Portlet CPD
To list Shibboleth as an authentication option in uPortal's administrative interface, add "SHIBBOLETH" as an option for the "PORTLET.edu.wisc.my.webproxy.webproxy.httpclient.sAuthType" parameter in uPortal's Web Proxy Portlet CPD. This file is located within uPortal at uportal-war/src/main/resources/edu/wisc/my/portlets/WebProxy/WebProxyPortlet.cpd.
<parameter modify="publish"> <name>PORTLET.edu.wisc.my.webproxy.webproxy.httpclient.sAuthType</name> <label>Type of authentication (optional)</label> <type base="string" input="single-choice" display="drop-down"> <restriction type="enumeration"> <value></value> <value>SHIBBOLETH</value> <value>FORM</value> <value>BASIC</value> <value>NTLM</value> </restriction> </type> <defaultValue></defaultValue> <description>Select the type of authentication the web-based application requires.</description> </parameter>