04 Exercise - Configuring use of JASIG CAS server instance
Exercise
This page is a different kind of uPortal manual page, a hands-on exercise. It may be helpful to you to use this exercise in the context of this manual. It also may serve as a template for building uPortal training materials.
Purpose of this exercise
This exercise configures uPortal to use JASIG's centrally hosted CAS server instance rather than the CAS server instance that ships with uPortal.
This exercise helps introduce the Legacy Java CAS Client (evolution of the Yale Java CAS Client) that ships with uPortal and its configuration in web.xml. It helps people to be aware of the JASIG hosted CAS server instance (which is a fine place to try out CAS) and to be aware of how to create a JASIG Jira issue tracker account.
Pre-requisites for this exercise
- A working, installed, suitable instance of uPortal 3 (e.g., that provided by the uPortal Quickstart distribution)
Stepwise instructions
Step 1: Have a JA-SIG Jira account
Are you able to login to http://www.ja-sig.org/issues?
If so, great, that's the username and password you'll use to log in to CAS.
If not, you'll need to sign up for an account. Besides being useful for this exercise, an account will let you submit issues and patches to uPortal.
https://www.ja-sig.org/issues/secure/Signup!default.jspa
Step 2: Verify that you can log in to JA-SIG CAS
Try out logging in to JA-SIG CAS. Here's a URL to a dummy service, just to see if you can log in at all.
https://www.ja-sig.org/cas/login?service=http://www.uportal.org/
If you can log in and be redirected away from CAS, then your username, password pair work.
Step 3: Configure uPortal to validate tickets against JA-SIG CAS
Edit /up3/uPortal-3.0.0-quick-start/uPortal-3.0.0/uportal-war/src/main/webapp/WEB-INF/web.xml
to change the CAS ticket validation URL of the CAS Validate Filter
<filter> <filter-name>CAS Validate Filter</filter-name> <filter-class>edu.yale.its.tp.cas.client.filter.CASValidateFilter</filter-class> <init-param> <param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name> <param-value>https://www.ja-sig.org/cas/serviceValidate</param-value> </init-param>
Step 4: Configure uPortal to link to JA-SIG CAS on the login button
Edit /up3/uPortal-3.0.0-quick-start/uPortal-3.0.0/uportal-impl/src/main/resources/properties/security.properties
In security.properties:
## Login URL, if specified the CLogin channel will display a Login link with ## this URL instead of the standard userName/password form. org.jasig.portal.channels.CLogin.CasLoginUrl=http://localhost:8080/cas/login?service=http://localhost:8080/uPortal/Login
should become instead:
## Login URL, if specified the CLogin channel will display a Login link with ## this URL instead of the standard userName/password form. org.jasig.portal.channels.CLogin.CasLoginUrl=https://www.ja-sig.org/cas/login?service=http://localhost:8080/uPortal/Login
Parallel to this readme is a "jasig_cas" directory containing a security.properties with this change, so you can check against and/or just copy that.
Step 5: Use Ant to deploy these changes
First stop your quickstarted uPortal instance if it is running.
/uP3/uPortal-3.0.0-quick-start/apache-ant-1.6.5/bin/ant stop
Then use Ant to publish the updated uPortal web application.
/uP3/uPortal-3.0.0-quick-start/apache-ant-1.6.5/bin/ant deploy-war
Step 6: Start your uPortal web application
/uP3/uPortal-3.0.0-quick-start/apache-ant-1.6.5/bin/ant start
Step 7: Try it out
Open your portal in your web browser and click the login via CAS button. This should take to you JA-SIG CAS where you can log in using your JA-SIG Jira username and password.
Step 8: Undo the changes
You'll probably want to undo these changes so that you can log into your portal as more than just your one JASIG Jira user account.
If you are using the developer quickstart distribution which retains connection to JASIG SVN or otherwise can SVN revert:
svn revert /up3/uPortal-3.0.0-quick-start/uPortal-3.0.0/uportal-war/src/main/webapp/WEB-INF/web.xml svn revert /up3/uPortal-3.0.0-quick-start/uPortal-3.0.0/uportal-impl/src/main/resources/properties/security.properties
If not, simply copy over the web.xml and the security.properties from the original distribution over the edited web.xml and security.properties.