Distributions of uPortal 4 include a CAS Server, which is used by default for portal authentication.
One of the first things you might wish to do is to modify that server to use an existing LDAP server as your authentication data source. Here are the steps required to do that.
Step 1. Add the CAS-LDAP dependency to uportal-portlets-overlay/cas/pom.xml
<dependencies> ... <dependency> <groupId>org.jasig.cas</groupId> <artifactId>cas-server-support-ldap</artifactId> <version>${cas-server.version}</version> <scope>compile</scope> <exclusions> <exclusion> <groupId>org.inspektr</groupId> <artifactId>inspektr-core</artifactId> </exclusion> </exclusions> </dependency> ...
Step 2. Modify uportal-portlets-overlay/cas/src/main/webapp/WEB-INF/deployerConfigContext.xml
- Modify the deployerConfigContext.xml file to include an authentication handler for your LDAP server and contextSource bean.
<property name="authenticationHandlers"> <list> ... // ---- add the section below ----- <bean class="org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler" > <property name="filter" value="uid=%u,ou=people,dc=yourinstitution,dc=edu" /> <property name="contextSource" ref="contextSource" /> </bean> ...
In this example, we have chosen to perform a "Fast Bind" against the LDAP server. This requires that you know where users exist in your LDAP Directory Information Tree (DIT).
More on Authentication Handlers
Step 3. Add the contextSource bean, which is used to tell CAS about your LDAP server.
- After adding the authentication handle in step 2, in the same file (uportal-portlets-overlay/cas/src/main/webapp/WEB-INF/deployerConfigContext.xml), add the contextSource bean.
<beans> ... <bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource"> <property name="urls"> <list> <value>ldaps://yourldapserver.yourinstitution.edu/</value> </list> </property> </bean> ... </beans>
Step 4. Build and deploy the modifications
From the root of your uPortal distribution (i.e., /uPortal-4.x), execute the following command:
ant clean deploy-ear
Step 5. Restart uPortal
SSL Considerations
If using LDAPS (as in the example above), you may need to import the certificate from "yourldapserver" into the JVM on your test portal server.
To do that, run the following command to get the certificate
openssl s_client -connect ldapserver:port -showcerts
Save everything between BEGIN CERTIFICATE and END CERTIFICATE to a file, and then import it.
That should cover all the changes you need to make.
The content on this page was derived from discussions on uportal-user between: Dave Laurie, Jen Bourey, Eric Dalquist and Mark Rogers.