Documentation provided by Sarah Sloan, Senior Developer, from University of the West of England, Bristol
The following are steps to configure uPortal to authenticate against Active Directory (AD), pull user attributes from AD and other sources, and place users into groups based on those attributes.
Step 1. Authenticate against Active Directory
You need to tell uPortal to authenticate against AD instead of the bundled CAS server by amending the security.properties and ldapContext.xml files.
<bean id="defaultLdapServer" class="org.jasig.portal.ldap.ContextSourceLdapServerImpl"> <property name="ldapContextSource" ref="legacyLdapContext"/> <property name="uidAttribute" value="uid"/> <property name="baseDN" value="ou=People, dc=myuniv, dc=edu"/> </bean> <bean id="legacyLdapContext" class="org.springframework.ldap.core.support.LdapContextSource"> <property name="url" value="ldap://ldap.myuniv.edu:389"/> <property name="userName" value=""/> <property name="password" value=""/> </bean>
## This is the factory that supplies the concrete authentication class root=org.jasig.portal.security.provider.UnionSecurityContextFactory root.simple=org.jasig.portal.security.provider.SimpleSecurityContextFactory root.ldap=org.jasig.portal.security.provider.SimpleLdapSecurityContextFactory
- If you need to uPortal to cache user passwords, you may add the cache security context factory:
## This is the factory that supplies the concrete authentication class root=org.jasig.portal.security.provider.UnionSecurityContextFactory root.simple=org.jasig.portal.security.provider.SimpleSecurityContextFactory root.simple.cache=org.jasig.portal.security.provider.CacheSecurityContextFactory root.ldap=org.jasig.portal.security.provider.SimpleLdapSecurityContextFactory root.ldap.cache=org.jasig.portal.security.provider.CacheSecurityContextFactory
In the uPortal-parent pom.xml, add a version property
<spring-modules-cache.version>0.8a</spring-modules-cache.version>
- Add a dependency declaration
<dependency> <groupId>org.springmodules</groupId> <artifactId>spring-modules-cache</artifactId> <version>${spring-modules-cache.version}</version> </dependency>
- You also need to add an exclusion for each of its transitive dependencies
<exclusions> <exclusion> <groupId>org.springframework</groupId> <artifactId>spring</artifactId> </exclusion> <exclusion> <groupId>gigaspaces</groupId> <artifactId>gigaspaces-ce</artifactId> </exclusion> <exclusion> <groupId>jini</groupId> <artifactId>jsk-lib</artifactId> </exclusion> <exclusion> <groupId>jini</groupId> <artifactId>jsk-platform</artifactId> </exclusion> <exclusion> <groupId>jini</groupId> <artifactId>mahalo</artifactId> </exclusion> <exclusion> <groupId>jini</groupId> <artifactId>reggie</artifactId> </exclusion> <exclusion> <groupId>jini</groupId> <artifactId>start</artifactId> </exclusion> <exclusion> <groupId>jini</groupId> <artifactId>boot</artifactId> </exclusion> <exclusion> <groupId>jini</groupId> <artifactId>webster</artifactId> </exclusion> <exclusion> <groupId>commons-attributes</groupId> <artifactId>commons-attributes-api</artifactId> </exclusion> <exclusion> <groupId>commons-attributes</groupId> <artifactId>commons-attributes-compiler</artifactId> </exclusion> <exclusion> <groupId>cglib</groupId> <artifactId>cglib-nodep</artifactId> </exclusion> <exclusion> <groupId>jboss</groupId> <artifactId>javassist</artifactId> </exclusion> <exclusion> <groupId>jboss</groupId> <artifactId>jboss-cache</artifactId> </exclusion> <exclusion> <groupId>jboss</groupId> <artifactId>jboss-common</artifactId> </exclusion> <exclusion> <groupId>jboss</groupId> <artifactId>jboss-jmx</artifactId> </exclusion> <exclusion> <groupId>jboss</groupId> <artifactId>jboss-minimal</artifactId> </exclusion> <exclusion> <groupId>jboss</groupId> <artifactId>jboss-system</artifactId> </exclusion> <exclusion> <groupId>jcs</groupId> <artifactId>jcs</artifactId> </exclusion> <exclusion> <groupId>jgroups</groupId> <artifactId>jgroups-all</artifactId> </exclusion> <exclusion> <groupId>geronimo-spec</groupId> <artifactId>geronimo-spec-jta</artifactId> </exclusion> <exclusion> <groupId>xpp3</groupId> <artifactId>xpp3_min</artifactId> </exclusion> <exclusion> <groupId>xjavadoc</groupId> <artifactId>xjavadoc</artifactId> </exclusion> <exclusion> <groupId>opensymphony</groupId> <artifactId>oscache</artifactId> </exclusion> <exclusion> <groupId>ehcache</groupId> <artifactId>ehcache</artifactId> </exclusion> </exclusions>
- In the uportal-war/pom.xml file add a reference to this dependency
<dependency> <groupId>org.springmodules</groupId> <artifactId>spring-modules-cache</artifactId> </dependency>
Step 2. Configure User Attributes
Having changed the authentication source, you now need to configure uPortal to pickup person attributes from wherever they are stored – presumably at least some will come from AD, but others may come from other sources such as different databases.
The configuration is done in uportal-war/src/main/resources/properties/contexts/personDirectoryContext.xml. The links below explain how to configure the attribute sources:
- LDAP specific attribute source information
- How to setup more than one source for user attributes (e.g., LDAP and JDBC)
Step 3. Data Source Configuration
If one or more of your attribute sources are other databases, you need to configure the datasource details. This is done in uportal-war/src/main/resources/properties/contexts/datasourceContext.xml, by default as a direct connection to the database. This is great for builds but at runtime you probably want to use a JNDI datasource, which explains how to use a direct connection at build time and JNDI at runtime.
Step 4. Configure Groups
Now you need to change how uPortal puts users into groups to test against the attributes you declared in the uportal-war/src/main/resources/properties/contexts/personDirectoryContext.xml (step 2). The group testing is configured in uportal-war/src/main/resources/properties/groups/PAGSGroupStoreConfig.xml – change this to put users in groups that are relevant to your institution.
- Person Attribute Groups Store (PAGS) explains how to setup group stores, how they work, and the different tests available
Follow the instruction to