Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Overview

Support for delegated authentication with Shibboleth comes with the Web Proxy Portlet from version 1.1.0 on.

Step 1 - Updating the Web Proxy Portlet Version

If the uPortal EAR packaging is used edit the uPortal pom.xml file and update the WebProxyPortlet.version line to specify 1.1.0

<WebProxyPortlet.version>1.1.0</WebProxyPortlet.version>

Next, the existing HttpManager bean in the Spring configuration should be updated to use this new implementation with the appropriate Shibboleth-related parameters.

<bean id="HttpManagerBean" class="edu.wisc.my.webproxy.beans.http.ShibbolethEnabledHttpManagerImpl" scope="prototype">
  <property name="spPrivateKey" value="/etc/shibboleth/sp-key.pem"/>  <!-- This property and the one below are optional to provide client-side TLS authentication to the IdP -->
  <property name="spCertificate" value="/etc/shibboleth/sp-cert.pem"/>
  <property name="portalEntityID" value="https://canadaspis.uchicago.edu/shibboleth"/>  <!-- This property is required -->
</bean>

In order for the portlet to properly obtain UserInfo data from the portal, the following items must also be added to the Web Proxy Portlet's portlet.xml file:

    <user-attribute>
        <description>idpPublicKeys</description>
        <name>idpPublicKeys</name>
    </user-attribute>

    <user-attribute>
        <description>samlAssertion</description>
        <name>samlAssertion</name>
    </user-attribute>

Modifying uPortal's Web Proxy Portlet CPD

To list Shibboleth as an authentication option in uPortal's administrative interface, add "SHIBBOLETH" as an option for the "PORTLET.edu.wisc.my.webproxy.webproxy.httpclient.sAuthType" parameter in uPortal's Web Proxy Portlet CPD. This file is located within uPortal at uportal-war/src/main/resources/edu/wisc/my/portlets/WebProxy/WebProxyPortlet.cpd.

      <parameter modify="publish">
        <name>PORTLET.edu.wisc.my.webproxy.webproxy.httpclient.sAuthType</name>
        <label>Type of authentication (optional)</label>
        <type base="string" input="single-choice" display="drop-down">
          <restriction type="enumeration">
            <value></value>
            <value>SHIBBOLETH</value>
            <value>FORM</value>
            <value>BASIC</value>
            <value>NTLM</value>
          </restriction>
        </type>
        <defaultValue></defaultValue>
        <description>Select the type of authentication the web-based application requires.</description>
      </parameter>
  • No labels