Overview
Support for delegated authentication with Shibboleth comes with the Web Proxy Portlet from version 1.1.0 on.
Step 1 - Updating the Web Proxy Portlet Version
If the uPortal EAR packaging is used edit the uPortal pom.xml
file and update the WebProxyPortlet.version
line to specify 1.1.0
<WebProxyPortlet.version>1.1.0</WebProxyPortlet.version>
Next, the existing HttpManager bean in the Spring configuration should be updated to use this new implementation with the appropriate Shibboleth-related parameters.
<bean id="HttpManagerBean" class="edu.wisc.my.webproxy.beans.http.ShibbolethEnabledHttpManagerImpl" scope="prototype"> <property name="spPrivateKey" value="/etc/shibboleth/sp-key.pem"/> <!-- This property and the one below are optional to provide client-side TLS authentication to the IdP --> <property name="spCertificate" value="/etc/shibboleth/sp-cert.pem"/> <property name="portalEntityID" value="https://canadaspis.uchicago.edu/shibboleth"/> <!-- This property is required --> </bean>
In order for the portlet to properly obtain UserInfo data from the portal, the following items must also be added to the Web Proxy Portlet's portlet.xml file:
<user-attribute> <description>idpPublicKeys</description> <name>idpPublicKeys</name> </user-attribute> <user-attribute> <description>samlAssertion</description> <name>samlAssertion</name> </user-attribute>
Modifying uPortal's Web Proxy Portlet CPD
To list Shibboleth as an authentication option in uPortal's administrative interface, add "SHIBBOLETH" as an option for the "PORTLET.edu.wisc.my.webproxy.webproxy.httpclient.sAuthType" parameter in uPortal's Web Proxy Portlet CPD. This file is located within uPortal at uportal-war/src/main/resources/edu/wisc/my/portlets/WebProxy/WebProxyPortlet.cpd.
<parameter modify="publish"> <name>PORTLET.edu.wisc.my.webproxy.webproxy.httpclient.sAuthType</name> <label>Type of authentication (optional)</label> <type base="string" input="single-choice" display="drop-down"> <restriction type="enumeration"> <value></value> <value>SHIBBOLETH</value> <value>FORM</value> <value>BASIC</value> <value>NTLM</value> </restriction> </type> <defaultValue></defaultValue> <description>Select the type of authentication the web-based application requires.</description> </parameter>