Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

Overview

Support for delegated authentication with Shibboleth comes with the Web Proxy Portlet from version 1.1.0 on.

Steps for updating the Web Proxy Portlet included with the uPortal EAR package

Step 1 - Updating the Web Proxy Portlet Version

In pom.xml file and update the WebProxyPortlet.version line to specify 1.1.0

<WebProxyPortlet.version>1.1.0</WebProxyPortlet.version>

Step 2 - Enabling the Shibboleth Http Manager

Next, the existing HttpManager bean in the Spring configuration should be updated to use this new implementation with the appropriate Shibboleth-related parameters.

<bean id="HttpManagerBean" class="edu.wisc.my.webproxy.beans.http.ShibbolethEnabledHttpManagerImpl" scope="prototype">
  <property name="spPrivateKey" value="/etc/shibboleth/sp-key.pem"/>  <!-- This property and the one below are optional to provide client-side TLS authentication to the IdP -->
  <property name="spCertificate" value="/etc/shibboleth/sp-cert.pem"/>
  <property name="portalEntityID" value="https://canadaspis.uchicago.edu/shibboleth"/>  <!-- This property is required -->
</bean>

In order for the portlet to properly obtain UserInfo data from the portal, the following items must also be added to the Web Proxy Portlet's portlet.xml file:

    <user-attribute>
        <description>idpPublicKeys</description>
        <name>idpPublicKeys</name>
    </user-attribute>

    <user-attribute>
        <description>samlAssertion</description>
        <name>samlAssertion</name>
    </user-attribute>

Modifying uPortal's Web Proxy Portlet CPD

To list Shibboleth as an authentication option in uPortal's administrative interface, add "SHIBBOLETH" as an option for the "PORTLET.edu.wisc.my.webproxy.webproxy.httpclient.sAuthType" parameter in uPortal's Web Proxy Portlet CPD. This file is located within uPortal at uportal-war/src/main/resources/edu/wisc/my/portlets/WebProxy/WebProxyPortlet.cpd.

      <parameter modify="publish">
        <name>PORTLET.edu.wisc.my.webproxy.webproxy.httpclient.sAuthType</name>
        <label>Type of authentication (optional)</label>
        <type base="string" input="single-choice" display="drop-down">
          <restriction type="enumeration">
            <value></value>
            <value>SHIBBOLETH</value>
            <value>FORM</value>
            <value>BASIC</value>
            <value>NTLM</value>
          </restriction>
        </type>
        <defaultValue></defaultValue>
        <description>Select the type of authentication the web-based application requires.</description>
      </parameter>
  • No labels