No Frills CASify uPortal

Owned by Andrew Petro
Last updated: Jun 04, 2007Version comment
2 min read

See uPortal Manual for documentation for the impatient

As of uPortal ~2.5.2, uPortal ships with all the libraries you need and working commented out example configuration for simple CAS integration. This is documented in the uPortal manual wiki. This no-frills guide approach can work but involves more heroics than is minimally required.

No frills guide to making uPortal use CAS for login authentication

Right now, you don't want to know how it works, what your options are, about proxy tickets, or about why it is the way it is: you just want it to work.

Getting it

Download cas-security-provider 3.x
Use a recent JRE 1.4. I don't think CAS Java Client 2.1.0 will run under JRE 1.3 or earlier, but I haven't tried.

Installing it

Unzip the cas-security-provider distribution.
Stop your web container (Tomcat, e.g.)
Copy the cas-security-provider.jar and the casclient.jar files into the lib directory of your uPortal instance as deployed into your web container.

Edit security.properties

Edit your deployed uPortal security.properties file to map the YaleCasFilteredContextFactory to the root security context and to map the ticket credential to the root context.

You need to set the root security context factory to be the YaleCasFilteredContextFactory:

root=edu.yale.its.tp.portal.security.YaleCasFilteredContextFactory

You need to set the credential token "ticket":

# Answers what tokens are examined in the request for each context during authentication.
# A subcontext only needs to set it's tokens if it differs from those of the root context.
#principalToken.root=userName
#credentialToken.root=password
credentialToken.root=ticket

Map the required filters in your web.xml.

Edit your deployed web.xml for your uPortal to map the required filters.

<filter>
  <filter-name>CAS Validate Filter</filter-name>
  <filter-class>edu.yale.its.tp.cas.client.filter.CASValidateFilter</filter-class>
  <init-param>
    <param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
    <param-value>https://secure.its.yale.edu/cas/serviceValidate</param-value>
  </init-param>
  <init-param>
    <param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>
    <param-value>hkg2.cis.yale.edu:8080</param-value>
  </init-param>
</filter>

<filter>
  <filter-name>CAS Receipt Cacher</filter-name>
  <filter-class>edu.yale.its.tp.cas.client.filter.StaticCasReceiptCacherFilter</filter-class>
</filter>

<filter-mapping>
  <filter-name>CAS Validate Filter</filter-name>
  <url-pattern>/Login</url-pattern>
</filter-mapping>

<filter-mapping>
  <filter-name>CAS Receipt Cacher</filter-name>
  <url-pattern>/Login</url-pattern>
</filter-mapping>

Using it

To log into your CASified Portal, you follow a URL to your CAS server with the URL-encoded URL of your uPortal Login servlet as the "service" request parameter. Your uPortal login URL is something like: http://someschool.edu/uPortal/Login and your CAS server URL is something like https://secure.school.edu/cas/login and so the URL you should click to begin the login proccess is something like: https://secure.school.edu/cas/login?service=http%3A%2F%2Fsomeschool.edu%2FuPortal%2FLogin