05 Exercise - Configuring CAS to use another authentication handler

Exercise

This page is a different kind of uPortal manual page, a hands-on exercise. It may be helpful to you to use this exercise in the context of this manual. It also may serve as a template for building uPortal training materials.

Purpose of this exercise

This exercise configures uPortal to use a different authentication handler (mechanism for authenticating usernames and passwords) than the default.

In this exercise we're going to make a configuration change to the embedded CAS server, just because we can, that will change it to authenticate where username=password.

This exercise helps introduce configuration of CAS and the way that configuration overlays onto the CAS server Maven artifacts in the uPortal build process.

Pre-requisites for this exercise

A working, installed, suitable instance of uPortal 3 (e.g., that provided by the uPortal Quickstart distribution)
A created user in your uPortal 3 instance with a username that is not the same as its password. (If you need to create such a user, there's a previous exercise that instructs on how to do this.)

Stepwise instructions

Step 1: Edit the deployerConfigContext.xml

Edit deployerConfigContext.xml, setting it to use the default-for-CAS authentication handler.

This authentication handler declaration:

The authentication handler declaration in deployerConfigContext.xml


<property name="authenticationHandlers">
  <list>
    <!--
     | This is the authentication handler that authenticates services by means of callback via SSL, thereby validating
     | a server side SSL certificate.
     +-->
    <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
          p:httpClient-ref="httpClient" >
      <!-- THIS IS NOT SECURE.  PLEASE CHANGE BEFORE DEPLOYING TO PRODUCTION ENVIRONMENTS. -->
      <property name="requireSecure" value="false"/>
    </bean>
    <!--
     | This is the authentication handler declaration that every CAS deployer will need to change before deploying CAS 
     | into production.  The default SimpleTestUsernamePasswordAuthenticationHandler authenticates UsernamePasswordCredentials
     | where the username equals the password.  You will need to replace this with an AuthenticationHandler that implements your
     | local authentication strategy.  You might accomplish this by coding a new such handler and declaring
     | edu.someschool.its.cas.MySpecialHandler here, or you might use one of the handlers provided in the adaptors modules.
     +-->
    <bean
      class="org.jasig.portal.cas.authentication.handler.support.PersonDirAuthenticationHandler" 
      p:user-password-dao-ref="userPasswordDao" />
  </list>
</property>

Becomes this:

Changed Authentication Handler declaration in deployerConfigContext.xml


<property name="authenticationHandlers">
  <list>
  <!--
   | This is the authentication handler that authenticates services by means of callback via SSL, thereby validating
   | a server side SSL certificate.
   +-->
    <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
      p:httpClient-ref="httpClient" >
    <!-- THIS IS NOT SECURE.  PLEASE CHANGE BEFORE DEPLOYING TO PRODUCTION ENVIRONMENTS. -->
      <property name="requireSecure" value="false"/>
    </bean>
    <!--
     | This is the authentication handler declaration that every CAS deployer will need to change before deploying CAS 
     | into production.  The default SimpleTestUsernamePasswordAuthenticationHandler authenticates UsernamePasswordCredentials
     | where the username equals the password.  You will need to replace this with an AuthenticationHandler that implements your
     | local authentication strategy.  You might accomplish this by coding a new such handler and declaring
     | edu.someschool.its.cas.MySpecialHandler here, or you might use one of the handlers provided in the adaptors modules.
     +-->
    <bean
      class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />
  </list>
</property>

Step 2: Be sure your portal is stopped

Stopping the quickstart


andrew-petros-macbook:uPortal-3.0.0-quick-start apetro$ pwd
/up3/uPortal-3.0.0-quick-start
andrew-petros-macbook:uPortal-3.0.0-quick-start apetro$ ./ant.sh stop

Step 3: Run the Ant deploy-ear to deploy the modified CAS

Deploying the modified ear


cd uPortal-3.0.0
../ant.sh deploy-ear

Note that here the Ant task is deploy-ear, not deploy-war, as the change to be deployed is not in the pimary uPortal webapp but is instead a change to the CAS webapp deployed alongside uPortal.

Step 4: Start the portal again

After you wait for uPortal to start up, you can see it in your web browser at

http://localhost:8080/uPortal/

Step 5: Try it out

You should now be able to log in as seminar / seminar rather than seminar / howdy, e.g,