04 Exercise - Configuring use of JASIG CAS server instance

Owned by Andrew Petro
Last updated: Jul 21, 2008Version comment
3 min read

Exercise

This page is a different kind of uPortal manual page, a hands-on exercise. It may be helpful to you to use this exercise in the context of this manual. It also may serve as a template for building uPortal training materials.

Purpose of this exercise

This exercise configures uPortal to use JASIG's centrally hosted CAS server instance rather than the CAS server instance that ships with uPortal.

This exercise helps introduce the Legacy Java CAS Client (evolution of the Yale Java CAS Client) that ships with uPortal and its configuration in web.xml. It helps people to be aware of the JASIG hosted CAS server instance (which is a fine place to try out CAS) and to be aware of how to create a JASIG Jira issue tracker account.

Pre-requisites for this exercise

  • A working, installed, suitable instance of uPortal 3 (e.g., that provided by the uPortal Quickstart distribution)

Stepwise instructions

Step 1: Have a JA-SIG Jira account

Are you able to login to http://www.ja-sig.org/issues?

If so, great, that's the username and password you'll use to log in to CAS.

If not, you'll need to sign up for an account. Besides being useful for this exercise, an account will let you submit issues and patches to uPortal.

https://www.ja-sig.org/issues/secure/Signup!default.jspa

Step 2: Verify that you can log in to JA-SIG CAS

Try out logging in to JA-SIG CAS. Here's a URL to a dummy service, just to see if you can log in at all.

https://www.ja-sig.org/cas/login?service=http://www.uportal.org/

If you can log in and be redirected away from CAS, then your username, password pair work.

Step 3: Configure uPortal to validate tickets against JA-SIG CAS

Edit /up3/uPortal-3.0.0-quick-start/uPortal-3.0.0/uportal-war/src/main/webapp/WEB-INF/web.xml

to change the CAS ticket validation URL of the CAS Validate Filter

Configuring the CAS Validate Filter to point at JASIG's hosted CAS instance
<filter>
    <filter-name>CAS Validate Filter</filter-name>       
    <filter-class>edu.yale.its.tp.cas.client.filter.CASValidateFilter</filter-class>
    <init-param>
        <param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
        <param-value>https://www.ja-sig.org/cas/serviceValidate</param-value>
    </init-param>

Step 4: Configure uPortal to link to JA-SIG CAS on the login button

Edit /up3/uPortal-3.0.0-quick-start/uPortal-3.0.0/uportal-impl/src/main/resources/properties/security.properties

In security.properties:

Default CAS login URL configuration in security.properties
## Login URL, if specified the CLogin channel will display a Login link with
## this URL instead of the standard userName/password form.
org.jasig.portal.channels.CLogin.CasLoginUrl=http://localhost:8080/cas/login?service=http://localhost:8080/uPortal/Login

should become instead:

Configuring the CAS login URL to point to JASIG's hosted CAS server instance
## Login URL, if specified the CLogin channel will display a Login link with
## this URL instead of the standard userName/password form.
org.jasig.portal.channels.CLogin.CasLoginUrl=https://www.ja-sig.org/cas/login?service=http://localhost:8080/uPortal/Login

Parallel to this readme is a "jasig_cas" directory containing a security.properties with this change, so you can check against and/or just copy that.

Step 5: Use Ant to deploy these changes

First stop your quickstarted uPortal instance if it is running.

Stopping the uPortal quick start
/uP3/uPortal-3.0.0-quick-start/apache-ant-1.6.5/bin/ant stop

Then use Ant to publish the updated uPortal web application.

Deploying the uPortal war
/uP3/uPortal-3.0.0-quick-start/apache-ant-1.6.5/bin/ant deploy-war

Step 6: Start your uPortal web application

Starting uPortal
/uP3/uPortal-3.0.0-quick-start/apache-ant-1.6.5/bin/ant start

Step 7: Try it out

Open your portal in your web browser and click the login via CAS button. This should take to you JA-SIG CAS where you can log in using your JA-SIG Jira username and password.

Step 8: Undo the changes

You'll probably want to undo these changes so that you can log into your portal as more than just your one JASIG Jira user account.

If you are using the developer quickstart distribution which retains connection to JASIG SVN or otherwise can SVN revert:

Reverting the changes using SVN
svn revert /up3/uPortal-3.0.0-quick-start/uPortal-3.0.0/uportal-war/src/main/webapp/WEB-INF/web.xml
svn revert /up3/uPortal-3.0.0-quick-start/uPortal-3.0.0/uportal-impl/src/main/resources/properties/security.properties

If not, simply copy over the web.xml and the security.properties from the original distribution over the edited web.xml and security.properties.