Web Proxy Portlet with Delegated SAML Authentication

Owned by Adam Rybicki (Deactivated)
Last updated: Jul 07, 2010 by Eric DalquistVersion comment
2 min read

Overview

Support for delegated authentication with Shibboleth comes with the Web Proxy Portlet from version 1.1.1 on.

Steps for updating the Web Proxy Portlet included with the uPortal EAR package

Step 1 - Updating the Web Proxy Portlet Version

In pom.xml file and update the WebProxyPortlet.version line to specify 1.1.1

<WebProxyPortlet.version>1.1.1</WebProxyPortlet.version>

Step 2 - Enabling the Shibboleth Http Manager

Add the file uportal-portlets-overlay/WebProxyPortlet/src/main/webapp/WEB-INF/applicationContextOverrides.xml with contents:
You'll need to set the spPrivateKey, spCertificate, and portalEntityID properties appropriately for your institution.

<?xml version="1.0" encoding="UTF-8"?>
<!--
 | Override specific bean(s) from applicationContext.xml
 +-->
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:util="http://www.springframework.org/schema/util"
    xmlns:tx="http://www.springframework.org/schema/tx"
    xmlns:aop="http://www.springframework.org/schema/aop"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
    http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd
    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.0.xsd
    http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.0.xsd">
    
    <bean id="HttpManagerBean" class="edu.wisc.my.webproxy.beans.http.ShibbolethEnabledHttpManagerImpl" scope="prototype">
      <property name="spPrivateKey" value="/opt/shibboleth-sp/etc/shibboleth/sp-key.pem"/>
      <property name="spCertificate" value="/opt/shibboleth-sp/etc/shibboleth/sp-cert.pem"/>
      <property name="portalEntityID" value="https://my.example.com/shibboleth"/>
    </bean>
</beans>

Step 3 - Enable the SAML User Attributes

Copy the portlet.xml file from the release to uportal-portlets-overlay/WebProxyPortlet/src/main/webapp/WEB-INF/portlet.xml and add the following user attributes:

<user-attribute>
    <description>idpPublicKeys</description>
    <name>idpPublicKeys</name>
</user-attribute>

<user-attribute>
    <description>samlAssertion</description>
    <name>samlAssertion</name>
</user-attribute>

Optional - Modifying uPortal's Web Proxy Portlet CPD

To list Shibboleth as an authentication option in uPortal's administrative interface, add "SHIBBOLETH" as an option for the PORTLET.edu.wisc.my.webproxy.webproxy.httpclient.sAuthType parameter in uPortal's Web Proxy Portlet CPD.

In uportal-war/src/main/resources/edu/wisc/my/portlets/WebProxy/WebProxyPortlet.cpd add <value>SHIBBOLETH</value>

<parameter modify="publish">
    <name>PORTLET.edu.wisc.my.webproxy.webproxy.httpclient.sAuthType</name>
    <label>Type of authentication (optional)</label>
    <type base="string" input="single-choice" display="drop-down">
    <restriction type="enumeration">
        <value></value>
        <value>SHIBBOLETH</value>
        <value>FORM</value>
        <value>BASIC</value>
        <value>NTLM</value>
    </restriction>
    </type>
    <defaultValue></defaultValue>
    <description>Select the type of authentication the web-based application requires.</description>
</parameter>