Configuring the Bundled CAS Server to Authenticate Against LDAP

Distributions of uPortal 3.X.X include a CAS Server, which is used by default for portal authentication.

One of the first things you might wish to do is to modify that server to use an existing LDAP server as your authentication data source. Here are the steps required to do that.

Step 1. Add the CAS-LDAP dependency to uportal-portlets-overlay/cas/pom.xml

<dependencies>
...
<dependency>
  <groupId>org.jasig.cas</groupId>
  <artifactId>cas-server-support-ldap</artifactId>
  <version>${cas-server.version}</version>
  <scope>compile</scope>
  <exclusions>
    <exclusion>
      <groupId>org.inspektr</groupId>
      <artifactId>inspektr-core</artifactId>
    </exclusion>
  </exclusions>
</dependency>
...

Step 2. Modify uportal-portlets-overlay/cas/src/main/webapp/WEB-INF/deployerConfigContext.xml

  • Modify the deployerConfigContext.xml file to include an authentication handler for your LDAP server and contextSource bean.
<property name="authenticationHandlers">
  <list>
    ...
    // ---- add the section below -----
    <bean class="org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler" >
      <property name="filter" value="uid=%u,ou=people,dc=yourinstitution,dc=edu" />
      <property name="contextSource" ref="contextSource" />
    </bean>
    ...

In this example, we have chosen to perform a "Fast Bind" against the LDAP server. This requires that you know where users exist in your LDAP Directory Information Tree (DIT).

More on Authentication Handlers

Step 3. Add the contextSource bean, which is used to tell CAS about your LDAP server.

<beans>
  ...
  <bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">
    <property name="urls">
      <list>
        <value>ldaps://yourldapserver.yourinstitution.edu/</value>
      </list>
    </property>
  </bean>
  ...
</beans>

Note: This bean configuration should be in the same file (deployerConfigContext.xml) - add and customise the above bean definition after the rest of the beans.

Step 4. Build and deploy the modifications

From "the root of your uPortal distribution"/uPortal-3.X.X, execute the following command:

ant clean deploy-ear

Step 5. Restart uPortal

SSL Considerations

If using LDAPS (as in the example above), you may need to import the certificate from "yourldapserver" into the JVM on your test portal server.

To do that, run the following command to get the certificate

openssl s_client -connect ldapserver:port -showcerts

Save everything between BEGIN CERTIFICATE and END CERTIFICATE to a file, and then import it.
That should cover all the changes you need to make.
The content on this page was derived from discussions on uportal-user between: Dave Laurie, Jen Bourey, Eric Dalquist and Mark Rogers.

Additional References

Having problems with these instructions?

Please send us feedback at uportal-user@lists.ja-sig.org