Authenticating Against LDAP

Owned by Jen Bourey
Last updated: Aug 27, 2013 by Laura McCordVersion comment
3 min read

These instructions document how to configure uPortal itself to perform authentication against LDAP. It is also possible to configure the bundled CAS instance, or some other CAS server, to connect to LDAP instead of following this approach.

Step 1. Add the ldap connection context

  • Open and edit the following file: uPortal-4.x/uportal-war/src/main/resources/properties/contexts/ldapContext.xml
  • Add your ldap connection url, userName, etc...
uportal-war/src/main/resources/properties/contexts/ldapContext.xml
<bean id="defaultLdapServer" class="org.jasig.portal.ldap.ContextSourceLdapServerImpl">
    <property name="ldapContextSource" ref="legacyLdapContext"/>
    <property name="uidAttribute" value="uid"/>
    <property name="baseDN" value="ou=People, dc=myuniv, dc=edu"/>
</bean>

<bean id="legacyLdapContext" class="org.springframework.ldap.core.support.LdapContextSource">
    <property name="url" value="ldap://ldap.myuniv.edu:389"/>
    <property name="userName" value=""/>
    <property name="password" value=""/>
</bean>

Step 2. Add the SimpleLdapSecurityContextFactory

  • Open and edit the following file: uPortal-4.x/uportal-war/src/main/resources/properties/security.properties
uportal-war/src/main/resources/properties/security.properties
## This is the factory that supplies the concrete authentication class
root=org.jasig.portal.security.provider.UnionSecurityContextFactory
root.simple=org.jasig.portal.security.provider.SimpleSecurityContextFactory
root.ldap=org.jasig.portal.security.provider.SimpleLdapSecurityContextFactory
  • If you need uPortal to cache user passwords, you may add the cache security context factory:
uportal-war/src/main/resources/properties/security.properties
## This is the factory that supplies the concrete authentication class
root=org.jasig.portal.security.provider.UnionSecurityContextFactory
root.simple=org.jasig.portal.security.provider.SimpleSecurityContextFactory
root.simple.cache=org.jasig.portal.security.provider.CacheSecurityContextFactory
root.ldap=org.jasig.portal.security.provider.SimpleLdapSecurityContextFactory
root.ldap.cache=org.jasig.portal.security.provider.CacheSecurityContextFactory

Note: If you choose not to configure the CasLoginUrl parameter in the security.properties file, you will receive the following error, "Could not resolve property placeholder ${org.jasig.portal.channels.CLogin.CasLoginUrl}". This error stems from the CasLoginUrl parameter being referenced in two files: jsonRenderingPipelinContext.xml and renderingPipelineContext.xml located in the directory path, uportal-war/src/main/resources/properties/contexts. Therefore, you will need to remove (comment out) the CasLoginUrl parameter reference in the two xml files.

<entry key="EXTERNAL_LOGIN_URL" value="${org.jasig.portal.channels.CLogin.CasLoginUrl}" />

 For Additional Information see the CAS manual page.

Step 3. (Optional) Show Login Form for Guest User

If using import scripts

There seems to be a bug in the import script that won't allow you to import the channel if the comment below is left in place in uportal-war/src/main/data/default_entities/layout/guest.layout.xml (https://issues.jasig.org/browse/UP-3176)

<!--Uncomment to use local login <channel fname="login" unremovable="false" hidden="false" immutable="false"/>-->
  • In order to show the login form for the guest user layout, go to uportal-war/src/main/data/default_entities/layout/guest.layout.xml file and remove the comment to include the local login form. Your resulting guest.layout.xml file should look like the code segment below without the comment:
uportal-war/src/main/data/default_entities/layout/guest.layout.xml
<layout xmlns:dlm="http://www.uportal.org/layout/dlm" script="classpath://org/jasig/portal/io/import-layout_v3-2.crn" username="guest">
 <folder hidden="false" immutable="false" name="Root folder" type="root" unremovable="true">
   <folder hidden="false" immutable="true" name="Header folder" type="header" unremovable="true">
      <channel fname="login" unremovable="false" hidden="false" immutable="false"/>
   </folder>
   <folder hidden="false" immutable="false" name="Footer folder" type="footer" unremovable="false"/>
 </folder>
</layout>

   

Step 4. Rebuild/Redeploy uPortal

From the root of your uPortal distribution (i.e., uPortal-4.x), execute the following command:

ant clean deploy-war

 

Step 5: Restart Tomcat

Restart your tomcat servlet container to activate the modifications.

 

Optional: Using Multiple LDAP servers

See the example at uPortal-4.x/uportal-war/src/main/resources/properties/security.properties 

##
##  Multiple LDAP & Local Authentication
##  
##  The following is an example of configuring uPortal to use multiple LDAP
##  directories  and local user authentication (authentication by username and
##  password hash stored in the uPortal database).  It uses the UnionSecurityContext
##  to consider all authentication methods and declares the required tokens for all. 
##
##  Comment out all other properties in this file and then uncomment the lines
##  prefixed with a single # below.
## 

## This is the factory that supplies the concrete authentication class
#root=org.jasig.portal.security.provider.UnionSecurityContextFactory
#root.simple=org.jasig.portal.security.provider.SimpleSecurityContextFactory
#root.ldap_stu=org.jasig.portal.security.provider.SimpleLdapSecurityContextFactory
#root.ldap_fac=org.jasig.portal.security.provider.SimpleLdapSecurityContextFactory

## The following tells the SimpleLdapSecurityContextFactory with the similarly named
## property which named LDAP connection to use. Named LDAP connections are defined in
## properties/contexts/ldapContext.xml
#securityContextProperty.root.ldap_stu.connection=Students
#securityContextProperty.root.ldap_fac.connection=Faculty

## Answers what tokens are examined in the request for each context during authentication.
#principalToken.root=userName
#credentialToken.root=password

## This is the factory that supplies the concrete authorization class
#authorizationProvider=org.jasig.portal.security.provider.AuthorizationServiceFactoryImpl

 


Additional References

Having problems with these instructions?

Please send us feedback at uportal-user@lists.ja-sig.org

Add Feedback content box here.....