Configuring the Bundled CAS Server to Authenticate Against LDAP
Distributions of uPortal 4 include a CAS Server, which is used by default for portal authentication.
One of the first things you might wish to do is to modify that server to use an existing LDAP server as your authentication data source. Here are the steps required to do that.
Step 1. Add the CAS-LDAP dependency
- Add the cas-server-support-ldap dependency at: Â uPortal-4.x/uportal-portlets-overlay/cas/pom.xml
<dependencies> ... <dependency> <groupId>org.jasig.cas</groupId> <artifactId>cas-server-support-ldap</artifactId> <version>${cas-server.version}</version> <scope>compile</scope> <exclusions> <exclusion> <groupId>org.inspektr</groupId> <artifactId>inspektr-core</artifactId> </exclusion> </exclusions> </dependency> ...
Step 2. Modify deployerConfigContext.xml
- Modify the uPortal-4.x/uportal-portlets-overlay/cas/src/main/webapp/WEB-INF/deployerConfigContext.xml file to include an authentication handler for your LDAP server and contextSource bean.
<property name="authenticationHandlers"> <list> ... // ---- add the section below ----- <bean class="org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler" > <property name="filter" value="uid=%u,ou=people,dc=yourinstitution,dc=edu" /> <property name="contextSource" ref="contextSource" /> </bean> ...
In this example, we have chosen to perform a "Fast Bind" against the LDAP server. This requires that you know where users exist in your LDAP Directory Information Tree (DIT).
More on Authentication Handlers
Step 3. Add the contextSource bean
 After adding the authentication handle in step 2, in the same file (uPortal-4.x/uportal-portlets-overlay/cas/src/main/webapp/WEB-INF/deployerConfigContext.xml), add the contextSource bean.
<beans> ... <bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource"> <property name="urls"> <list> <value>ldaps://yourldapserver.yourinstitution.edu/</value> </list> </property> </bean> ... </beans>
Step 4. Rebuild/Redeploy uPortal
From the root of your uPortal distribution (i.e., uPortal-4.x), execute the following command:
ant clean deploy-war
Step 5. Restart tomcat
Restart your tomcat servlet container to activate the modifications.
SSL Considerations
If using LDAPS (as in the example above), you may need to import the certificate from "yourldapserver" into the JVM on your test portal server.
To do that, run the following command to get the certificate
openssl s_client -connect ldapserver:port -showcerts
Save everything between BEGIN CERTIFICATE and END CERTIFICATE to a file, and then import it.
That should cover all the changes you need to make.
The content on this page was derived from discussions on uportal-user between: Dave Laurie, Jen Bourey, Eric Dalquist and Mark Rogers.
Add Feedback content box here.....