Authenticating Against LDAP
These instructions document how to configure uPortal itself to perform authentication against LDAP. It is also possible to configure the bundled CAS instance, or some other CAS server, to connect to LDAP instead of following this approach.
Step 1. Add the ldap connection context
- Open and edit the following file: uPortal-4.x/uportal-war/src/main/resources/properties/contexts/ldapContext.xml
- Add your ldap connection url, userName, etc...
<bean id="defaultLdapServer" class="org.jasig.portal.ldap.ContextSourceLdapServerImpl"> <property name="ldapContextSource" ref="legacyLdapContext"/> <property name="uidAttribute" value="uid"/> <property name="baseDN" value="ou=People, dc=myuniv, dc=edu"/> </bean> <bean id="legacyLdapContext" class="org.springframework.ldap.core.support.LdapContextSource"> <property name="url" value="ldap://ldap.myuniv.edu:389"/> <property name="userName" value=""/> <property name="password" value=""/> </bean>
Step 2. Add the SimpleLdapSecurityContextFactory
- Open and edit the following file:Â uPortal-4.x/uportal-war/src/main/resources/properties/security.properties
## This is the factory that supplies the concrete authentication class root=org.jasig.portal.security.provider.UnionSecurityContextFactory root.simple=org.jasig.portal.security.provider.SimpleSecurityContextFactory root.ldap=org.jasig.portal.security.provider.SimpleLdapSecurityContextFactory
- If you need uPortal to cache user passwords, you may add the cache security context factory:
## This is the factory that supplies the concrete authentication class root=org.jasig.portal.security.provider.UnionSecurityContextFactory root.simple=org.jasig.portal.security.provider.SimpleSecurityContextFactory root.simple.cache=org.jasig.portal.security.provider.CacheSecurityContextFactory root.ldap=org.jasig.portal.security.provider.SimpleLdapSecurityContextFactory root.ldap.cache=org.jasig.portal.security.provider.CacheSecurityContextFactory
Step 3. (Optional) Show Login Form for Guest User
In order to show the login form for the guest user layout, go to uportal-war/src/main/data/quickstart_entities/fragment-layout/guest-lo.fragment-layout.xml file and add the local login form to the welcome tab. Your resulting guest-lo.fragment-layout.xml file should look like the code segment below (adjust the id values as appropriate so the numeric value ignoring the leading letter is unique within the file):
... <folder ID="s7" hidden="false" immutable="false" name="Welcome" type="regular" unremovable="false"> <structure-attribute> <name>externalId</name> <value>welcome</value> </structure-attribute> <folder ID="s8" hidden="false" immutable="false" name="Column" type="regular" unremovable="false"> <structure-attribute> <name>width</name> <value>50%</value> </structure-attribute> <channel fname="login" unremovable="false" hidden="false" immutable="false" ID="n9"/> ... </folder> ... </folder>
Step 4. Rebuild/Redeploy uPortal
From the root of your uPortal distribution (i.e., uPortal-4.x), execute the following command:
ant clean deploy-war
Â
Step 5: Restart Tomcat
Restart your tomcat servlet container to activate the modifications.
Â
Optional: Using Multiple LDAP servers
See the example at uPortal-4.x/uportal-war/src/main/resources/properties/security.propertiesÂ
## ## Multiple LDAP & Local Authentication ## ## The following is an example of configuring uPortal to use multiple LDAP ## directories and local user authentication (authentication by username and ## password hash stored in the uPortal database). It uses the UnionSecurityContext ## to consider all authentication methods and declares the required tokens for all. ## ## Comment out all other properties in this file and then uncomment the lines ## prefixed with a single # below. ## ## This is the factory that supplies the concrete authentication class #root=org.jasig.portal.security.provider.UnionSecurityContextFactory #root.simple=org.jasig.portal.security.provider.SimpleSecurityContextFactory #root.ldap_stu=org.jasig.portal.security.provider.SimpleLdapSecurityContextFactory #root.ldap_fac=org.jasig.portal.security.provider.SimpleLdapSecurityContextFactory ## The following tells the SimpleLdapSecurityContextFactory with the similarly named ## property which named LDAP connection to use. Named LDAP connections are defined in ## properties/contexts/ldapContext.xml #securityContextProperty.root.ldap_stu.connection=Students #securityContextProperty.root.ldap_fac.connection=Faculty ## Answers what tokens are examined in the request for each context during authentication. #principalToken.root=userName #credentialToken.root=password ## This is the factory that supplies the concrete authorization class #authorizationProvider=org.jasig.portal.security.provider.AuthorizationServiceFactoryImpl
Â