Configuring the Bundled CAS Server to Authenticate Against LDAP

Distributions of uPortal 4 include a CAS Server, which is used by default for portal authentication.

One of the first things you might wish to do is to modify that server to use an existing LDAP server as your authentication data source. Here are the steps required to do that.

Step 1. Add the CAS-LDAP dependency

  • Add the cas-server-support-ldap dependency at:  uPortal-4.x/uportal-portlets-overlay/cas/pom.xml
<dependencies>
...
<dependency>
  <groupId>org.jasig.cas</groupId>
  <artifactId>cas-server-support-ldap</artifactId>
  <version>${cas-server.version}</version>
  <scope>compile</scope>
  <exclusions>
    <exclusion>
      <groupId>org.inspektr</groupId>
      <artifactId>inspektr-core</artifactId>
    </exclusion>
  </exclusions>
</dependency>
...

Step 2. Modify deployerConfigContext.xml

  • Modify the uPortal-4.x/uportal-portlets-overlay/cas/src/main/webapp/WEB-INF/deployerConfigContext.xml file to include an authentication handler for your LDAP server and contextSource bean.
<property name="authenticationHandlers">
  <list>
    ...
    // ---- add the section below -----
    <bean class="org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler" >
      <property name="filter" value="uid=%u,ou=people,dc=yourinstitution,dc=edu" />
      <property name="contextSource" ref="contextSource" />
    </bean>
    ...

In this example, we have chosen to perform a "Fast Bind" against the LDAP server. This requires that you know where users exist in your LDAP Directory Information Tree (DIT).

More on Authentication Handlers

Step 3. Add the contextSource bean

  •  After adding the authentication handle in step 2, in the same file (uPortal-4.x/uportal-portlets-overlay/cas/src/main/webapp/WEB-INF/deployerConfigContext.xml), add the contextSource bean.

    <beans>
      ...
      <bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">
        <property name="urls">
          <list>
            <value>ldaps://yourldapserver.yourinstitution.edu/</value>
          </list>
        </property>
      </bean>
      ...
    </beans>
    

Step 4. Rebuild/Redeploy uPortal

From the root of your uPortal distribution (i.e., uPortal-4.x), execute the following command:

ant clean deploy-ear

Step 5. Restart tomcat

Restart your tomcat servlet container to activate the modifications.

SSL Considerations

If using LDAPS (as in the example above), you may need to import the certificate from "yourldapserver" into the JVM on your test portal server.

To do that, run the following command to get the certificate

openssl s_client -connect ldapserver:port -showcerts

Save everything between BEGIN CERTIFICATE and END CERTIFICATE to a file, and then import it.
That should cover all the changes you need to make.
The content on this page was derived from discussions on uportal-user between: Dave Laurie, Jen Bourey, Eric Dalquist and Mark Rogers.

Additional References

Having problems with these instructions?

Please send us feedback at uportal-user@lists.ja-sig.org