Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

Overview

Skipping a lot of detail here is an overview of the steps involved with using Shibboleth with uPortal. The uPortal configuration step is very small and generally trivial. In the list below steps 1 through 4 are covered by the Shibboleth Documentation.

  1. Install and configure Shibboleth SP - configure SP to pass uid via REMOTE_USER to get it working faster.
  2. Install and configure uPortal - get it running on its own without Shib.
  3. Install and configure Apache httpd server.  Configure httpd with Shib and validate that Shib can protect resource AND pass attributes.  Also configure httpd to work with tomcat (mod_jk).
  4. Configure httpd server to protect uri '/uPortal/Login' 
  5. Configure uPortal authentication - use the RemoteUserSecurityContext for (Shib) authentication

For Shibboleth IdP or httpd server related questions please contact the shibboleth-users list.

Shibbolizing uPortal 3.1.1

Step 1 - Security Context

In uportal-impl/src/main/resources/properties/security.properties configure support for getting the username from the REMOTE_USER header.

root.remote=org.jasig.portal.security.provider.RemoteUserSecurityContextFactory

To ensure the Shibbolized uPortal instance has no chance of using anything but Shibboleth for authN, comment out root and other existing root.* and use RemoteUserSecurityContextFactory as root like:

## This is the factory that supplies the concrete authentication class
#root=org.jasig.portal.security.provider.UnionSecurityContextFactory
#root.cas=org.jasig.portal.security.provider.cas.CasFilteredSecurityContextFactory
#root.simple=org.jasig.portal.security.provider.SimpleSecurityContextFactory
root=org.jasig.portal.security.provider.RemoteUserSecurityContextFactory

Step 2 - Person Manager

In uportal-impl/src/main/resources/properties/contexts/userContext.xml replace SimplePersonManager bean

    <bean id="personManager" class="org.jasig.portal.security.provider.SimplePersonManager" />

with the RemoteUserPersonManager bean. Note that the bean id stays the same.

    <bean id="personManager" class="org.jasig.portal.security.provider.RemoteUserPersonManager" />

Step 3 - Person Attributes

TODO

This step is only needed if you're using the uPortal rendered login link.

Modify uportal-war/src/main/resources/org/jasig/portal/channels/CLogin/html.xsl to change the Login and Logout UIs to something appropriate to your institution.

References

  • No labels