Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Documentation provided by Sarah Sloan, Senior Developer, from University of the West of England, Bristol

The following are steps to configure uPortal to authenticate against Active Directory (AD), pull user attributes from AD and other sources, and place users into groups based on those attributes.

 

Step 1. Authenticate against Active Directory

You need to tell uPortal to authenticate against AD instead of the bundled CAS server by amending the security.properties and ldapContext.xml files. 

Add the AD connection context to uportal-war/src/main/resources/properties/contexts/ldapContext.xml
<bean id="defaultLdapServer" class="org.jasig.portal.ldap.ContextSourceLdapServerImpl">
    <property name="ldapContextSource" ref="legacyLdapContext"/>
    <property name="uidAttribute" value="uid"/>
    <property name="baseDN" value="ou=People, dc=myuniv, dc=edu"/>
</bean>

<bean id="legacyLdapContext" class="org.springframework.ldap.core.support.LdapContextSource">
    <property name="url" value="ldap://ldap.myuniv.edu:389"/>
    <property name="userName" value=""/>
    <property name="password" value=""/>
</bean>
Add the SimpleLdapSecurityContextFactory to uportal-war/src/main/resources/properties/security.properties
## This is the factory that supplies the concrete authentication class
root=org.jasig.portal.security.provider.UnionSecurityContextFactory
root.simple=org.jasig.portal.security.provider.SimpleSecurityContextFactory
root.ldap=org.jasig.portal.security.provider.SimpleLdapSecurityContextFactory
  • If you need to uPortal to cache user passwords, you may add the cache security context factory:
## This is the factory that supplies the concrete authentication class
root=org.jasig.portal.security.provider.UnionSecurityContextFactory
root.simple=org.jasig.portal.security.provider.SimpleSecurityContextFactory
root.simple.cache=org.jasig.portal.security.provider.CacheSecurityContextFactory
root.ldap=org.jasig.portal.security.provider.SimpleLdapSecurityContextFactory
root.ldap.cache=org.jasig.portal.security.provider.CacheSecurityContextFactory
 

  • In the uPortal-parent pom.xml, add a version property

pom.xml
<spring-modules-cache.version>0.8a</spring-modules-cache.version>
  • Add a dependency declaration
pom.xml
<dependency>
   <groupId>org.springmodules</groupId>
   <artifactId>spring-modules-cache</artifactId>
   <version>${spring-modules-cache.version}</version>
</dependency>
  • You also need to add an exclusion for each of its transitive dependencies
pom.xml
 <exclusions>
   <exclusion>
    <groupId>org.springframework</groupId>
    <artifactId>spring</artifactId>
   </exclusion>
   <exclusion>
    <groupId>gigaspaces</groupId>
    <artifactId>gigaspaces-ce</artifactId>
   </exclusion>
   <exclusion>
    <groupId>jini</groupId>
    <artifactId>jsk-lib</artifactId>
   </exclusion>
   <exclusion>
    <groupId>jini</groupId>
    <artifactId>jsk-platform</artifactId>
   </exclusion>
   <exclusion>
    <groupId>jini</groupId> 
    <artifactId>mahalo</artifactId>
   </exclusion>
   <exclusion>
    <groupId>jini</groupId>
    <artifactId>reggie</artifactId>
   </exclusion>
   <exclusion>
    <groupId>jini</groupId>
    <artifactId>start</artifactId>
   </exclusion>
   <exclusion>
    <groupId>jini</groupId>
    <artifactId>boot</artifactId>
   </exclusion>
   <exclusion>
    <groupId>jini</groupId>
    <artifactId>webster</artifactId>
   </exclusion>
   <exclusion>
    <groupId>commons-attributes</groupId>
    <artifactId>commons-attributes-api</artifactId>
   </exclusion>
   <exclusion>
    <groupId>commons-attributes</groupId>
    <artifactId>commons-attributes-compiler</artifactId>
   </exclusion>
   <exclusion>
    <groupId>cglib</groupId>
    <artifactId>cglib-nodep</artifactId>
   </exclusion>
   <exclusion>
    <groupId>jboss</groupId>
    <artifactId>javassist</artifactId>
   </exclusion>
   <exclusion>
    <groupId>jboss</groupId>
    <artifactId>jboss-cache</artifactId>
   </exclusion>
   <exclusion>
    <groupId>jboss</groupId>
    <artifactId>jboss-common</artifactId>
   </exclusion>
   <exclusion>
    <groupId>jboss</groupId>
    <artifactId>jboss-jmx</artifactId>
   </exclusion>
   <exclusion>
    <groupId>jboss</groupId>
    <artifactId>jboss-minimal</artifactId>
   </exclusion>
   <exclusion>
    <groupId>jboss</groupId>
    <artifactId>jboss-system</artifactId>
   </exclusion>
   <exclusion>
    <groupId>jcs</groupId>
    <artifactId>jcs</artifactId>
   </exclusion>
   <exclusion>
    <groupId>jgroups</groupId>
    <artifactId>jgroups-all</artifactId>
   </exclusion>
   <exclusion>
    <groupId>geronimo-spec</groupId>
    <artifactId>geronimo-spec-jta</artifactId>
   </exclusion>
   <exclusion>
    <groupId>xpp3</groupId>
    <artifactId>xpp3_min</artifactId>
   </exclusion>
   <exclusion>
    <groupId>xjavadoc</groupId>
    <artifactId>xjavadoc</artifactId>
   </exclusion>
   <exclusion>
    <groupId>opensymphony</groupId>
    <artifactId>oscache</artifactId>
   </exclusion>
   <exclusion>
    <groupId>ehcache</groupId>
    <artifactId>ehcache</artifactId>
   </exclusion>
 </exclusions>
  • In the uportal-war/pom.xml file add a reference to this dependency
uportal-war/pom.xml
 <dependency>
   <groupId>org.springmodules</groupId>
   <artifactId>spring-modules-cache</artifactId>
 </dependency>

Step 2. Configure User Attributes

Having changed the authentication source, you now need to configure uPortal to pickup person attributes from wherever they are stored – presumably at least some will come from AD, but others may come from other sources such as different databases.  

The configuration is done in uportal-war/src/main/resources/properties/contexts/personDirectoryContext.xml. The links below explain how to configure the attribute sources:

Step 3. Data Source Configuration

If one or more of your attribute sources are other databases, you need to configure the datasource details. This is done in uportal-war/src/main/resources/properties/contexts/datasourceContext.xml, by default as a direct connection to the database. This is great for builds but at runtime you probably want to use a JNDI datasource, which explains how to use a direct connection at build time and JNDI at runtime.

Step 4. Configure Groups

Now you need to change how uPortal puts users into groups to test against the attributes you declared in the uportal-war/src/main/resources/properties/contexts/personDirectoryContext.xml (step 2). The group testing is configured in uportal-war/src/main/resources/properties/groups/PAGSGroupStoreConfig.xml – change this to put users in groups that are relevant to your institution. 

 

Note – Some of the quickstart portlets look for a group called all_authenticated. If you don’t require this for your institution but still have some of the quickstart portlets deployed, leave it in until you have removed any pre-packaged portlets you don't want.

 

 

Follow the instruction to 

Additional References

 

Having problems with these instructions?

Please send us feedback at uportal-user@lists.ja-sig.org

  • No labels

Add Feedback content box here.....