Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 22 Next »

These instructions document how to configure uPortal itself to perform authentication against LDAP. It is also possible to configure the bundled CAS instance, or some other CAS server, to connect to LDAP instead of following this approach.

Step 1. Add the ldap connection context to uportal-war/src/main/resources/properties/contexts/ldapContext.xml

<bean id="defaultLdapServer" class="org.jasig.portal.ldap.ContextSourceLdapServerImpl">
    <property name="ldapContextSource" ref="legacyLdapContext"/>
    <property name="uidAttribute" value="uid"/>
    <property name="baseDN" value="ou=People, dc=myuniv, dc=edu"/>
</bean>

<bean id="legacyLdapContext" class="org.springframework.ldap.core.support.LdapContextSource">
    <property name="url" value="ldap://ldap.myuniv.edu:389"/>
    <property name="userName" value=""/>
    <property name="password" value=""/>
</bean>

Step 2. Add the SimpleLdapSecurityContextFactory to uportal-war/src/main/resources/properties/security.properties

## This is the factory that supplies the concrete authentication class
root=org.jasig.portal.security.provider.UnionSecurityContextFactory
root.simple=org.jasig.portal.security.provider.SimpleSecurityContextFactory
root.ldap=org.jasig.portal.security.provider.SimpleLdapSecurityContextFactory
  • If you need to uPortal to cache user passwords, you may add the cache security context factory:
## This is the factory that supplies the concrete authentication class
root=org.jasig.portal.security.provider.UnionSecurityContextFactory
root.simple=org.jasig.portal.security.provider.SimpleSecurityContextFactory
root.simple.cache=org.jasig.portal.security.provider.CacheSecurityContextFactory
root.ldap=org.jasig.portal.security.provider.SimpleLdapSecurityContextFactory
root.ldap.cache=org.jasig.portal.security.provider.CacheSecurityContextFactory

Note: If you choose not to configure the CasLoginUrl parameter you will receive the following error, "Could not resolve property placeholder ${org.jasig.portal.channels.CLogin.CasLoginUrl}". This error stems from the CasLoginUrl parameter being referenced in two files: jsonRenderingPipelinContext.xml and renderingPipelineContext.xml located in the directory path, uportal-war/src/main/resources/properties/contexts. Therefore, you will need to remove (comment out) the CasLoginUrl parameter reference in the two xml files.

<entry key="EXTERNAL_LOGIN_URL" value="${org.jasig.portal.channels.CLogin.CasLoginUrl}" />

 For Additional Information see the CAS manual page.

Step 3. (Optional) Show Login Form for Guest User

If using import scripts

There seems to be a bug in the import script that won't allow you to import the channel if the comment below is left in place in uportal-war/src/main/data/default_entities/layout/guest.layout.xml (https://issues.jasig.org/browse/UP-3176)

<!--Uncomment to use local login <channel fname="login" unremovable="false" hidden="false" immutable="false"/>-->
  • In order to show the login form for the guest user layout, go to uportal-war/src/main/data/default_entities/layout/guest.layout.xml file and remove the comment to include the local login form. Your resulting guest.layout.xml file should look like the code segment below without the comment:
<layout xmlns:dlm="http://www.uportal.org/layout/dlm" script="classpath://org/jasig/portal/io/import-layout_v3-2.crn" username="guest">
 <folder hidden="false" immutable="false" name="Root folder" type="root" unremovable="true">
   <folder hidden="false" immutable="true" name="Header folder" type="header" unremovable="true">
      <channel fname="login" unremovable="false" hidden="false" immutable="false"/>
   </folder>
   <folder hidden="false" immutable="false" name="Footer folder" type="footer" unremovable="false"/>
 </folder>
</layout>

     

Additional References

Having problems with these instructions?

Please send us feedback at uportal-user@lists.ja-sig.org

  • No labels