Newsletter - 201007 - July 2010

  • Registration is Open for the Jasig Fall Unconference!


Central Authentication Service (CAS)

  • Jasig ClearPass Extension for CAS 1.0.5.GA Release
  • Security Releases: CAS Server and CAS Server


  • uPortal 3.0.6 Released
  • uPortal 3.1.3 Released
  • uPortal 3.2.2 Released
  • uPortal Documentation .... Coming Along!


  • Bedework Update


  • Kuali Days Call for Proposals
  • Contegix Becomes Newest Jasig Partner


  • 2010 EDUCAUSE Annual Conference - Anaheim, California (October 12-15, 2010)
  • Kuali Days 2010 - San Diego, California (November 8-10, 2010)



Registration is Open for the Jasig Fall Unconference!


An unconference is an event featuring spontaneously planned activities based on the interests and needs of the participants.

Attend this year's Unconference if you would like to--

  • Meet with experts, newbies, and everyone in-between from a variety of open source communities
  • Pursue a topic that's important to you and your institution
  • Collaborate and compare best practices with your peers
  • Get up to speed on uPortal, CAS, Bedework, IdM Topics, Portlets, OpenRegistry, HelpDesk, and other applications
  • Bring home solutions that you can use
  • Get help with your own code
  • Work on integration projects
  • Help improve our user manuals
  • Record a demo of your work in our "Screencast Factory"
  • Spend time in informal discussion about the subjects that are of most interest to you
  • Decide for yourself what you'd like to gain from the event!

The costs are low. The learning opportunities are incomparable!


  • Registration fee for the October 2010 Jasig Unconference: $225/Members, $275/Non-Members
  • Nightly rate at Harrah's Hotel: $88.99
  • Two-and-a-half days talking, learning, teaching, planning, designing, coding, and hanging out with your peers: Priceless!

October 18-20, Unconference sessions
October 20-21, Developer/Implementer meetings

University of St. Francis
500 Wilcox St., Joliet, IL 60435

REGISTRATION SITE: https://www.concentra-cms.com/register/start.action?confId=46

MAIN UNCONFERENCE SITE: http://bit.ly/jasigunconf2010

Harrah's Joliet
151 N. Joliet Street, Joliet, IL
Reservation Line: 800-Harrahs (1-800-427-7247)
Hotel Direct #: (815) 740-7800
Room rate: $88.99 plus tax per room. Includes breakfast voucher for breakfast in the Union Station Buffet.
Rooms must be booked by 10/3/2010 to get the guaranteed rate.
Reference group code "S1017JC" to get the special Jasig rate.


If you're planning to join us, please do the following:

1. Visit and Add your Name on the Unconference Planning Site on the Jasig wiki. This is a great place to indicate your interests---what you'd like to discuss, learn, share or teach.

Wiki participants page: https://wiki.jasig.org/display/JCON/Fall+2010+Unconference+Participants

2. Register for the Unconference right here: https://www.concentra-cms.com/register/start.action?confId=46

3. Reserve a room at the Harrah's Joliet Hotel.

  • Register by October 3rd, by calling the Harrah's reservation line at 800-Harrahs (1-800-427-7247).
  • Reference group code "S1017JC" to get the Jasig rate of $88.99/night. Be sure to tell them you are staying at the Harrah's Joliet hotel.
  • More info on the hotel can be found here: Fall 2010 Unconference Hotel Information - https://wiki.jasig.org/x/oYPEAQ

4. Make travel arrangements.
Tips are available here: Fall 2010 Unconference Travel Information - https://wiki.jasig.org/x/O4DNAQ

See you at the Jasig Unconference,
The Fall 2010 Unconference Organizers



Jasig ClearPass Extension for CAS 1.0.5.GA Release

Dear CAS Community,

We're pleased to announce The Jasig ClearPass Extension for CAS 1.0.5.GA Release.

The CAS Component retains compatibility with CAS 3.4.2.

The uPortal Component works with uPortal 3.2 and above and newer versions of the uPortal Extension should interoperate with older versions of the CAS Component.

In this release, there are the following two changes:

1. Resolved a bug in the uPortal component where no password returned was being seen as password returned.
2. Upgraded to Jasig CAS Client for Java 3.1.11 in order to improve logging. Please see the example local-cas.zip project on the ClearPass Wiki Page for information on how to exclude the 3.1.10 client from being included in the WAR.

Instructions can be found here: https://wiki.jasig.org/display/CASUM/ClearPass

Thanks to the Unicon CAS Cooperative Support Program for supporting the ClearPass Extension maintenance.


Security Releases: CAS Server and CAS Server

Dear CAS Community,

We've just posted security releases for the CAS Server. They can be downloaded here:

In addition, users of CAS 3.4.2 can upgrade to CAS via the Maven Repository. Due to the change in the hosting of repositories between 3.3.5 and 3.4.2, it's not possible for us to post the artifacts.

Nature of vulnerability:

The following pages were susceptible to XSS:

  • CAS Logout Page (we actually removed the url param by default)
  • CAS Services Management Failed Authorization Page
  • CAS Post Response View

In addition, by default, as a security precaution, the Services Management Tool comes configured with services that only allow http, https, imap, and imaps protocol urls. If you are not using the Services Management Tool more explicitly (with specific services), we recommend you leave the defaults enabled.

For those who may be using older versions of CAS, or who may not wish to upgrade, the changes can be found here: https://developer.jasig.org/source/changelog/jasigsvn/?cs=21201

Thanks to Matt McCutchen and David Bourgeois for reporting the issue.

Scott Battaglia
Chair, Jasig CAS Steering Committee



uPortal 3.0.6 Released

Jasig is proud to announce the general audience release of uPortal 3.0.6. uPortal 3.0.6 is a patch release for uPortal installations already on 3.0. Database and configuration compatibility is maintained for patch releases so upgrading to a patch release should be very easy for deployers.

The following issues have been addressed for 3.0.6:


UP-706 - CWebProxy appends parameters after #
UP-1212 - Changing the user locale does not change the session locale
UP-1599 - Exception Closing Oracle DB Connection under WebSpere 6.1
UP-1624 - CLONE -WEBPROXY channel only passes IPERSON parameters on the initial GET call
UP-1884 - NPE in RDBMUserIdentityStore.removePortalUID
UP-2559 - Source encoding not set in pom
UP-2562 - Portlets randomly fail to render when encoding URLs
UP-2568 - Request encoding is not correctly set
UP-2575 - Exception when clicking on portlet link after session timeout:
UP-2576 - isUserInRole should allow for group name
UP-2592 - CAR auto-publish not loading channel
UP-2625 - Portlet cache key doesn't include window ID
UP-2698 - Bug in CacheSecurityContext prevents it from working with any "real" SecurityContext except SimpleSecurityContext
UP-2721 - Error in schedulerContext -> No bean named 'org.springframework.scheduling.timer.ScheduledTimerTask'


UP-2716 - Update library versions for 3.0.6
UP-2762 - Handle orphaned/corrupt channel SUBSCRIBE permissions more gracefully in export-channel.crn (Import/Export)


UP-2574 - Don't deploy EAR or WAR overlays to Maven
UP-2626 - Restrict ant support to 1.7.1
UP-2752 - Get the Maven release plugin working


UP-2384 - NPE uportal-impl/src/main/java/org/jasig/portal/car/DescriptorHandler.java

Downloads are available from: http://www.jasig.org/uportal/download/uportal-306
Release notes are available at: https://wiki.jasig.org/display/UPC/3.0.6


uPortal 3.1.3 Released

Jasig is proud to announce the general audience release of uPortal 3.1.3. uPortal 3.1.3 is a patch release for uPortal installations already on 3.1. Database and configuration compatibility is maintained for patch releases so upgrading to a patch release should be very easy for deployers.

The following issues have been addressed for 3.1.3:


UP-706 - CWebProxy appends parameters after #
UP-1212 - Changing the user locale does not change the session locale
UP-1599 - Exception Closing Oracle DB Connection under WebSpere 6.1
UP-1624 - CLONE -WEBPROXY channel only passes IPERSON parameters on the initial GET call
UP-1884 - NPE in RDBMUserIdentityStore.removePortalUID
UP-2382 - Sitemap - fifth tab does not properly wrap to the next row
UP-2559 - Source encoding not set in pom
UP-2562 - Portlets randomly fail to render when encoding URLs
UP-2568 - Request encoding is not correctly set
UP-2575 - Exception when clicking on portlet link after session timeout:
UP-2576 - isUserInRole should allow for group name
UP-2592 - CAR auto-publish not loading channel
UP-2599 - Accessibility - skip navigation links are broken
UP-2625 - Portlet cache key doesn't include window ID
UP-2630 - ORA-01000: maximum open cursors exceeded
UP-2643 - SystemId not set for source in XSLT (affect xsl:import)
UP-2668 - .car archive are never redeployed even if processIf tags says it should be
UP-2673 - Errors in CSpringPortletAdaptor.cpd
UP-2698 - Bug in CacheSecurityContext prevents it from working with any "real" SecurityContext except SimpleSecurityContext
UP-2703 - Delete Fluid version variable from public scope


UP-933 - Support for multi-valued attributes in User Info Map
UP-2558 - mediating bean to allow JNDI configured LDAP groups to be handled from command line
UP-2710 - Remove the static block from SmartLdapGroupStore
UP-2762 - Handle orphaned/corrupt channel SUBSCRIBE permissions more gracefully in export-channel.crn (Import/Export)

New Feature

UP-2600 - Accessibility - add a high-contrast skin
UP-2706 - Allow RSS reader to use proxy server


UP-2574 - Don't deploy EAR or WAR overlays to Maven
UP-2626 - Restrict ant support to 1.7.1
UP-2752 - Get the Maven release plugin working
UP-2763 - Upgrade Libraries for 3.1.3


UP-2384 - NPE uportal-impl/src/main/java/org/jasig/portal/car/DescriptorHandler.java
UP-2387 - NPE uportal-impl/src/main/java/org/jasig/portal/groups/filesystem/FileSystemGroupStoreFactory.java

Downloads are available from: http://www.jasig.org/uportal/download/uportal-313
Release notes are available at: https://wiki.jasig.org/display/UPC/3.1.3


uPortal 3.2.2 Released

Jasig is proud to announce the general audience release of uPortal 3.2.2. uPortal 3.2.2 is the recommended version with which to start a new uPortal deployment.

The following issues have been addressed for 3.2.2:


UP-706 - CWebProxy appends parameters after #
UP-1212 - Changing the user locale does not change the session locale
UP-1599 - Exception Closing Oracle DB Connection under WebSpere 6.1
UP-1624 - CLONE -WEBPROXY channel only passes IPERSON parameters on the initial GET call
UP-1884 - NPE in RDBMUserIdentityStore.removePortalUID
UP-2382 - Sitemap - fifth tab does not properly wrap to the next row
UP-2565 - Removing published portlets from portlet manager causes uportal to crash with the generic error
UP-2608 - coal and uportal3 skin render problem
UP-2612 - can't use "add content" chooser with coal skin
UP-2614 - Fragment Administration portlet fails on coal skin
UP-2615 - The Exit Fragment Administration portlet css need to be updated for the ivy and coal skins
UP-2627 - Prefix must resolve to a namespace error on first startup
UP-2629 - Maximised mode portlet controls show images in background
UP-2630 - ORA-01000: maximum open cursors exceeded
UP-2635 - Administration Portlet gives error if no group selected
UP-2643 - SystemId not set for source in XSLT (affect xsl:import)
UP-2668 - .car archive are never redeployed even if processIf tags says it should be
UP-2669 - Unable to Select the Everyone Group when Assigning Groups to Portlets
UP-2672 - Users can't subscribe to just-created channels
UP-2673 - Errors in CSpringPortletAdaptor.cpd
UP-2681 - Can not select Category or Group in Portlet Manager with Firefox 3.6.2 or Internet Explorer 8
UP-2682 - Edit Portlet Mode control does not work in uPortal 3.2.1
UP-2685 - Bug in init.crn XML file in SmartLdapGroupsStore prevents it from properly analyzing groups in LDAP
UP-2687 - SQL statement with incorrect number of parameters
UP-2690 - Administrators do not have subscribe permissions on non-published content
UP-2696 - Can not use "Groups Administration" portlet in uPortal 3.2.1 despite the option being available to users
UP-2697 - CONFIG mode is inaccessible
UP-2698 - Bug in CacheSecurityContext prevents it from working with any "real" SecurityContext except SimpleSecurityContext
UP-2700 - Encoding pb "add content" - XmlView ChannelList - ISO-8859-1
UP-2703 - Delete Fluid version variable from public scope
UP-2704 - unicon-news does not work in uPortal 3.2.x
UP-2705 - UP_VERSIONS is not updated for 3.2.1
UP-2712 - Can only search once in Portal Admin Portlet - Register New Portlet - Select Categories and Select People and Groups
UP-2714 - In portlet.xml of uPortal webapp, RegisterPortalPortlet has display-name "Attribute Swapper Portlet"
UP-2725 - DLM error with ldap user
UP-2731 - After deleting expired porlets, uPortal fails to render
UP-2732 - WebProxyPortlet Rich Portlet Config fails out of box


UP-2617 - List portlet webapps in alphabetical order in Portlet Administration register new portlet dropdown
UP-2655 - Upgrade to Fluid Infusion 1.2 for mobile theme CSS
UP-2688 - SmartLdapGroupStore improperly looks for membership relationships for non-IPerson entities
UP-2694 - Add css classes for portlet form ui to denote disabled states
UP-2710 - Remove the static block from SmartLdapGroupStore
UP-2711 - Show dynamic title option for portlet publishing type
UP-2722 - CAS Proxy Test Portlet's service URL should be configurable

New Feature

UP-139 - saving minimized channel state
UP-2600 - Accessibility - add a high-contrast skin
UP-2640 - Administration Portlet warns " Please enter an fname" when i forgot entering the "channel Name" in practice
UP-2692 - Enhance SmartLdap groups to optionally resolve member groups existing outside the normal baseDn
UP-2706 - Allow RSS reader to use proxy server


UP-2654 - Update libraries
UP-2752 - Get the Maven release plugin working
UP-2754 - Upgrade Libraries for 3.2.2


UP-2315 - Move uportal-impl/src/main/resources/properties/db/entities out of the uportal-impl module
UP-2384 - NPE uportal-impl/src/main/java/org/jasig/portal/car/DescriptorHandler.java
UP-2387 - NPE uportal-impl/src/main/java/org/jasig/portal/groups/filesystem/FileSystemGroupStoreFactory.java
UP-2665 - Update channel export to use the ChannelDefinition API, fix regression

Important 3.2 Upgrading Note

uPortal 3.2 has had database changes that are incompatible with the previous releases. Upgrading to uPortal 3.2 from 3.1 or older will require using the crn-export scripts in your current install and then the crn-import scripts in your new uPortal 3.2 install. Pointing a uPortal 3.2 release at an older database will very likely not work and could cause database corruption.

Downloads are available from: http://www.jasig.org/uportal/download/uportal-322
Release notes are available at: https://wiki.jasig.org/display/UPC/3.2.2

-Eric Dalquist


uPortal Documentation .... Coming Along!

Here's an update on our efforts to improve the uPortal Documentation from Laura McCord of Southwestern University, Jasig's uPortal Documentation Coordinator:

Yes, I know ... you thought it could never get done … but it's happening!

The documentation is coming along very nicely thanks to many of you who have been sending me feedback. You may have already noticed each week I am sending the community mailing-lists emails on special topics to keep on task and focused. Please continue sending me content, ideas, screenshots, or pin-pointing bad grammar and misspellings (which is equally important) as the documentation will be most successful if built by the community.

The main goal of the documentation, besides content, is the organization. We really wanted to create a manual that can be followed by EVERYONE….a developer/programmer should not be required to get uPortal up and running. The manual is being created to be a step-by-step process that builds from the requirements of uPortal all the way up to "Yea, I have uPortal installed….Now What?!" . Well, the next phase of the manual "Configuring uPortal" will be based on configuring uPortal for YOUR institution, which will house different customization options such as Authentication, Themes, and Layouts. Other manuals including, Site Administration, Systems Administration, and the Developer's Manual will also be worked on once the core of the manual has been completed.

Take a sneak peak at a couple pages of the manual below: https://wiki.jasig.org/pages/viewpage.action?pageId=29133275 https://wiki.jasig.org/display/UPM32/Requirements

You'll see from the manual pages that we're working to give you a document that is focused on readability.

On another note, the Unconference is being planned and is something you should definitely try to attend. We will be including a new documentation track where you can participate in creating or editing content. This event will be a really great way to get together with other uPortal users and tackle a subject. Don't worry you don't have to be a developer…we'll find work for you (wink) In fact, we want the documentation to be less developer-centric so editors are desperately needed.

Many Thanks,
Laura McCord (Southwestern University)
uPortal Documentation Coordinator



Bedework Update

As announced in this newsletter and the Bedework mailing lists, registration is now open for the Jasig Unconference, to be held the week of October 18th. This will be the first Unconference where Bedework is a Jasig sponsored project.

An "unconference" is an event where the attendees plan activities in real-time, as it were, instead of following a published program or schedule. Bedework developers have participated in previous Jasig Unconferences and found them both productive and enjoyable but this year represents an opportunity to provide really great value to those who are deploying Bedework, those who have recently deployed Bedework, or those of you considering a Bedework deployment.

Although it might be considered oxymoronic to suggest the sessions which will be spontaneously planned, some Bedework topics which might be of interest include:

  • Calendaring as an app/platform
  • Integration with other applications - uPortal, CAS , Sakai, R25, you name it
  • Authentication – Shibboleth, CAS, etc
  • CardDAV and addressbooks
  • Personal calendaring
  • Database
  • Installation and configuration
  • Internationalization
  • Documentation
  • Bedework and calendaring clients
  • BW and the cloud

It is also an opportunity to use a lightning talk to discuss your Bedework implementation or special interests.

Those of you who are now deploying Bedework, those who have recently deployed Bedework, or those of you considering a Bedework deployment may find the Unconference a great venue to jumpstart your Bedework projects, and to become better acquainted, and involved with, the Bedework Community.

We look forward to meeting fellow Bedework-ers at the Unconference.

REGISTRATION SITE: https://www.concentra-cms.com/register/start.action?confId=46
MAIN UNCONFERENCE SITE: http://bit.ly/jasigunconf2010

Gary Schwartz



Kuali Days Call for Proposals

Dear Jasig Community,

The Kuali Foundation just opened up a Call for Proposals for our Kuali Days 2010 conference. This is the first Call for Proposals that we have ever done, and we're working hard to make sure that word gets out. We are also hoping that some of our sister communities like Jasig will take advantage of the Other Topics track to submit presentations and come to Kuali Days.

Thank you!

Zachary Naiman, Kuali Member Liaison
Email: zach at kuali.org

Kuali Days: http://kuali.org/kd/kd2010


Contegix Becomes Newest Jasig Partner

Contegix, a leading provider of internet infrastructure intelligence and hosting management services, announced that it has joined Jasig, the not-for-profit consortium which provides a collaborative environment to foster the development of open source technologies and software for higher education.

Contegix will be providing hosting and managed support of the Jasig Internet infrastructure. This will allow the organization to focus on its core business – the development of their software products and support of the growing community. The new Jasig infrastructure is built on Contegix’s stable platform and is fully managed 24x7 by Contegix engineers. Thus, it will greatly reduce the time spent doing troubleshooting and support internally.

"A few years ago, many people still questioned the use of open source software in higher education," says Matthew Porter, CEO and Co-Founder of Contegix. "Organizations such as Jasig are showing that through collaboration amongst institutions and commercial parties, open source software and related projects can enable future advancements in the higher education environment. Jasig’s projects enable many global educational institutions to benefit from the contributions of a highly technical community and we are proud to support this endeavor."

As a company, Contegix believes strongly in the open source community, the Linux community, and the power of the entrepreneur in the social web since it was founded. For this reason, mixed with the desire as an organization to give back to the community, they sponsor individuals, organizations, and their respective projects for the betterment of all.

"We're very pleased that Contegix has joined us as our newest Jasig Partner," said Jonathan Markow, Executive Director of Jasig. "We have already migrated our infrastructure applications to their facilities, and they have more than lived up to their excellent reputation for technical know-how, project management skills, and customer service. We couldn't be more satisfied with their support. We welcome Contegix to the Jasig community and look forward to working together with them."

About Contegix, Inc.

Contegix is a technology firm known for delivering exceptional customer service and internet infrastructure intelligence. Their dedicated staff of engineers provide solid solutions to complex business challenges in the areas of hosting, cloud computing, co-location and infrastructure management services. Founded in 2004, Contegix was listed as the Linux Journal’s Reader’s Choice Award for Favorite Linux-Friendly Web-Hosting Company, and has built a solid industry reputation entirely based on delivering peace of mind to valued clients. They serve clients in range of industries - from innovative technology start-ups to Fortune 500 companies.



2010 EDUCAUSE Annual Conference - Anaheim, California (October 12-15, 2010)

"In the realm of higher education information technology, no other event brings together more powerful, creative minds in the field than the EDUCAUSE Annual Conference…

CONNECT with colleagues and explore solutions to today’s common higher ed IT challenges.
EMPOWER action by uncovering new ways to enhance your campus’s resources and policies.
REVITALIZE and ignite ideas that help you navigate and shape our ever-changing future.

The EDUCAUSE Annual Conference unites the best thinking in higher education IT by bringing together insightful people, innovative research, supportive companies, and useful resources...providing you opportunities to:

  • Network with peers who share similar interests and concerns
  • Explore 7 tracks, more than 250 sessions, and over 200 exhibitors
  • Discover Point/Counterpoint, Lightning Round, In the Hot Seat, and Discussion Sessions
  • Refresh & Renew by learning from nearly 500 forward-thinking, inspirational speakers

Whether your focus is on administration, teaching and learning, information technology infrastructure, information systems, cybersecurity, policy, library systems or information technology leadership, there's something at the annual conference for you."

Source: http://net.educause.edu/E10


Kuali Days 2010 - San Diego, California (November 8-10, 2010)

Kuali Days 2010 is approaching and we need your proposals for conference sessions! If you have been thinking about submitting something, now is the time. More information on session tracks, format, and what to include is available at http://kuali.org/kd2010/cfp. The deadline has been extended to August 2, 2010 and we look forward to reading your proposal!

The conference committee is excited to announce that the General Session speaker will be Paul Courant, University Librarian and Dean of Libraries at the University of Michigan with a wealth of experience in many areas of higher education. Courant has authored half a dozen books, and over seventy papers covering a broad range of topics in economics and public policy, including tax policy, state and local economic development, gender differences in pay, housing, radon and public health, relationships between economic growth and environmental policy, and university budgeting systems. More recently, he is studying the economics of universities, the economics of libraries and archives, and the changes in the system of scholarly communication that derive from new information technologies. Read more at http://paulcourant.net/about/.

We look forward to seeing you at Kuali Days 2010: From Theory to Practice!
Additional information: http://kuali.org/kd


