Exercise
This page is a different kind of uPortal manual page, a hands-on exercise. It may be helpful to you to use this exercise in the context of this manual. It also may serve as a template for building uPortal training materials.
Purpose of this exercise
This exercise configures uPortal to use a different authentication handler (mechanism for authenticating usernames and passwords) than the default.
In this exercise we're going to make a configuration change to the embedded CAS server, just because we can, that will change it to authenticate where username=password.
This exercise helps introduce configuration of CAS and the way that configuration overlays onto the CAS server Maven artifacts in the uPortal build process.
Pre-requisites for this exercise
- A working, installed, suitable instance of uPortal 3 (e.g., that provided by the uPortal Quickstart distribution)
- A created user in your uPortal 3 instance with a username that is not the same as its password. (If you need to create such a user, there's a previous exercise that instructs on how to do this.)
Stepwise instructions
Step 1: Edit the deployerConfigContext.xml
Edit deployerConfigContext.xml, setting it to use the default-for-CAS authentication handler.
This authentication handler declaration:
<property name="authenticationHandlers"> <list> <!-- | This is the authentication handler that authenticates services by means of callback via SSL, thereby validating | a server side SSL certificate. +--> <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient" > <!-- THIS IS NOT SECURE. PLEASE CHANGE BEFORE DEPLOYING TO PRODUCTION ENVIRONMENTS. --> <property name="requireSecure" value="false"/> </bean> <!-- | This is the authentication handler declaration that every CAS deployer will need to change before deploying CAS | into production. The default SimpleTestUsernamePasswordAuthenticationHandler authenticates UsernamePasswordCredentials | where the username equals the password. You will need to replace this with an AuthenticationHandler that implements your | local authentication strategy. You might accomplish this by coding a new such handler and declaring | edu.someschool.its.cas.MySpecialHandler here, or you might use one of the handlers provided in the adaptors modules. +--> <bean class="org.jasig.portal.cas.authentication.handler.support.PersonDirAuthenticationHandler" p:user-password-dao-ref="userPasswordDao" /> </list> </property>
Becomes this:
<property name="authenticationHandlers"> <list> <!-- | This is the authentication handler that authenticates services by means of callback via SSL, thereby validating | a server side SSL certificate. +--> <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient" > <!-- THIS IS NOT SECURE. PLEASE CHANGE BEFORE DEPLOYING TO PRODUCTION ENVIRONMENTS. --> <property name="requireSecure" value="false"/> </bean> <!-- | This is the authentication handler declaration that every CAS deployer will need to change before deploying CAS | into production. The default SimpleTestUsernamePasswordAuthenticationHandler authenticates UsernamePasswordCredentials | where the username equals the password. You will need to replace this with an AuthenticationHandler that implements your | local authentication strategy. You might accomplish this by coding a new such handler and declaring | edu.someschool.its.cas.MySpecialHandler here, or you might use one of the handlers provided in the adaptors modules. +--> <bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" /> </list> </property>
Step 2: Be sure your portal is stopped
andrew-petros-macbook:uPortal-3.0.0-quick-start apetro$ pwd /up3/uPortal-3.0.0-quick-start andrew-petros-macbook:uPortal-3.0.0-quick-start apetro$ ./ant.sh stop
Step 3: Run the Ant deploy-ear to deploy the modified CAS
cd uPortal-3.0.0 ../ant.sh deploy-ear
Note that here the Ant task is deploy-ear, not deploy-war, as the change to be deployed is not in the pimary uPortal webapp but is instead a change to the CAS webapp deployed alongside uPortal.
Step 4: Start the portal again
After you wait for uPortal to start up, you can see it in your web browser at
http://localhost:8080/uPortal/
Step 5: Try it out
You should now be able to log in as seminar / seminar rather than seminar / howdy, e.g,