Skip to end of metadata
Go to start of metadata

The following are the steps to integrate PubCookie into uPortal 2.4.x:

  1. Download the lastest version http://www.pubcookie.org/ and install in Apache or IIS as documented in PubCookie.
  2. In Apache httpd.conf, add the following lines, making the obvious name changes:
    <Location /uPortal/Login>
    AuthType ISUNetID
    AuthName myIowaState
    PubCookieAppID myIowaState
    require valid-user
    </Location>
    
    <LocationMatch /uPortal/Logout.jsp>
    AllowOverride Options
    AuthName myIowaState
    PubCookieAppID myIowaState
    AuthType ISUNetID
    require valid-user
    PubcookieEndSession clearLogin
    </LocationMatch>
    
  3. In uPortal/WEB-INF/classes/properties, change the PersonManagerFactory line in portal.properties:
    org.jasig.portal.security.PersonManagerFactory.implementation=org.jasig.portal.security.provider.RemoteUserPersonManager
    
  4. In security.properties, change the root lines to:
    root=org.jasig.portal.security.provider.UnionSecurityContextFactory
    root.a=org.jasig.portal.security.provider.RemoteUserSecurityContextFactory
    root.a=org.jasig.portal.security.provider.SimpleSecurityContextFactory
    
  5. Edit webpages/stylesheets/org/jasig/portal/channels/CLogin/html.xsl, replacing the textfield and password fields to a link like
    <form action="Login" method="post">
        Welcome to iState.<br/>
        If you have a NetID, please <a href="Login">login</a>.
    </form>
    
  6. Deploy the CLogin/html.xsl
  7. Restart the portal

When the user clicks on the Login link and has not authenticated, Pubcookie should redirect to the Pubcookie server to
authentication. When authenticated, the user will be redirected back to the Login where the REMOTE_USER variable will
be used to identify the user and the login process will be complete.

  • No labels

1 Comment

  1. With the latest PubCookie (3.2?) you probably want to use the "GET" method in the login
    form so as to avoid an extra dialog during the PubCookie login. Since no actual information
    passed in this form, there is no security issue with using GET instead of POST.