# # Copyright (c) 2000-2009, Jasig, Inc. # See license distributed with this file and available online at # https://www.ja-sig.org/svn/jasig-parent/tags/rel-10/license-header.txt # # Security Properties # # Copyright (c) 2000, 2006 The JA-SIG Collaborative. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in # the documentation and/or other materials provided with the # distribution. # # 3. Redistributions of any form whatsoever must retain the following # acknowledgment: # "This product includes software developed by the JA-SIG Collaborative # (http://www.jasig.org/)." # # THIS SOFTWARE IS PROVIDED BY THE JA-SIG COLLABORATIVE "AS IS" AND ANY # EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE JA-SIG COLLABORATIVE OR # ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT # NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, # STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED # OF THE POSSIBILITY OF SUCH DAMAGE. # # ## ## CAS & Local Authentication ## ## The following is an example of configuring uPortal to use both CAS ## and local user authentication (authentication by username and password ## hash stored in the uPortal database). It uses the UnionSecurityContext ## to consider both these authentication methods and declares the required ## tokens for all. This approach requires the corresponding filter mappings ## in web.xml (mapping both the CASValidateFilter and the StaticCasReceiptCacher ## filter in front of the LoginServlet). ## ## The bundled cas instance (http://localhost:8080/cas) also uses the user in ## the uPortal database for authentication. ## ## This is the factory that supplies the concrete authentication class root=org.jasig.portal.security.provider.UnionSecurityContextFactory root.cas=org.jasig.portal.security.provider.cas.CasFilteredSecurityContextFactory root.simple=org.jasig.portal.security.provider.SimpleSecurityContextFactory ## Answers what tokens are examined in the request for each context during authentication. ## A subcontext only needs to set its tokens if it differs from those of the root context. principalToken.root=userName credentialToken.root=password credentialToken.root.cas=ticket ## Answers where the user will be redirected when log out occurs. Each security context can have one. ## (See comments in the LogoutServlet class) ## It would be better to escape the value of the url parameter, but since there are no parameters on the ## unescaped URL and since there are no further parameters on the logout URL, this does work. logoutRedirect.root=https://yourcasserver.yourdomain/prefix/logout?url=http://localhost:8080/uPortal/Login ## This is the factory that supplies the concrete authorization class authorizationProvider=org.jasig.portal.security.provider.AuthorizationServiceFactoryImpl ## Login URL, if specified the CLogin channel will display a Login link with ## this URL instead of the standard userName/password form. org.jasig.portal.channels.CLogin.CasLoginUrl=https://yourcasserver.yourdomain/prefix/login?service=http://localhost:8080/uPortal/Login ## ## Local Only Authentication ## ## The following is an example of configuring uPortal local user authentication ## (authentication by username and password hash stored in the uPortal database). ## ## Comment out all other properties in this file and then uncomment the lines ## prefixed with a single # below. ## ## This is the factory that supplies the concrete authentication class #root=org.jasig.portal.security.provider.SimpleSecurityContextFactory ## Answers what tokens are examined in the request for each context during authentication. #principalToken.root=userName #credentialToken.root=password ## This is the factory that supplies the concrete authorization class #authorizationProvider=org.jasig.portal.security.provider.AuthorizationServiceFactoryImpl ## ## Multiple LDAP & Local Authentication ## ## The following is an example of configuring uPortal to use multiple LDAP ## directories and local user authentication (authentication by username and ## password hash stored in the uPortal database). It uses the UnionSecurityContext ## to consider all authentication methods and declares the required tokens for all. ## ## Comment out all other properties in this file and then uncomment the lines ## prefixed with a single # below. ## ## This is the factory that supplies the concrete authentication class #root=org.jasig.portal.security.provider.UnionSecurityContextFactory #root.simple=org.jasig.portal.security.provider.SimpleSecurityContextFactory #root.ldap_stu=org.jasig.portal.security.provider.SimpleLdapSecurityContextFactory #root.ldap_fac=org.jasig.portal.security.provider.SimpleLdapSecurityContextFactory ## The following tells the SimpleLdapSecurityContextFactory with the similarly named ## property which named LDAP connection to use. Named LDAP connections are defined in ## properties/contexts/ldapContext.xml #securityContextProperty.root.ldap_stu.connection=Students #securityContextProperty.root.ldap_fac.connection=Faculty ## Answers what tokens are examined in the request for each context during authentication. #principalToken.root=userName #credentialToken.root=password ## This is the factory that supplies the concrete authorization class #authorizationProvider=org.jasig.portal.security.provider.AuthorizationServiceFactoryImpl