Sommaire

Portlet deployment

Users are authenticated:

by the portal (in this case, the connected user's id is passed to the application through JSR-168 preferences).
or by the application itself for external users (in this case, the portal runs as guest).

JSR-168 uid preference

Setting the allowed authentication methods

Setting the allowed authentication methods is done by setting the three following properties (default values below):

Bloc de code
auth.useCas=true auth.useShibboleth=false auth.useApplication=true auth.useSpecific=false

Settign the last property to true is reserved to expert users (see Authenticating the users against an external data source ).

CAS properties

When the CAS authentication is allowed, the following property must be set:

Bloc de code
cas.url=https://cas.domain.edu

In servlet or quick-start deployments, the id authenticated user is retrieved from the HTTP session (set by the CAS J2EE filter).

In portlet deployments, the id of the authenticated user is passed from the portal to the portlet thanks to a JSR-168 preference (uid by default):

Bloc de code
Bloc de code
#auth.portal.uidAttribute=uid

Shibboleth properties

When the Shibboleth authentication is allowed, the properties to set depend on the deployment used.

Servlet

...

and quick-start deployments

Users are authenticated:

by CAS (the connected user's id is retrieved by the CAS J2EE filter).
or by the application itself for external users (in this case, the portal runs as guest).

Adresse du serveur CAS (required)

The id of the authenticated user is retrieved from a specific HTTP header:

Bloc de code
auth.shibbolethIdHeader=REMOTE_USER2

The attributes of the authenticated user are also retrieved from some HTTP headers:

Bloc de code
auth.shibbolethAttributeHeaders=Shib-InetOrgPerson-displayName,Shib-InetOrgPerson-givenName,Shib-InetOrgPerson-mail,Shib-Person-surname

These attributes are stored in the application database.