Versions Compared

Old Version 5

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

...

A complete example is attached to this page for your reference. The rest of this page will cover individual beans used in the file.

Velocity Bean

The MCB makes use of Apache Velocity in order to render the login pages and the selection page for authentication methods. This allows the template files to live outside of the Shibboleth WAR and be updated independently of it. The default velocity.properties file also is set to poll for changed pages every 2 seconds. You can adjust that to suit your business needs.

Code Block
languagehtml/xml
    <bean id="mcb.SSOVelocityEngine" class="org.springframework.ui.velocity.VelocityEngineFactoryBean" depends-on="shibboleth.LogbackLogging">
        <property name="overrideLogging" value="false" />
        <property name="velocityProperties">
            <props>
                <prop key="runtime.log.logsystem.class">
                    edu.internet2.middleware.shibboleth.common.util.Slf4JLogChute
                </prop>
                <prop key="resource.loader">file</prop>
                <prop key="file.resource.loader.class">
                    org.apache.velocity.runtime.resource.loader.FileResourceLoader
                </prop>
                <prop key="file.resource.loader.path">/opt/shibboleth-idp/conf</prop>
                <prop key="file.resource.loader.cache">false</prop>
            </props>
        </property>
    </bean>

The only value here that needs to be modified is the file.resource.loader.path value. It must point to the directory where the velocity.properties file lives.

Authentication Bean

Authentication beans represent the submodules used to authenticate users. They must implement the edu.internet2.middleware.assurance.mcb.authn.provider.MCBSubmmodule Interface. The interface itself is defined as:

...

Code Block
languagehtml/xml
    <!-- This bean represents an authentication submodule -->
    <bean id="mcb.usernamepassword" class="edu.internet2.middleware.assurance.mcb.authn.provider.JAASLoginSubmodule">
        <constructor-arg index="0" value="ShibUserPassAuth/opt/shibboleth-idp/conf/login.config" />  <!-- The JAAS configuration file -->
        <constructor-arg index="1" value="MCBUserPassAuth" />  <!-- The JAAS configuration name -->
 		<constructor-arg index="2" value="jaaslogin.vm" />  <!-- The login page to display -->
 		<constructor-arg index="3" value="false" />  <!-- Set to true if using JSP login page (parameter defaults to false if not supplied) -->
    </bean>

The bean id value must be unique for each submodule you define. However, it is possible to use the same submodule code to define multiple beans (meaning you could have two or more JAASLoginSubmodules in your file). For the standard JAAS submodule, two three constructor arguments are needed, a fourth is optional. The first is the JAAS configuration file itself, the second is the JAAS configuration name (from the standard login.config fileconfiguration file in parameter 1) that will be used. The second third is the name of the velocity template to use for the login page. If the fourth parameter is supplied and has a value of true, then the login page template for parameter three is assumed to be a JSP page and is processed as such.

Configuration Bean

The configuration bean represents the data that is in the MCB multi-context-broker.xml configuration file. By loading it as a bean, the configuration information is available to all parts of the MCB at runtime.

...