...
5. Restart Tomcat: test that when you hit login (you shouldn't be localhost, use your IP so that the domain cookie is set correctly and can be seen), that the form that has the "DistAuth log in" button is there. When you click this button, you should be taken to DistAuth. Check error logs for the debugging code that I have in Cookies/Filters, etc.
<!--
Sakai 2.0
1. Setup any Sakai usernames you would like to have login to the site.
(this step will be replaced by automated provisioning)
2. Login to Sakai as admin.
3. Click the Realms navigation link.
Click the /site/!admin realm.
Click the Grant Ability link.
Add any usernames in the provide ID box.
Save your changes to the Realm.
Click Done to commit your changes to the Sakai Realm.
4. Copy UCDDistAuthFilterAndWrapper.jar (attachment) into
Tomcat/common/lib to make it available to any web-app on
that instance of Tomcat.
(This contains the filter and request wrapper combined.)
5. Edit the sakai.properties file
(CATALINA_HOME/sakai/sakai.properties)
Turn on container.login in sakai.properties
If you do not have a line add
container.login = true
6. Edit the web.xml file and set up servlet filter in
web.xml of $SAKAI_DEV\login\login\src\webapp\WEB-INF See the
example web.xml below. The order is important within the web.xml
Note that <filter> and <filter-mapping> elements must be
contiguous within the web.xml file.
EXAMPLE web.xml:
Add the following params to the ~[CurrentSakaiInstall]\login\login\src\webapp\WEB-INF\web.xml to declare the DistAuth Filter and mapping.. Basically these are configurable pieces that not everyone will need, but we should put them in. ProtectionLevel is most important (2 is default, 3 is AFS)
<webapp>
..
<filter>
<filter-name>sakai.request</filter-name>
<filter-class>org.sakaiproject.util.RequestFilter</filter-class>
</filter>
<filter>
<filter-name>sakai.request.container</filter-name>
<filter-class>org.sakaiproject.util.RequestFilter</filter-class>
<init-param>
<param-name>tool.placement</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>remote.user</param-name>
<param-value>false</param-value>
</init-param>
</filter>
<filter>
<filter-name>ucdfilter</filter-name>
<filter-class>edu.ucdavis.security.distauth.AuthenticationFilter</filter-class>
<init-param>
<param-name>LoginURL</param-name>
<param-value></param-value>
</init-param>
<init-param>
<param-name>InvalidCookieURL</param-name>
<param-value></param-value>
</init-param>
<init-param>
<param-name>InvalidLoginURL</param-name>
<param-value></param-value>
</init-param>
<init-param>
<param-name>InvalidTokenURL</param-name>
<param-value></param-value>
</init-param>
<init-param>
<param-name>InternalErrorURL</param-name>
<param-value>Error.html</param-value>
</init-param>
<init-param>
<param-name>TimeoutInterval</param-name>
<param-value>3600</param-value>
</init-param>
<init-param>
<param-name>TokenPath</param-name>
<param-value>/afs/ucdavis.edu/common/authinfo/</param-value>
</init-param>
<init-param>
<param-name>LogPath</param-name>
<param-value></param-value>
</init-param>
<init-param>
<param-name>LogFile</param-name>
<param-value>C:\distauth.log</param-value>
</init-param>
<init-param>
<param-name>ValidateUserAgainstDB</param-name>
<param-value>0</param-value>
</init-param>
<init-param>
<param-name>DatabaseQuery</param-name>
<param-value></param-value>
</init-param>
<init-param>
<param-name>ProtectionLevel</param-name>
<param-value>2</param-value>
</init-param>
<init-param>
<param-name>PassThrough</param-name>
<param-value>0</param-value>
</init-param>
<init-param>
<param-name>LogoutURL</param-name>
<param-value>https://secureweb.ucdavis.edu:443/form-auth/logout?</param-value>
</init-param>
<init-param>
<param-name>SendBackURL</param-name>
<param-value>https://secureweb.ucdavis.edu:443/form-auth/sendback?</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>sakai.request</filter-name>
<servlet-name>sakai.login</servlet-name>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>sakai.request.container</filter-name>
<servlet-name>sakai.login.container</servlet-name>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<servlet>
<servlet-name>sakai.login</servlet-name>
<servlet-class>org.sakaiproject.tool.login.LoginTool</servlet-class>
<init-param>
<param-name>container</param-name>
<param-value>/sakai-login/container</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>sakai.login.container</servlet-name>
<servlet-class>org.sakaiproject.tool.login.ContainerLogin</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<!-- map the container login, and then cause it to trigger container authentication -->
<servlet-mapping>
<servlet-name>sakai.login.container</servlet-name>
<url-pattern>/container/*</url-pattern>
</servlet-mapping>
<filter-mapping>
<filter-name>ucdfilter</filter-name>
<servlet-name>sakai.login.container</servlet-name>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<listener>
<listener-class>org.sakaiproject.util.ToolListener</listener-class>
</listener>
..
</webapp>
-->
7. Rebuild Sakai and deploy to Tomcat
cd $SAKAI_DEV
maven bld dpl (or maven sakai)
8. Restart Tomcat: test that when you hit login (you shouldn't be localhost, use your IP so that the domain cookie is set correctly and can be seen). When you click the "Login" link on the portal, you should be taken to DistAuth. Check error logs for the debugging code that I have in Cookies/Filters, etc.
9. Visit your instance of Sakai and test the login link
Screenshots are provided for 2 1 version-s- (based on REQUIREMENTS, we are only doing number 2):
1. ) Dist Auth login and login buttons appear on site Login. Each will take you to a different location to authenticate.
2. ) One Login button replaces username and password form boxes on the site Login, takes you to a central login for both DistAuth and Sakai admin.