...
In
...
order
...
to
...
enable
...
WebDAV
...
on
...
Sakai
...
2.0,
...
the
...
following
...
modules
...
must
...
be
...
installed.
...
Required module(s)
...
for implementing WebDAV and Sakai 2.0.x
-. The correct krb5.conf
...
file
...
for
...
UC
...
Davis'
...
KDC
-. Krb5LoginModule (jaas)
-. A jaas.conf
...
file
...
that
...
includes
...
other
...
configuration
...
information
...
needed
...
for
...
the
...
provider
...
-.
...
Custom
...
UserDirectoryProvider,
...
UC
...
Davis'
...
Provider,
...
UCDKerbLDAP.java
...
which
...
is
...
a
...
modified
...
version
...
of
...
Stanford's
...
provider.
...
Thanks
...
to
...
Casey
...
Dunn
...
at
...
Stanford
...
for
...
providing
...
this
...
example.
...
-.
...
The
...
ucdprovider
...
directory
...
from
...
SVN.
...
This
...
will
...
be
...
added
...
to
...
the
...
...
...
\providers
...
directory.
...
-.
...
commons-lang.jar
...
and
...
commons-configuration.jar.
...
This
...
will
...
be
...
placed
...
in
...
the
...
Tomcat\shared\lib
...
directory.
...
-.
...
The
...
project.xml
...
and
...
components.xml
...
that
...
will
...
be
...
place
...
in
...
the
...
...
...
\providers\components
...
directory
...
-.
...
A
...
keytab
...
file
...
for
...
access
...
to
...
the
...
KDC.
...
See
...
Scott
...
Amerson
...
for
...
details.
...
Sakai
...
2.0.+/WebDav
...
Install
...
Instructions (Includes package structure for UCDavisUserDirectoryProvider)
Source is located in SVN, currently available for either 2.0.0 or 2.0.1 Sakai frameworks.
Code is given as a providers/UserDirWebDAV/branch/200 or providers/UserDirWebDAV/branch/201 directory. https://mware.ucdavis.edu/svn/sakai/providers/trunk/201/
Package structure (to be deprecated):
Java package structure is detailed below:
ucdprovider | source dir | package | Source code |
---|---|---|---|
----------- |
...
java->src-> |
...
----------- |
...
----------- |
...
edu.ucdavis.security.sakai2.distauth.user |
...
UCDKerbLDAP.java | |||
----------- | ----------- | edu.ucdavis.security.sakai2.distauth.KerbConf | UCDKrb.properties |
----------- |
...
----------- |
...
edu.ucdavis.security.sakai2.distauth.utilities |
...
misc |
...
LDAP |
...
extensions, not implemented |
This directory contains a UCDKerbLDAP.java, an implementation of the UserDirectoryProvider specifically for UC Davis.
This code is taken from examples from Columbia's provider, and Stanford's LDAP implementation.
Updated package structure (10/25/05), located @ https://mware.ucdavis.edu/svn/sakai/providers/trunk/201Mods/
:
Java package structure is detailed below:
ucdproviders | source dir | package | Source code | notes |
---|---|---|---|---|
----------- | java->src-> | |||
----------- | ----------- | edu.ucdavis.providers.sakai20.user | UCDavisUserDirectoryProvider.java | User Provider impl |
----------- | ----------- | edu.ucdavis.providers.sakai20.utilities | UCDConf.java | Properties configuration helper class |
----------- | ----------- | edu.ucdavis.providers.sakai20.utilities | UCDLDAP.java | LDAP helper class |
----------- | ----------- | edu.ucdavis.providers.sakai20.utilities | UCDLDAPSearch.java | LDAP search class |
----------- | ----------- | edu.ucdavis.providers.sakai20.utilities | UCDLDAPService.java | LDAP service impl |
Please see KerberosDirectoryProvider README for other information with respect to using jaas to implement Kerberos Authentication in Sakai.
In addition, to protect the integrity of your Kerberos password, the use
of a secure Web front-end is HIGHLY recommended. Enabling SSL should be done prior to deploying this code.
*GENERAL SETUP*
Prerequisite:
-Krb
Please see KerberosDirectoryProvider README for other information with respect to using jaas to implement Kerberos Authentication in Sakai.
In addition, to protect the integrity of your Kerberos password, the use
of a secure Web front-end is HIGHLY recommended. Enabling SSL should be done prior to deploying this code.
*GENERAL SETUP*
Prerequisite:
-Krb5LoginModule (comes with jdk 1.5)
The package structure for the UCDKerbLDAP.java module is as follows:
edu.ucdavis.security.distauth.sakai2.user //source code
edu.ucdavis.security.distauth.sakai2.KerbConf //UCDKrb.properties file that should be copied into Tomcat sakai dir
To use this provider:
1) Download source from SVN
2) Configure Java for Kerberos using JAAS:
- Create a file jaas.config (jaas.config example provided in SVN) in the your Java installation, usually in
$JAVA_HOME/lib/security or $JAVA_HOME/jre/lib/security.
- Add this block (or edit an existing block):
Code Block KerberosAuthentication { com.sun.security.auth.module.Krb5LoginModule required debug=false storekey=false clearPass=false useTicketCache=false useKeyTab=true keyTab="/etc/krb.keytab"; };
- Note, it is very important to have a semicolon at the end, and no other place!
The UserDirectoryProvider uses the KerberosAuthentication context by
default; it can be configured by changing the loginContext parameter in
the components.xml file. See KerberosDirectoryProvider documentation for more details.
3) Copy the properties file, UCDKrb.properties from code/properties to your TOMCAT_HOME/sakai directory.
4) Copy the code/ucdprovider directory into the Sakai_dir/providers directory.
5) Copy the following from the code/providersconf directory:
a. components.xml into the Sakai_dir/providers/components/webapp/WEB-INF directory
b. project.xml into the Sakai_dir/providers/components directory
-To note here, uncomment out any previous provider reference that is no longer used
6) Download two dependencies, commons-lang.jar, and commons-components.jar. These jars may be found at http://www.ibiblio.org/maven/, and should be placed in the TOMCAT_HOME/shared/lib directory.
7) Attain a keytab file from IET Middleware, and place modify the location of this file in the jaas.config file in Step 1) above.
8) Rebuild Sakai, and start Tomcat
*ADVANCED OPTIONS*
See KerberosDirectoryProvider README.txt for any advanced options.
Technical Design
A solution to the WebDAV/Sakai integration problem is detailed via the link below (provider diagrams).
http://mediaworks.ucdavis.edu:8080/confluence/display/UCDSAKAI/Sakai+Providers
Notes: UCDavisUserDirectoryProvider implements the UserDirectoryProvider interface. The following diagram illustrates the process flow for the provider: