Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

...

In

...

order

...

to

...

enable

...

WebDAV

...

on

...

Sakai

...

2.0,

...

the

...

following

...

modules

...

must

...

be

...

installed.

...

Required

...

module(s)

...

for

...

implementing WebDAV and Sakai 2.0.x

-. The correct krb5.conf

...

file

...

for

...

UC

...

Davis'

...

KDC
-. Krb5LoginModule (jaas)
-. A jaas.conf

...

file

...

that

...

includes

...

other

...

configuration

...

information

...

needed

...

for

...

the

...

provider

...


-.

...

Custom

...

UserDirectoryProvider,

...

UC

...

Davis'

...

Provider,

...

UCDKerbLDAP.java

...

which

...

is

...

a

...

modified

...

version

...

of

...

Stanford's

...

provider.

...

Thanks

...

to

...

Casey

...

Dunn

...

at

...

Stanford

...

for

...

providing

...

this

...

example.

...


-.

...

The

...

ucdprovider

...

directory

...

from

...

SVN.

...

This

...

will

...

be

...

added

...

to

...

the

...

*Sakai

...

Source*

...

\providers

...

directory.

...


-.

...

commons-lang.jar

...

and

...

commons-configuration.jar.

...

This

...

will

...

be

...

placed

...

in

...

the

...

Tomcat\shared\lib

...

directory.

...


-.

...

The

...

project.xml

...

and

...

components.xml

...

that

...

will

...

be

...

place

...

in

...

the

...

*Sakai

...

Source*

...

\providers\components

...

directory

...


-.

...

A

...

keytab

...

file

...

for

...

access

...

to

...

the

...

KDC.

...

See

...

Scott

...

Amerson

...

for

...

details.

...

Sakai

...

2.0.+/WebDav

...

Install

...

Instructions (Includes package structure for UCDavisUserDirectoryProvider)

Source is located in SVN, currently available for either 2.0.0

...

or

...

2.0.1 Sakai frameworks.

...


Code

...

is

...

given

...

as

...

a

...

providers/UserDirWebDAV/branch/200

...

or

...

providers/UserDirWebDAV/branch/201

...

directory. https://mware.ucdavis.edu/svn/sakai/providers/trunk/201/

Package structure (to be deprecated):
Java package structure is detailed below:

ucdprovider

source dir

package

Source code

-----------

...

java->src->

...

-----------

...

-----------

...

edu.ucdavis.security.sakai2.distauth.user

...

UCDKerbLDAP.java

-----------

-----------

edu.ucdavis.security.sakai2.distauth.KerbConf

UCDKrb.properties

-----------

...

-----------

...

edu.ucdavis.security.sakai2.distauth.utilities

...

misc

...

LDAP

...

extensions,

...

not

...

implemented

This directory contains a UCDKerbLDAP.java,

...

an

...

implementation

...

of

...

the

...

UserDirectoryProvider

...

specifically

...

for

...

UC

...

Davis.

...


This

...

code

...

is

...

taken

...

from

...

examples

...

from

...

Columbia's

...

provider,

...

and

...

Stanford's

...

LDAP

...

implementation.

Updated package structure (10/25/05), located @ https://mware.ucdavis.edu/svn/sakai/providers/trunk/201Mods/
:
Java package structure is detailed below:

ucdproviders

source dir

package

Source code

notes

-----------

java->src->

-----------

-----------

edu.ucdavis.providers.sakai20.user

UCDavisUserDirectoryProvider.java

User Provider impl

-----------

-----------

edu.ucdavis.providers.sakai20.utilities

UCDConf.java

Properties configuration helper class

-----------

-----------

edu.ucdavis.providers.sakai20.utilities

UCDLDAP.java

LDAP helper class

-----------

-----------

edu.ucdavis.providers.sakai20.utilities

UCDLDAPSearch.java

LDAP search class

-----------

-----------

edu.ucdavis.providers.sakai20.utilities

UCDLDAPService.java

LDAP service impl

Please see KerberosDirectoryProvider README for other information with respect to using jaas to implement Kerberos Authentication in Sakai.

In addition, to protect the integrity of your Kerberos password, the use
of a secure Web front-end is HIGHLY recommended. Enabling SSL should be done prior to deploying this code.

*GENERAL SETUP*

Prerequisite:

-Krb

Please see KerberosDirectoryProvider README for other information with respect to using jaas to implement Kerberos Authentication in Sakai.

In addition, to protect the integrity of your Kerberos password, the use
of a secure Web front-end is HIGHLY recommended. Enabling SSL should be done prior to deploying this code.

*GENERAL SETUP*

Prerequisite:

-Krb5LoginModule (comes with jdk 1.5)

The package structure for the UCDKerbLDAP.java module is as follows:
edu.ucdavis.security.distauth.sakai2.user

...

//source

...

code

...


edu.ucdavis.security.distauth.sakai2.KerbConf

...

//UCDKrb.properties

...

file

...

that

...

should

...

be

...

copied

...

into

...

Tomcat

...

sakai

...

dir

...

To

...

use

...

this

...

provider:

...

1) Download source from SVN
2) Configure Java for Kerberos using JAAS:

  • Create a file jaas.config (jaas.config

...

  • example

...

  • provided

...

  • in

...

  • SVN)

...

  • in

...

  • the

...

  • your

...

  • Java

...

  • installation,

...

  • usually

...

  • in

...


  • $JAVA_HOME/lib/security

...

  • or

...

  • $JAVA_HOME/jre/lib/security.

...

  • Add

...

  • this

...

  • block

...

  • (or

...

  • edit

...

  • an

...

  • existing

...

  • block):
    Code Block
    
    

...

  • KerberosAuthentication {
       com.sun.security.auth.module.Krb5LoginModule required
       debug=false
       storekey=false
       clearPass=false
       useTicketCache=false
       useKeyTab=true
       keyTab="/etc/krb.keytab"; 
       };
    

...

  • Note,

...

  • it

...

  • is

...

  • very

...

  • important

...

  • to

...

  • have

...

  • a

...

  • semicolon

...

  • at

...

  • the

...

  • end,

...

  • and

...

  • no

...

  • other

...

  • place!

...

The

...

UserDirectoryProvider

...

uses

...

the

...

KerberosAuthentication

...

context

...

by

...


default;

...

it

...

can

...

be

...

configured

...

by

...

changing

...

the

...

loginContext

...

parameter

...

in

...


the

...

components.xml

...

file.

...

See

...

KerberosDirectoryProvider

...

documentation

...

for

...

more

...

details.

...

3)

...

Copy

...

the

...

properties

...

file,

...

UCDKrb.properties

...

from

...

code/properties

...

to

...

your

...

TOMCAT_HOME/sakai

...

directory.

...

4)

...

Copy

...

the

...

code/ucdprovider

...

directory

...

into

...

the

...

Sakai_dir/providers

...

directory.

...

5)

...

Copy

...

the

...

following

...

from

...

the

...

code/providersconf

...

directory:

...

a.

...

components.xml

...

into

...

the

...

Sakai_dir/providers/components/webapp/WEB-INF

...

directory

...


b.

...

project.xml

...

into

...

the

...

Sakai_dir/providers/components

...

directory

...

-To

...

note

...

here,

...

uncomment

...

out

...

any

...

previous

...

provider

...

reference

...

that

...

is

...

no

...

longer

...

used

...

6)

...

Download

...

two

...

dependencies,

...

commons-lang.jar,

...

and

...

commons-components.jar.

...

These

...

jars

...

may

...

be

...

found

...

at

...

http://www.ibiblio.org/maven/,

...

and

...

should

...

be

...

placed

...

in

...

the

...

TOMCAT_HOME/shared/lib

...

directory.

...

7)

...

Attain

...

a

...

keytab

...

file

...

from

...

IET

...

Middleware,

...

and

...

place

...

modify

...

the

...

location

...

of

...

this

...

file

...

in

...

the

...

jaas.config

...

file

...

in

...

Step

...

1)

...

above.

...

8) Rebuild Sakai,

...

and

...

start

...

Tomcat

...

*ADVANCED

...

OPTIONS*

...

See

...

KerberosDirectoryProvider

...

README.txt

...

for

...

any

...

advanced

...

options.

...

Technical Design

A solution to the WebDAV/Sakai

...

integration

...

problem

...

is

...

detailed

...

via the link below (provider diagrams).

http://mediaworks.ucdavis.edu:8080/confluence/display/UCDSAKAI/Sakai+Providers

Notes: UCDavisUserDirectoryProvider implements the UserDirectoryProvider interface. The following diagram illustrates the process flow for the provider: