I have developed a portal using liferay and I have added an application as a portlet using iframe. The application requires a login. Now I would like to implement single sign on .
How do I achieve this?
1
votes
2 Answers
0
votes
I'd like to give a shorter answer than the very specific one already given (by the way: Note that the link goes to Liferay 4.3 documentation - this is at least 7 or 8 years old. Without looking at it, I am not sure how accurate it still is.
Achieving "Single Sign On" means that all applications in question must use the same "Single Sign On" system, so that the identity can be safely reused. Liferay integrates with a lot of SSO systems, CAS among them, Shibboleth and (for Enterprise Edition) SAML. You'll need to decide for one, implement it for your iframe'd application as well as configure it for Liferay. Typically this involves keeping your user accounts in an LDAP directory that's shared by all applications (otherwise you'd end up with only the names of the currently signed in user)
Of course, another more elegant way of integrating is to ditch the iframe and implement the UI for your other application in a portlet. This way Liferay will handle the authentication for you and the portlet will have the information about the currently logged in user first-hand. That's what a portal can and will provide for you - iframes are merely a quick hack to display any totally external application on the same page as your portal. IMHO it's about "displaying", not about "integrating" that application.
0
votes
Please find below steps to do the same.
Steps:
1- Install CAS
I downloaded the CAS server distribution. All the (recent) downloads are available here : http://www.jasig.org/cas/download
2- Exploding that tar.gz, I grabbed the cas-server-3.4.5/modules/cas-server-webapp-3.4.5.war,
3- Rename the file to cas-web.war.
4- Copy the war file and paste it to the Tomcat webapps directory.
5- I didn't stop Tomcat before, so with Tomcat still running, I hit http://localhost:8080/cas-web/ in a browser and was helpfully redirected to http://localhost:8080/ cas-web/login . Default demo CAS webapp authenticates where username equals password, so I tried logging in as "[email protected]" with "[email protected]"
6- CAS helpfully told me I was logged in, though of course not logged in to anything useful, since I didn't try to log in to any particular application.
Configured Liferay to use CAS for authentication
7- Create an account in liferay with [email protected] and password [email protected], which is same as CAS account.
8- To download the Yale CAS Client 2.0.11 go to http://downloads.jasig.org/cas-clients/
9- Create a folder and extract the cas.client zip file into this folder.
10- Open the folder and navigate to the casclient jar file (cas-client-2.0.11\java\lib).
11- Copy the file.
12- Go to the lib file in Tomcat (webapps\ROOT\WEB_INF\lib) and paste the casclient jar file to replace the existing one.
13- In the command prompt go to the ROOT directory. ( /liferay-portal-6.1.10-ee-ga1/tomcat-7.0.25/webapps/ROOT )
14- Enter the following:
keytool -genkey -alias tomcat -keypass changeit -keyalg RSA
15- Enter changeit for the password.
16- Answer the list of questions. Note that the first and last name must be the host name of your server and cannot be an IP address. This is very important because an IP address will fail client hostname verification even if it is correct.
Enter keystore password: changeit What is your first and last name? : localhost What is the name of your organizational unit? : What is the name of your organization? : What is the name of your City or Locality? : What is the name of your State or Province? : What is the two-letter country code for this unit? : Is CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct? : yes
17- Enter the following command to export the cert you generated from your personal keystore:
keytool -export -alias tomcat -keypass changeit -file server.cert
18- Enter changeit for the password.
19- Import the cert into Java's keystore with this command:
keytool -import -alias tomcat -file %FILE_NAME% -keypass changeit -keystore %JAVA_HOME%/jre/lib/security/cacerts
( Make sure in place of %FILE_NAME% type server.cert )
20- Enter changeit for the password.
21- Enter yes.
22- To set up Liferay Portal, navigate to the classes file in Tomcat (webapps\ROOT\WEB_INF\classes).
23- Create portal-ext.properties if it does not exist yet, somewhere in the server classpath:
24- Open portal-ext.properties and enter:
cas.auth.enabled=true cas.import.from.ldap=true cas.login.url=http://localhost:8080/cas-web/login cas.logout.url=http://localhost:8080/cas-web/logout cas.server.url=http://localhost:8080/cas-web cas.validate.url=http://localhost:8080/cas-web/proxyValidate
25- Save.
26- Start Tomcat and go to Liferay Portal --> Login to Liferay through the username and password login box at left -- if users will exclusively login with CAS. ( Rather then clicking the Sign In link at the upper right. )
27- Go to Control Pannel -> Portal Settings -> Authentication -> CAS
(a)- Check on Enabled (b)- Make sure type all URL same as mentioned in portal-ext.properties file
28- Save it.
29- Then Sign out from Liferay.
30- Again Sign In into Liferay by clicking the Sign In link at the upper right.
31- If everything is set up correctly you will be redirected to the CAS server’s login screen.
32- logging in as "[email protected]" with "[email protected]" as password.
33- CAS sends you back to Liferay with a valid Service Ticket, Liferay validates the Service ticket, and you are logged in Liferay as that [email protected] test user.
34- Then Click on Sign Out
35- Since Liferay is now configured to use CAS, it will send you to the CAS logout URL.
For more details check following link. http://www.liferay.com/community/forums/-/message_boards/message/13311091
Hope it may help you.!!
