Forums

Home » Liferay Portal » English » 2. Using Liferay » General

Combination View Flat View Tree View
Threads [ Previous | Next ]
toggle
Subhash Pavuskar
Single Sign On (SSO)
April 3, 2012 11:53 PM
Answer

Subhash Pavuskar

Rank: Regular Member

Posts: 234

Join Date: March 12, 2012

Recent Posts

Can anyone pls tell me What is SSO and how i can implement in Liferay? pls provide me the link or tutorial.
Tejas Kanani
RE: Single Sign On (SSO)
April 4, 2012 12:16 AM
Answer
Subhash Pavuskar
RE: Single Sign On (SSO)
April 4, 2012 12:17 AM
Answer

Subhash Pavuskar

Rank: Regular Member

Posts: 234

Join Date: March 12, 2012

Recent Posts

Hi Tejas,

Thanks For your Valuable information.
Subhash Pavuskar
RE: Single Sign On (SSO)
April 4, 2012 2:43 AM
Answer

Subhash Pavuskar

Rank: Regular Member

Posts: 234

Join Date: March 12, 2012

Recent Posts

I Understood what is SSO and its Advantage as a theoretical , Now I want to Implement In Liferay 6.1 can anyone pls tell me the procedure to implement in my portal?
Tejas Kanani
RE: Single Sign On (SSO)
April 4, 2012 3:08 AM
Answer

Tejas Kanani

Rank: Liferay Master

Posts: 652

Join Date: January 6, 2009

Recent Posts

In previous post I've given some links which will guide you how to integrate CAS & OpenSSO with Liferay.

And also find below reference for CAS with Liferay 6.
http://www.liferay.com/community/wiki/-/wiki/Main/CAS+Liferay+6+Integration
Tejas Kanani
RE: Single Sign On (SSO)
April 4, 2012 3:18 AM
Answer

Tejas Kanani

Rank: Liferay Master

Posts: 652

Join Date: January 6, 2009

Recent Posts

Check this link as well
Subhash Pavuskar
RE: Single Sign On (SSO)
April 4, 2012 3:30 AM
Answer

Subhash Pavuskar

Rank: Regular Member

Posts: 234

Join Date: March 12, 2012

Recent Posts

Thanks Tejas I am trying on your 2nd link I hope it ll work. If i Get any difficulty shall i ping you?
Subhash Pavuskar
RE: Single Sign On (SSO)
April 4, 2012 4:05 AM
Answer

Subhash Pavuskar

Rank: Regular Member

Posts: 234

Join Date: March 12, 2012

Recent Posts

@Tejas
I followed the steps which you had given i.e http://www.unicon.net/blog/apetro/casify_liferay_6_ee i am stucked in middle i.e after configuring Control Panel Setting according to the Procedure when i logged out instead of https://localhost:8080 it is redirecting to " https://localhost:8443/cas/login?service=http%3A%2F%2Flocalhost%3A8080%2Fc%2Fportal%2Flogin%3Fp_l_id%3D10169" and in that page showing the Message that "Unable to Connect" can you pls tell me the solution i am unable to login also.
Tejas Kanani
RE: Single Sign On (SSO)
April 4, 2012 4:41 AM
Answer

Tejas Kanani

Rank: Liferay Master

Posts: 652

Join Date: January 6, 2009

Recent Posts

Check if you have followed all the steps and configuration properly ?
I've not personally tried those but it should work.
Subhash Pavuskar
RE: Single Sign On (SSO)
April 4, 2012 9:39 PM
Answer

Subhash Pavuskar

Rank: Regular Member

Posts: 234

Join Date: March 12, 2012

Recent Posts

@Tejas:
Hi, yeah i checked and i tried in one more system but it showing same problem what i faced before.
Tejas Kanani
RE: Single Sign On (SSO)
April 5, 2012 12:33 AM
Answer

Tejas Kanani

Rank: Liferay Master

Posts: 652

Join Date: January 6, 2009

Recent Posts

Also check other links provided in previous post, I've not tried any of them personally.
http://www.liferay.com/community/wiki/-/wiki/Main/CAS+Liferay+6+Integration

And even for authentication it is recommended to use LDAP or AD or any other system. So may need that as well.
Neha Verma
RE: Single Sign On (SSO)
April 6, 2012 10:29 PM
Answer

Neha Verma

Rank: New Member

Posts: 12

Join Date: March 12, 2012

Recent Posts

Hi Tejas,

I have configured CAS with Liferay 6.1 EE. Now i m able to login into liferay through CAS and after logout its redirecting me to CAS logout page also.

Now I wanna to configure gmail in liferay through CAS... so that once i will click on gmail url, it will redirect to me to the gmail without any authentication.

Could you please help me, how can I configure gmail.

Thanks,
Neha.
Hitoshi Ozawa
RE: Single Sign On (SSO)
April 7, 2012 4:43 AM
Answer

Hitoshi Ozawa

Rank: Liferay Legend

Posts: 7990

Join Date: March 23, 2010

Recent Posts

Neha, would you create a new thread because your question is not concerned with the original question of this thread.
Subhash Pavuskar
RE: Single Sign On (SSO)
April 8, 2012 10:02 PM
Answer

Subhash Pavuskar

Rank: Regular Member

Posts: 234

Join Date: March 12, 2012

Recent Posts

Clear Steps Need to configure for SSO using CAS... I hope this may help anyone in future.


Here are some links with snapshots, which is same as below given 35 steps:

(a)- http://www.unicon.net/blog/apetro/casify_liferay_6_ee
(b)- http://content.liferay.com/4.3/doc/installation/liferay_4_installation_guide/multipage/ch05s04.html


Steps:

1- Install CAS

I downloaded the CAS server distribution. All the (recent) downloads are available here : http://www.jasig.org/cas/download

2- Exploding that tar.gz, I grabbed the cas-server-3.4.5/modules/cas-server-webapp-3.4.5.war,

3- Rename the file to cas-web.war.

4- Copy the war file and paste it to the Tomcat webapps directory.

5- I didn't stop Tomcat before, so with Tomcat still running, I hit http://localhost:8080/cas-web/ in a browser and was helpfully redirected to http://localhost:8080/ cas-web/login . Default demo CAS webapp authenticates where username equals password, so I tried logging in as "test@liferay.com" with "test@liferay.com"

6- CAS helpfully told me I was logged in, though of course not logged in to anything useful, since I didn't try to log in to any particular application.


Configured Liferay to use CAS for authentication


7- Create an account in liferay with test@liferay.com and password test@liferay.com, which is same as CAS account.

8- To download the Yale CAS Client 2.0.11 go to http://downloads.jasig.org/cas-clients/

9- Create a folder and extract the cas.client zip file into this folder.

10- Open the folder and navigate to the casclient jar file (cas-client-2.0.11\java\lib).

11- Copy the file.

12- Go to the lib file in Tomcat (webapps\ROOT\WEB_INF\lib) and paste the casclient jar file to replace the existing one.

13- In the command prompt go to the ROOT directory. ( /liferay-portal-6.1.10-ee-ga1/tomcat-7.0.25/webapps/ROOT )

14- Enter the following:

keytool -genkey -alias tomcat -keypass changeit -keyalg RSA

15- Enter changeit for the password.

16- Answer the list of questions. Note that the first and last name must be the host name of your server and cannot be an IP address. This is very important because an IP address will fail client hostname verification even if it is correct.

Enter keystore password: changeit
What is your first and last name?
: localhost
What is the name of your organizational unit?
:
What is the name of your organization?
:
What is the name of your City or Locality?
:
What is the name of your State or Province?
:
What is the two-letter country code for this unit?
:
Is CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
: yes


17- Enter the following command to export the cert you generated from your personal keystore:

keytool -export -alias tomcat -keypass changeit -file server.cert

18- Enter changeit for the password.

19- Import the cert into Java's keystore with this command:

keytool -import -alias tomcat -file %FILE_NAME% -keypass changeit -keystore %JAVA_HOME%/jre/lib/security/cacerts

( Make sure in place of %FILE_NAME% type server.cert )

20- Enter changeit for the password.

21- Enter yes.

22- To set up Liferay Portal, navigate to the classes file in Tomcat (webapps\ROOT\WEB_INF\classes).

23- Create portal-ext.properties if it does not exist yet, somewhere in the server classpath:

24- Open portal-ext.properties and enter:

cas.auth.enabled=true
cas.import.from.ldap=true
cas.login.url=http://localhost:8080/cas-web/login
cas.logout.url=http://localhost:8080/cas-web/logout
cas.server.url=http://localhost:8080/cas-web
cas.validate.url=http://localhost:8080/cas-web/proxyValidate

25- Save.

26- Start Tomcat and go to Liferay Portal --> Login to Liferay through the username and password login box at left -- if users will exclusively login with CAS. ( Rather then clicking the Sign In link at the upper right. )

27- Go to Control Pannel -> Portal Settings -> Authentication -> CAS

(a)- Check on Enabled
(b)- Make sure type all URL same as mentioned in portal-ext.properties file

28- Save it.

29- Then Sign out from Liferay.

30- Again Sign In into Liferay by clicking the Sign In link at the upper right.

31- If everything is set up correctly you will be redirected to the CAS server’s login screen.

32- logging in as "test@liferay.com" with "test@liferay.com" as password.

33- CAS sends you back to Liferay with a valid Service Ticket, Liferay validates the Service ticket, and you are logged in Liferay as that test@liferay.com test user.

34- Then Click on Sign Out

35- Since Liferay is now configured to use CAS, it will send you to the CAS logout URL.
mohammad azaruddin
RE: Single Sign On (SSO)
April 18, 2013 2:03 AM
Answer

mohammad azaruddin

Rank: Expert

Posts: 438

Join Date: September 17, 2012

Recent Posts

Hi Subhash Pavuskar

That is very kind of youemoticon
emoticonemoticon