Combination View Flat View Tree View
Threads [ Previous | Next ]
toggle
John McElroy
Issues setting up NTLM with LDAP servers that run over a load balancer
July 12, 2012 9:28 AM
Answer

John McElroy

Rank: New Member

Posts: 5

Join Date: July 11, 2011

Recent Posts

So I know I have another thread open about using a cookie but I kind of abandoned since I have been exploring the built in auto login capabilities more.

Firstly, I am working with a Liferay 5.2.3 that is deployed on a Windows server, over a default intranet domain for my company. And we have it synced with our companies LDAP. However, the LDAP server is on a different domain, the alias first points to a probable load balance appliance since I have pinged this host address several time and get two different ips throughout the day. I am trying to implement NTLM auto login since our ldap is setup to authenticate using userid and password. But I am not making any head way

Here are my current file configurations:
portal-ext.properties
 1
 2counter.connection.heartbeat.job.interval=1
 3
 4# fix close.png
 5theme.images.fast.load=false
 6
 7
 8# Set the default layout for a new users private page
 9default.user.private.layouts.lar=${liferay.home}/default_page_layout.lar
10
11# default theme
12default.regular.theme.id=viper_WAR_vipertheme
13theme.sync.on.group=false
14# Disable forcing new LDAP accounts to agree to the generic terms of service
15terms.of.use.required=false
16
17# Forces a redirect to the user's private page upon login if it exists.
18auth.forward.by.last.path=false
19# remove password reminder
20users.reminder.queries.enabled=false
21users.reminder.queries.custom.question.enabled=false
22
23# force ldap password sync
24auth.pipeline.pre=com.liferay.portal.security.auth.LDAPAuth
25auth.pipeline.enable.liferay.check=false
26
27#ldap properties
28ldap.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
29ldap.base.provider.url=ldap://intldap.nationwidedir.net:389
30ldap.base.dn=dc=nationwidedir,dc=net
31ldap.security.principal=out=int,ou=people
32ldap.auth.enabled=true
33ldap.auth.required=true
34ldap.auth.method=bind
35ldap.auth.search.filter=(uid=@screen_name@)
36
37#ldap.import.enabled=true
38#ldap.import.on.startup=true
39#ldap.import.interval=10
40
41
42#auto login attempt properties
43#auto.login.hooks=com.liferay.portal.security.auth.RememberMeAutoLogin
44auto.login.hooks=com.liferay.portal.security.auth.NtlmAutoLogin
45ntlm.auth.enabled=true
46#alias to the ldap load balancer
47ntlm.auth.domain.controller=intldap.nationwidedir.net
48##domain of the liferay server host
49#nltm.auth.domain=nwie.net
50##domain of the ldap server
51ntlm.auth.domain=nationwidedir.net
52
53#company security options for auto login
54company.security.auth.type=userId
55company.security.auto.login=true
56company.security.auto.login.max.age=31536000
57
58#### The below lines send the user to the main page when they login instead of their private homes
59auth.forward.by.last.path=true
60default.landing.page.path=/user/
61##default.landing.page.path=/group/myjbhunt/
62login.events.post=com.liferay.portal.events.LoginPostAction,com.liferay.portal.events.DefaultLandingPageAction
63## End redirect


web.xml (just the filer implementation)

 1
 2  <!-- ==================== Auto Login Filter Mappings ====================== -->
 3  <!--
 4  <filter>
 5    <filter-name>Auto Login Filter</filter-name>
 6    <filter-class>com.liferay.portal.servlet.filters.autologin.AutoLoginFilter</filter-class>
 7  </filter>
 8  <filter-mapping>
 9    <filter-name>Auto Login Filter</filter-name>
10    <url-pattern>/*</url-pattern>
11  </filter-mapping>
12  -->
13  <filter>
14            <filter-name>SSO Ntlm Filter</filter-name>
15            <filter-class>com.custom.portal.servlet.filters.sso.ntlm.CustomNtlmFilter</filter-class>
16    </filter>
17    <filter-mapping>
18            <filter-name>SSO Ntlm Filter</filter-name>
19            <url-pattern>/*</url-pattern>
20    </filter-mapping>


And when i i start up my server either through Eclipse EE or command line i see this:

 1
 2Jul 12, 2012 11:59:01 AM org.apache.catalina.core.AprLifecycleListener init
 3INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: C:\liferay-portal-5.2.3\tomcat-6.0.18\jre1.5.0_17\win\bin;.;C:\WINXP\system32;C:\WINXP;C:/Program Files/Java/jdk1.6.0_31/bin/../jre/bin/client;C:/Program Files/Java/jdk1.6.0_31/bin/../jre/bin;C:/Program Files/Java/jdk1.6.0_31/bin/../jre/lib/i386;C:\Program Files\Java\jdk1.6.0_31\bin;C:\WINXP\system32;C:\WINXP;C:\WINXP\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\Common Files\Lenovo;C:\Program Files\ThinkPad\ConnectUtilities;C:\Program Files\Windows Imaging\;C:\apache-ant-1.7.1\bin;C:\atlassian-plugin-sdk-3.1.3\bin;C:\WINXP\system32\WindowsPowerShell\v1.0;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files\TortoiseSVN\bin;C:\WINXP\system32\WindowsPowerShell\v1.0;C:\Program Files\Lotus\Notes;C:\apache-ant-1.7.1\bin;C:\Program Files\Java\jdk1.6.0_31\bin ;C:\SpringSource\Tools\eclipse;
 4Jul 12, 2012 11:59:01 AM org.apache.coyote.http11.Http11Protocol init
 5INFO: Initializing Coyote HTTP/1.1 on http-80
 6Jul 12, 2012 11:59:01 AM org.apache.catalina.startup.Catalina load
 7INFO: Initialization processed in 618 ms
 8Jul 12, 2012 11:59:01 AM org.apache.catalina.core.StandardService start
 9INFO: Starting service Catalina
10Jul 12, 2012 11:59:01 AM org.apache.catalina.core.StandardEngine start
11INFO: Starting Servlet Engine: Apache Tomcat/6.0.18
12Loading jar:file:/C:/liferay-portal-5.2.3/tomcat-6.0.18/webapps/ROOT/WEB-INF/lib/portal-impl.jar!/system.properties
13Loading jar:file:/C:/liferay-portal-5.2.3/tomcat-6.0.18/webapps/ROOT/WEB-INF/lib/portal-impl.jar!/portal.properties
14Loading file:/C:/liferay-portal-5.2.3/tomcat-6.0.18/webapps/ROOT/WEB-INF/classes/portal-ext.properties
15Loading file:/C:/liferay-portal-5.2.3/portal-ext.properties
1611:59:09,293 INFO  [DialectDetector:64] Determining dialect for Microsoft SQL Server 9
1711:59:09,371 INFO  [DialectDetector:97] Using dialect org.hibernate.dialect.SQLServerDialect
18Loading jar:file:/C:/liferay-portal-5.2.3/tomcat-6.0.18/webapps/ROOT/WEB-INF/lib/portal-impl.jar!/captcha.properties
1911:59:11,946 INFO  [PortalImpl:252] Portal lib directory /C:/liferay-portal-5.2.3/tomcat-6.0.18/webapps/ROOT/WEB-INF/lib/
2011:59:21,139 INFO  [ServerDetector:104] Detected server tomcat
21Starting Liferay Portal Standard Edition 5.2.3 (Augustine / Build 5203 / May 20, 2009)
2211:59:22,871 INFO  [DBUtil:501] Database does not support case sensitive queries
2311:59:28,942 INFO  [HotDeployUtil:64] Initializing hot deploy manager 12501850
2411:59:29,333 INFO  [AutoDeployDir:108] Auto deploy scanner started for C:\liferay-portal-5.2.3\deploy
2511:59:30,175 INFO  [LayoutTemplateHotDeployListener:90] Registering layout templates for 2-columns-iv-layouttpl
2611:59:30,940 INFO  [LayoutTemplateHotDeployListener:102] 1 layout template for 2-columns-iv-layouttpl is available for use
27Jul 12, 2012 11:59:30 AM org.apache.catalina.core.StandardContext start
28SEVERE: Error filterStart
29Jul 12, 2012 11:59:30 AM org.apache.catalina.core.StandardContext start
30SEVERE: Context [/2-columns-iv-layouttpl] startup failed due to previous errors
3111:59:30,956 INFO  [LayoutTemplateHotDeployListener:131] Unregistering layout templates for 2-columns-iv-layouttpl
3211:59:30,956 INFO  [LayoutTemplateHotDeployListener:155] 1 layout template for 2-columns-iv-layouttpl was unregistered
3311:59:32,282 INFO  [PortletHotDeployListener:227] Registering portlets for athenaapps-portlet
3411:59:32,485 INFO  [PortletHotDeployListener:346] 1 portlet for athenaapps-portlet is available for use
35Jul 12, 2012 11:59:32 AM org.apache.catalina.core.StandardContext start
36SEVERE: Error filterStart
37Jul 12, 2012 11:59:32 AM org.apache.catalina.core.StandardContext start
38SEVERE: Context [/athenaapps-portlet] startup failed due to previous errors
3911:59:32,516 INFO  [PortletHotDeployListener:381] Unregistering portlets for athenaapps-portlet
4011:59:32,516 INFO  [PortletHotDeployListener:412] 1 portlet for athenaapps-portlet was unregistered
4111:59:33,905 INFO  [PortletHotDeployListener:227] Registering portlets for auditwizard-portlet
4211:59:34,015 INFO  [PortletHotDeployListener:346] 1 portlet for auditwizard-portlet is available for use
43Jul 12, 2012 11:59:34 AM org.apache.catalina.core.StandardContext start
44SEVERE: Error filterStart
45Jul 12, 2012 11:59:34 AM org.apache.catalina.core.StandardContext start
46SEVERE: Context [/auditwizard-portlet] startup failed due to previous errors
4711:59:34,046 INFO  [PortletHotDeployListener:381] Unregistering portlets for auditwizard-portlet
4811:59:34,046 INFO  [PortletHotDeployListener:412] 1 portlet for auditwizard-portlet was unregistered
4911:59:36,278 INFO  [PortletHotDeployListener:227] Registering portlets for configmenu-portlet
5011:59:36,387 INFO  [PortletHotDeployListener:346] 1 portlet for configmenu-portlet is available for use
51Jul 12, 2012 11:59:36 AM org.apache.catalina.core.StandardContext start
52SEVERE: Error filterStart
53Jul 12, 2012 11:59:36 AM org.apache.catalina.core.StandardContext start
54SEVERE: Context [/configmenu-portlet] startup failed due to previous errors
5511:59:36,402 INFO  [PortletHotDeployListener:381] Unregistering portlets for configmenu-portlet
5611:59:36,402 INFO  [PortletHotDeployListener:412] 1 portlet for configmenu-portlet was unregistered
5711:59:38,244 INFO  [PortletHotDeployListener:227] Registering portlets for globaladmin-portlet
5811:59:38,322 INFO  [PortletHotDeployListener:346] 1 portlet for globaladmin-portlet is available for use
59Jul 12, 2012 11:59:38 AM org.apache.catalina.core.StandardContext start
60SEVERE: Error filterStart
61Jul 12, 2012 11:59:38 AM org.apache.catalina.core.StandardContext start
62SEVERE: Context [/globaladmin-portlet] startup failed due to previous errors
6311:59:38,509 INFO  [PortletHotDeployListener:381] Unregistering portlets for globaladmin-portlet
6411:59:38,509 INFO  [PortletHotDeployListener:412] 1 portlet for globaladmin-portlet was unregistered
6511:59:39,383 INFO  [HookHotDeployListener:184] Registering hook for nationwideESM-5.2.3.1
6611:59:39,867 INFO  [HookHotDeployListener:379] Hook for nationwideESM-5.2.3.1 is available for use
6711:59:39,867 INFO  [PortletHotDeployListener:227] Registering portlets for nationwideESM-5.2.3.1
6811:59:39,945 INFO  [PortletHotDeployListener:346] 1 portlet for nationwideESM-5.2.3.1 is available for use
69Jul 12, 2012 11:59:39 AM org.apache.catalina.core.StandardContext start
70SEVERE: Error filterStart
71Jul 12, 2012 11:59:39 AM org.apache.catalina.core.StandardContext start
72SEVERE: Context [/nationwideESM-5.2.3.1] startup failed due to previous errors
7311:59:40,226 INFO  [HookHotDeployListener:442] Hook for nationwideESM-5.2.3.1 was unregistered
7411:59:40,226 INFO  [PortletHotDeployListener:381] Unregistering portlets for nationwideESM-5.2.3.1
7511:59:40,242 INFO  [PortletHotDeployListener:412] 1 portlet for nationwideESM-5.2.3.1 was unregistered
76Jul 12, 2012 11:59:40 AM org.apache.catalina.core.StandardContext start
77SEVERE: Error filterStart
78Jul 12, 2012 11:59:40 AM org.apache.catalina.core.StandardContext start
79SEVERE: Context [/New Folder] startup failed due to previous errors
8011:59:41,303 INFO  [PortletHotDeployListener:227] Registering portlets for viper-portlet
8111:59:41,397 INFO  [PortletHotDeployListener:346] 1 portlet for viper-portlet is available for use
82Jul 12, 2012 11:59:41 AM org.apache.catalina.core.StandardContext start
83SEVERE: Error filterStart
84Jul 12, 2012 11:59:41 AM org.apache.catalina.core.StandardContext start
85SEVERE: Context [/viper-portlet] startup failed due to previous errors
8611:59:41,428 INFO  [PortletHotDeployListener:381] Unregistering portlets for viper-portlet
8711:59:41,428 INFO  [PortletHotDeployListener:412] 1 portlet for viper-portlet was unregistered
8811:59:42,068 INFO  [ThemeHotDeployListener:90] Registering themes for viper-theme


I have looked at several threads:

http://www.liferay.com/community/forums/-/message_boards/message/4403401

http://www.liferay.com/web/guest/community/forums/-/message_boards/message/1647224

http://www.liferay.com/community/wiki/-/wiki/Main/NTLM+SSO

and others but nothing has really helped. Can anyone offer any advice, please?
Linus Sphinx
RE: Issues setting up NTLM with LDAP servers that run over a load balancer
July 12, 2012 10:29 AM
Answer

Linus Sphinx

Rank: Junior Member

Posts: 84

Join Date: August 12, 2010

Recent Posts

Stupid question I have to ask, have you established trust between those domains?
John McElroy
RE: Issues setting up NTLM with LDAP servers that run over a load balancer
July 12, 2012 12:12 PM
Answer

John McElroy

Rank: New Member

Posts: 5

Join Date: July 11, 2011

Recent Posts

no the two domains are kept apart with no real over lap. Hell I would settle for just getting the Remember me feature to work at this point I think I have it all in my code above it is just commented out. and when i get start it up I get the same errors in the log message. I run the server through Eclipse EE Indigo or through MyEclipse 8.6, but i also ran through the command line and it still appear i think I said most of that last above already. sorry turning into a broken record.

Does anyone have any advice on what I could do?
Linus Sphinx
RE: Issues setting up NTLM with LDAP servers that run over a load balancer
July 13, 2012 9:15 AM
Answer

Linus Sphinx

Rank: Junior Member

Posts: 84

Join Date: August 12, 2010

Recent Posts

Doubt you can get there from here, window single sign on depends on agreement between the web server, Active Directory and the domain controller. Pretty sure to join one domain and single sign on to another there must be trust relationship.

http://msdn.microsoft.com/en-us/library/aa745042%28v=bts.10%29
http://technet.microsoft.com/en-us/library/cc961481.aspx