Forums

Home » Liferay Portal » English » 2. Using Liferay » General

Combination View Flat View Tree View
Threads [ Previous | Next ]
toggle
Tonu Sri
Liferay with Facebook SSO
January 27, 2013 7:20 AM
Answer

Tonu Sri

Rank: Regular Member

Posts: 195

Join Date: April 15, 2011

Recent Posts

Hi,

I have configured Liferay with Facebook for SSO. I am able to login in Liferay successfully with Facebook credentials.

But I am facing issue while logging out from Liferay. When i logout from Liferay, still my facebook session is existing so next time Liferay authenticate on only clicking on Sign In link.

I can understand that Liferay class ( FaceBookAutoLogin.java) reads session and allow you to login. But its not secure, lets if someone login in Liferay, In second tab he will be automatically login in liferay.

Can we stop this funcationality?

Thanks:
Tonu
Corné Aussems
RE: Liferay with Facebook SSO
February 3, 2013 12:41 PM
Answer

Corné Aussems

Rank: Liferay Legend

Posts: 1260

Join Date: October 3, 2006

Recent Posts

Hi Tonu,

Good question!
What you could do is write up your own logout.events.post action.
Removing the session attributes that have been set in FaceBookConnectAction

1   
2        public static final String FACEBOOK_ACCESS_TOKEN = "FACEBOOK_ACCESS_TOKEN";
3
4    public static final String FACEBOOK_USER_EMAIL_ADDRESS = "FACEBOOK_USER_EMAIL_ADDRESS";
5
6    public static final String FACEBOOK_USER_ID = "FACEBOOK_USER_ID";
Tonu Sri
RE: Liferay with Facebook SSO
February 4, 2013 1:37 AM
Answer

Tonu Sri

Rank: Regular Member

Posts: 195

Join Date: April 15, 2011

Recent Posts

Hi Corné,

Thanks for your reply.

Can you please elaborate about steps.
I cannot modify FaceBookConnectAction without EXT Plugin.

then how will it work??

Thanks:
Tonu
Corné Aussems
RE: Liferay with Facebook SSO
February 4, 2013 3:03 AM
Answer

Corné Aussems

Rank: Liferay Legend

Posts: 1260

Join Date: October 3, 2006

Recent Posts

You need to create a properties hook;

Add your own logout action, see for an example the DefaultLogoutPageAction register this on the property logout.events.post

Within YourLogoutPageAction remove the session attributes