Foren

autologin issue

Yue Zhou, geändert vor 11 Jahren.

autologin issue

New Member Beiträge: 3 Beitrittsdatum: 06.11.12 Neueste Beiträge
I developed an autologin hook based on another application(call it A)'s cookie. Liferay pages are embedded in the application A. After an user login to the applicaiton A, autologin hook will authenticate the user automatically.

However, I encountered an issue when the user log off and log into the application A, the autologin hook won't be invoked since liferay session has been established already. The embedded liferay pages are still in previous user's session

Any idea or advice? Thanks.
thumbnail
Rishi Dev Gupta, geändert vor 11 Jahren.

RE: autologin issue

Expert Beiträge: 255 Beitrittsdatum: 23.11.08 Neueste Beiträge
Liferay creates its own cookie and checks for that.

Since you are integrating the 2 applications, you need to manage or keep the session in sync for both the applications for various event like, login, logout, autologin, remember me, etc.

Since your need is similar to SSO so should follow the industry standards like CAS based authentication, which are more flexible and robust and will keep you gaurded with session issues.
Yue Zhou, geändert vor 11 Jahren.

RE: autologin issue

New Member Beiträge: 3 Beitrittsdatum: 06.11.12 Neueste Beiträge
The issue is that autologin hook is only invoked for unanthenticated user. is there a way to have a servlet filter to invalide the liferay session if cookie does not exists or changed? and will the autologin be invoked again?
thumbnail
Rishi Dev Gupta, geändert vor 11 Jahren.

RE: autologin issue

Expert Beiträge: 255 Beitrittsdatum: 23.11.08 Neueste Beiträge
You can customize the autologin through plugin hooks

You can configure or add your custom code and hook the login feature using the below property

##
## Auto Login
##

#
# Input a list of comma delimited class names that implement
# com.liferay.portal.security.auth.AutoLogin. These classes will run in
# consecutive order for all unauthenticated users until one of them return a
# valid user id and password combination. If no valid combination is
# returned, then the request continues to process normally. If a valid
# combination is returned, then the portal will automatically login that
# user with the returned user id and password combination.
#
# For example, com.liferay.portal.security.auth.RememberMeAutoLogin reads
# from a cookie to automatically log in a user who previously logged in
# while checking on the "Remember Me" box.
#
# This interface allows deployers to easily configure the portal to work
# with other SSO servers. See com.liferay.portal.security.auth.CASAutoLogin
# for an example of how to configure the portal with Yale's SSO server.
#
auto.login.hooks=com.liferay.portal.security.auth.CASAutoLogin,com.liferay.portal.security.auth.FacebookAutoLogin,com.liferay.portal.security.auth.NtlmAutoLogin,com.liferay.portal.security.auth.OpenIdAutoLogin,com.liferay.portal.security.auth.OpenSSOAutoLogin,com.liferay.portal.security.auth.RememberMeAutoLogin,com.liferay.portal.security.auth.SiteMinderAutoLogin