Hello,
has anybody created a login portlet with digital sign (digital certificate)?

If so, what guidelines are required (properties, login-hook, login-portlet, etc.)?

Many thanks

Hi Manuel,

Liferay framework is great, that you can do a lot.

The topic "login portlet with digital sign" is interesting. Would you please provide context of the login portlet with digital sign? It would be nice that you can provide details requirements here.

Thanks

Jonas Yuan

==================
The Author of Liferay Books:
Liferay User Interface Development
Liferay Portal 6 Enterprise Intranets
Liferay Portal 5.2 Systems Development
Liferay Portal Enterprise Intranets

Hola Manuel,

I suppose you are trying to implement authentication with spanish Id card (DNI-e).

I did a project some time ago using digital certificate of DNI-e. This certificate is x509, so you can do it as if it was an standard x509 certicate.

Any J2EE server provides API and tools to access a client certificate (you'll then have to struggle with drivers and so). Among other things, you'll have to activate CLIENT_CERT (web.xml) authentication for whatever Portlet you're going to develop.

Another use case would be the digital sign, in this case you'll have to implement (or use an existing) applet or activeX which can access client cert to sign any document with it.

This is one of the things I'd like to develop for Liferay, but perhaps I wouldn't afford it until few months.

This is my 100th post, so i'll try to make it as bright as i can!!

I've to say that i've implemented it (digital sign login) with Liferay 5.2.1 and EXT enviroment, using Spanish national ID (DNIe).

My 'old' scenario:

• Liferay 5.2.1, EXT enviroment
• Custom Authentication System in another database
• Spanish Digital Sign Validation Platform (named '@-firma'), based on web services

I have achieved the "digital-sign login", using the javascript client of '@-firma' (to access to user's digital certificate), and overriding Liferay LoginUtil to use my validation system.

But now, i'm moving to plugins enviroment in 5.2.3, and i'm finding "problems" with the same scenario, changing EXT for plugins enviroment.

First of all, i'm using screen-name validation to use the Spanish ID, and skipping Liferay auth pipeline with (auth.pipeline.enable.liferay.check=false) too. So i'm delegating auth pipeline in my own classes (defined in auth.pipeline.pre).

Next one, i'm using the '@-firma' Platform to validate the certificate, and it returns an XML with the information inside the certificate: Certification Entity, ID, Name, IsValid, etc. (First authenticator)

If it returns 'SUCCESS', I validate the user-password sent against my custom authentication system (CAS). (Second authenticator)

Finished the authenticators, I delegate to login process. But, maybe i'm wrong, login process always needs the inputs 'user-password' to check if user-input exists in liferay USER_ table. And here is my problem: I don't know how to override those input values, because Authenticator classes in 'auth.pipeline.pre' have not access to httprequest, only a parameter Map, so is not possible (maybe i don't know how to do it) to modify parameters sent to LoginUtil class (inside portal-impl.jar).

I exposed my CAS system in this post

My aim is to send the XML values returned by digital certificate to next Authenticator, and finally to LoginUtil class.

I hope this post will help (to me, to the community,...)

Many thanks!

Does anybody know how to do it?? Suggestions are accepted...

Well, i can say that i got it working... BUT...

How can i override input parameters sent by submit??

The process is this:

1. I get the UserID reading the certificate at client side, via applet
2. nsice my Custom Auth System (CAS), I send a request to DigitalSign Platform, to validate the certificate.
3. It returns a XML with certificate's information. My CAS parses it to get values.
4. Again in my CAS, the screenname sent by login inputs is empty (the user only uses his/her certificate), so, when it reaches Liferay's Class AuthPipeline._authenticate(String[], long, String, String, String, Map<String,String[]>, Map<String,String[]>) line: 154 the screenName param is empty, and i cannot override it with XML's values.

How could i do that?

All I can think about doing it is to make an AJAX request to the DigitalSign platform, and override the input value with that response BEFORE submitting form.
I'll post my results later

Well, that's it! I've achieved!!

I call the DigitalSign Platform via AJAX before the submit proccess, so i can get the values returned by the Platform. So, the input sent to Login Portlet (Login Hook in my case) is the ID authenticated by the DigitalSign Platform, telling me if the certificate is valid or not.

So i can say that my CAS is totally finished!

Thanks everybody!

hi !
i use liferay 6.0.5 and i implement digital signature set to edocs on resources in liferay !
help me, PLZ.