Forums

Home » Liferay Portal » English » 2. Using Liferay » General »

RSS (Opens New Window)

Combination View Flat View Tree View
Threads [ Previous | Next ]
toggle
Liferay with OpenSSO Authentication Phuc Minh Bui February 27, 2009 9:21 PM
RE: Liferay with OpenSSO Authentication Phuc Minh Bui March 1, 2009 7:45 AM
RE: Liferay with OpenSSO Authentication Phuc Minh Bui March 2, 2009 2:56 AM
RE: Liferay with OpenSSO Authentication Phuc Minh Bui March 2, 2009 8:22 AM
RE: Liferay with OpenSSO Authentication Prashant Dighe March 3, 2009 12:28 PM
RE: Liferay with OpenSSO Authentication Phuc Minh Bui March 4, 2009 2:06 AM
RE: Liferay with OpenSSO Authentication Prashant Dighe March 4, 2009 12:59 PM
RE: Liferay with OpenSSO Authentication Phuc Minh Bui March 4, 2009 10:43 PM
RE: Liferay with OpenSSO Authentication Phuc Minh Bui March 5, 2009 7:14 AM
RE: Liferay with OpenSSO Authentication None None March 16, 2009 10:10 AM
RE: Liferay with OpenSSO Authentication Phuc Minh Bui March 5, 2009 7:57 AM
RE: Liferay with OpenSSO Authentication Prashant Dighe March 6, 2009 5:48 PM
RE: Liferay with OpenSSO Authentication Phuc Minh Bui March 12, 2009 9:41 AM
RE: Liferay with OpenSSO Authentication Prashant Dighe March 12, 2009 11:03 AM
RE: Liferay with OpenSSO Authentication Phuc Minh Bui March 13, 2009 1:10 AM
RE: Liferay with OpenSSO Authentication Phuc Minh Bui March 13, 2009 2:20 AM
RE: Liferay with OpenSSO Authentication Prashant Dighe March 14, 2009 2:16 PM
RE: Liferay with OpenSSO Authentication Prashant Dighe March 14, 2009 2:11 PM
RE: Liferay with OpenSSO Authentication Zoltan Etedi March 16, 2009 2:58 AM
RE: Liferay with OpenSSO Authentication Phuc Minh Bui March 16, 2009 4:15 AM
RE: Liferay with OpenSSO Authentication Zoltan Etedi March 16, 2009 10:04 AM
RE: Liferay with OpenSSO Authentication Prashant Dighe March 16, 2009 2:15 PM
RE: Liferay with OpenSSO Authentication ankit yakkundi September 22, 2010 6:23 AM
RE: Liferay with OpenSSO Authentication Anusha Isaacraj January 18, 2011 5:05 AM
RE: Liferay with OpenSSO Authentication VASVKumar Mukku February 16, 2011 2:18 AM
RE: Liferay with OpenSSO Authentication nikhil kshirsagar May 9, 2011 2:32 AM
RE: Liferay with OpenSSO Authentication Venkat N February 14, 2012 8:36 AM
RE: Liferay with OpenSSO Authentication Phuc Minh Bui March 16, 2009 8:29 PM
RE: Liferay with OpenSSO Authentication None None March 17, 2009 3:58 AM
RE: Liferay with OpenSSO Authentication Zoltan Etedi March 17, 2009 4:18 AM
RE: Liferay with OpenSSO Authentication Phuc Minh Bui March 15, 2009 7:52 AM
RE: Liferay with OpenSSO Authentication Phuc Minh Bui March 15, 2009 8:16 AM
OpenSSO redirect last visited page after login again Srinath A June 16, 2009 4:26 AM
RE: Liferay with OpenSSO Authentication Antonio Nuño August 27, 2009 10:44 PM
RE: Liferay with OpenSSO Authentication Lisa Simpson October 30, 2009 10:38 AM
RE: Liferay with OpenSSO Authentication Ciccio Pasticcio November 11, 2009 2:06 AM
RE: Liferay with OpenSSO Authentication None None February 17, 2010 8:22 PM
RE: Liferay with OpenSSO Authentication Madhu Yadav February 21, 2010 2:36 AM
RE: Liferay with OpenSSO Authentication Steve Banks August 16, 2010 8:23 AM
RE: Liferay with OpenSSO Authentication Bruno Vernay February 16, 2011 6:58 AM
Phuc Minh Bui
Liferay with OpenSSO Authentication
February 27, 2009 9:21 PM
Answer

Phuc Minh Bui

Rank: Junior Member

Posts: 83

Join Date: February 2, 2009

Recent Posts

Dear all,
I want to configure Liferay with OpenSSO Authentication.
As I read in liferay-administrator-guide,

You can set up OpenSSO on the same server as Liferay or a different box. Follow
the instructions at the OpenSSO site (http:// opensso.dev.java.net ) to install OpenSSO.
Once you have it installed, create the Liferay administrative user in it. Users are
mapped back and forth by screen names. By default, the Liferay administrative user
has a screen name of test, so in OpenSSO, you would register the user with the ID of
test and an email address of test@ liferay.com. Once you have the user set up, log in to
Open SSO using this user.

In the same browser window, go to the URL for your server running Liferay and
log in as the same user, using the email address test@liferay.com. Go to the Enterprise
Admin portlet and the Settings -> Authentication -> OpenSSO tabs. Modify the three URL
fields (Login URL, Logout URL, and Service URL) so that they point to your OpenSSO
server (i.e., only modify the host name portion of the URLs), click the Enabled check
box, and then click Save. Liferay will then redirect users to OpenSSO when they click
the Sign In link.

I have followed it but nothing happened ???

Here is my configuration
LoginURL: http://localhost:8080/opensso/UI/Login?goto=http://localhost:18080/c/portal/login
LogoutURL: http://localhost:8080/opensso/UI/Logout?goto=http://localhost:18080/web/guest/home
ServiceURL: http://localhost:8080/opensso

My SSO run on localhost, port 8080 with Glassfish server
My Liferay is on localhost, port 18080 with Tomcat server

When I logged in OpenSSO, I have to login again in Liferay, and to the contrary.
I can not login Liferay with OpenSSO's account and to the contrary.

May I get mistakes, or I misunderstand anything ???

Thanks,

Phuc Bui
Flag
Phuc Minh Bui
RE: Liferay with OpenSSO Authentication
March 1, 2009 7:45 AM
Answer

Phuc Minh Bui

Rank: Junior Member

Posts: 83

Join Date: February 2, 2009

Recent Posts

Dear all,
Please help me !!!
Give me some clues, point to some errors !!!
I've try a lot, follow a lot instructions, but nothing becomes better emoticon

Thanks

Phuc Bui
Flag
Phuc Minh Bui
RE: Liferay with OpenSSO Authentication
March 2, 2009 2:56 AM
Answer

Phuc Minh Bui

Rank: Junior Member

Posts: 83

Join Date: February 2, 2009

Recent Posts

Dear all,
I have got new problem !!!
Now, when I log out, I'm redirect to OpenSSO's page. But it's notified me Authentication Exception due to incorrect handler

How can I solve it ???

Thanks

Phuc Bui
Flag
Phuc Minh Bui
RE: Liferay with OpenSSO Authentication
March 2, 2009 8:22 AM
Answer

Phuc Minh Bui

Rank: Junior Member

Posts: 83

Join Date: February 2, 2009

Recent Posts

Hi all,
When i was searching on internet, I found some link that is said to be able to solve my problem, but some of them are not available. emoticon
I have add new OpenSSO, called joebloggs (as id), with email test@liferay.com
Then log in OpenSSO with that account.
Then log in Liferay and configure like that
LoginURL: http://localhost:8080/opensso/UI/Login?goto=http://localhost:18080/c/portal/login
LogoutURL: http://localhost:8080/opensso/UI/Logout?goto=http://localhost:18080/web/guest/home
ServiceURL: http://localhost:8080/opensso

When I logged out Liferay, it also logged out OpenSSO.

Then I logged in OpenSSO again and restart Liferay, it notified that at beginning


Do I make any mistake or I have to fix anything else in Lifferay source code ???

Looking forward to your help

Thanks

Phuc Bui
Flag
Prashant Dighe
RE: Liferay with OpenSSO Authentication
March 3, 2009 12:28 PM
Answer

Prashant Dighe

Rank: New Member

Posts: 18

Join Date: December 20, 2007

Recent Posts

You have opensso on GF and Liferay on tomcat. So you may want to check this out,
http://www.liferay.com/web/prashant/blog/-/blogs/opensso-integration-on-tomcat-6-0-18
Flag
Phuc Minh Bui
RE: Liferay with OpenSSO Authentication
March 4, 2009 2:06 AM
Answer

Phuc Minh Bui

Rank: Junior Member

Posts: 83

Join Date: February 2, 2009

Recent Posts

Hi, Prashant Dighe,
Thanks for your reply, but I have look in that link, and followed it. But there no improvement emoticon
I get stuck here emoticon(

@all
Do you have any experience on it, plz help me.

Thanks
Phuc Bui
Flag
Prashant Dighe
RE: Liferay with OpenSSO Authentication
March 4, 2009 12:59 PM
Answer

Prashant Dighe

Rank: New Member

Posts: 18

Join Date: December 20, 2007

Recent Posts

First, what tomcat version are you using?
Second, have you installed opensso 8.0 release?
Third, can you try with opensso and Liferay on the same sever, say tomcat but tomcat version must be 6.0.18 otherwise opensso does not work. This will eliminate cookie encoding issues, if any.

Then a few things you have to make sure. Create a few new users in opensso and make sure you define first name, last name, full name. Then make sure you also define the email for the user after the user gets created. This is a bit usability issue that one can not define email for the user during user creation, so remember to specify the email.
Then login to opensso as this new user and make sure all attrs show up correctly on the opensso console page.
Then try login to Liferay.

Do not try to login as amadmin to Liferay because that is a special opensso user and will not work with Liferay. But I saw your earlier message that you created a test@liferay.com user which is good. Make sure that this user has first name last name as test.

Let me know further if things do not work and we will help you out.
Flag
Phuc Minh Bui
RE: Liferay with OpenSSO Authentication
March 4, 2009 10:43 PM
Answer

Phuc Minh Bui

Rank: Junior Member

Posts: 83

Join Date: February 2, 2009

Recent Posts

Thanks for your help.
can you try with opensso and Liferay on the same sever

Earlier, I have tried OpenSSO and Liferay on the same tomcat server 6.0.5, but I can not log in OpenSSO emoticon. So I have to use 2 servers.
But I'm trying 6.0.18 as you say now emoticon
But I have a query, Liferay just have tomcat bundle 6.0.5. So If I want to use OpenSSO and Liferay on the same server tomcat 6.0.18. I have to create a bundle by myself, right ?

Thanks again.

Phuc Bui
Flag
Phuc Minh Bui
RE: Liferay with OpenSSO Authentication
March 5, 2009 7:14 AM
Answer

Phuc Minh Bui

Rank: Junior Member

Posts: 83

Join Date: February 2, 2009

Recent Posts

Poor me !!!
I cannot use OpenSSO on Tomcat 6.0.18 now emoticon
After logged in OpenSSO, any link I clicked led me to this error.
Redirect Loop
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
The browser has stopped trying to retrieve the requested item. The site is redirecting the request in a way that will never complete.

* Have you disabled or blocked cookies required by this site?
* NOTE: If accepting the site's cookies does not resolve the problem, it is likely a server configuration issue and not your computer.


I cannot start Tomcat (extract from zip file) by run startup.bat, I have to run bootstrap.jar instead
I also try Tomcat (by installation), then I can not deploy and start the Liferay (.war file)

Many error happened. So what's the reason???
I'm using JDK update 4

Thanks

Phuc Bui
Flag
Phuc Minh Bui
RE: Liferay with OpenSSO Authentication
March 5, 2009 7:57 AM
Answer

Phuc Minh Bui

Rank: Junior Member

Posts: 83

Join Date: February 2, 2009

Recent Posts

After I deployed Liferay to Tomcat 6.0.18, I put the openSSO.war into webapps, then start server.
But it did not deploy my openSSO.war --> why.
I tried other application but none app was deploy ???
Why ???

Thanks

Phuc Bui
Flag
Prashant Dighe
RE: Liferay with OpenSSO Authentication
March 6, 2009 5:48 PM
Answer

Prashant Dighe

Rank: New Member

Posts: 18

Join Date: December 20, 2007

Recent Posts

Does tomcat deploy other webapps after removing opensso.war?
If tomcat is not deploying any webapps, then perhaps your tomcat install has a problem, right?
Flag
Phuc Minh Bui
RE: Liferay with OpenSSO Authentication
March 12, 2009 9:41 AM
Answer

Phuc Minh Bui

Rank: Junior Member

Posts: 83

Join Date: February 2, 2009

Recent Posts

Dear Prashant Dighe,
I finally managed to integrate Liferay and OpenSSO (Liferay 5.2.2, Tomcat 6.0.18, OpenSSO Enterprise 8.0, and followed your instruction here http://www.liferay.com/web/prashant/blog/-/blogs/opensso-integration-on-tomcat-6-0-18), but I still got problem Redirect Loop emoticon
When I browse Liferay portal, I was redirected to OpenSSO login page, then I logged in. It notified Redirect Loop error immediately.
If I logged out OpenSSO, then refresh Liferay page, it required login again emoticon

That is my problem, can you show me how to solve it emoticon

Thanks in advance
Looking forward to your reply

Phuc Bui
Flag
Prashant Dighe
RE: Liferay with OpenSSO Authentication
March 12, 2009 11:03 AM
Answer

Prashant Dighe

Rank: New Member

Posts: 18

Join Date: December 20, 2007

Recent Posts

Did you clear all your old browser cookies?
Which browser are you using?
Hope you are not using amadmin user for Liferay, that will not work.

Try this,
1. access opensso login page from your browser, http://osso-host:port/opensso/UI/Login
2. login as an end user created in osso
3. you should see the user profile page of osso
4. change url to http://osso-host:port/opensso/identity/isTokenValid

What do you see in the browser after step 4?
Flag
Phuc Minh Bui
RE: Liferay with OpenSSO Authentication
March 13, 2009 1:10 AM
Answer

Phuc Minh Bui

Rank: Junior Member

Posts: 83

Join Date: February 2, 2009

Recent Posts

It's kidding emoticon, after a night, it worked emoticon
Everything is now ok.
If I logged in OpenSSO as bruno (Liferay's admin), then I browse Liferay's page (http://localhost:8080/web/guest), I was authorized as Bruno. --> OK
If I browse LR's pages without log in OSSO first, I was asked to login (by OpenSSO's login page) --> OK

But I have a query, how can I browse LR's page as Guest ????
According to above result, I can not browse LR's page as Guest, I have to have an account in OpenSSO and LR to access???

Thanks for your reply

Phuc Bui
Flag
Phuc Minh Bui
RE: Liferay with OpenSSO Authentication
March 13, 2009 2:20 AM
Answer

Phuc Minh Bui

Rank: Junior Member

Posts: 83

Join Date: February 2, 2009

Recent Posts

Dear Prashant Dighe,
I have one more question:
It's okay if I use available account (such as bruno in LR 5.2.2 or test in LR 5.1.2).
But how can I register an account myself (not created by admin) ???
Because I have to log in as admin (or available account) to access LR, and when i log out, I'm redirect to OpenSSO's login page. So I do not know how to register my account ???

Looking forward to your help

Thanks

Phuc Bui
Flag
Prashant Dighe
RE: Liferay with OpenSSO Authentication
March 14, 2009 2:11 PM
Answer

Prashant Dighe

Rank: New Member

Posts: 18

Join Date: December 20, 2007

Recent Posts

The OpenSSO filter in web.xml protects guest pages using mapping /web/*. If you remove this mapping then it will allow guest pages.
Although this has a side effect that if you logout at OpenSSO and then navigate to LR guest page, it may show the user as still logged in, in the drop down dock, since the session at Liferay is still valid. Logout at LR will be fine and will perform single logout to OpenSSO. You still can NOT browse the private pages so that's not a security issue but to fix this, you will need to modify the OpenSSO filter such that the session is invalidated w/o a redirect.
Flag
Prashant Dighe
RE: Liferay with OpenSSO Authentication
March 14, 2009 2:16 PM
Answer

Prashant Dighe

Rank: New Member

Posts: 18

Join Date: December 20, 2007

Recent Posts

Once you have configured OpenSSO auth, all the user management is done from OpenSSO. If you create a new user in OpenSSO, then the user is imported into Liferay at the time of login.
So to create a new account, create a new user in OpenSSO, but make sure you have specified all the mapped attribute values correctly at opensso (especially email).
Flag
Phuc Minh Bui
RE: Liferay with OpenSSO Authentication
March 15, 2009 7:52 AM
Answer

Phuc Minh Bui

Rank: Junior Member

Posts: 83

Join Date: February 2, 2009

Recent Posts

Prashant Dighe:
Did you clear all your old browser cookies?
Which browser are you using?
Hope you are not using amadmin user for Liferay, that will not work.

Try this,
1. access opensso login page from your browser, http://osso-host:port/opensso/UI/Login
2. login as an end user created in osso
3. you should see the user profile page of osso
4. change url to http://osso-host:port/opensso/identity/isTokenValid

What do you see in the browser after step 4?

Dear Prashant Dighe,
It kids me again, now I get above problem again emoticon
I'm using Firefox 3.0
After step 4, browser display only this line
boolean=true
I have cleared cookies many times and changed many browsers (Opera, Chrome, IE, Safari)
But nothing became better emoticon

Earlier, I did not know the reason why everything was okay, and now I do the same, and still do not know the reason why the problem happens ???

Help me again please
Looking forward to your reply emoticon

Phuc Bui
Flag
Phuc Minh Bui
RE: Liferay with OpenSSO Authentication
March 15, 2009 8:16 AM
Answer

Phuc Minh Bui

Rank: Junior Member

Posts: 83

Join Date: February 2, 2009

Recent Posts

Dear all,
Sorry about my silly question emoticon
I finally found the problem.
Clear cookies of the browser is useless. I have to delete the folder Cookies in USER_HOME_DIRECTORY, which I've found by chance, right after giving previous question emoticon.
So happy to find out the root of problem.

I think everything is now really okay emoticon

Cheers,
Phuc Bui
Flag
Zoltan Etedi
RE: Liferay with OpenSSO Authentication
March 16, 2009 2:58 AM
Answer

Zoltan Etedi

Rank: New Member

Posts: 4

Join Date: March 13, 2009

Recent Posts

Hi Phuc Bui,

Could you please describe the solution to the endless loop problem? I have the same issue (I get into an endless loop after opensso login), and I'm a bit lost here, I'd be very grateful for any help.

Thank you!
Zolie
Flag
Phuc Minh Bui
RE: Liferay with OpenSSO Authentication
March 16, 2009 4:15 AM
Answer

Phuc Minh Bui

Rank: Junior Member

Posts: 83

Join Date: February 2, 2009

Recent Posts

Hi Zolie,
As I said
Clear cookies of the browser is useless. I have to delete the folder Cookies in USER_HOME_DIRECTOR

I'm using Windows Vista, so I found it in my_account_directory, or you can find it in C:\Document and settings\your_account_name in WinXP.
The Cookies directory is hidden (as I remember), so you should show hidden files. But I do not know which program created it emoticon
But before you consider that, you should make sure that you are using Tomcat 6.0.18, as Mr Prashant Dighe has emphasised.

Although this has a side effect that if you logout at OpenSSO and then navigate to LR guest page, it may show the user as still logged in, in the drop down dock, since the session at Liferay is still valid. Logout at LR will be fine and will perform single logout to OpenSSO. You still can NOT browse the private pages so that's not a security issue but to fix this, you will need to modify the OpenSSO filter such that the session is invalidated w/o a redirect.

I think the problem is caused by using Sign In portlet. So my solution is disabling this portlet. So users have to sign in by the link on the Dock, then they will be redirected to OpenSSO's login page. i have tried, and it's okay emoticon

Cheers,
Phuc Bui
Flag
None None
RE: Liferay with OpenSSO Authentication
March 16, 2009 10:10 AM
Answer

None None

Rank: New Member

Posts: 21

Join Date: February 19, 2009

Recent Posts

Note to anyone running into the same problem:

Currently Liferay 5.2.2 and tomcat 6.0.18 bundle is available at the Liferay website. emoticon
Flag
Zoltan Etedi
RE: Liferay with OpenSSO Authentication
March 16, 2009 10:04 AM
Answer

Zoltan Etedi

Rank: New Member

Posts: 4

Join Date: March 13, 2009

Recent Posts

Hi,

Thank you for your help.

However I still get the same error:

Liferay 5.5 bundled with Tomcat 6.0.18 running on my machine, OpenSSO on Weblogic 10.x. running on a server.
I delete sevencogs application from Tomcat webapps directory (this way the admin user becomes joebloggs).
I set the Cookie Encode Value property to yes in OpenSSO.
I log in with joebloggs in OpenSSO (mail and uid is the same as in Liferay, test@liferay.com and id=joebloggs,ou=user,dc=opensso,dc=java,dc=net).
In the same window I log into Liferay with test@liferay.com/test.
I set Login URL=http://openssohost:port/opensso/UI/Login?goto=http://localhost:port/c/portal/login, Logout URL=http://openssohost:port/opensso/UI/Logout?goto=http://localhost:port/portal/, Service URL=http://openssohost:port/opensso and enable OpenSSO.
I get redirected to OpenSSO login page, login there with joebloggs, then a redirect loop happens.
I close all browser windows, delete all cookies from browser and USER_COOKIE_DIRECTORY.
I try to access Liferay, got redirected to OpenSSO login page, I log in with joebloggs, and the redirect loop still can be seen.

The http://openssohost:port/opensso/identity/isTokenValid shows boolean=true.

Do you see what I did wrong?

Thank you very much!
Zolie
Flag
Prashant Dighe
RE: Liferay with OpenSSO Authentication
March 16, 2009 2:15 PM
Answer

Prashant Dighe

Rank: New Member

Posts: 18

Join Date: December 20, 2007

Recent Posts

You can ask this question about how to set the cookie encoding on weblogic-tomcat combo on OpenSSO mailing list,
users@opensso.dev.java.net

You can also look at this page which has information on IRC channel for OpenSSO
https://opensso.dev.java.net/public/improve/discussions.html
Flag
Phuc Minh Bui
RE: Liferay with OpenSSO Authentication
March 16, 2009 8:29 PM
Answer

Phuc Minh Bui

Rank: Junior Member

Posts: 83

Join Date: February 2, 2009

Recent Posts

Liferay 5.5 bundled with Tomcat 6.0.18 running on my machine, OpenSSO on Weblogic 10.x. running on a server.

Can you try OpenSSO and Liferay on the same Tomcat 6.0.18. (copy opensso.war into webapps directory of Liferay Tomcat bundle)
I did it, and it works.
Earlier, I have tried OpenSSO on glassfish, but some errors happened.
So you should try to use Tomcat for both.
Note: Let's try the newest Liferay Tomcat Bundle 5.2.2-6,0, that is available on Lifeary emoticon

Phuc Bui
Flag
None None
RE: Liferay with OpenSSO Authentication
March 17, 2009 3:58 AM
Answer

None None

Rank: New Member

Posts: 21

Join Date: February 19, 2009

Recent Posts

Phuc Minh Bui:

Can you try OpenSSO and Liferay on the same Tomcat 6.0.18. (copy opensso.war into webapps directory of Liferay Tomcat bundle)
I did it, and it works.

Phuc Minh Bui:

Note: Let's try the newest Liferay Tomcat Bundle 5.2.2-6,0, that is available on Lifeary emoticon


I second that because Liferay 5.2.2 and OpenSSO 8 on Tomcat 6.0.18 worked for me too.

A few things to keep in mind:
  • Directly delete any liferay- or opensso-related cookies in the Cookie folder
  • Set OpenSSO's Encode Cookies to true
Flag
Zoltan Etedi
RE: Liferay with OpenSSO Authentication
March 17, 2009 4:18 AM
Answer

Zoltan Etedi

Rank: New Member

Posts: 4

Join Date: March 13, 2009

Recent Posts

Hi guys!

I'm very grateful for your contributions!

Finally it works for me also, the problem I had was that OpenSSO was running on a machine which had a different domain (it's SERVER_URL parameter was set up to the IP address). I reconfigured OpenSSO so that it's SERVER_URL parameter to be the FQDN of the server it runs on, cleared the cookies, and emoticon

Thank you very much!

Zolie
Flag
Srinath A
OpenSSO redirect last visited page after login again
June 16, 2009 4:26 AM
Answer

Srinath A

Rank: New Member

Posts: 22

Join Date: June 6, 2009

Recent Posts

How can we return user to the page he originated from so that he remains localized to the organization he is associated with.


I integrated OpenSSO with Liferay 5.2

When session expires the page is redirecting to

http://opensso.example.com:8080/opensso/UI/Login?goto=http://portal.example.com:8080/c/portal/login (Login Page)

and after login it should redirect to the url where it expired ie.

http://portal.example.com:8080/group/all/vehicle

This is not working with OpenSSO in Liferay !!

how can we achieve this in Liferay when integrated with OpenSSO ??

thanks !!
Flag
Antonio Nuño
RE: Liferay with OpenSSO Authentication
August 27, 2009 10:44 PM
Answer

Antonio Nuño

Rank: New Member

Posts: 17

Join Date: November 30, 2007

Recent Posts

Hello everyone,

I have integrated liferay with opensso successfully using localhost as the FQDN but now I want to use different virtual hosts for different communities, for example community1.com and community2.com. Does someone know how to configure this kind of cross domain sso?

Thanks
Flag
Lisa Simpson
RE: Liferay with OpenSSO Authentication
October 30, 2009 10:38 AM
Answer

Lisa Simpson

Rank: Liferay Legend

Posts: 2034

Join Date: March 5, 2009

Recent Posts

I know that you can do it with CAS but I'm not sure about OpenSSO. You might take a look at the OpenSSO documetation
Flag
Ciccio Pasticcio
RE: Liferay with OpenSSO Authentication
November 11, 2009 2:06 AM
Answer

Ciccio Pasticcio

Rank: Junior Member

Posts: 39

Join Date: October 22, 2009

Recent Posts

Hi all,
I want to integrate Liferay - Alfresco Client Portlet with openSSO.

I've deployed oSSO in the last liferay tomcat bundle, I follow the sun guide to install oSSO and I can connect to oSSO suceffully via the URL "tria.locale.it:8080/opensso
I've started with Liferay - openSSO, but there's some problems...

my configuration in Liferay is the follow:


Login URL: http://tria.locale.it:8080/opensso/UI/Login?goto=http://localhost:8080/c/portal/login
Logout URL: http://tria.locale.it:8080/opensso/UI/Logout?goto=http://localhost:8080/web/guest/home
Service URL: http://tria.locale.it:8080/opensso

I loggen in Liferay by Screen Name.

After I created an account in oSSO that respect the credentials in Liferay:

so in Liferay is:

Screen name: admin
First name: admin
Last name: admin
email: admin@alfresco.com


and oSSo is:

First Name: admin
Required Field Last Name: admin
Required Field Full Name: admin
Email Address: admin@alfresco.com
Universal ID: id=admin,ou=user,dc=opensso,dc=java,dc=net


I enable the cookies in oSSO, how explain this guide

And so I test it, but firefox show this error:

The page isn't redirecting properly

Firefox has detected that the server is redirecting the request for this address in a way that will never complete

* This problem can sometimes be caused by disabling or refusing to accept
cookies.


And in the tomcat log I see this warning:
Nov 11, 2009 9:49:52 AM org.apache.tomcat.util.http.Parameters processParameters
WARNING: Parameters: Invalid chunk ignored.


CAN YOU HELP ME PLEASE?
THANKS
Flag
None None
RE: Liferay with OpenSSO Authentication
February 17, 2010 8:22 PM
Answer

None None

Rank: New Member

Posts: 21

Join Date: February 19, 2009

Recent Posts

I know this answer comes late, but as suggestion, check out Wireshark (wireshark.org) and if using FireFox or Internet Explorer Live HTTP Headers or Fiddler for some tools on debugging the integration issue between Liferay and OpenSSO.

For example, start capturing packets in WireShark and use the following filter:

( ip.src == [ip address of liferay server] ) || ( ip.dst == [ip address of liferay server] )

Then try to login and see why the redirect is happening. Also, might want to turn on Debugging on the OpenSSO side and the Directory Server access logs to trace the user authentication in OpenSSO and why it fails.

Hopefully you've solved it by now. ;)
Flag
Madhu Yadav
RE: Liferay with OpenSSO Authentication
February 21, 2010 2:36 AM
Answer

Madhu Yadav

Rank: Regular Member

Posts: 117

Join Date: January 23, 2009

Recent Posts

The Firefox redirect loop issue has been mentioned many a times here. It has been filed as a bug here along with the solution.
Code "sb.append(cookieValue);" in OpenSSOUtil.java (in portal-impl.jar) is our problem. It should look like this: sb.append("\"" + cookieValue + "\"");
Flag
Steve Banks
RE: Liferay with OpenSSO Authentication
August 16, 2010 8:23 AM
Answer

Steve Banks

Rank: New Member

Posts: 6

Join Date: December 2, 2009

Recent Posts

See my blog post on integrating OpenSSO/OpenAM with Liferay 5.2 on Tomcat.
Flag
ankit yakkundi
RE: Liferay with OpenSSO Authentication
September 22, 2010 6:23 AM
Answer

ankit yakkundi

Rank: Regular Member

Posts: 221

Join Date: March 4, 2010

Recent Posts

hi..
I am using liferay 5.2.3.I have deployed opensso war file in the same tomcat of liferay.I have a doubt ie when i login through opensso,it redirects me to liferay page.should i login again or not.It asks me to re-login.But when i logout it redirects me to opensso page,which i think is fine.

I have referred the following links:-
http://www.objectpartners.com/2010/08/16/integrating-opensso-openam-with-liferay-portal-on-tomcat/
http://www.liferay.com/web/guest/community/wiki/-/wiki/Main/OpenSSO+Integration

I am attaching some files for your reference ie:
server.xml
portal-ext.xml

Any suggestions are welcome.
Thanks in advance..
Attachments: portal-ext.properties (0.8k), server.xml (6.6k)
Flag
Anusha Isaacraj
RE: Liferay with OpenSSO Authentication
January 18, 2011 5:05 AM
Answer

Anusha Isaacraj

Rank: New Member

Posts: 2

Join Date: December 12, 2010

Recent Posts

Hi,

How to invalidate the sessions in Opensso, if the browser is closed?
Thanks in advance
Flag
Bruno Vernay
RE: Liferay with OpenSSO Authentication
February 16, 2011 6:58 AM
Answer

Bruno Vernay

Rank: Junior Member

Posts: 36

Join Date: April 6, 2010

Recent Posts

Using Liferay CE 6.0.5
and OpenAM 9.5.2 RC1 (OpenSSO)
I can on a same test machine use HTTPS and different domains:

I have OpenAM on https://idp.mydomain.com:444/opensso
and Liferay on https://portal.mydomain.com/

It took me a while, but it finally worked with these settings:

In Liferay: the config is :
- Login: https://idp.mydomain.com:444/opensso/UI/Login...
- Logout: https://idp.mydomain.com:444/opensso/UI/Logout...
- Service http://idp.mydomain.com/opensso/

In OpenAM, I set the cookie encoding to true and the cookie to .mydomain.com.

Only the service is not in HTTPS (the user do not see this URL) otherwise I get a

ERROR [OpenSSOAutoLogin:158] java.io.IOException: Cookie names from OpenSSO service are not accessible
java.io.IOException: Cookie names from OpenSSO service are not accessible
        at com.liferay.portal.servlet.filters.sso.opensso.OpenSSOUtil._isAuthenticated(OpenSSOUtil.java:279)


What I don't understand is that, once loged, I can successfully query:
- https://idp.mydomain.com:444/opensso/identity/isTokenValid
- https://idp.mydomain.com:444/opensso/identity/attributes

I also set a certificate for each domain and added them to the JVM cacert, but it didn't change. I would like to know how to put the service in HTTPS also. There is a keystore in the OpenAM config, does it use this certificate ?? should I export it from the OpenAM keystore to the JVM ? from the config, it looks that it is only used in XML Signatures, more likely in SAML token, so I doubt that it is used in SSO scenario with Liferay.
Flag
Anonymous
RE: Liferay with OpenSSO Authentication
February 16, 2011 2:18 AM
Answer

Anonymous

no need to login again,check your console is there any exception is coming.
Flag
nikhil kshirsagar
RE: Liferay with OpenSSO Authentication
May 9, 2011 2:32 AM
Answer

nikhil kshirsagar

Rank: Junior Member

Posts: 27

Join Date: April 28, 2011

Recent Posts

Hi Prashant,

I have some questions regarding the auto login hook defined already in liferay.

I am guessing that this hook is required to bypass liferay authentication after opensso has already authenticated the user. Am I right?

Secondly, can I modify this code to do some additional things that we need to do in our private database for our product? Allign/create users in our internal product db, etc etc.?
Flag
Venkat N
RE: Liferay with OpenSSO Authentication
February 14, 2012 8:36 AM
Answer

Venkat N

Rank: New Member

Posts: 1

Join Date: February 14, 2012

Recent Posts

Hi All,

I need your help.....
I configured opensso and ldap for liferay. I click on Sign In it is redirecting opensso and enter user name and password. it is login to liferay with that user. it is working for enlish, us(default language(en_US)).
If i selected English(Briton(en_Gemoticon) and click on sign_in it redirecting to opensso. After entering user name and password is is not log in to liferay.

I am using liferay 6.0.6 + jboss 5.1 bundle

I configured in liferay -> authenticate -> opensso

open.sso.auth.enabled=true
open.sso.login.url=http://127.0.0.1:8080/opensso/UI/Login?goto=http://127.0.0.1:8080/c/portal/login
open.sso.logout.url=http://127.0.0.1:8080/opensso/UI/Logout?goto=http://127.0.0.1:8080/web/guest/home
open.sso.service.url=http://127.0.0.1:8080/opensso
open.sso.screen.name.attr=uid
open.sso.email.address.attr=mail
open.sso.first.name.attr=cn
open.sso.last.name.attr=sn


And i tried to configured with portal-ext.properties file like :

locales=en_GB
locales=ca_ES
locales=mr_IN
locales=hi_IN
locales=en_US


open.sso.auth.enabled=true
open.sso.login.url=http://127.0.0.1:8080/opensso/UI/Login?goto=http://127.0.0.1:8080/c/portal/login
open.sso.logout.url=http://127.0.0.1:8080/opensso/UI/Logout?goto=http://127.0.0.1:8080/web/guest/home
open.sso.service.url=http://127.0.0.1:8080/opensso
open.sso.screen.name.attr=uid
open.sso.email.address.attr=mail
open.sso.first.name.attr=cn
open.sso.last.name.attr=sn

open.sso.auth.enabled=true
open.sso.login.url=http://127.0.0.1:8080/opensso/UI/Login?goto=http://127.0.0.1:8080/en_GB/c/portal/login
open.sso.logout.url=http://127.0.0.1:8080/opensso/UI/Logout?goto=http://127.0.0.1:8080/en_GB/web/guest/home
open.sso.service.url=http://127.0.0.1:8080/opensso
open.sso.screen.name.attr=uid
open.sso.email.address.attr=mail
open.sso.first.name.attr=cn
open.sso.last.name.attr=sn

open.sso.auth.enabled=true
open.sso.login.url=http://127.0.0.1:8080/opensso/UI/Login?goto=http://127.0.0.1:8080/hi_IN/c/portal/login
open.sso.logout.url=http://127.0.0.1:8080/opensso/UI/Logout?goto=http://127.0.0.1:8080/hi/web/guest/home
open.sso.service.url=http://127.0.0.1:8080/opensso
open.sso.screen.name.attr=uid
open.sso.email.address.attr=mail
open.sso.first.name.attr=cn
open.sso.last.name.attr=sn

If any one know help me ...........plzzzzzzzzzz
Flag