This is my 100th post, so i'll try to make it as bright as i can!! 
I've to say that i've implemented it (digital sign login) with Liferay 5.2.1 and EXT enviroment, using Spanish national ID (DNIe).
My 'old' scenario:
I have achieved the "digital-sign login", using the javascript client of '@-firma' (to access to user's digital certificate), and overriding Liferay LoginUtil to use my validation system.
But now, i'm moving to plugins enviroment in 5.2.3, and i'm finding "problems" with the same scenario, changing EXT for plugins enviroment.
First of all, i'm using screen-name validation to use the Spanish ID, and skipping Liferay auth pipeline with (auth.pipeline.enable.liferay.check=false) too. So i'm delegating auth pipeline in my own classes (defined in auth.pipeline.pre).
Next one, i'm using the '@-firma' Platform to validate the certificate, and it returns an XML with the information inside the certificate: Certification Entity, ID, Name, IsValid, etc. (First authenticator)
If it returns 'SUCCESS', I validate the user-password sent against my custom authentication system (CAS). (Second authenticator)
Finished the authenticators, I delegate to login process. But, maybe i'm wrong, login process always needs the inputs 'user-password' to check if user-input exists in liferay USER_ table. And here is my problem: I don't know how to override those input values, because Authenticator classes in 'auth.pipeline.pre' have not access to httprequest, only a parameter Map, so is not possible (maybe i don't know how to do it) to modify parameters sent to LoginUtil class (inside portal-impl.jar).
I exposed my CAS system in this post
My aim is to send the XML values returned by digital certificate to next Authenticator, and finally to LoginUtil class.
I hope this post will help (to me, to the community,...)
Many thanks!
I've to say that i've implemented it (digital sign login) with Liferay 5.2.1 and EXT enviroment, using Spanish national ID (DNIe).
My 'old' scenario:
- Liferay 5.2.1, EXT enviroment
- Custom Authentication System in another database
- Spanish Digital Sign Validation Platform (named '@-firma'), based on web services
I have achieved the "digital-sign login", using the javascript client of '@-firma' (to access to user's digital certificate), and overriding Liferay LoginUtil to use my validation system.
But now, i'm moving to plugins enviroment in 5.2.3, and i'm finding "problems" with the same scenario, changing EXT for plugins enviroment.
First of all, i'm using screen-name validation to use the Spanish ID, and skipping Liferay auth pipeline with (auth.pipeline.enable.liferay.check=false) too. So i'm delegating auth pipeline in my own classes (defined in auth.pipeline.pre).
Next one, i'm using the '@-firma' Platform to validate the certificate, and it returns an XML with the information inside the certificate: Certification Entity, ID, Name, IsValid, etc. (First authenticator)
If it returns 'SUCCESS', I validate the user-password sent against my custom authentication system (CAS). (Second authenticator)
Finished the authenticators, I delegate to login process. But, maybe i'm wrong, login process always needs the inputs 'user-password' to check if user-input exists in liferay USER_ table. And here is my problem: I don't know how to override those input values, because Authenticator classes in 'auth.pipeline.pre' have not access to httprequest, only a parameter Map, so is not possible (maybe i don't know how to do it) to modify parameters sent to LoginUtil class (inside portal-impl.jar).
I exposed my CAS system in this post
My aim is to send the XML values returned by digital certificate to next Authenticator, and finally to LoginUtil class.
I hope this post will help (to me, to the community,...)
Many thanks!
Well, that's it! I've achieved!!
I call the DigitalSign Platform via AJAX before the submit proccess, so i can get the values returned by the Platform. So, the input sent to Login Portlet (Login Hook in my case) is the ID authenticated by the DigitalSign Platform, telling me if the certificate is valid or not.
So i can say that my CAS is totally finished!
Thanks everybody!
I call the DigitalSign Platform via AJAX before the submit proccess, so i can get the values returned by the Platform. So, the input sent to Login Portlet (Login Hook in my case) is the ID authenticated by the DigitalSign Platform, telling me if the certificate is valid or not.
So i can say that my CAS is totally finished!
Thanks everybody!