Combination View Flat View Tree View
Threads [ Previous | Next ]
Jone Lura
Login and redirections
November 24, 2011 3:35 AM
Answer

Jone Lura

Rank: New Member

Posts: 6

Join Date: August 10, 2011

Recent Posts

Hi,

I have set up a liferay portal accessed by http://my.domain.com

Then I need to secure the login, so I have created a new login page at http://my.domain.com/web/guest/login

Since I do not have a SSL sertificate on my.domain.com, I would like to redirect the authentication to a secured url.

So in the apache http, I have modified a Virtual Host to redirect /web/guest/login to the jetty instance running the liferay portal

ProxyPass http://192.168.1.1:8080/web/guest/login
Allow from all

Then I modified the portal-ext.properties
auth.login.url=https://secure.domain.com/web/guest/login

So far so good.

When I click on the sign in, I get redirected to the secured login page. However, I would like to get back to the original http://my.domain.com after I have authenticated successfully and still be signed in.

Best regards

Jone
Samir Gami
RE: Login and redirections
November 24, 2011 3:47 AM
Answer

Samir Gami

Rank: Regular Member

Posts: 162

Join Date: February 3, 2011

Recent Posts

Liferay provide the secure login, only for login it will use HTTPS,

Please check below property in portal.properties
1
2    #
3    # Set this to true to ensure users login with https. If this is set to true
4    # and you want your HTTP session to contain your credentials after logging
5    # in, then the property "session.enable.phishing.protection" must be set to
6    # false or your credentials will only be available in the HTTPS session.
7    #
8    [b]company.security.auth.requires.https=true[/b]
Jone Lura
RE: Login and redirections
November 24, 2011 4:25 AM
Answer

Jone Lura

Rank: New Member

Posts: 6

Join Date: August 10, 2011

Recent Posts

Hi,

Thank you for your suggestion emoticon

This would be sufficient, if I had a valid certificate for my.domain.com, and these settings would switch to https just for the authentication.

http://my.domain.com (which is the correct domain, but we do not have a certificate for this domain)

https://secure.domain.com (which has the necessary certificates to do a secure login)

If I click on sign in, I get correctly redirected from http://my.domain.com/... to https://secure.domain.com/login

I can sign in, but after I have been signed in, I want to automatically get transferred back to http://my.domain.com/...

I tried to set

company.security.auth.requires.https=true

and

session.enable.phishing.protection=false

But the result is still the same

I am using liferay-6.0.5

and here is a snippet of my properties

1company.security.auth.requires.https=true
2auth.login.url=https://secure.domain.com/web/guest/login
3session.enable.phishing.protection
4
5auth.forward.by.last.path=true
6default.landing.page.path=http:/my.domain.com/web/guest/home


Best regards

Jone