Combination View Flat View Tree View
Threads [ Previous | Next ]
toggle
jpn tamur
Liferay + AD + Kerberos
April 26, 2012 7:58 AM
Answer

jpn tamur

Rank: New Member

Posts: 2

Join Date: April 26, 2012

Recent Posts

Hello,
I'm totally new to liferay. Have a stupid question.
We have portal, which work on Liferay + AD. But now we need Liferay + AD + Kerberos to connect to the other services like mail by tickets.
Is it possible to make it normally by configuring the liferay portal?emoticon Or must write custom login?emoticon If so, why nobody before had done it?emoticon
Liferay 6.1 CE GA1(Tomcat)

Thank you,
Pierre Morin
RE: Liferay + AD + Kerberos
May 24, 2012 7:37 AM
Answer

Pierre Morin

Rank: Junior Member

Posts: 70

Join Date: May 17, 2011

Recent Posts

I think it's because it's possible to use CAS (that could use Kerberos) to authenticate to Liferay.
But I'm not sure of the fact that it's possible to link Kerberos and CAS, neither for AD and CAS.
Vitor Silva
RE: Liferay + AD + Kerberos
May 25, 2012 8:43 AM
Answer

Vitor Silva

Rank: Junior Member

Posts: 36

Join Date: May 3, 2012

Recent Posts

Your question is not a stupid one believe me. Not a lot of people do this. If you're not confortable with kerberos read about it first before trying. There is a wiki on how to integrate CAS with kerberos https://wiki.jasig.org/pages/viewpage.action?pageId=10650669. It is not trivial.
Take a look at this forum thread also http://www.liferay.com/community/forums/-/message_boards/message/1458264.
If you manage to integrate CAS with kerberos then you can integrate Liferay with CAS.
Jayson Ilagan
RE: Liferay + AD + Kerberos
August 16, 2012 7:01 PM
Answer

Jayson Ilagan

Rank: New Member

Posts: 7

Join Date: December 1, 2011

Recent Posts

We successfully implemented this configuration.

We are using:

Microsoft Windows Server 2008 R2 (Application Server)
Active Directory
Liferay 6.1 CE
CAS 3.4.11
Tomcat 7.0
JRE 1.6.19

1. First step, you must have or someone have access with the Domain Controller to set SPN at the same time creating of keytab file this is necessary to have trust link between the CAS server and KDC.

2. Prepare needed files such as: login.conf, kbr5.conf., Look for sample configuration then configure it as fit to your needs.

3. Configuration of your CAS. You need to configure your login-webflow.xml, cas-servlet, deployerConfigContext and lastly pom.xml that is located in Maven.
You also need to add necessary jar file to your CAS lib. That is being used in all the configuration you've done in CAS.

4. Configure your Liferay to CAS.

That all the step we did to accomplish this.