Combination View Flat View Tree View
Threads [ Previous | Next ]
toggle
Mirto Silvio Busico
[SOLVED] Howto autologin from Apache
July 24, 2013 2:39 AM
Answer

Mirto Silvio Busico

Rank: Regular Member

Posts: 106

Join Date: January 18, 2012

Recent Posts

Hi all,
I have an apache2 in front of Liferay 6.1 CE.
The apache root authenticates against MS Active directories.
The liferay portal is accessed through a ProxyPass (ajp) directive
The liferay portal authenticates against the same Active directories
I can use the same credentials to access either apache and liferay

I need that the user authenticated by apache is automatically logged in liferay

What I have done:
 1
 2In apache sites defalut file I have:
 3    Alias /repository/ /GAS4/repository/
 4    <Directory /repository>
 5        Options Indexes FollowSymLinks MultiViews
 6        AllowOverride None
 7        Order allow,deny
 8        allow from all
 9    </Directory>
10
11    <Location />
12        AuthType Basic
13        AuthUserFile /GAS4/sw/users
14        AuthBasicProvider ldap file
15        AuthzLDAPAuthoritative off
16        AuthName "Main site"
17        AuthLDAPURL ldap://xx.xx.xx.xx/ou=xxxx,dc=xx,dc=xx,dc=xx?sAMAccountName (masked)
18        AuthLDAPBindDN XXXXX@xx.xx.xx (masked)
19        AuthLDAPBindPassword xxxxx (masked)
20        require valid-user   
21    </Location>
22
23    ProxyPass /repository !
24    ProxyPass / ajp://127.0.0.1:8009/
25    ProxyPassReverse / ajp://127.0.0.1:8009/

In the liferay home in the portal-setup-wizard.properties file I have

 1
 2admin.email.from.name=Mirto Busico
 3jdbc.default.password=malerba
 4liferay.home=/LRHome/liferay-portal-6.1.1-ce-ga2
 5admin.email.from.address=mbusico@technip.com
 6jdbc.default.driverClassName=org.postgresql.Driver
 7jdbc.default.username=lruser
 8jdbc.default.url=jdbc:postgresql://localhost:5432/lr1
 9setup.wizard.enabled=false
10auto.login.hooks=com.liferay.portal.security.auth.RequestHeaderAutoLogin


What I'm missing?

Thanks
Mika Koivisto
RE: Howto autologin from Apache
July 23, 2013 5:02 PM
Answer

Mika Koivisto

LIFERAY STAFF

Rank: Liferay Legend

Posts: 1513

Join Date: August 7, 2006

Recent Posts

You need to set LIFERAY_SCREEN_NAME header with the currently authenticated users screenName in Apache. That would look something like this:

1
2RequestHeader set LIFERAY_SCREEN_NAME %{AUTHENTICATE_sAMAccountName}
3</Location>
4
5ProxyPass /repository !
6ProxyPass / ajp://127.0.0.1:8009/
7ProxyPassReverse / ajp://127.0.0.1:8009/
Mirto Silvio Busico
RE: Howto autologin from Apache
July 24, 2013 1:57 AM
Answer

Mirto Silvio Busico

Rank: Regular Member

Posts: 106

Join Date: January 18, 2012

Recent Posts

Thanks.
it seems the rigth direction.
But for me the line
1RequestHeader set LIFERAY_SCREEN_NAME %{AUTHENTICATE_sAMAccountName}


Gives this apache error:
1
2sudo service apache2 start
3 * Starting web server apache2
4Syntax error on line 46 of /etc/apache2/sites-enabled/000-default:
5Unrecognized header format %
6Action 'start' failed.
7The Apache error log may have more information.


I have some problems in setting apache headers
With these lines
1
2    RequestHeader set LyHeader "%D %t"
3    RequestHeader set LIFERAY_SCREEN_NAME ${REMOTE_USER}
4    Header echo ^L
5    Header echo ^R
6    Header echo ^A


I see:
 1
 2 wget -S http://mbusico:XXXXXXX@localhost
 3--2013-07-24 10:13:05--  http://mbusico:*password*@localhost/
 4Risoluzione di localhost (localhost)... 127.0.0.1
 5Connessione a localhost (localhost)|127.0.0.1|:80... connesso.
 6Richiesta HTTP inviata, in attesa di risposta...
 7  HTTP/1.1 401 Authorization Required
 8  Date: Wed, 24 Jul 2013 08:13:05 GMT
 9  Server: Apache/2.2.22 (Ubuntu)
10  WWW-Authenticate: Basic realm="GAS4 Main site"
11  Vary: Accept-Encoding
12  Content-Length: 476
13  Keep-Alive: timeout=5, max=100
14  Connection: Keep-Alive
15  Content-Type: text/html; charset=iso-8859-1
16Riutilizzo della connessione esistente a localhost:80.
17Richiesta HTTP inviata, in attesa di risposta...
18  HTTP/1.1 200 OK
19  Date: Wed, 24 Jul 2013 08:13:05 GMT
20  Server: Apache/2.2.22 (Ubuntu)
21  Last-Modified: Fri, 11 Jan 2013 11:56:52 GMT
22  ETag: "a6096-b1-4d301fdc0ecb5"
23  Accept-Ranges: bytes
24  Content-Length: 177
25  Vary: Accept-Encoding
26  LyHeader: D=7267 t=1374653585602849
27  LIFERAY_SCREEN_NAME: ${REMOTE_USER}
28  Accept: */*
29  Authorization: Basic bWJ1c2ljbzpxd3VmZi42Nzg=
30  Keep-Alive: timeout=5, max=99
31  Connection: Keep-Alive
32  Content-Type: text/html
33Lunghezza: 177 [text/html]
34Salvataggio in: "index.html.5"
35
36100%[==========================================================================================>] 177         --.-K/s   in 0s      
37
382013-07-24 10:13:05 (18,7 MB/s) - "index.html.5" salvato [177/177]


I'll continue to investigate on how ti set the right header/variable.

BTW I'm using Ubuntu 13.04 64Bit and Apache 2.2.22
Mirto Silvio Busico
RE: Howto autologin from Apache
July 24, 2013 2:36 AM
Answer

Mirto Silvio Busico

Rank: Regular Member

Posts: 106

Join Date: January 18, 2012

Recent Posts

Finally solved.
The lines, in /etc/apache2/sites-available/default , that works for me are:
 1
 2    <Location />
 3        AuthType Basic
 4        AuthUserFile /GAS4/sw/users
 5        AuthBasicProvider ldap file
 6        AuthzLDAPAuthoritative off
 7        AuthName "GAS4 Main site"
 8        AuthLDAPURL ldap://x.x.x.x/ou=XXXXXX?sAMAccountName (masked)
 9        AuthLDAPBindDN XXXX@x.x.x (masked)
10        AuthLDAPBindPassword xxxxxxx (masked)
11        require valid-user
12        RewriteEngine On
13        RewriteCond %{LA-U:REMOTE_USER} (.+)
14        RewriteRule . - [E=RU:%1]
15        RequestHeader set LIFERAY_SCREEN_NAME %{RU}e
16        Header echo ^L (only for debug - it is not needed)
17    </Location>
18
19    ProxyRequests Off
20    ProxyPreserveHost On
21    ProxyPass /repository !
22    ProxyPass / ajp://127.0.0.1:8009/
23    ProxyPassReverse / ajp://127.0.0.1:8009/


Now http://localhost requires a username and password.
When authenticated the user is logged in Liferay

Thanks
Mirto

(OFF TOPIC: now I'll try with https)
Mika Koivisto
RE: [SOLVED] Howto autologin from Apache
July 24, 2013 1:03 PM
Answer

Mika Koivisto

LIFERAY STAFF

Rank: Liferay Legend

Posts: 1513

Join Date: August 7, 2006

Recent Posts

Great. Thanks for sharing your solution. What I posted just came off the something I found while googling it.
Marco Codeluppi
RE: Howto autologin from Apache
December 11, 2013 9:51 AM
Answer

Marco Codeluppi

Rank: New Member

Posts: 19

Join Date: April 4, 2011

Recent Posts

Hi Mirto!

I'm in a very similar situation and I'm interested in your solution.

Can you post the code of com.liferay.portal.security.auth.RequestHeaderAutoLogin class?

Thanks in advance

Marco
Mirto Silvio Busico
RE: Howto autologin from Apache
March 27, 2014 1:37 AM
Answer

Mirto Silvio Busico

Rank: Regular Member

Posts: 106

Join Date: January 18, 2012

Recent Posts

Sorry, I've seen your message only today.
I tidn't change any Liferay code.

I only setup Apache for login using Active directories and added the line
1
2auto.login.hooks=com.liferay.portal.security.auth.RequestHeaderAutoLogin

in portal-setup-wizard.properties

BTW I'm trying to setup th framework with more recent versions:

  • Kubuntu 14.04 Beta1
  • Apache 2.4.7
  • Liferay 62CE ga2


and I'm facing the case insensitive authentication search filter problem