Forums

Home » Liferay Portal » English » 2. Using Liferay » General

Combination View Flat View Tree View
Threads [ Previous | Next ]
toggle
Jim Klo
CAS + New User Create URL & Forgot Password?
May 5, 2009 10:26 PM
Answer

Jim Klo

Rank: Junior Member

Posts: 75

Join Date: November 7, 2008

Recent Posts

I'm using CAS with OpenLDAP and Liferay Portal 5.1.1.

Now that I've got login working with CAS, what URL do i direct new users to create accounts? And what about Forgot Password functionality?

This seems to be the magic sauce missing from any CAS + Liferay integration documentation.
Auditya manikanta Vadrevu
RE: CAS + New User Create URL & Forgot Password?
May 21, 2009 2:02 AM
Answer

Auditya manikanta Vadrevu

Rank: Liferay Master

Posts: 621

Join Date: May 6, 2008

Recent Posts

hi Jim Klo ,

You must provide two way login for your users.

Iam using CAS + ldap for my organisation users and signin portlet for community members. All users with accounts in ldap will login through CAS and the users created in portal will login through signin portlet and they can use as usually the forgotten passwords option available in signin portlet.


With Regards,
V.Auditya
Jim Klo
RE: CAS + New User Create URL & Forgot Password?
June 1, 2009 9:08 AM
Answer

Jim Klo

Rank: Junior Member

Posts: 75

Join Date: November 7, 2008

Recent Posts

Unfortunately for me - I need to have only one method of login (via CAS) which has several different UI variants. The portal in my case is System of Record and an additional commerce piece, to be developed later, will utilize CAS for SSO.

I ended up building my own forgot password portlet, leveraging the existing codebase, and figured out how to instantiate the create account system portlet manually by embedding the portlet params in a friendly url in the guest public layout.

Now if someone would just fix the LDAP export out of LR to actually work the inverse of the import, I'll be golden!

- Jim
Auditya manikanta Vadrevu
RE: CAS + New User Create URL & Forgot Password?
June 1, 2009 8:15 PM
Answer

Auditya manikanta Vadrevu

Rank: Liferay Master

Posts: 621

Join Date: May 6, 2008

Recent Posts

hi jim klo,

hope this may help you,

LDAP import/export

LEP 4701

LEP 7360

Liferay OPENLDAP


With Regards,
V.Auditya
Jim Klo
RE: CAS + New User Create URL & Forgot Password?
June 13, 2009 9:26 PM
Answer

Jim Klo

Rank: Junior Member

Posts: 75

Join Date: November 7, 2008

Recent Posts

Thanks, however - My situation doesn't really fit into the traditional way I think most people are utilizing LDAP and CAS with Liferay. I think most have an existing directory, like Active Directory, which is managed outside of the portal context. Thus the only thing that the portal really needs to do is import records. But say you want to actually use Liferay as a means to manage and create accounts into LDAP store. You're limited to about 3-4 attributes per user, that are non-configurable, to export.

Basically I'm using Liferay in the capacity that it will be System of Record for identities, of which I want to be able to export the identity details into an LDAP directory, and then use CAS as a facility to provide SSO when a user moves from the Portal to another system, which will authenticate via CAS, and fetch the identity information from LDAP.

The problem with using Liferay in this manner is that, while you can easily customize the import from LDAP, however there's no easy way to customize the Export without almost completely replacing LDAPUtils class.

I'm just surprised the model/pattern that's used for import isn't also used for export. Which if I have the time, I may build and give back - as it seems to be a lacking feature.
Thomas Berg
RE: CAS + New User Create URL & Forgot Password?
October 27, 2009 2:20 AM
Answer

Thomas Berg

Rank: Regular Member

Posts: 134

Join Date: September 7, 2009

Recent Posts

Hi Jim,

I have (somewhat) the same setup as you and was wondering if you've solved the following situation:

Users exist in a database (not Liferay) and CAS checks this database when a user is trying to log into Liferay. I would like a "create account"-portlet to be opened when a user is approved by CAS but does not yet exist in the Liferay DB. Once the account has been created, I'd like to export a custom amount of attributes to our LDAP store (which CAS would use as the primary source for verifying credentials).

Perhaps it would be possible to have CAS return more attributes (in addition to the approved username) or use the method postAuthenticate that the LDAP handlers in CAS calls after each authentication try.

1boolean postAuthenticate( final Credentials credentials, final boolean authenticated );


I seem to recall that custom LDAP export will be integratated into Liferay 5.3.0 but since there's no set release date, i'm interested in solutions.


Any feedback is appreciated

Regards

Thomas
Jim Klo
RE: CAS + New User Create URL & Forgot Password?
November 1, 2009 8:37 PM
Answer

Jim Klo

Rank: Junior Member

Posts: 75

Join Date: November 7, 2008

Recent Posts

The answer is, I've sort of solved that problem. Since I'm using the ext environment, I pretty much rewrote the parts I needed in the LDAPUtils class to facilitate my immediate needs, and postponed the future export needs for later (and if I'm lucky Brian Chan will make sure custom ldap export is in a future release, hint, hint)

More or less what I did, was modify the 5.1.1 implementation to use email as the DN and export a few additional attributes.

I know I've mentioned the need for a more robust LDAP export to Liferay, but not sure if it's on the roadmap for 5.3.

Your situation is a bit different, and closer to what I think the way LIferay was designed to work with CAS/LDAP, by creating a new user if one doesn't exist when authenticating a user for the first time.

Additionally, we built a servlet and portlet pair (aptly named the gatekeeper servlet filter), to handle the situation similar to what you're talking about.

An example of it in action is here:
http://www.monsterenergy.com/web/monstergirls/signup

Basically if you're creating a new account, it walks you through the standard user signup, but then prompts for the Monster Girl signup as a second step. If the user is already logged in, it just prompts you for the second step.

The gatekeeper servlet fundamentally filter, basically validates the current session against a series of gates. Each gate checks for a key, which could do just about anything (validate age, validate user profile for info, check anything your 'gate' class wants). If the key is valid, then it just lets the user pass, of the key is invalid, the user is then directed to an alternate url (specified in a configuration portlet for the filter). We have plans to release this addition to the community, but not exactly sure on the timing, as I need to review it for any client IP first.

On a simpler scale, you might build a class that is a post login action (configured in portal.properties) which determines if the user needs to prompt for additional fields. You could then just save everything the Liferay way then create a UserModel listener that exports the data to your LDAP store when the user is modifed to keep things syncronized.

If you ping me directly, I can give you additional details, if you're interested.
Thomas Berg
RE: CAS + New User Create URL & Forgot Password?
November 9, 2009 4:42 AM
Answer

Thomas Berg

Rank: Regular Member

Posts: 134

Join Date: September 7, 2009

Recent Posts

Hi Jim,

Thanks a bunch for your reply, seems that you've got a nice working solution, beautiful site!
I'll have to ponder this as I'm not quite ready to start modifying the source within the extension environment.
Hoping that "hooks" can be used for this but don't know enough about them at this point.

Thanks also for the ping-invite, will do when I've got some good questions!

Best regards

Thomas
Jim Klo
RE: CAS + New User Create URL & Forgot Password?
November 9, 2009 9:55 AM
Answer

Jim Klo

Rank: Junior Member

Posts: 75

Join Date: November 7, 2008

Recent Posts

Thomas,

A simpler way you could possibly do what you're wanting is to create a post login event handler that can be hooked up in portal-ext.properties (or via portal.properties in a plugin, I think, I don't do a ton of plugins) .

1
2login.events.post=com.liferay.portal.events.LoginPostAction,com.liferay.portal.events.DefaultLandingPageAction


Using the post-login event method, users in your LDAP directory will be able to login, then you can check to see if the user signing in has all the information you want, and if not redirect them to a new page that captures this info or import it from the LDAP directory. We've had a lot of success using this method combined with using the service locator in Velocity w/ Web Content (formerly Journal Content) portlet. In fact most of the newest stuff we're doing uses this method combined with Liferay JSON services and JQuery to build great interfaces.
Nidhi Singh
RE: CAS + New User Create URL & Forgot Password?
April 18, 2010 11:38 PM
Answer

Nidhi Singh

Rank: Regular Member

Posts: 155

Join Date: October 7, 2009

Recent Posts

Hi,

you can check this blog blog

Thanks
Nidhi Singh
Apoorva Prakash
RE: CAS + New User Create URL & Forgot Password?
September 22, 2010 9:12 PM
Answer

Apoorva Prakash

Rank: Liferay Master

Posts: 659

Join Date: June 15, 2010

Recent Posts

Hello All,
I think my problem is also somewhere related to the mentioned things.
I am developing a portal in which I am using Liferay and Pentaho for development.
For authentication, I am using CAS, precisely WITHOUT LDAP, and I don't wish to use LDAP at all.
Now, the functionality I wish to provide is - Forget Password Recovery through the login JSP page of CAS.
Is there any way to achieve such functionality without writing custom code?
Please Help...
Regards