Liferay Authentation Process
More details are reported in portal.properties under the Authentication Pipeline properties.
Input a list of comma delimited class names that implement com.liferay.portal.security.auth.Authenticator. These classes will run before or after the portal authentication begins.
The Authenticator class defines the constant values that should be used as return codes from the classes implementing the interface. If authentication is successful, return SUCCESS; if the user exists but the passwords do not match, return FAILURE; and if the user does not exist on the system, return DNE.
In the pre-authentication pipeline, if you want to skip password checking by the internal portal authentication, the authenticator should return SKIP_LIFERAY_CHECK. This is needed if passwords are not imported to the portal.
Constants in Authenticator:
public static final int DNE = 0;
public static final int FAILURE = -1;
public static final int SKIP_LIFERAY_CHECK = 2;
public static final int SUCCESS = 1;
In case you have several classes in the authentication pipeline, all of them have to return SKIP_LIFERAY_CHECK or SUCCESS if you want the user to be able to login. If one of the authenticators returns DNE OR FAILURE, the login fails.
Under certain circumstances, you might want to keep the information in the portal database in sync with an external database or an LDAP server. This can easily be achieved by implementing a class via LDAPAuth that updates the information stored in the portal user database whenever a user signs in.
Each portal instance can be configured at run time to either authenticate based on user ids or email addresses. See the Admin portlet for more information.
Available authenticators are: