Using OpenID with Liferay

What is OpenID? #

OpenID is an open, decentralized, free framework for user-centric digital identity.

OpenID starts with the concept that anyone can identify themselves on the Internet the same way websites do-with a URI (also called a URL or web address). Since URIs are at the very core of Web architecture, they provide a solid foundation for user-centric identity.

(Quote from

The benefits of OpenID #

For an end user, the main benefit of OpenID is that he no longer has to register in every website or portal where he wants to have an account. Instead there is only one website (known as the OpenID provider) that has all his information and is able to provide part of it (as approved by the user) to the websites where the user wants to participate.

For website owners, the benefit of OpenID is that it facilitates registration for end users. Considering that many users don't register because of the effort it takes to register in a website this is an important benefit.

The end purpose of OpenID is to keep all the sensible information in the provider so that it's not spread through all the websites where the user has an account. This makes it much easier to protect and keep up to date.

How does it work #

  1. User selects an OpenID provider and creates an account in it. The provider gives the user a unique URL that identifies him.
  2. User finds a new website and wants to create an account. He finds out happily that the website supports OpenID (it's an OpenID consumer).
  3. User logs in with his OpenID URL
  4. The website uses the URL to contact the OpenID provider of the user and requests it some information to be able to create the new account for the user
  5. The user is redirected to his provider's website to:
    1. Login to demonstrate he is the owner of the URL
    2. Accept the request for information from the original website (the providers usually allow maintaining several profiles and the user can select which one to use)
  6. The user is then redirected to the original website with all the necessary information
  7. The website takes that information and creates an account for the user (only the first time) and logs him in
  8. The user

For more information refer to:

Support for OpenID within Liferay #

Portals developed with Liferay can activate OpenID support to allow its users to automatically register and sign in using their OpenID identifier from their preferred OpenID provider. In technical terms this means that Liferay can act as an OpenID consumer.

In order to perform the registration (aka portal account creation) when a user first logins with his/her OpenID Liferay asks the provider for some information about the user: specifically the user's name and email address. The provider must be able to provide this information through any of the following OpenID protocol extensions:

Starting with Liferay 5.1, if the OpenID provider does not support these extensions, or for privacy reason does not provide the necessary user information, the user will be presented a form so that he can enter her details manually.

Liferay has so far been tested with the following providers:

  • MyOpenID:
  • Atlassian's CrowdID:
  • Yahoo: (Works since Liferay 5.1)
  • LiveJournal: (Works since Liferay 5.1)
  • Verisign Personal Identity Portal (Tested with Liferay 5.1.1)

(Note: this list is still incomplete, feel free to edit and add your provider if it works for you)

Technical details #

Liferay uses OpenId4java as the backend library to implement the OpenID functionality. This library was chosen because:

  • It is free software with a License compatible with Liferay's (Apache License 2.0)
  • It is developed by a trusted entity: Sxip
  • It seems to have the largest community among the alternatives

How to use it #

There are two ways to login using an OpenID:

  1. The portal login page located at /c/portal/login contains an input box that allows users to enter their OpenID instead of their login and password
  2. The administrator can also set up the OpenID portlet in any portal page to allow users to login automatically from it.
0 Attachments
Average (2 Votes)
The average rating is 4.0 stars out of 5.
Threaded Replies Author Date
can liferay with openid hava a proxy problem.... wu wei hua October 14, 2008 3:42 AM
Integration with Atlassian CrowdID seems to be... Rainer Montag December 8, 2009 12:59 AM
I've create an openID on verisignlabs. I'm... Adnan Yaqoob May 7, 2015 2:36 PM

can liferay with openid hava a proxy problem.
My liferay server is under a proxy network.
please help me.
Posted on 10/14/08 3:42 AM.
Integration with Atlassian CrowdID seems to be broken with Liferay 5.2.3 (it worked with Liferay 5.1.2). I have open a bug for this issue (LPS-6333).
Posted on 12/8/09 12:59 AM.
I've create an openID on verisignlabs. I'm successfully able to login and create account using openID after enabling openID.
My question is how to enable automatically sign in when I come from a site where I was authenticated. For example, I signed into the verisignlabs with my ID. Added a link to my liferay portal. When I navigate it to liferay it ask me credentials. If i try to use openID it says you email address already used unless I enter the account credentials I created while first time sing in attempt using openID.
Am I doing something wrong? or how to enable it automatically sign me in here
Posted on 5/7/15 2:36 PM.