Foren
openid-connect support in Liferay
Sameer Naik, geändert vor 9 Jahren.
openid-connect support in Liferay
Junior Member Beiträge: 25 Beitrittsdatum: 09.03.10 Neueste Beiträge
Hi,
Is there any support available or planned for openid-connect http://openid.net/connect/ and Google Login (https://developers.google.com/accounts/docs/OpenIDConnect) in Liferay?
Thanks,
Sameer
Is there any support available or planned for openid-connect http://openid.net/connect/ and Google Login (https://developers.google.com/accounts/docs/OpenIDConnect) in Liferay?
Thanks,
Sameer
Meera Prince, geändert vor 9 Jahren.
RE: openid-connect support in Liferay
Liferay Legend Beiträge: 1111 Beitrittsdatum: 08.02.11 Neueste Beiträge
HI
Open id implementation already done in Liferay. Go to Control panlel in the portal configuration you can see see setting related to openid. and in sign portlet also you can find login through open id.
Follow the links it may help you..
https://www.liferay.com/community/wiki/-/wiki/Main/Using+OpenID+with+Liferay
http://blogs.isostech.com/liferay/use-google-domain-authenticate-liferay-users/
http://stackoverflow.com/questions/12600014/using-custom-login-page-to-login-to-liferay-using-google-id
Regards,
meera prince
Open id implementation already done in Liferay. Go to Control panlel in the portal configuration you can see see setting related to openid. and in sign portlet also you can find login through open id.
Follow the links it may help you..
https://www.liferay.com/community/wiki/-/wiki/Main/Using+OpenID+with+Liferay
http://blogs.isostech.com/liferay/use-google-domain-authenticate-liferay-users/
http://stackoverflow.com/questions/12600014/using-custom-login-page-to-login-to-liferay-using-google-id
Regards,
meera prince
Sameer Naik, geändert vor 9 Jahren.
RE: openid-connect support in Liferay
Junior Member Beiträge: 25 Beitrittsdatum: 09.03.10 Neueste BeiträgeMeera Prince:
HI
Open id implementation already done in Liferay. Go to Control panlel in the portal configuration you can see see setting related to openid. and in sign portlet also you can find login through open id.
Follow the links it may help you..
https://www.liferay.com/community/wiki/-/wiki/Main/Using+OpenID+with+Liferay
http://blogs.isostech.com/liferay/use-google-domain-authenticate-liferay-users/
http://stackoverflow.com/questions/12600014/using-custom-login-page-to-login-to-liferay-using-google-id
Regards,
meera prince
Hi Meera,
OpenID-Connect (OIDC) is different than OpenID. Please see http://techcrunch.com/2014/02/26/openid-foundation-launches-openid-connect-identity-protocol-with-support-from-google-microsoft-others/ http://stackoverflow.com/questions/27194838/facebook-login-and-openid-connect and other links in original post.
-- Sameer
Ken Sperow, geändert vor 9 Jahren.
RE: openid-connect support in Liferay
New Member Beiträge: 11 Beitrittsdatum: 25.04.11 Neueste Beiträge
We too are looking for an openid-connect (aka. OAuth 2.0) Liferay SSO implementation. Is anyone aware of anyone -- including Liferay -- working on this capability?
NOAA uses Google for mail/calendaring and it makes sense to tie into Google for SSO, which no longer supports OpenID 2.0 (see https://developers.google.com/accounts/docs/OpenID2) but recommends using openid-connect instead.
Thanks,
Ken Sperow
National Weather Service/NOAA
NOAA uses Google for mail/calendaring and it makes sense to tie into Google for SSO, which no longer supports OpenID 2.0 (see https://developers.google.com/accounts/docs/OpenID2) but recommends using openid-connect instead.
Thanks,
Ken Sperow
National Weather Service/NOAA
Geert van der Ploeg, geändert vor 7 Jahren.
RE: openid-connect support in Liferay
New Member Beiträge: 22 Beitrittsdatum: 03.04.14 Neueste Beiträge
You can find the OpenID Connect plugin in the marketplace, created by Finalist NL and published a few weeks ago.
karthik reddy, geändert vor 6 Jahren.
RE: openid-connect support in Liferay
Junior Member Beiträge: 60 Beitrittsdatum: 08.04.13 Neueste Beiträge
Dear All,
I deployed this plugin in liferay 6.2 and used google properties but I am not getting the screens. Can some one help us to provide the dummy configuration to test the same.
Thanks & Regards,
Karthik
I deployed this plugin in liferay 6.2 and used google properties but I am not getting the screens. Can some one help us to provide the dummy configuration to test the same.
Thanks & Regards,
Karthik
Geert van der Ploeg, geändert vor 6 Jahren.
RE: openid-connect support in Liferay
New Member Beiträge: 22 Beitrittsdatum: 03.04.14 Neueste Beiträge
Hi,
- Refer to plugin's readme on github for the dummy configuration: https://github.com/finalist/liferay-oidc-plugin/blob/oidc-parent-0.4.0/README.md
- Set logging to debug/trace level for category 'nl.finalist' (add new logging category)
- Provide us with more details, like the above mentioned logging
- Refer to plugin's readme on github for the dummy configuration: https://github.com/finalist/liferay-oidc-plugin/blob/oidc-parent-0.4.0/README.md
- Set logging to debug/trace level for category 'nl.finalist' (add new logging category)
- Provide us with more details, like the above mentioned logging
karthik reddy, geändert vor 6 Jahren.
RE: openid-connect support in Liferay
Junior Member Beiträge: 60 Beitrittsdatum: 08.04.13 Neueste Beiträge
Hi Geert,
Thank you for your quick response
As a first step I downloaded the lpkg file and deployed in deploy folder and I had created a properties file as portal-ext.properties and copied from . I have updated the client id and secret which I got from google and I didnt modify any other values . Please let me know do I need to update any other values in properties file
openidconnect.enableOpenIDConnect=true
openidconnect.token-location=https://www.googleapis.com/oauth2/v4/token
openidconnect.authorization-location=https://accounts.google.com/o/oauth2/v2/auth
openidconnect.profile-uri=https://www.googleapis.com/plus/v1/people/me/openIdConnect
openidconnect.issuer=https://accounts.google.com
openidconnect.client-id=UPDATED HERE
openidconnect.secret=UPDATED HERE
openidconnect.scope=openid profile email
I am getting the below errors in console
Thank you for your quick response
As a first step I downloaded the lpkg file and deployed in deploy folder and I had created a properties file as portal-ext.properties and copied from . I have updated the client id and secret which I got from google and I didnt modify any other values . Please let me know do I need to update any other values in properties file
openidconnect.enableOpenIDConnect=true
openidconnect.token-location=https://www.googleapis.com/oauth2/v4/token
openidconnect.authorization-location=https://accounts.google.com/o/oauth2/v2/auth
openidconnect.profile-uri=https://www.googleapis.com/plus/v1/people/me/openIdConnect
openidconnect.issuer=https://accounts.google.com
openidconnect.client-id=UPDATED HERE
openidconnect.secret=UPDATED HERE
openidconnect.scope=openid profile email
I am getting the below errors in console
java.io.IOException: While exchanging code for access token and retrieving user info
at nl.finalist.liferay.oidc.OpenIDConnectFilter.exchangeCodeForAccessToken(OpenIDConnectFilter.java:185)
at nl.finalist.liferay.oidc.OpenIDConnectFilter.processFilter(OpenIDConnectFilter.java:126)
at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:59)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.liferay.portal.kernel.bean.ClassLoaderBeanHandler.invoke(ClassLoaderBeanHandler.java:67)
at com.sun.proxy.$Proxy484.doFilter(Unknown Source)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:204)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:109)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilter.doFilter(InvokerFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: org.apache.oltu.oauth2.common.exception.OAuthSystemException: java.net.UnknownHostException: www.googleapis.com
at org.apache.oltu.oauth2.client.URLConnectionClient.execute(URLConnectionClient.java:108)
at org.apache.oltu.oauth2.client.OAuthClient.accessToken(OAuthClient.java:65)
at org.apache.oltu.oauth2.client.OAuthClient.accessToken(OAuthClient.java:55)
at nl.finalist.liferay.oidc.OpenIDConnectFilter.exchangeCodeForAccessToken(OpenIDConnectFilter.java:162)
... 27 more
Caused by: java.net.UnknownHostException: www.googleapis.com
at java.net.AbstractPlainSocketImpl.connect(Unknown Source)
at java.net.PlainSocketImpl.connect(Unknown Source)
at java.net.SocksSocketImpl.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at sun.security.ssl.SSLSocketImpl.connect(Unknown Source)
at sun.security.ssl.BaseSSLSocketImpl.connect(Unknown Source)
at sun.net.NetworkClient.doConnect(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.<init>(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.New(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
at org.apache.oltu.oauth2.client.URLConnectionClient.execute(URLConnectionClient.java:85)
... 30 more
</init>
Geert van der Ploeg, geändert vor 6 Jahren.
RE: openid-connect support in Liferay
New Member Beiträge: 22 Beitrittsdatum: 03.04.14 Neueste Beiträge
Caused by: java.net.UnknownHostException: www.googleapis.com
Apparently your Liferay server cannot connect to www.googleapis.com. Does the server have an internet connection available at all? For OpenID Connect, the Relying Party (the liferay server in this case) needs to be able to verify the id/access token at the OP (OpenID Provider).
arun kumar pasuparthi, geändert vor 6 Jahren.
RE: openid-connect support in Liferay
New Member Beiträge: 2 Beitrittsdatum: 13.03.18 Neueste BeiträgeGeert van der Ploeg:
Caused by: java.net.UnknownHostException: www.googleapis.com
Hello,
Can you help us understand where liferay OIDCP stores the access tokens? we need these access tokens to call downstream resource servers. Resource servers validate the requests that go from liferay based on access tokens. I will really appreciate if you help us understand where the access tokens are stored.
Geert van der Ploeg, geändert vor 6 Jahren.
RE: openid-connect support in Liferay
New Member Beiträge: 22 Beitrittsdatum: 03.04.14 Neueste Beiträge
Hi,
The access token is not stored somewhere, it's being used only to retrieve UserInfo from the OP.
A feature request to expose the token to the rest of the Liferay portal/portlets is already filed, but no actual implementation yet.
The access token is not stored somewhere, it's being used only to retrieve UserInfo from the OP.
A feature request to expose the token to the rest of the Liferay portal/portlets is already filed, but no actual implementation yet.
arun kumar pasuparthi, geändert vor 6 Jahren.
RE: openid-connect support in Liferay
New Member Beiträge: 2 Beitrittsdatum: 13.03.18 Neueste Beiträge
Thank you. I am new to liferay. Can you suggest a strategy to make this token available for the portlets. we need this token in order to access the api gateway.
Vidya Sagar Padigela, geändert vor 6 Jahren.
RE: openid-connect support in Liferay
Junior Member Beiträge: 49 Beitrittsdatum: 20.05.08 Neueste Beiträge
Hi, Geert
We are trying to customize the plugin code on our side and we are able to compile the code and deployed on Liferay 7.0-sp5. We see the status in GoGo shell as Installed state instead of active. When we diagnose it says the the errors listed below. Any thoughts would be a great help.
538|Installed | 10|OIDC Portal Settings Web (1.0.0.201803160416)
539|Installed | 1|OIDC Filter (1.0.0.201803160415)
g! diag 538
nl.finalist.liferay.oidc.portalsettings [538]
Unresolved requirement: Import-Package: com.liferay.portal.kernel.portlet; version="[7.12.0,8.0.0)"
g! diag 539
nl.finalist.liferay.oidc [539]
Unresolved requirement: Import-Package: com.liferay.portal.kernel.service; version="[1.24.0,2.0.0)"
We are trying to customize the plugin code on our side and we are able to compile the code and deployed on Liferay 7.0-sp5. We see the status in GoGo shell as Installed state instead of active. When we diagnose it says the the errors listed below. Any thoughts would be a great help.
538|Installed | 10|OIDC Portal Settings Web (1.0.0.201803160416)
539|Installed | 1|OIDC Filter (1.0.0.201803160415)
g! diag 538
nl.finalist.liferay.oidc.portalsettings [538]
Unresolved requirement: Import-Package: com.liferay.portal.kernel.portlet; version="[7.12.0,8.0.0)"
g! diag 539
nl.finalist.liferay.oidc [539]
Unresolved requirement: Import-Package: com.liferay.portal.kernel.service; version="[1.24.0,2.0.0)"
Geert van der Ploeg, geändert vor 6 Jahren.
RE: openid-connect support in Liferay
New Member Beiträge: 22 Beitrittsdatum: 03.04.14 Neueste BeiträgeVidya Sagar Padigela:
Hi, Geert
We are trying to customize the plugin code on our side and we are able to compile the code and deployed on Liferay 7.0-sp5. We see the status in GoGo shell as Installed state instead of active. When we diagnose it says the the errors listed below. Any thoughts would be a great help.
I suppose you mean Liferay 7.0 GA 5?
Vidya Sagar Padigela:
538|Installed | 10|OIDC Portal Settings Web (1.0.0.201803160416)
539|Installed | 1|OIDC Filter (1.0.0.201803160415)
From the versions (1.0.0.xxxxxx) I conclude that you build the module using gradle, is that correct? If so, why don't you use the maven setup that the project already contains?
Another option could be that you build the project from within a Liferay blade workspace. Is that correct? Are you sure that the workspace contains the correct versions of Liferay dependencies?
Vidya Sagar Padigela:
g! diag 538
nl.finalist.liferay.oidc.portalsettings [538]
Unresolved requirement: Import-Package: com.liferay.portal.kernel.portlet; version="[7.12.0,8.0.0)"
In my local maven build, the resulting MANIFEST.MF states this dependency like this:
com.liferay.portal.kernel.portlet;version="[7.0,8)"
On my local GA5-environment this portalsettings-module resolves the import of package com.liferay.portal.kernel.portlet like this:
com.liferay.portal.kernel.portlet; version="7.11.0" <org.eclipse.osgi_3.10.200.v20150831-0856 [0]></org.eclipse.osgi_3.10.200.v20150831-0856>Vidya Sagar Padigela:
g! diag 539
nl.finalist.liferay.oidc [539]
Unresolved requirement: Import-Package: com.liferay.portal.kernel.service; version="[1.24.0,2.0.0)"
In my local maven build, the resulting MANIFEST.MF states this dependency like this:
com.liferay.portal.kernel.service;version="[1.0,2)"
On my local GA5-environment this portalsettings-module resolves the import of package com.liferay.portal.kernel.portlet like this:
com.liferay.portal.kernel.service; version="1.21.0" <org.eclipse.osgi_3.10.200.v20150831-0856 [0]></org.eclipse.osgi_3.10.200.v20150831-0856>Combining and comparing this information I think that the build environment that you use eventually results in jars that are not compatible with Liferay 7.0 GA5 anymore...
Hope this helps.
Geert
Vidya Sagar Padigela, geändert vor 6 Jahren.
RE: openid-connect support in Liferay
Junior Member Beiträge: 49 Beitrittsdatum: 20.05.08 Neueste Beiträge
Geert ,
Thank you so much for your detailed response. Please see my response below.
Yes you are correct we build the module using gradle. We are using maven setup that OIDC project already contains.
We are building the project using existing Liferay blade work space. Yes we have all required dependencies.
Will analyze the configuration that you listed out and see whether I can rebuild or not. Thanks again.
Thank you so much for your detailed response. Please see my response below.
From the versions (1.0.0.xxxxxx) I conclude that you build the module using
gradle, is that correct? If so, why don't you use the maven setup that the project already contains?
Yes you are correct we build the module using gradle. We are using maven setup that OIDC project already contains.
Another option could be that you build the project from within a Liferay blade workspace.
Is that correct? Are you sure that the workspace contains the correct versions of Liferay dependencies?
We are building the project using existing Liferay blade work space. Yes we have all required dependencies.
Will analyze the configuration that you listed out and see whether I can rebuild or not. Thanks again.
Leo de Nevi, geändert vor 6 Jahren.
RE: openid-connect support in Liferay
New Member Beiträge: 2 Beitrittsdatum: 26.02.18 Neueste Beiträge
I am having trouble with installing/enabling this plugin.
I have:
I place the package into the /deploy folder, and according to the logs, processing went well. In Liferay, I go to Control Panel -> Apps -> App Manager and see that OpenID Connect plugin is there and "Active".
Then, under Configuration -> Instance Settings -> Authentication, I do NOT see the "OpenID Connect" tab.
What am I doing wrong?
I have:
- Liferay Community Edition Portal 7.0.4 GA5 (Wilberforce / Build 7004 / October 23, 2017)
- OpenID Connect: Liferay CE Portal 7.0 GA5+ .lpkg
I place the package into the /deploy folder, and according to the logs, processing went well. In Liferay, I go to Control Panel -> Apps -> App Manager and see that OpenID Connect plugin is there and "Active".
Then, under Configuration -> Instance Settings -> Authentication, I do NOT see the "OpenID Connect" tab.
What am I doing wrong?
Geert van der Ploeg, geändert vor 6 Jahren.
RE: openid-connect support in Liferay
New Member Beiträge: 22 Beitrittsdatum: 03.04.14 Neueste BeiträgeLeo de Nevi:
I am having trouble with installing/enabling this plugin.
I have:
- Liferay Community Edition Portal 7.0.4 GA5 (Wilberforce / Build 7004 / October 23, 2017)
- OpenID Connect: Liferay CE Portal 7.0 GA5+ .lpkg
I place the package into the /deploy folder, and according to the logs, processing went well. In Liferay, I go to Control Panel -> Apps -> App Manager and see that OpenID Connect plugin is there and "Active".
Then, under Configuration -> Instance Settings -> Authentication, I do NOT see the "OpenID Connect" tab.
What am I doing wrong?
Only 0.5.0 and later versions will support configuration via the Control Panel. Older versions (i.e. the current one on the marketplace) only support portal properties (in retrospect we should have documented this better)
See also issue #22 @github, which includes a workaround using direct downloads instead of the marketplace.
Leo de Nevi, geändert vor 6 Jahren.
RE: openid-connect support in Liferay
New Member Beiträge: 2 Beitrittsdatum: 26.02.18 Neueste Beiträge
Wow! Thank you for the quick response!
I used the artifacts included in the link you gave and things are working great. Thanks, Geert!
I used the artifacts included in the link you gave and things are working great. Thanks, Geert!
Max Baldy, geändert vor 6 Jahren.
RE: openid-connect support in Liferay
New Member Beiträge: 6 Beitrittsdatum: 15.11.16 Neueste Beiträge
Hi, I downloaded the OpenID Connect plugin 0.5.2 and installed through the app manager and also I do not see the OpenID Connect tab.
it is clear why.
My liferay is "Liferay Portal Community Edition 6.2 CE GA6 (Newton / Build 6205 / January 6, 2016)." I would like to understand if it is compatible with this version. Also I am trying to configure the parameters in the portal-ext file for keycloak realm service but no page login and no log is present (i add the new file nl.finalist).
Can you help me ??? thank you. sorry for my English
ps: these are the properties
openidconnect.enableOpenIDConnect=true
openidconnect.token-location=https://161.27.16.57:8443/auth/realms/LifeRay-OpenID/protocol/openid-connect/token
openidconnect.authorization-location=https://161.27.16.57:8443/auth/realms/LifeRay-OpenID/protocol/openid-connect/auth
openidconnect.profile-uri=https://161.27.16.57:8443/auth/realms/LifeRay-OpenID/protocol/openid-connect/userinfo
openidconnect.issuer=https://161.27.16.57:8443/auth/realms/LifeRay-OpenID
openidconnect.client-id=liferay-openid-connector
openidconnect.secret=xyz
openidconnect.scope=openid
it is clear why.
My liferay is "Liferay Portal Community Edition 6.2 CE GA6 (Newton / Build 6205 / January 6, 2016)." I would like to understand if it is compatible with this version. Also I am trying to configure the parameters in the portal-ext file for keycloak realm service but no page login and no log is present (i add the new file nl.finalist).
Can you help me ??? thank you. sorry for my English
ps: these are the properties
openidconnect.enableOpenIDConnect=true
openidconnect.token-location=https://161.27.16.57:8443/auth/realms/LifeRay-OpenID/protocol/openid-connect/token
openidconnect.authorization-location=https://161.27.16.57:8443/auth/realms/LifeRay-OpenID/protocol/openid-connect/auth
openidconnect.profile-uri=https://161.27.16.57:8443/auth/realms/LifeRay-OpenID/protocol/openid-connect/userinfo
openidconnect.issuer=https://161.27.16.57:8443/auth/realms/LifeRay-OpenID
openidconnect.client-id=liferay-openid-connector
openidconnect.secret=xyz
openidconnect.scope=openid
Geert van der Ploeg:
Leo de Nevi:I am having trouble with installing/enabling this plugin.
I have:
- Liferay Community Edition Portal 7.0.4 GA5 (Wilberforce / Build 7004 / October 23, 2017)
- OpenID Connect: Liferay CE Portal 7.0 GA5+ .lpkg
I place the package into the /deploy folder, and according to the logs, processing went well. In Liferay, I go to Control Panel -> Apps -> App Manager and see that OpenID Connect plugin is there and "Active".
Then, under Configuration -> Instance Settings -> Authentication, I do NOT see the "OpenID Connect" tab.
What am I doing wrong?
Only 0.5.0 and later versions will support configuration via the Control Panel. Older versions (i.e. the current one on the marketplace) only support portal properties (in retrospect we should have documented this better)
See also issue #22 @github, which includes a workaround using direct downloads instead of the marketplace.
Geert van der Ploeg, geändert vor 6 Jahren.
RE: openid-connect support in Liferay
New Member Beiträge: 22 Beitrittsdatum: 03.04.14 Neueste BeiträgeMax Baldy:
Hi, I downloaded the OpenID Connect plugin 0.5.2 and installed through the app manager and also I do not see the OpenID Connect tab.
it is clear why.
My liferay is "Liferay Portal Community Edition 6.2 CE GA6 (Newton / Build 6205 / January 6, 2016)." I would like to understand if it is compatible with this version.
Yes, 0.5.2 of the plugin is compatible with 6.2 CE GA6
Max Baldy:
Also I am trying to configure the parameters in the portal-ext file for keycloak realm service but no page login and no log is present (i add the new file nl.finalist).
Can you help me ??? thank you. sorry for my English
Have you done any analysis on OSGi-level? Using the Gogo-shell, review the status of the dxp-oidc-* modules. They should both be 'active'. If not, fix this :-). If they are in fact active, report the diagnostic information for each bundle (b [bundleId])
Max Baldy:
ps: these are the properties
openidconnect.enableOpenIDConnect=true
openidconnect.token-location=https://161.27.16.57:8443/auth/realms/LifeRay-OpenID/protocol/openid-connect/token
openidconnect.authorization-location=https://161.27.16.57:8443/auth/realms/LifeRay-OpenID/protocol/openid-connect/auth
openidconnect.profile-uri=https://161.27.16.57:8443/auth/realms/LifeRay-OpenID/protocol/openid-connect/userinfo
openidconnect.issuer=https://161.27.16.57:8443/auth/realms/LifeRay-OpenID
openidconnect.client-id=liferay-openid-connector
openidconnect.secret=xyz
openidconnect.scope=openid
Seems OK to me.
Max Baldy, geändert vor 6 Jahren.
RE: openid-connect support in Liferay
New Member Beiträge: 6 Beitrittsdatum: 15.11.16 Neueste Beiträge
Hi,
Thanks for your reply.
I have reinstall the plugin, add properties in portal-ext and activate nl.finalist log and this logs below when i try the login/logout in liferay portal:
13:38:36,343 TRACE [default task-3][Liferay62Adapter:31] In processFilter()...
13:38:36,347 DEBUG [default task-3][LibFilter:164] [default task-3]> nl.finalist.liferay.oidc.OpenIDConnectFilter /c/portal/logout
13:38:36,414 DEBUG [default task-3][LibFilter:183] [default task-3]< nl.finalist.liferay.oidc.OpenIDConnectFilter /c/portal/logout 67 ms
13:38:36,622 TRACE [default task-3][Liferay62Adapter:31] No current OpenID Connect conversation, no auto login
it seems that when I log in - logout, the plugin checks and seems enabled but does not redirect to my keycloak server (the server is in the same machine where wildfly is installed with liferay 6.2).
Can I control something else?
Thank you
Max
Thanks for your reply.
I have reinstall the plugin, add properties in portal-ext and activate nl.finalist log and this logs below when i try the login/logout in liferay portal:
13:38:36,343 TRACE [default task-3][Liferay62Adapter:31] In processFilter()...
13:38:36,347 DEBUG [default task-3][LibFilter:164] [default task-3]> nl.finalist.liferay.oidc.OpenIDConnectFilter /c/portal/logout
13:38:36,414 DEBUG [default task-3][LibFilter:183] [default task-3]< nl.finalist.liferay.oidc.OpenIDConnectFilter /c/portal/logout 67 ms
13:38:36,622 TRACE [default task-3][Liferay62Adapter:31] No current OpenID Connect conversation, no auto login
it seems that when I log in - logout, the plugin checks and seems enabled but does not redirect to my keycloak server (the server is in the same machine where wildfly is installed with liferay 6.2).
Can I control something else?
Thank you
Max
Geert van der Ploeg:
Max Baldy:Hi, I downloaded the OpenID Connect plugin 0.5.2 and installed through the app manager and also I do not see the OpenID Connect tab.
it is clear why.
My liferay is "Liferay Portal Community Edition 6.2 CE GA6 (Newton / Build 6205 / January 6, 2016)." I would like to understand if it is compatible with this version.
Yes, 0.5.2 of the plugin is compatible with 6.2 CE GA6Max Baldy:Also I am trying to configure the parameters in the portal-ext file for keycloak realm service but no page login and no log is present (i add the new file nl.finalist).
Can you help me ??? thank you. sorry for my English
Have you done any analysis on OSGi-level? Using the Gogo-shell, review the status of the dxp-oidc-* modules. They should both be 'active'. If not, fix this :-). If they are in fact active, report the diagnostic information for each bundle (b [bundleId])Max Baldy:
ps: these are the properties
openidconnect.enableOpenIDConnect=true
openidconnect.token-location=https://161.27.16.57:8443/auth/realms/LifeRay-OpenID/protocol/openid-connect/token
openidconnect.authorization-location=https://161.27.16.57:8443/auth/realms/LifeRay-OpenID/protocol/openid-connect/auth
openidconnect.profile-uri=https://161.27.16.57:8443/auth/realms/LifeRay-OpenID/protocol/openid-connect/userinfo
openidconnect.issuer=https://161.27.16.57:8443/auth/realms/LifeRay-OpenID
openidconnect.client-id=liferay-openid-connector
openidconnect.secret=xyz
openidconnect.scope=openid
Seems OK to me.
Geert van der Ploeg, geändert vor 6 Jahren.
RE: openid-connect support in Liferay
New Member Beiträge: 22 Beitrittsdatum: 03.04.14 Neueste Beiträge
For new users, or any people with new questions or support questions: instead of following up on this thread, please file an issue at the Github project, so that separate support questions can be answered/flagged/resolved/tagged separately.
Max Baldy, geändert vor 6 Jahren.
RE: openid-connect support in Liferay
New Member Beiträge: 6 Beitrittsdatum: 15.11.16 Neueste BeiträgeGeert van der Ploeg:
For new users, or any people with new questions or support questions: instead of following up on this thread, please file an issue at the Github project, so that separate support questions can be answered/flagged/resolved/tagged separately.
Ok. Thanks
Max Baldy, geändert vor 6 Jahren.
RE: openid-connect support in Liferay
New Member Beiträge: 6 Beitrittsdatum: 15.11.16 Neueste Beiträge
Hi Geert,
I wanted to update you, as written in the logs, I had no errors.
On the login page of liferay I had both the Sign In portlet and the top right button of the Login. When I tried to use the button at the top right or use the portlet nothing happened and entered the portal of liferay without using the plugin that does the redirect on the Keycloak authentication service.
By accidentally deleting the sign in portlet (thus leaving only the button at the top) the plugin worked and the redirect to the login page kcloak worked. If it can help other people, perhaps specify in the guide or in the configuration files, to delete the Sign In portal in liferay 6.2 (if present by default).
I wanted to ask, using the external authentication service, this plugin means that users are inserted into liferay or not?
I have not used the github repository just because I am asking ... if I have other problems I write on the forum.
Thank you
Greetings
I wanted to update you, as written in the logs, I had no errors.
On the login page of liferay I had both the Sign In portlet and the top right button of the Login. When I tried to use the button at the top right or use the portlet nothing happened and entered the portal of liferay without using the plugin that does the redirect on the Keycloak authentication service.
By accidentally deleting the sign in portlet (thus leaving only the button at the top) the plugin worked and the redirect to the login page kcloak worked. If it can help other people, perhaps specify in the guide or in the configuration files, to delete the Sign In portal in liferay 6.2 (if present by default).
I wanted to ask, using the external authentication service, this plugin means that users are inserted into liferay or not?
I have not used the github repository just because I am asking ... if I have other problems I write on the forum.
Thank you
Greetings
Geert van der Ploeg, geändert vor 6 Jahren.
RE: openid-connect support in Liferay
New Member Beiträge: 22 Beitrittsdatum: 03.04.14 Neueste BeiträgeMax Baldy:
Hi Geert,
I wanted to update you, as written in the logs, I had no errors.
On the login page of liferay I had both the Sign In portlet and the top right button of the Login. When I tried to use the button at the top right or use the portlet nothing happened and entered the portal of liferay without using the plugin that does the redirect on the Keycloak authentication service.
By accidentally deleting the sign in portlet (thus leaving only the button at the top) the plugin worked and the redirect to the login page kcloak worked. If it can help other people, perhaps specify in the guide or in the configuration files, to delete the Sign In portal in liferay 6.2 (if present by default).
This is weird behaviour from Liferay, I have noticed this myself too. If the login portlet is displayed somewhere on the page, then the login button at the top does not redirect to /c/portal/login and then presenting you the sign-in-portlet (or redirect to OIDC login in our case), but then Liferay bypasses the /c/portal/login mechanism and displays the existing portlet instead. In my opinion this is a flaw in Liferay. Thanks for pointing it out here, maybe it's useful for other users...
Max Baldy:
I wanted to ask, using the external authentication service, this plugin means that users are inserted into liferay or not?
Correct, the users are provisioned (created in Liferay) by the plugin. At every login, the users' details are updated/overwritten with the details from the OIDC authorization server. Only the email address is not updated, but it is used instead as primary key: if you change the email address the user will be registered as a new one upon the next login.
Max Baldy, geändert vor 6 Jahren.
RE: openid-connect support in Liferay
New Member Beiträge: 6 Beitrittsdatum: 15.11.16 Neueste Beiträge
Hi Geert,
I've just finished configuring my server for certificate issues.
EVERYTHING WORKS !!! Great.
I noticed that the logout does not work properly.
Let me explain, when I press the button at the top right, it redirects to the keycloak authentication service page (and it's right), I enter the user and password and enter the portal correctly. (see log)
16: 52: 47,282 TRACE [default task-9] [Liferay62Adapter: 31] In processFilter () ...
16: 52: 47,282 TRACE [default task-9] [Liferay62Adapter: 31] About to redirect to OpenID Provider
16: 52: 47,283 DEBUG [default task-9] [Liferay62Adapter: 41] Redirecting to URL: https://161.27.248.176:8444/auth/realms/LifeRay-OpenID/protocol/openid-connect/auth?scope=openid&response_type code = & redirect_uri = https% 3A% 2F% 2F161.27.248.176% 3A8443% 2fc% 2Fportal% 2Flogin & state = 8c7c5e749ae40a8feadd1e77e7e6a4f3 & client_id = account
16: 53: 00,039 TRACE [default task-9] [Liferay62Adapter: 31] In processFilter () ...
16: 53: 00,040 TRACE [default task-9] [Liferay62Adapter: 31] About to exchange code for access token
16: 53: 00,041 DEBUG [default task-9] [Liferay62Adapter: 41] Token request to uri: https://161.27.248.176:8444/auth/realms/LifeRay-OpenID/protocol/openid-connect/token
16: 53: 00,097 TRACE [default task-9] [Liferay62Adapter: 31] Access / id token response: - JWT -
Raw String: eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJ2SUN6WmlrcWlNMHI4elg2R0Q4dGdmLVdxNGdrZ09xai1jVElrWmZvQTJzIn0.eyJqdGkiOiI4ZjMyMDUwMi01MWIyLTQ0Y2QtOTY5MC1iMDczOWQ4ZTI5ZDIiLCJleHAiOjE1MjIwNzYyODAsIm5iZiI6MCwiaWF0IjoxNTIyMDc1OTgwLCJpc3MiOiJodHRwczovLzE2MS4yNy4yNDguMTc2Ojg0NDQvYXV0aC9yZWFsbXMvTGlmZVJheS1PcGVuSUQiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiM2U2MTQ2NmYtNDM3Yy00OTY0LWEyNTQtNDg2MTBmZDEwNWZhIiwidHlwIjoiSUQiLCJhenAiOiJhY2NvdW50IiwiYXV0aF90aW1lIjoxNTIyMDc1OTgwLCJzZXNzaW9uX3N0YXRlIjoiMDg1ZjgzNDctYTcyYS00YWYyLWEwMTUtZmRlNzI0MGQyYmUxIiwiYWNyIjoiMSIsIm5hbWUiOiJKb2huIERvZSIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiZ2l2ZW5fbmFtZSI6IkpvaG4iLCJmYW1pbHlfbmFtZSI6IkRvZSIsImVtYWlsIjoiYWRtaW5AbmVyZXVzLmNvbSJ9.Avf0OMkus_iNHqFReGDm7sfEO_c-OgWUZhvJIMdW7rQxVd_k26saQEfzAg7mPdxXK74rWzI-trgxnIWVI9Kz6IvVS4M9k_da3-b_bV1Ikv45vL-RvR2zixe36c9XagvxuosXKktlQJec0KiRvnd56wdAriFjB emoticon BQg1vHfsnwlajJCCdxL0-qqylODf6tMDlWuFq3I9TeYg0tqVHHgtLUVGiBc9SeN3vd2O_x286cqFX6EjZR9WPlla_f-I1a41w_3C9KoXhcFpqxUjmF6IHObnqavHRDr 53q2sw6a546cLjXtJZNLVi7EfiH_D_HkO1m_uYtZZyvP2UIgLU8_GFw
Header: {"typ": "JWT", "alg": "RS256", "cty": "null", "kid": "vICzZikqiM0r8zX6GD8tgf-Wq4gkgOqj-cTIkZfoA2s"}
Claims Set: {"iss": "https://161.27.248.176:8444/auth/realms/LifeRay-OpenID", "sub": "3e61466f-437c-4964-a254-48610fd105fa", "aud": [" account "]," exp ": 1522076280," nbf ":" 0 "," iat ": 1522075980," jti ":" 8f320502-51b2-44cd-9690-b0739d8e29d2 "," typ ":" ID "}
Signature: Avf0OMkus_iNHqFReGDm7sfEO_c-OgWUZhvJIMdW7rQxVd_k26saQEfzAg7mPdxXK74rWzI-trgxnIWVI9Kz6IvVS4M9k_da3-b_bV1Ikv45vL-RvR2zixe36c9XagvxuosXKktlQJec0KiRvnd56wdAriFjB emoticon BQg1vHfsnwlajJCCdxL0-qqylODf6tMDlWuFq3I9TeYg0tqVHHgtLUVGiBc9SeN3vd2O_x286cqFX6EjZR9WPlla_f-I1a41w_3C9KoXhcFpqxUjmF6IHObnqavHRDr53q2sw6a546cLjXtJZNLVi7EfiH_D_HkO1m_uYtZZyvP2UIgLU8_GFw
---------
16: 53: 00.097 TRACE [default task-9] [Liferay62Adapter: 31] UserInfo request to uri: https://161.27.248.176:8444/auth/realms/LifeRay-OpenID/protocol/openid-connect/userinfo
16: 53: 00.101 DEBUG [default task-9] [Liferay62Adapter: 41] Response from UserInfo request: {"sub": "3e61466f-437c-4964-a254-48610fd105fa", "name": "John Doe", "preferred_username "," admin "," given_name "," John "," FAMILY_NAME ":" Doe "," email "," admin@nereus.com "}
16: 53: 00,105 DEBUG [default task-9] [Liferay62Adapter: 41] Setting OpenIDUserInfo object in session: {sub = 3e61466f-437c-4964-a254-48610fd105fa, name = John Doe, preferred_username = admin, given_name = John, family_name = Doe, email=admin@nereus.com}
16: 53: 00,106 DEBUG [default task-9] [LibFilter: 164] [default task-9]> nl.finalist.liferay.oidc.OpenIDConnectFilter / c / portal / login
16: 53: 00,106 TRACE [default task-9] [Liferay62Adapter: 31] Found OpenID Connect session attribute, userinfo: {sub = 3e61466f-437c-4964-a254-48610fd105fa, name = John Doe, preferred_username = admin, given_name = John , family_name = Doe, email=admin@nereus.com}
16: 53: 00,112 DEBUG [default task-9] [Liferay62Adapter: 83] User found, update name details with info from userinfo
16: 53: 00,141 TRACE [default task-9] [Liferay62Adapter: 31] Returning credentials for userId 20433, email: admin@nereus.com
16: 53: 00.382 DEBUG [default task-9] [LibFilter: 183] [default task-9] <nl.finalist.liferay.oidc.OpenIDConnectFilter / c / portal / login 276 ms
So we press the Disconnect button that correctly brings me back to the login page, but if I try to access a liferay, it allows me to log in without entering the password (See log)
16: 57: 35,353 TRACE [default task-5] [Liferay62Adapter: 31] In processFilter () ...
16: 57: 35,354 DEBUG [default task-5] [LibFilter: 164] [default task-5]> nl.finalist.liferay.oidc.OpenIDConnectFilter / c / portal / logout
16: 57: 35,359 DEBUG [default task-5] [LibFilter: 183] [default task-5] <nl.finalist.liferay.oidc.OpenIDConnectFilter / c / portal / logout 5 ms
16: 57: 35,551 TRACE [default task-5] [Liferay62Adapter: 31] No current OpenID Connect conversation, no auto login
It's like something left in session. in fact, if I try to delete the temporary chrome files, everything works.
ps: Maybe it can be useful for others. For your information when I turn off and turn on wildfly, your plugin is not deployed and goes wrong.
Every time I run stop / start I have to unistall and install the plugin to make it work.
Can you help me on this too?
Thanks for your great support.
Max
/////////////////////////////////////
March 28 update:
Hi Geert,
I update you on the problem of logging out from liferay and cleaning session for keycloak authentication that I have previously described. This can be useful for others.
I have added in the portal-ext.properties this property:
default.logout.page.path = https: //161.27.248.176: 8444 / auth / realms / LifeRay-OpenID / protocol / openid-connect / logout? redirect_uri = https% 3A% 2F% 2F161.27.248.176% 3A8443% 2Fhome
This solves the problem of logging out from liferay and cleaning the keycloak sesisone.
The problem of deploying the plugin when restarting wildfly remains and I look forward to your help.
Thank you
Max
I've just finished configuring my server for certificate issues.
EVERYTHING WORKS !!! Great.
I noticed that the logout does not work properly.
Let me explain, when I press the button at the top right, it redirects to the keycloak authentication service page (and it's right), I enter the user and password and enter the portal correctly. (see log)
16: 52: 47,282 TRACE [default task-9] [Liferay62Adapter: 31] In processFilter () ...
16: 52: 47,282 TRACE [default task-9] [Liferay62Adapter: 31] About to redirect to OpenID Provider
16: 52: 47,283 DEBUG [default task-9] [Liferay62Adapter: 41] Redirecting to URL: https://161.27.248.176:8444/auth/realms/LifeRay-OpenID/protocol/openid-connect/auth?scope=openid&response_type code = & redirect_uri = https% 3A% 2F% 2F161.27.248.176% 3A8443% 2fc% 2Fportal% 2Flogin & state = 8c7c5e749ae40a8feadd1e77e7e6a4f3 & client_id = account
16: 53: 00,039 TRACE [default task-9] [Liferay62Adapter: 31] In processFilter () ...
16: 53: 00,040 TRACE [default task-9] [Liferay62Adapter: 31] About to exchange code for access token
16: 53: 00,041 DEBUG [default task-9] [Liferay62Adapter: 41] Token request to uri: https://161.27.248.176:8444/auth/realms/LifeRay-OpenID/protocol/openid-connect/token
16: 53: 00,097 TRACE [default task-9] [Liferay62Adapter: 31] Access / id token response: - JWT -
Raw String: eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJ2SUN6WmlrcWlNMHI4elg2R0Q4dGdmLVdxNGdrZ09xai1jVElrWmZvQTJzIn0.eyJqdGkiOiI4ZjMyMDUwMi01MWIyLTQ0Y2QtOTY5MC1iMDczOWQ4ZTI5ZDIiLCJleHAiOjE1MjIwNzYyODAsIm5iZiI6MCwiaWF0IjoxNTIyMDc1OTgwLCJpc3MiOiJodHRwczovLzE2MS4yNy4yNDguMTc2Ojg0NDQvYXV0aC9yZWFsbXMvTGlmZVJheS1PcGVuSUQiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiM2U2MTQ2NmYtNDM3Yy00OTY0LWEyNTQtNDg2MTBmZDEwNWZhIiwidHlwIjoiSUQiLCJhenAiOiJhY2NvdW50IiwiYXV0aF90aW1lIjoxNTIyMDc1OTgwLCJzZXNzaW9uX3N0YXRlIjoiMDg1ZjgzNDctYTcyYS00YWYyLWEwMTUtZmRlNzI0MGQyYmUxIiwiYWNyIjoiMSIsIm5hbWUiOiJKb2huIERvZSIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiZ2l2ZW5fbmFtZSI6IkpvaG4iLCJmYW1pbHlfbmFtZSI6IkRvZSIsImVtYWlsIjoiYWRtaW5AbmVyZXVzLmNvbSJ9.Avf0OMkus_iNHqFReGDm7sfEO_c-OgWUZhvJIMdW7rQxVd_k26saQEfzAg7mPdxXK74rWzI-trgxnIWVI9Kz6IvVS4M9k_da3-b_bV1Ikv45vL-RvR2zixe36c9XagvxuosXKktlQJec0KiRvnd56wdAriFjB emoticon BQg1vHfsnwlajJCCdxL0-qqylODf6tMDlWuFq3I9TeYg0tqVHHgtLUVGiBc9SeN3vd2O_x286cqFX6EjZR9WPlla_f-I1a41w_3C9KoXhcFpqxUjmF6IHObnqavHRDr 53q2sw6a546cLjXtJZNLVi7EfiH_D_HkO1m_uYtZZyvP2UIgLU8_GFw
Header: {"typ": "JWT", "alg": "RS256", "cty": "null", "kid": "vICzZikqiM0r8zX6GD8tgf-Wq4gkgOqj-cTIkZfoA2s"}
Claims Set: {"iss": "https://161.27.248.176:8444/auth/realms/LifeRay-OpenID", "sub": "3e61466f-437c-4964-a254-48610fd105fa", "aud": [" account "]," exp ": 1522076280," nbf ":" 0 "," iat ": 1522075980," jti ":" 8f320502-51b2-44cd-9690-b0739d8e29d2 "," typ ":" ID "}
Signature: Avf0OMkus_iNHqFReGDm7sfEO_c-OgWUZhvJIMdW7rQxVd_k26saQEfzAg7mPdxXK74rWzI-trgxnIWVI9Kz6IvVS4M9k_da3-b_bV1Ikv45vL-RvR2zixe36c9XagvxuosXKktlQJec0KiRvnd56wdAriFjB emoticon BQg1vHfsnwlajJCCdxL0-qqylODf6tMDlWuFq3I9TeYg0tqVHHgtLUVGiBc9SeN3vd2O_x286cqFX6EjZR9WPlla_f-I1a41w_3C9KoXhcFpqxUjmF6IHObnqavHRDr53q2sw6a546cLjXtJZNLVi7EfiH_D_HkO1m_uYtZZyvP2UIgLU8_GFw
---------
16: 53: 00.097 TRACE [default task-9] [Liferay62Adapter: 31] UserInfo request to uri: https://161.27.248.176:8444/auth/realms/LifeRay-OpenID/protocol/openid-connect/userinfo
16: 53: 00.101 DEBUG [default task-9] [Liferay62Adapter: 41] Response from UserInfo request: {"sub": "3e61466f-437c-4964-a254-48610fd105fa", "name": "John Doe", "preferred_username "," admin "," given_name "," John "," FAMILY_NAME ":" Doe "," email "," admin@nereus.com "}
16: 53: 00,105 DEBUG [default task-9] [Liferay62Adapter: 41] Setting OpenIDUserInfo object in session: {sub = 3e61466f-437c-4964-a254-48610fd105fa, name = John Doe, preferred_username = admin, given_name = John, family_name = Doe, email=admin@nereus.com}
16: 53: 00,106 DEBUG [default task-9] [LibFilter: 164] [default task-9]> nl.finalist.liferay.oidc.OpenIDConnectFilter / c / portal / login
16: 53: 00,106 TRACE [default task-9] [Liferay62Adapter: 31] Found OpenID Connect session attribute, userinfo: {sub = 3e61466f-437c-4964-a254-48610fd105fa, name = John Doe, preferred_username = admin, given_name = John , family_name = Doe, email=admin@nereus.com}
16: 53: 00,112 DEBUG [default task-9] [Liferay62Adapter: 83] User found, update name details with info from userinfo
16: 53: 00,141 TRACE [default task-9] [Liferay62Adapter: 31] Returning credentials for userId 20433, email: admin@nereus.com
16: 53: 00.382 DEBUG [default task-9] [LibFilter: 183] [default task-9] <nl.finalist.liferay.oidc.OpenIDConnectFilter / c / portal / login 276 ms
So we press the Disconnect button that correctly brings me back to the login page, but if I try to access a liferay, it allows me to log in without entering the password (See log)
16: 57: 35,353 TRACE [default task-5] [Liferay62Adapter: 31] In processFilter () ...
16: 57: 35,354 DEBUG [default task-5] [LibFilter: 164] [default task-5]> nl.finalist.liferay.oidc.OpenIDConnectFilter / c / portal / logout
16: 57: 35,359 DEBUG [default task-5] [LibFilter: 183] [default task-5] <nl.finalist.liferay.oidc.OpenIDConnectFilter / c / portal / logout 5 ms
16: 57: 35,551 TRACE [default task-5] [Liferay62Adapter: 31] No current OpenID Connect conversation, no auto login
It's like something left in session. in fact, if I try to delete the temporary chrome files, everything works.
ps: Maybe it can be useful for others. For your information when I turn off and turn on wildfly, your plugin is not deployed and goes wrong.
Every time I run stop / start I have to unistall and install the plugin to make it work.
Can you help me on this too?
Thanks for your great support.
Max
/////////////////////////////////////
March 28 update:
Hi Geert,
I update you on the problem of logging out from liferay and cleaning session for keycloak authentication that I have previously described. This can be useful for others.
I have added in the portal-ext.properties this property:
default.logout.page.path = https: //161.27.248.176: 8444 / auth / realms / LifeRay-OpenID / protocol / openid-connect / logout? redirect_uri = https% 3A% 2F% 2F161.27.248.176% 3A8443% 2Fhome
This solves the problem of logging out from liferay and cleaning the keycloak sesisone.
The problem of deploying the plugin when restarting wildfly remains and I look forward to your help.
Thank you
Max
Geert van der Ploeg:
Max Baldy:Hi Geert,
I wanted to update you, as written in the logs, I had no errors.
On the login page of liferay I had both the Sign In portlet and the top right button of the Login. When I tried to use the button at the top right or use the portlet nothing happened and entered the portal of liferay without using the plugin that does the redirect on the Keycloak authentication service.
By accidentally deleting the sign in portlet (thus leaving only the button at the top) the plugin worked and the redirect to the login page kcloak worked. If it can help other people, perhaps specify in the guide or in the configuration files, to delete the Sign In portal in liferay 6.2 (if present by default).
This is weird behaviour from Liferay, I have noticed this myself too. If the login portlet is displayed somewhere on the page, then the login button at the top does not redirect to /c/portal/login and then presenting you the sign-in-portlet (or redirect to OIDC login in our case), but then Liferay bypasses the /c/portal/login mechanism and displays the existing portlet instead. In my opinion this is a flaw in Liferay. Thanks for pointing it out here, maybe it's useful for other users...Max Baldy:
I wanted to ask, using the external authentication service, this plugin means that users are inserted into liferay or not?
Correct, the users are provisioned (created in Liferay) by the plugin. At every login, the users' details are updated/overwritten with the details from the OIDC authorization server. Only the email address is not updated, but it is used instead as primary key: if you change the email address the user will be registered as a new one upon the next login.