Hi joss,

1.If you want to use the https protocol for all request after login, you should activate the following property in your portal-ext.properties

company.security.auth.requires.https=true

2. For the custom login you should write an autologin servlet, or hook, that will care of your custom login process. From this component you have acces to user infos as userid.

Hello,

Below is my requirement:
1) User goes to http://localhost:8080/portal. User sees a login portlet.
2) A custom login portlet should have a button "Invoke", clicking on which the client is asked for an x509 certificate.
3) A part of the CN name is the userid. This gets extracted using JAAS and stored as a principal.
3) Now using liferay's api, I have to call the login module passing this id, which will be setup in the DB already, so that user gets logged in.
4) After sucessful login, the user needs to be redirected to a different url on an ssl port since ssl has been estabilished - https://localhost:8443/web/guest...


I kindly request someone to give me a hint to get this thing started.

I am using Liferay6 deployed in jboss (not bundled).


Thanks in advance.

Hello Ted,

Hope this link can help you in this regard...

Thanks and Regards...

Hi Ted,

Simplest way is to put Liferay behind an Apache Proxy Server. The Apache proxy would have two VirtualHosts :

- *:80 which will use mod_rewrite to redirect anything to https
- *:443 which will proxy to the Application Server (Which can be then binded to localhost)

Then, four simple lines in portal-ext to force web.server properties will avoid any problem btw Liferay and Apache.

This will provide you with :

- Security : AS won't be accessible through the internet, only Apache will
- HTTPS natively everywhere. Which makes me ask you a silly question : why is your Login screen over HTTP sending your X509 Cert in clear ? Am I missing something ? 'Cause if you just want to identify the user with the certificate, passing it in clear seems to me to be a security failure. Or may be you'd like to initiate your SSL connection with this certificate ?

Anyway, if the above solution suits you, please, let me know if you need more hints and samples about configuring Apache and LR.

See ya,