Liferay 6.2 + Azure AD Integration

Foros de discusión

Amir Barkal, modificado hace 8 años.

Liferay 6.2 + Azure AD Integration

New Member Mensajes: 14 Fecha de incorporación: 12/08/15 Mensajes recientes

Hello

I'm trying to figure out the requirements and steps on how to enable users to login into Liferay using Azure AD.
I've have successfully managed to integrate a Windows Server 2008 R2 LDAP server (Active Directory) so that Liferay will sync user details (including password) from AD > Liferay (import) and vice versa (export).

Unfortunately I cannot find decent documentation on how to make the above scenario work with Azure AD.
1. Does anyone have an idea how can this be done?
2. Do I need to use SAML 2.0 EE plugin?
3. Do I need to have "Azure Active Directory Premium" or is the regular subscription is enough?
4. Is there any Liferay related coding required?

Amir Barkal, modificado hace 8 años.

RE: Liferay 6.2 + Azure AD Integration

New Member Mensajes: 14 Fecha de incorporación: 12/08/15 Mensajes recientes

I've made some progress with this issue by installing the SAML plugin and configuring it so that Liferay is defined as a Service Provider and Azure AD is the Identity Provider.

I've created a new custom application in Azure AD (because Liferay is not listed in the catalog, unfortunately) and configured the SAML plugin as per the documentation suggests, however I am receiving the following error in Liferay when I try to login with an Azure AD user:

"Inbound message issuer was not authenticated."

You can see the full log here:
http://pastebin.com/m7jwYGUj

The error is preceded by this message:
"SAML protocol message was not signed, skipping XML signature processing"

I've found this thread similar to my problem but it does not use Azure AD.

Do I need to add details of my Liferay Service Provider Self-Signed Certificate to Azure AD application metadata xml file? If so how do I do that?

thanks in advance...

Amir Barkal, modificado hace 8 años.

RE: Liferay 6.2 + Azure AD Integration

New Member Mensajes: 14 Fecha de incorporación: 12/08/15 Mensajes recientes

No one has a clue regarding this issue?

I've tried to add the Liferay SP certificate to the "keyCredentials" part of the Azure metadata json file and upload it to the azure portal, but I'm still getting an error "Inbound message issuer was not authenticated." when Liferay is trying to login with an Azure AD user.

Perhaps I'm not filling the certificate details in the right way? Maybe this is not the place?

Jitesh Dadlani, modificado hace 8 años.

RE: Liferay 6.2 + Azure AD Integration

New Member Mensajes: 3 Fecha de incorporación: 7/01/15 Mensajes recientes

Hello Amir,
We were trying the same and faced similar issue/exception.
Kindly share your solutions if you were able to resolve the above issue.
Or any other solutions that worked with Liferay + SAML2.0 + Azure as Identity Provider ?
It would help the community.

Amir Barkal, modificado hace 8 años.

RE: Liferay 6.2 + Azure AD Integration

New Member Mensajes: 14 Fecha de incorporación: 12/08/15 Mensajes recientes

We actually gave up on trying to make this work with azure due to lack of documentation and switched to regular LDAP with AD 2012R2.

Olaf Kock, modificado hace 7 años.

RE: Liferay 6.2 + Azure AD Integration

Liferay Legend Mensajes: 6403 Fecha de incorporación: 23/09/08 Mensajes recientes

As this is all about EE, you might want to open a ticket with support to check if this is a bug or a nonimplemented feature. They might be able to point you to the relevant documentation - or fix it.