Foros de discusión

  1. Inicio
  2. Development
  3. PicketLink Integration in liferay DXP (SSO)

PicketLink Integration in liferay DXP (SSO)

thumbnail
Shahbaz Khan, modificado hace 6 años.

PicketLink Integration in liferay DXP (SSO)

Junior Member Mensajes: 40 Fecha de incorporación: 18/11/14 Mensajes recientes
How can we implement single sign on in liferay dxp through PicketLink.

I want to use Liferay as a service provider and PicketLink as a identity provider.

How can we implement this.
thumbnail
Andrew Jardine, modificado hace 6 años.

RE: PicketLink Integration in liferay DXP (SSO)

Liferay Legend Mensajes: 2416 Fecha de incorporación: 22/12/10 Mensajes recientes
Hi Shahbaz,

There is no magic here. You just need to configure Liferay as a service provider and provide the correct setting to integrate with your PicketLink installation. Have you looked at the DXP configuration options?
thumbnail
Shahbaz Khan, modificado hace 6 años.

RE: PicketLink Integration in liferay DXP (SSO)

Junior Member Mensajes: 40 Fecha de incorporación: 18/11/14 Mensajes recientes
Andrew Jardine:
Hi Shahbaz,

There is no magic here. You just need to configure Liferay as a service provider and provide the correct setting to integrate with your PicketLink installation. Have you looked at the DXP configuration options?


Hi Andrew

I am using Liferay SAML 2.0 provider plugin. It requires metadata xml file of IDP or SP. I have configured it properly and it is redirecting me to picketlink login screen also but after login it is not redirecting me to liferay portal again.

Can you please let me know if we can do it without metadata also ?
thumbnail
Andrew Jardine, modificado hace 6 años.

RE: PicketLink Integration in liferay DXP (SSO)

Liferay Legend Mensajes: 2416 Fecha de incorporación: 22/12/10 Mensajes recientes
The configuration for where to redirect after authenticated is normally configured in the IdP -- PicketLink from what you have said. Cna you share with us the configuration setting that you have added?

Also, since you are on DXP, you should have access to the customer portal. Have you looked at the guide, as Jack has suggested? You can find it here: https://customer.liferay.com/documentation/knowledge-base/-/kb/309969?_3_WAR_osbknowledgebaseportlet_redirect=https%3A%2F%2Fcustomer.liferay.com%2Fdocumentation%2Fsearch%3Fp_p_id%3D1_WAR_osbknowledgebaseportlet%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26_1_WAR_osbknowledgebaseportlet_mvcPath%3D%252Fsearch%252Fview.jsp%26_1_WAR_osbknowledgebaseportlet_assetCategoryIds%3D80889%26_1_WAR_osbknowledgebaseportlet_keywords%3DSAML
thumbnail
Shahbaz Khan, modificado hace 6 años.

RE: PicketLink Integration in liferay DXP (SSO)

Junior Member Mensajes: 40 Fecha de incorporación: 18/11/14 Mensajes recientes
Thanks Andrew for the help.

I have checked the SAML plugin configuration. It is working fine with metadata exchange.

But i need to do it without metadata support. As our PicketLink IDP doesn't support metadata. So is it possible to implement it without metadata ?
Bhavik Shah, modificado hace 6 años.

RE: PicketLink Integration in liferay DXP (SSO)

Junior Member Mensajes: 64 Fecha de incorporación: 21/05/15 Mensajes recientes
Hi Andrew,

Can you please reply on below post on urgent basis.

https://web.liferay.com/community/forums/-/message_boards/message/99767976

Thanks in advance.
Regards,
Bhavik
thumbnail
Shahbaz Khan, modificado hace 6 años.

RE: PicketLink Integration in liferay DXP (SSO)

Junior Member Mensajes: 40 Fecha de incorporación: 18/11/14 Mensajes recientes
Hi Andrew

I have followed the Liferay Saml integration document https://dev.liferay.com/discover/portal/-/knowledge_base/6-2/integrating-existing-users-into-liferay?_ga=2.60333293.1319801879.1519624620-1060216731.1519624620#saml

I have exchanged PicketLink IDP metadata and Liferay SP metadata file at both end. I am able to redirect to PicketLink IDP but after successful authentication It is not being redirected to Liferay.

Can you please help me in this ?
thumbnail
Andrew Jardine, modificado hace 6 años.

RE: PicketLink Integration in liferay DXP (SSO)

Liferay Legend Mensajes: 2416 Fecha de incorporación: 22/12/10 Mensajes recientes
Hi Shahbaz,

From experience you have a couple of options for this one -- and I think it depends, in part, on how you have configured your IdP. Again, I have never worked with PicketLink, but I suspect that it has the ability for you to configure a (static) redirect. If it does and you don't care about deep linking into the site, then I would probably go with that approach.

If you need to deep link (meaning redirect the user post login to the original URL that they tried to hit) then you may need to pass the location to the IdP and have the IdP echoit back to you. One way to do this is to use the RelayState on the binding. I'm no security expert but my understanding is that most (all?) IdPs should have the ability to be configured to echo anything passed in the relay state back to the caller. I don't know if the Liferay code pays any attention to the relay state or not though so you may need do something custom on the Liferay end to handle that scenario.
thumbnail
Jack Bakker, modificado hace 6 años.

RE: PicketLink Integration in liferay DXP (SSO)

Liferay Master Mensajes: 978 Fecha de incorporación: 3/01/10 Mensajes recientes
Shahbaz Khan:
How can we implement single sign on in liferay dxp through PicketLink.

I want to use Liferay as a service provider and PicketLink as a identity provider.

How can we implement this.


If you have a licensed DXP, then you might find the appropriate docs in the customer portal.