Forums de discussion

  1. Accueil
  2. Portal
  3. Liferay Sync under Oracle Access Manager with WebGate

Liferay Sync under Oracle Access Manager with WebGate

thumbnail
Marco Volpe, modifié il y a 8 années.

Liferay Sync under Oracle Access Manager with WebGate

New Member Publications: 16 Date d'inscription: 23/12/08 Publications récentes
Hello

I have to build a Liferay solution which incluedes the Sync / WebDAV components.

In the customer infrastructure where this solution have to be installaed, the authentication and authorization component is handled by OAM and all third party systems pass from the OAM WebGate plugin where the users put their credentials to gain access.

I see the OAM exposes some API for a SOAP Integration. So it's possible to implement a Liferay Authentication hook for authenticate and authorize users.

But it's possible to continue to use WebGate for Liferay? Could this approach give problems for Sync and WebDAV components?

Thanks
thumbnail
Dennis Ju, modifié il y a 8 années.

RE: Liferay Sync under Oracle Access Manager with WebGate

Regular Member Publications: 228 Date d'inscription: 30/09/10 Publications récentes
SSO support for Liferay Sync is currently under development. We are planning to release SSO support in the next couple months. If you would like to beta test Liferay Sync in your SSO environment, please contact the Sync team at sync-feedback@liferay.com.

Webdav's protocol only supports basic auth and digest (Liferay's Webdav implementation doesn't support NTLM/Kerberos), so a custom module is needed to authenticate and pass the appropriate credentials.
thumbnail
Marco Volpe, modifié il y a 8 années.

RE: Liferay Sync under Oracle Access Manager with WebGate

New Member Publications: 16 Date d'inscription: 23/12/08 Publications récentes
Thank you for your reply.

So, if I built my Authenticator class and I put it in auth.pipeline.pre properties, it would be used by Sync authentication pipeline, is it correct?
thumbnail
Dennis Ju, modifié il y a 8 années.

RE: Liferay Sync under Oracle Access Manager with WebGate

Regular Member Publications: 228 Date d'inscription: 30/09/10 Publications récentes
For SSO authentication, the Sync client will use an embedded web browser in combination with OAuth. Authenticating via the embedded web browser will flow through the same authentication pipeline as a standard web browser. After authenticating via the browser, OAuth tokens are persisted and used for future requests.

Please note, an EE subscription is required to download and deploy the OAuth portlet.
thumbnail
Marco Volpe, modifié il y a 7 années.

RE: Liferay Sync under Oracle Access Manager with WebGate

New Member Publications: 16 Date d'inscription: 23/12/08 Publications récentes
Hi Denis

Thank you for your reply, now I had much information about my problem.

Using Web Form Authentication, the first request is blocked by OAM redirecting the user to the web gate page for the login. After the login, OAM releases a cookie, called OBSSOCookie, that the client browser will store for the next HTTP requests.

Now, Liferay Sync implements a Basic Authentication to recognize the user.

In my scenario, each Liferay Sync HTTP Request will be blocked by OAM.

Liferay Sync uses an internal HTTP Header called ,"Sync-JWT", to remember the user logged the first time, it stores the Liferay userId .

But it could remember additional information passed by OAM. For example the OBSSOCookie or other HTTP Header information?

Thanks
Marco
thumbnail
Dennis Ju, modifié il y a 7 années.

RE: Liferay Sync under Oracle Access Manager with WebGate

Regular Member Publications: 228 Date d'inscription: 30/09/10 Publications récentes
Please review the instructions for configuring SSO/OAuth usage with Liferay Sync here. You will need to "whitelist" the URL's mentioned in the documentation such that certain requests between Sync and the portal are not blocked/redirected to your OAM gateway.