Tribune

Home » Liferay Portal » English » 2. Using Liferay » General

Vista Combinata Vista Piatta Vista ad Albero
Discussioni [ Precedente | Successivo ]
toggle
Manuel de la Peña
Liferay Login and Digital Sign
14 marzo 2011 1.37
Risposta

Manuel de la Peña

Punteggio: Regular Member

Messaggi: 116

Data di Iscrizione: 4 dicembre 2008

Messaggi recenti

Hello,
has anybody created a login portlet with digital sign (digital certificate)?

If so, what guidelines are required (properties, login-hook, login-portlet, etc.)?

Many thanks
Jonas Yuan
RE: Liferay Login and Digital Sign
14 marzo 2011 11.01
Risposta

Jonas Yuan

Punteggio: Liferay Master

Messaggi: 993

Data di Iscrizione: 26 aprile 2007

Messaggi recenti

Hi Manuel,

Liferay framework is great, that you can do a lot.

The topic "login portlet with digital sign" is interesting. Would you please provide context of the login portlet with digital sign? It would be nice that you can provide details requirements here.

Thanks

Jonas Yuan

==================
The Author of Liferay Books:
Liferay User Interface Development
Liferay Portal 6 Enterprise Intranets
Liferay Portal 5.2 Systems Development
Liferay Portal Enterprise Intranets
Juan Gonzalez
RE: Liferay Login and Digital Sign
14 marzo 2011 11.15
Risposta

Juan Gonzalez

LIFERAY STAFF

Punteggio: Liferay Legend

Messaggi: 2807

Data di Iscrizione: 28 ottobre 2008

Messaggi recenti

Hola Manuel,

I suppose you are trying to implement authentication with spanish Id card (DNI-e).

I did a project some time ago using digital certificate of DNI-e. This certificate is x509, so you can do it as if it was an standard x509 certicate.

Any J2EE server provides API and tools to access a client certificate (you'll then have to struggle with drivers and so). Among other things, you'll have to activate CLIENT_CERT (web.xml) authentication for whatever Portlet you're going to develop.

Another use case would be the digital sign, in this case you'll have to implement (or use an existing) applet or activeX which can access client cert to sign any document with it.

This is one of the things I'd like to develop for Liferay, but perhaps I wouldn't afford it until few months.
Manuel de la Peña
RE: Liferay Login and Digital Sign
15 marzo 2011 2.54
Risposta

Manuel de la Peña

Punteggio: Regular Member

Messaggi: 116

Data di Iscrizione: 4 dicembre 2008

Messaggi recenti

This is my 100th post, so i'll try to make it as bright as i can!! emoticon

I've to say that i've implemented it (digital sign login) with Liferay 5.2.1 and EXT enviroment, using Spanish national ID (DNIe).

My 'old' scenario:
  • Liferay 5.2.1, EXT enviroment
  • Custom Authentication System in another database
  • Spanish Digital Sign Validation Platform (named '@-firma'), based on web services

I have achieved the "digital-sign login", using the javascript client of '@-firma' (to access to user's digital certificate), and overriding Liferay LoginUtil to use my validation system.

But now, i'm moving to plugins enviroment in 5.2.3, and i'm finding "problems" with the same scenario, changing EXT for plugins enviroment.

First of all, i'm using screen-name validation to use the Spanish ID, and skipping Liferay auth pipeline with (auth.pipeline.enable.liferay.check=false) too. So i'm delegating auth pipeline in my own classes (defined in auth.pipeline.pre).

Next one, i'm using the '@-firma' Platform to validate the certificate, and it returns an XML with the information inside the certificate: Certification Entity, ID, Name, IsValid, etc. (First authenticator)

If it returns 'SUCCESS', I validate the user-password sent against my custom authentication system (CAS). (Second authenticator)

Finished the authenticators, I delegate to login process. But, maybe i'm wrong, login process always needs the inputs 'user-password' to check if user-input exists in liferay USER_ table. And here is my problem: I don't know how to override those input values, because Authenticator classes in 'auth.pipeline.pre' have not access to httprequest, only a parameter Map, so is not possible (maybe i don't know how to do it) to modify parameters sent to LoginUtil class (inside portal-impl.jar).

I exposed my CAS system in this post

My aim is to send the XML values returned by digital certificate to next Authenticator, and finally to LoginUtil class.

I hope this post will help (to me, to the community,...)

Many thanks!
Manuel de la Peña
RE: Liferay Login and Digital Sign
22 marzo 2011 10.01
Risposta

Manuel de la Peña

Punteggio: Regular Member

Messaggi: 116

Data di Iscrizione: 4 dicembre 2008

Messaggi recenti

Does anybody know how to do it?? Suggestions are accepted...
Manuel de la Peña
RE: Liferay Login and Digital Sign
8 aprile 2011 5.18
Risposta

Manuel de la Peña

Punteggio: Regular Member

Messaggi: 116

Data di Iscrizione: 4 dicembre 2008

Messaggi recenti

Well, i can say that i got it working... BUT...

How can i override input parameters sent by submit??

The process is this:
  1. I get the UserID reading the certificate at client side, via applet
  2. nsice my Custom Auth System (CAS), I send a request to DigitalSign Platform, to validate the certificate.
  3. It returns a XML with certificate's information. My CAS parses it to get values.
  4. Again in my CAS, the screenname sent by login inputs is empty (the user only uses his/her certificate), so, when it reaches Liferay's Class AuthPipeline._authenticate(String[], long, String, String, String, Map<String,String[]>, Map<String,String[]>) line: 154 the screenName param is empty, and i cannot override it with XML's values.
How could i do that?
Manuel de la Peña
RE: Liferay Login and Digital Sign
11 aprile 2011 1.58
Risposta

Manuel de la Peña

Punteggio: Regular Member

Messaggi: 116

Data di Iscrizione: 4 dicembre 2008

Messaggi recenti

All I can think about doing it is to make an AJAX request to the DigitalSign platform, and override the input value with that response BEFORE submitting form.
I'll post my results later
Manuel de la Peña
RE: Liferay Login and Digital Sign
11 aprile 2011 4.32
Risposta

Manuel de la Peña

Punteggio: Regular Member

Messaggi: 116

Data di Iscrizione: 4 dicembre 2008

Messaggi recenti

Well, that's it! I've achieved!! emoticon

I call the DigitalSign Platform via AJAX before the submit proccess, so i can get the values returned by the Platform. So, the input sent to Login Portlet (Login Hook in my case) is the ID authenticated by the DigitalSign Platform, telling me if the certificate is valid or not.

So i can say that my CAS is totally finished!

Thanks everybody!
hossein sadeghi
RE: Liferay Login and Digital Sign
25 luglio 2011 22.13
Risposta

hossein sadeghi

Punteggio: New Member

Messaggi: 4

Data di Iscrizione: 28 settembre 2010

Messaggi recenti

hi !
i use liferay 6.0.5 and i implement digital signature set to edocs on resources in liferay !
help me, PLZ.