掲示板

  1. ホーム
  2. Portal
  3. CAS and Liferay users

CAS and Liferay users

14年前 に Enrique José Cabal González によって更新されました。

CAS and Liferay users

New Member 投稿: 12 参加年月日: 10/01/11 最新の投稿
Hi,

I am trying to integrate CAS and Liferay. My problem is that I can't login with my liferay previous users. So I need to integrate CAS with Liferay database (lportal). I am using Mysql.

Someone who helps me?

Thans.
thumbnail
14年前 に Shagul Khaja によって更新されました。

RE: CAS and Liferay users

Liferay Master 投稿: 758 参加年月日: 07/09/27 最新の投稿
Hi,

The below link may be useful.

CAS SSO Liferay

One option is to configure CAS and Liferay to use LDAP. If not you may have to write your own handler to authenticate against Liferay database as explained in the above document.


Best Regards,
Shagul
14年前 に Enrique José Cabal González によって更新されました。

RE: CAS and Liferay users

New Member 投稿: 12 参加年月日: 10/01/11 最新の投稿
Hi,

Thanks for your answer. I am developing a small prototipe in a test server, so I don't need to import users from LDAP, I only need users from "lportal".

Are you sure that I have to write my own handler? I've found this thread in the ja-sig wiki:

http://www.ja-sig.org/wiki/display/CASUM/Using+JDBC+for+Authentication

In theory we have to configure CAS server to use JDBC, so we can use our own database (in that case liferay's one). I hope it works, I will post when I try it.

Thanks.
thumbnail
14年前 に Shagul Khaja によって更新されました。

RE: CAS and Liferay users

Liferay Master 投稿: 758 参加年月日: 07/09/27 最新の投稿
If you are storing the password in Liferay in encrypted form (which is the default), you may have to encrypt the user entered password in CAS in a similar way before you can compare.

I think for your prototype you could just have Liferay store clear text password.


## Passwords
##

    #
    # Set the following encryption algorithm to encrypt passwords. The default
    # algorithm is SHA (SHA-1). If set to NONE, passwords are stored in the
    # database as plain text. The SHA-512 algorithm is currently unsupported.
    #
    #passwords.encryption.algorithm=CRYPT
    #passwords.encryption.algorithm=MD2
    #passwords.encryption.algorithm=MD5
    #passwords.encryption.algorithm=NONE
    passwords.encryption.algorithm=SHA
    #passwords.encryption.algorithm=SHA-256
    #passwords.encryption.algorithm=SHA-384
    #passwords.encryption.algorithm=SSHA



Best Regards,
Shagul
14年前 に Enrique José Cabal González によって更新されました。

RE: CAS and Liferay users

New Member 投稿: 12 参加年月日: 10/01/11 最新の投稿
I suppose that I have to write it in the portal-ext.properties.

If I quit the encryption, What happens with the users that are already in the database? Their passwords are decrypted? Or it happens only with the new users that will be inserted in the database?

This is a well solution for a test environment, but if I work in a real one, can I encrypt the password in the CAS Server?

Sorry, I know that I make a lot of questions...

Thanks!
thumbnail
14年前 に Shagul Khaja によって更新されました。

RE: CAS and Liferay users

Liferay Master 投稿: 758 参加年月日: 07/09/27 最新の投稿
Yes, the properties go in portal-ext.properties.

There is no decryption in place. Changing the algorithm will only affect the new users and may require others to change password.

As I mentioned earlier, you may have to write your own handler that will encrypt the password using the same algorithm as that of lportal before comparing with the string in database. You could borrow the classes from Liferay.

Take a look at UserLocalServiceImpl and other places (authenticators) where PwdEncryptor is used.


if (!user.isPasswordEncrypted()) {
			user.setPassword(PwdEncryptor.encrypt(user.getPassword()));
			user.setPasswordEncrypted(true);

			userPersistence.update(user, false);
		}


Best Regards,
Shagul
14年前 に Enrique José Cabal González によって更新されました。

RE: CAS and Liferay users

New Member 投稿: 12 参加年月日: 10/01/11 最新の投稿
Now I am working without encryption but I am very interested in encrypting the password in the future. As I read in several forums there is a default handler in CAS Server.


<bean class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder">
    <constructor-arg index="0" value="MD5" />
</bean>


Do you know if it works fine? And which algorithms implements?

Thank you.
thumbnail
14年前 に Shagul Khaja によって更新されました。

RE: CAS and Liferay users

Liferay Master 投稿: 758 参加年月日: 07/09/27 最新の投稿
I don't think this would work. As I stated in my previous post you have encrypt, encode the password in a similar way it is done in Liferay code before you can compare.



-Shagul
14年前 に Enrique José Cabal González によって更新されました。

RE: CAS and Liferay users

New Member 投稿: 12 参加年月日: 10/01/11 最新の投稿
I've been trying and it doesn't work, so finally I will have to write my own handler. Now I have to solve other problems, because CAS doesn't work fine.

Thank you very much for your help Shagul!
thumbnail
14年前 に Shagul Khaja によって更新されました。

RE: CAS and Liferay users

Liferay Master 投稿: 758 参加年月日: 07/09/27 最新の投稿
Most Welcome. We usually integrate CAS with LDAP and I don't have a sample or something to share with you.

Best,
Shagul
14年前 に Bernardo Riveira Faraldo によって更新されました。

RE: CAS and Liferay users

Regular Member 投稿: 135 参加年月日: 08/10/30 最新の投稿
We have made it; don't need to change Liferay password encryption from default

but you have to implement it in CAS; you need to use the SQL query adaptor for user+pass combination check that just makes a SELECT from the liferay User_ table, and add a java class that implements the Liferay password encryption

you just use that class instead of the org.jasig.cas.authentication.handler.DefaultPasswordEncoder CAS default

let me see if I can get it from here (I'm at home now)
14年前 に Bernardo Riveira Faraldo によって更新されました。

RE: CAS and Liferay users

Regular Member 投稿: 135 参加年月日: 08/10/30 最新の投稿
This is it; you just have to implement the SHA algorithm in the "encode()" method (in your class implementing the CAS PasswordEncoder interface)

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.io.UnsupportedEncodingException;
import org.jasig.cas.authentication.handler.*;

public final class LiferayPasswordEncoder implements PasswordEncoder {
	
	public String encode(final String password) {
		MessageDigest digester = null;

		try{
			digester = MessageDigest.getInstance("SHA");
			digester.update(password.getBytes("UTF-8"));
		}
		catch (NoSuchAlgorithmException nsae) {
			System.out.println("LiferayPasswordEncoder - error algoritmo SHA no encontrado");
			nsae.printStackTrace();
		}
		catch (UnsupportedEncodingException uee) {
			System.out.println("LiferayPasswordEncoder - error codificando texto");
			uee.printStackTrace();
		}

		byte[] bytes = digester.digest();

		return encodeBase64(bytes);
		}


	private static char getChar(int sixbit) {
		if (sixbit &gt;= 0 &amp;&amp; sixbit &lt;= 25) {
			return (char)(65 + sixbit);
		}
	
		if (sixbit &gt;= 26 &amp;&amp; sixbit &lt;= 51) {
			return (char)(97 + (sixbit - 26));
		}
	
		if (sixbit &gt;= 52 &amp;&amp; sixbit &lt;= 61) {
			return (char)(48 + (sixbit - 52));
		}
	
		if (sixbit == 62) {
			return '+';
		}
	
		return sixbit != 63 ? '?' : '/';
	}
	
	
	private static String encodeBase64(byte raw[]) {
		StringBuilder encoded = new StringBuilder();
	
		for (int i = 0; i &lt; raw.length; i += 3) {
			encoded.append(encodeBlock(raw, i));
		}
	
		return encoded.toString();
	}
	
	private static char[] encodeBlock(byte raw[], int offset) {
		int block = 0;
		int slack = raw.length - offset - 1;
		int end = slack &lt; 2 ? slack : 2;
	
		for (int i = 0; i &lt;= end; i++) {
			byte b = raw[offset + i];
	
			int neuter = b &gt;= 0 ? ((int) (b)) : b + 256;
			block += neuter &lt;&lt; 8 * (2 - i);
		}
	
		char base64[] = new char[4];
	
		for (int i = 0; i &lt; 4; i++) {
			int sixbit = block &gt;&gt;&gt; 6 * (3 - i) &amp; 0x3f;
			base64[ i ] = getChar(sixbit);
		}
	
		if (slack &lt; 1) {
			base64[2] = '=';
		}
	
		if (slack &lt; 2) {
			base64[3] = '=';
		}
	
		return base64;
	}
	
}



For checking the Liferay database you use the QueryDatabaseAuthenticationHandler:

<bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
                        <property name="dataSource" ref="dataSource" />
                        <property name="sql" value="SELECT password_ FROM User_ WHERE screenName=?" />
                        <property name="passwordEncoder" ref="passwordEncoder" />
        </bean>



And the passwordEncoder:

<bean id="passwordEncoder" class="class.name.from.above.code.LiferayPasswordEncoder" />


And of course the database connection for the QueryDatabaseAuth....

<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource">
    <property name="driverClassName">
      <value>com.mysql.jdbc.Driver</value>
    </property>
    <property name="url">
      <value>jdbc:mysql://your.database.server/liferay.database?useUnicode=true&amp;characterEncoding=UTF-8&amp;autoReconnect=true</value>
    </property>
    <property name="username"><value>your.liferay.db.username</value></property>
    <property name="password"><value>your.liferay.db.password</value></property>
  </bean>



Of course, change values for YOUR values (database name, user, pass, name of class above...)

Hope this helps!
Bernardo Riveira

UPDATED: liferay forum system is changing the code up there in unknown ways; emoticon it will not work if just copied and pasted because it changes an array index into italic emoticon "[ i ]"

so to be safe I just added a file to the post; remember to change the package name to where you're going to have it

添付ファイル:

14年前 に Enrique José Cabal González によって更新されました。

RE: CAS and Liferay users

New Member 投稿: 12 参加年月日: 10/01/11 最新の投稿
Thank you very much Bernardo,

I'm sure that it will be helpfull for me and other people. What do you think about writing it in the wiki? sometimes it's dificult to find this kind of things in the forums.

I will try it as soon as posible and I will write my results here.

Regards.
thumbnail
11年前 に Ajay Saharan によって更新されました。

RE: CAS and Liferay users

New Member 投稿: 18 参加年月日: 09/02/25 最新の投稿
In which xml file i have to enter above configurations.
thumbnail
14年前 に Nidhi Singh によって更新されました。

RE: CAS and Liferay users

Regular Member 投稿: 155 参加年月日: 09/10/07 最新の投稿
Hi,

You can check this blog

Thanks
Nidhi Singh
12年前 に Carlo Altarelli によって更新されました。

RE: CAS and Liferay users

New Member 投稿: 1 参加年月日: 11/08/23 最新の投稿
Hi,
Another way is to convert Liferay password (ASCII representation of Base64 encoded SHA1) in SHA1 string used by CAS.
And you can make this using directly some Database function, if your Database Metadata Repository permit this.
For istance, if you deployed Liferay on Oracle Database, you can change the query of Authentication Handler in the following:

select lower(UTL_ENCODE.BASE64_DECODE(utl_raw.CAST_TO_RAW(PASSWORD_))) from USER_ where lower(SCREENNAME) = lower(?)

So with CAS, Liferay on Oracle DB you can simple change your deployerConfigContext.xml with:

<bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
<property name="dataSource" ref="dataSource" />
<property name="sql" value="select lower(UTL_ENCODE.BASE64_DECODE(utl_raw.CAST_TO_RAW(PASSWORD_))) from USER_ where lower(SCREENNAME) = lower(?)" />
<property name="passwordEncoder" ref="LFPasswordEncoder" />
</bean>

<bean id="LFPasswordEncoder" class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder" p:characterEncoding="UTF-8" >
<constructor-arg index="0" value="SHA1" />
</bean>

Regards,
Carlo