掲示板

  1. ホーム
  2. Development
  3. Single sign on concept in Liferay

Single sign on concept in Liferay

9年前 に srinivasa rao によって更新されました。

Single sign on concept in Liferay

Regular Member 投稿: 189 参加年月日: 14/01/29 最新の投稿
Hi All,

Any one knows the concept of single sign on concept in liferay?

could any one provide documentation or procedure?i try in wiki pages in liferay,but i m not getting proper documentation.
thumbnail
9年前 に Jeffrey Paul Handa によって更新されました。

RE: Single sign on concept in Liferay

Liferay Master 投稿: 541 参加年月日: 08/12/01 最新の投稿
Hi Srinivasa,

Please take a look at this article from the Liferay Developer Network: https://dev.liferay.com/discover/portal/-/knowledge_base/6-2/integrating-existing-users-into-liferay
9年前 に srinivasa rao によって更新されました。

RE: Single sign on concept in Liferay

Regular Member 投稿: 189 参加年月日: 14/01/29 最新の投稿
Thanks jeffrey,

its really helpful.
8年前 に Alla Sapozhnikova によって更新されました。

RE: Single sign on concept in Liferay

Junior Member 投稿: 81 参加年月日: 12/03/02 最新の投稿
Hi there,

Liferay allows a new user to be added through the GUI. How do I make sure that a user id that is about to be added doesn't exist in the LDAP directory?

Thank you.
Alla
7年前 に Alla Sapozhnikova によって更新されました。

RE: Single sign on concept in Liferay

Junior Member 投稿: 81 参加年月日: 12/03/02 最新の投稿
I know that the mass import from LDAP to Liferay option exists. Is there an option to export all Liferay users to LDAP on startup?
thumbnail
7年前 に Andrew Jardine によって更新されました。

RE: Single sign on concept in Liferay

Liferay Legend 投稿: 2416 参加年月日: 10/12/22 最新の投稿
Hi Alla,

Out of the box? no. There is an import on startup option (which you probably already found) but not export. The import of startup feature just triggers a message listener that uses methods in the API to start the import process though -- no reason why you can't write a startup hook that does the same thing but going in the other direction.

I guess the question I would have though is -- what is the source of truth for your authentication? If LDAP is your source of truth you should allow users that aren't already in there to be added to Liferay in the first place.
7年前 に Alla Sapozhnikova によって更新されました。

RE: Single sign on concept in Liferay

Junior Member 投稿: 81 参加年月日: 12/03/02 最新の投稿
Do you know what will happen to the passwords if I have the hook?

Thank you for your help,
Alla
thumbnail
7年前 に Andrew Jardine によって更新されました。

RE: Single sign on concept in Liferay

Liferay Legend 投稿: 2416 参加年月日: 10/12/22 最新の投稿
I'm not sure what you mean. You mean if you take a user from Liferay and shove them into LDAP, will the LDAP record have their Liferay User password? You should really have a look at the portal.properties file and find the 

##
## LDAP
##


section. There you'll see all the different settings with some excellent documentation on what the settings mean and how other settings affect them. For example, you can auto-generate passwords, but the comment for the property explicitly talks about what this means if you export users.

    #
    # Set this to true to autogenerate passwords for users imported from
    # LDAP.
    #
    # This property is only in use if the property
    # "ldap.import.user.password.enabled" is set to false.
    #
    # If an LDAP password policy is enabled (see the property
    # "ldap.password.policy.enabled"), the password will be generated using
    # RegExpToolkit. Set the "auth.pipeline.enable.liferay.check" property to
    # false to disable password checking by the portal's internal authentication
    # (which is not compatible with LDAP), and set the "auth.pipeline.pre"
    # property to com.liferay.portal.security.auth.LDAPAuth so that password
    # checking will be delegated to the LDAPAuth authenticator.
    #
    # Note that enabling LDAP export, by setting the "ldap.export.enabled"
    # property to true, may lead to overwriting the LDAP user's password with an
    # autogenerated password.
    #
    ldap.import.user.password.autogenerated=false
7年前 に Alla Sapozhnikova によって更新されました。

RE: Single sign on concept in Liferay

Junior Member 投稿: 81 参加年月日: 12/03/02 最新の投稿
You mean if you take a user from Liferay and shove them into LDAP, will the LDAP record have their Liferay User password?


Yes, basically thsi is what I mean. And is there an option to export all users with passwords from Liferay to LDAP?
thumbnail
7年前 に Andrew Jardine によって更新されました。

RE: Single sign on concept in Liferay

Liferay Legend 投稿: 2416 参加年月日: 10/12/22 最新の投稿
Hey Alla,

Yep, you can enable an export which basically does what you are looking for. I've never used this feature myself to be honest, but I'm sure someone has or it wouldn't be in the product. If you do go this route I would also suggest that you set the Liferay Password policy to be the same as your LDAP password policy to avoid LDAP rejecting exports due to configuration differences. You can do this by setting the following property to true in your portal-ext 

    #
    # Set this to true to use LDAP's password policy instead of the portal
    # password policy.
    #
    # If set to true, it is possible that portal generated passwords will not
    # match the LDAP policy. See the "passwords.regexptoolkit.*" properties for
    # details on configuring RegExpToolkit in generating these passwords.
    #
    ldap.password.policy.enabled=false
7年前 に Alla Sapozhnikova によって更新されました。

RE: Single sign on concept in Liferay

Junior Member 投稿: 81 参加年月日: 12/03/02 最新の投稿
Thank you for your help.