Fórum
Liferay Sync under Oracle Access Manager with WebGate
Marco Volpe, modificado 8 Anos atrás.
Liferay Sync under Oracle Access Manager with WebGate
New Member Postagens: 16 Data de Entrada: 23/12/08 Postagens Recentes
Hello
I have to build a Liferay solution which incluedes the Sync / WebDAV components.
In the customer infrastructure where this solution have to be installaed, the authentication and authorization component is handled by OAM and all third party systems pass from the OAM WebGate plugin where the users put their credentials to gain access.
I see the OAM exposes some API for a SOAP Integration. So it's possible to implement a Liferay Authentication hook for authenticate and authorize users.
But it's possible to continue to use WebGate for Liferay? Could this approach give problems for Sync and WebDAV components?
Thanks
I have to build a Liferay solution which incluedes the Sync / WebDAV components.
In the customer infrastructure where this solution have to be installaed, the authentication and authorization component is handled by OAM and all third party systems pass from the OAM WebGate plugin where the users put their credentials to gain access.
I see the OAM exposes some API for a SOAP Integration. So it's possible to implement a Liferay Authentication hook for authenticate and authorize users.
But it's possible to continue to use WebGate for Liferay? Could this approach give problems for Sync and WebDAV components?
Thanks
Dennis Ju, modificado 8 Anos atrás.
RE: Liferay Sync under Oracle Access Manager with WebGate
Regular Member Postagens: 228 Data de Entrada: 30/09/10 Postagens Recentes
SSO support for Liferay Sync is currently under development. We are planning to release SSO support in the next couple months. If you would like to beta test Liferay Sync in your SSO environment, please contact the Sync team at sync-feedback@liferay.com.
Webdav's protocol only supports basic auth and digest (Liferay's Webdav implementation doesn't support NTLM/Kerberos), so a custom module is needed to authenticate and pass the appropriate credentials.
Webdav's protocol only supports basic auth and digest (Liferay's Webdav implementation doesn't support NTLM/Kerberos), so a custom module is needed to authenticate and pass the appropriate credentials.
Marco Volpe, modificado 8 Anos atrás.
RE: Liferay Sync under Oracle Access Manager with WebGate
New Member Postagens: 16 Data de Entrada: 23/12/08 Postagens Recentes
Thank you for your reply.
So, if I built my Authenticator class and I put it in auth.pipeline.pre properties, it would be used by Sync authentication pipeline, is it correct?
So, if I built my Authenticator class and I put it in auth.pipeline.pre properties, it would be used by Sync authentication pipeline, is it correct?
Dennis Ju, modificado 8 Anos atrás.
RE: Liferay Sync under Oracle Access Manager with WebGate
Regular Member Postagens: 228 Data de Entrada: 30/09/10 Postagens Recentes
For SSO authentication, the Sync client will use an embedded web browser in combination with OAuth. Authenticating via the embedded web browser will flow through the same authentication pipeline as a standard web browser. After authenticating via the browser, OAuth tokens are persisted and used for future requests.
Please note, an EE subscription is required to download and deploy the OAuth portlet.
Please note, an EE subscription is required to download and deploy the OAuth portlet.
Marco Volpe, modificado 7 Anos atrás.
RE: Liferay Sync under Oracle Access Manager with WebGate
New Member Postagens: 16 Data de Entrada: 23/12/08 Postagens Recentes
Hi Denis
Thank you for your reply, now I had much information about my problem.
Using Web Form Authentication, the first request is blocked by OAM redirecting the user to the web gate page for the login. After the login, OAM releases a cookie, called OBSSOCookie, that the client browser will store for the next HTTP requests.
Now, Liferay Sync implements a Basic Authentication to recognize the user.
In my scenario, each Liferay Sync HTTP Request will be blocked by OAM.
Liferay Sync uses an internal HTTP Header called ,"Sync-JWT", to remember the user logged the first time, it stores the Liferay userId .
But it could remember additional information passed by OAM. For example the OBSSOCookie or other HTTP Header information?
Thanks
Marco
Thank you for your reply, now I had much information about my problem.
Using Web Form Authentication, the first request is blocked by OAM redirecting the user to the web gate page for the login. After the login, OAM releases a cookie, called OBSSOCookie, that the client browser will store for the next HTTP requests.
Now, Liferay Sync implements a Basic Authentication to recognize the user.
In my scenario, each Liferay Sync HTTP Request will be blocked by OAM.
Liferay Sync uses an internal HTTP Header called ,"Sync-JWT", to remember the user logged the first time, it stores the Liferay userId .
But it could remember additional information passed by OAM. For example the OBSSOCookie or other HTTP Header information?
Thanks
Marco
Dennis Ju, modificado 7 Anos atrás.
RE: Liferay Sync under Oracle Access Manager with WebGate
Regular Member Postagens: 228 Data de Entrada: 30/09/10 Postagens Recentes
Please review the instructions for configuring SSO/OAuth usage with Liferay Sync here. You will need to "whitelist" the URL's mentioned in the documentation such that certain requests between Sync and the portal are not blocked/redirected to your OAM gateway.