Fórum

  1. Início
  2. Portal
  3. Integration Liferay 6.2 with OpenAM 13.0.0

Integration Liferay 6.2 with OpenAM 13.0.0

paria tavana, modificado 8 Anos atrás.

Integration Liferay 6.2 with OpenAM 13.0.0

New Member Postagens: 2 Data de Entrada: 07/04/16 Postagens Recentes
Hello
I configured liferay 6.2 and OpenAM 13 with installation guide OpenAM 12 but it is not work correctly.
When i login to OpenAM 13, instead of login to redirect me to liferay page after login, it redirected to OpenAM details page?
Please help me for configuration between liferay 6.2 and OpenAM 13.0
Thanx
thumbnail
Christoph Rabel, modificado 8 Anos atrás.

RE: Integration Liferay 6.2 with OpenAM 13.0.0

Liferay Legend Postagens: 1554 Data de Entrada: 24/09/09 Postagens Recentes
Didn't work with OpenAM for some time, but OpenAM uses the goto parameter to redirect a user to some page after successful login.

Please try with your user if this still works. Simply go to the login page of opensso and append ?goto=https://www.liferay.com
After a successful login to OpenAM you should be redirected to the Liferay Homepage. It this doesn't work -> You need to look on OpenAM side.

https://YOURSERVER/opensso/UI/Login?goto=https://www.liferay.com

If this works as intended, please check your configuration for the goto parameter.
paria tavana, modificado 8 Anos atrás.

RE: Integration Liferay 6.2 with OpenAM 13.0.0

New Member Postagens: 2 Data de Entrada: 07/04/16 Postagens Recentes
Thanks So Much for your reply
Jaume Nebot, modificado 7 Anos atrás.

RE: Integration Liferay 6.2 with OpenAM 13.0.0

New Member Postagens: 3 Data de Entrada: 21/05/16 Postagens Recentes
Hello Paria,

I configured Liferay 6.2 with OpenAM 10 successfully. But now, I'm trying to do the same with OpenAM 13 and I can't, even the same configuration...

I do the following steps:

1. Enter to Liferay http://localhost:8080
2. Link to login
3. Login screen from OpenAM appears
4. Login in with user test/password
5. Liferay class OpenSSOUtil.java in method _isAuthenticated() recovers the cookie iPlanetDirectoryPro and executes:

http://localhost:9080/openam/identity/isTokenValid

6. An error 501 appears: java.io.IOException: Server returned HTTP response code: 501 for URL: http://localhost:9080/openam/identity/isTokenValid
Not Implemented

And then, broswer enters into a redirect loop.

Did you find the same error?

I really appreciate your help.

Best regards.
thumbnail
Christoph Rabel, modificado 7 Anos atrás.

RE: Integration Liferay 6.2 with OpenAM 13.0.0

Liferay Legend Postagens: 1554 Data de Entrada: 24/09/09 Postagens Recentes
No, I never used OpenAM 13.

Well, it seems the functionality was removed. I guess you need to ask on the OpenAM mailing list if there is a replacement. You could:

- Change the code on Liferay side to use a new interfac
- Extend OpenAM with a servlet mapped to the old path that prints data in the needed format
- Use an agent to protect your Liferay and use RequestHeaderAutoLogin.
paria tavana, modificado 7 Anos atrás.

RE: Integration Liferay 6.2 with OpenAM 13.0.0

New Member Mensagem: 1 Data de Entrada: 22/12/13 Postagens Recentes
Hello Jaume
This is my portal-ext.properties setting:

com.sun.identity.agents.config.response.attribute.fetch.mode = HTTP_HEADER
com.sun.identity.agents.config.response.attribute.mapping[mail] = HTTP_MAIL

siteminder.auth.enabled=true
siteminder.import.from.ldap=true
siteminder.user.header=HTTP_MAIL

open.sso.auth.enabled=true

open.sso.login.url = http://localhost:8080/OpenAM-13.0.0_3/UI/login?goto=http://localhost:8080/c/portal/login
open.sso.logout.url=http://localhost:8080/OpenAM-13.0.0_3/UI/loggedOut?goto=http://localhost:8080/web/guest/home
open.sso.service.url=http://localhost:8080/OpenAM-13.0.0_3
open.sso.screen.name.attr=uid
open.sso.email.address.attr=mail
open.sso.first.name.attr=givenname
open.sso.last.name.attr=sn
open.sso.logout.on.session.expiration=false
auto.login.hooks=com.liferay.portal.security.auth.SiteMinderAutoLogin,com.liferay.portal.security.auth.OpenSSOAutoLogin

users.reminder.queries.enabled=false
users.reminder.queries.custom.question.enabled=false

#email Address
users.email.address.required=false
users.email.address.auto.suffix=@no-emailaddress.com
users.email.address.generator=com.liferay.portal.security.auth.DefaultEmailAddressGenerator

#screename
users.screen.name.allow.numeric=true
users.screen.name.validator=com.liferay.portal.security.auth.LiberalScreenNameValidator

and when openAM login to liferay the loop happend
thumbnail
Vishnudas Lokhande, modificado 7 Anos atrás.

RE: Integration Liferay 6.2 with OpenAM 13.0.0

Regular Member Postagens: 152 Data de Entrada: 27/05/13 Postagens Recentes
Have you tried using domain urls instead of localhost..OpenAm works with domain name cookies.

ex openam.example.com
liferay.example.com
Nick James, modificado 7 Anos atrás.

RE: Integration Liferay 6.2 with OpenAM 13.0.0

New Member Mensagem: 1 Data de Entrada: 13/06/08 Postagens Recentes
Hi,
It turns out that OpenAM have deprecated the REST api used by the opensso plugin.
The OpenAM version 12.0 documents detail a new API to validate the token https://backstage.forgerock.com/#!/docs/openam/12.0.0/dev-guide#rest-api-token-validation
It seems like the "legacy" API was then disabled in OpenAM 13.0
The new API is:

curl \
--request POST \
--header "Content-Type: application/json" \
http://openam.example.com:8080/openam/json/sessions/AQIC5...?_action=validate
which yields either
{"valid":true,"uid":"demo","realm":"/myRealm"}
or
{"valid":false}

Without code changes to the opensso plugin, the latest compatible version of OpenAM will be 12.0 (probably 12.x if you have a subscription from ForgeRock)

Nick
Jaume Nebot, modificado 7 Anos atrás.

RE: Integration Liferay 6.2 with OpenAM 13.0.0

New Member Postagens: 3 Data de Entrada: 21/05/16 Postagens Recentes
Hi Nick James,

Effectively, there is a new API.

We solved this integration creating a hook with a custom SSO Filter and SSO Autologin, using the new call.

Thank you!
Jason Lehmer, modificado 7 Anos atrás.

RE: Integration Liferay 6.2 with OpenAM 13.0.0

New Member Postagens: 3 Data de Entrada: 02/08/11 Postagens Recentes
Hi Jaume,

We're actually trying to solve this same problem (on 6.1) but have run into issues trying to add it as a hook. Do you have to disable the Liferay OpenSSO filter explicitly? Also, did you specify a "before-filter" or "after-filter" as part of your liferay-hook.xml?

Thanks!
Jaume Nebot, modificado 7 Anos atrás.

RE: Integration Liferay 6.2 with OpenAM 13.0.0

New Member Postagens: 3 Data de Entrada: 21/05/16 Postagens Recentes
Hi Jason,

Do you have to disable the Liferay OpenSSO filter explicitly? -> Yes. And you need to create your CustomSSFilter.
com.liferay.portal.servlet.filters.sso.opensso.OpenSSOFilter=false

And then, add to your hook an OpenSSOToolsImpl.java modifiyng the new call to openAM, instead the deprecated call:

private static final String _VALIDATE_TOKEN = "/json/sessions/";
...
String url = serviceUrl.concat(_VALIDATE_TOKEN).concat(URLEncoder.encode(CookieKeys.getCookie(request, _COOKE_NAME), "UTF-8")).concat("?_action=validate");

...

if (responseCode == HttpURLConnection.HTTP_OK) {
				String data = StringUtil.read(httpURLConnection.getInputStream());

				if (StringUtil.toLowerCase(data).contains("\"valid\":true")) {
					authenticated = true;
				}
}

did you specify a "before-filter" or "after-filter" as part of your liferay-hook.xml? -> No.

liferay-hook.xml:

<servlet-filter>
		<servlet-filter-name>CustomSSOFilter</servlet-filter-name>
		<servlet-filter-impl>xxx.yyyy.filters.sso.opensso.CustomSSOFilter</servlet-filter-impl>
	</servlet-filter>
	<servlet-filter-mapping>
		<servlet-filter-name>CustomSSOFilter</servlet-filter-name>
		<url-pattern>/c/portal/login</url-pattern>
		<dispatcher>FORWARD</dispatcher>
		<dispatcher>REQUEST</dispatcher>
	</servlet-filter-mapping>
	<servlet-filter-mapping>
		<servlet-filter-name>CustomSSOFilter</servlet-filter-name>
		<url-pattern>/c/portal/logout</url-pattern>
		<dispatcher>FORWARD</dispatcher>
		<dispatcher>REQUEST</dispatcher>
	</servlet-filter-mapping>
thumbnail
Tina Agrawal, modificado 6 Anos atrás.

RE: Integration Liferay 6.2 with OpenAM 13.0.0

Expert Postagens: 297 Data de Entrada: 03/01/08 Postagens Recentes
Hey,

I am facing the exact same issue. I tried your solution but even still OpenAM is returning 400 error.
The URL is -

https://xxx.yyy.zzz.com/openam/json/sessions/AQIC5wM2LY4SfcyYDgkMf5t0GbYLKz_gGznB45VJxIqtkzQ.*AAJTSQACMDEAAlNLABMzOTgwMTMyMDA3MjkyNzYxOTk3AAJTMQAA*?_action=validate

and the response is -

{"code":400,"reason":"Bad Request","message":"Unrecognized request parameter '_action'"}

As a result the user is not logged into Liferay.

Tina
thumbnail
Christoph Rabel, modificado 6 Anos atrás.

RE: Integration Liferay 6.2 with OpenAM 13.0.0

Liferay Legend Postagens: 1554 Data de Entrada: 24/09/09 Postagens Recentes
You probably have to ask this question on the forgerock forums.
What happens if you remove the parameter and just call "https://xxx.yyy.zzz.com/openam/json/sessions/AQIC5..."?
Or when you try other calls?
https://backstage.forgerock.com/docs/openam/13/dev-guide/#rest-api-tokens
thumbnail
Denis Signoretto, modificado 6 Anos atrás.

RE: Integration Liferay 6.2 with OpenAM 13.0.0

Expert Postagens: 375 Data de Entrada: 21/04/09 Postagens Recentes
Actually Lifeary is working on OpenAM 13 support. If you're interested you can follow and vote the issue: https://issues.liferay.com/browse/LPS-68220