Fórum
2 issues with OpenAM built in agent
Christophe Noel, modificado 7 Anos atrás.
2 issues with OpenAM built in agent
New Member Postagens: 7 Data de Entrada: 16/10/13 Postagens Recentes
Hi all,
I have just noticed two problems using the OpenAM agent (built in single sign-on authentication agent):
1. There is nothing to maintain the session with OpenAM. So the user authenticates, receives a tokenId, and the token expires after the configured idle time. Theorically, Liferay should check regularly if the token is still valid (operation isTokenValid for example).
2. When the token is expired (after idle time), user is not signed out from Liferay session. It means that, if the token is used in remote calls of a portlet, the token will no longer be valid, altought the user is authenticated. Again, Liferay should check if token is still valid or sign out the user.
Note: of course, if a full OpenAM J2EE agent is installed in Tomcat, the problem will be solved (especially if the session idle time is activated for not enforced URLs).
I hope it helps.
I have just noticed two problems using the OpenAM agent (built in single sign-on authentication agent):
1. There is nothing to maintain the session with OpenAM. So the user authenticates, receives a tokenId, and the token expires after the configured idle time. Theorically, Liferay should check regularly if the token is still valid (operation isTokenValid for example).
2. When the token is expired (after idle time), user is not signed out from Liferay session. It means that, if the token is used in remote calls of a portlet, the token will no longer be valid, altought the user is authenticated. Again, Liferay should check if token is still valid or sign out the user.
Note: of course, if a full OpenAM J2EE agent is installed in Tomcat, the problem will be solved (especially if the session idle time is activated for not enforced URLs).
I hope it helps.
Christophe Noel, modificado 7 Anos atrás.
RE: 2 issues with OpenAM built in agent
New Member Postagens: 7 Data de Entrada: 16/10/13 Postagens Recentes
For information, I now always install OpenAM agent into Tomcat which allows to both maintain session and force user to reauthenticate if session (from openam) expired.
OpenAM agent installation is discussed here:
https://web.liferay.com/community/forums/-/message_boards/message/26918861
OpenAM agent installation is discussed here:
https://web.liferay.com/community/forums/-/message_boards/message/26918861