« Back

SiteMinder integration is here

Company Blogs October 3, 2008 By Mika Koivisto Staff

You've been heard! Out of box SiteMinder integration is here.

Computer Associate’s (CA) SiteMinder is a centralized web access management system that enables user authentication and single sign-on, policy-based authorization, identity federation, and auditing of access to Web applications and portals.

Liferay has out of box SiteMinder integration as of recent Liferay 5.1.2 release. The integration is based on CAS integration and only supports authenticating with screenName. It also knows how to properly terminate SiteMinder session. SiteMinder is usually connected to a LDAP so this integration is also able to import users from LDAP.

You can enable it either throught portal-ext.properties or UI just like with CAS or OpenSSO.

Enabling from portal-ext.properties:

##
## SiteMinder
##

    #
    # Set this to true to enable CA SiteMinder single sign on. If set to true,
    # then the property "auto.login.hooks" must contain a reference to the class
    # com.liferay.portal.security.auth.SiteMinderAutoLogin and the
    # "logout.events.post" must have a reference to
    # com.liferay.portal.events.SiteMinderLogoutAction for logout to work.
    #
    siteminder.auth.enabled=true

    #
    # A user may be authenticated from SiteMinder and not yet exist in the
    # portal. Set this to true to automatically import users from LDAP if they
    # do not exist in the portal.
    #
    siteminder.import.from.ldap=true

    #
    # Set this to the name of the user header that SiteMinder passes to the
    # portal.
    #
    siteminder.user.header=SM_USER

Enabling from Liferay UI:

SiteMinder settings

Threaded Replies Author Date
Very nice, Mika! Jorge Ferrer October 7, 2008 12:41 AM
BTW, could you make a wiki article out of this... Jorge Ferrer October 7, 2008 12:42 AM
I've added it here... Mika Koivisto October 7, 2008 3:00 PM
Very nice! Thank you, Mika. Jonas Yuan December 15, 2009 5:13 AM
Sorry to be a latecomer to this post, but this... Geoff Ruscoe January 25, 2010 11:53 AM
Sorry Geoff I missed your comment somehow.... Mika Koivisto February 10, 2010 12:32 AM
If I chose not to copy the user info from LDAP... phani nayani April 25, 2011 12:27 PM
I am new to LifeRay and would like to know... Patrick Riley February 23, 2010 8:31 AM
The agent is part of SiteMinder. Mika Koivisto February 23, 2010 9:15 AM
BTW, could you make a wiki article out of this... huanghuang tan August 25, 2010 10:29 AM

Very nice, Mika!
Posted on 10/7/08 12:41 AM.
BTW, could you make a wiki article out of this entry? That way it's easier to find for people digging in the documentation and also becomes a place to extend the info when support for email is added.
Posted on 10/7/08 12:42 AM in reply to Jorge Ferrer.
I've added it here http://www.liferay.com/web/guest/community/wiki/-/wiki/Main/CA+SiteMinder+Integr­ation should merge it with http://www.liferay.com/web/guest/community/wiki/-/wiki/Main/Integration+with+Sit­eminder+SSO
Posted on 10/7/08 3:00 PM in reply to Jorge Ferrer.
Very nice! Thank you, Mika.
Posted on 12/15/09 5:13 AM in reply to Mika Koivisto.
Sorry to be a latecomer to this post, but this is exactly what I'm working on now. I'm not sure if I understand how this is supposed to work. We are standing up SiteMinder and Liferay right now and I don't see how those three settings are enough to get it to work with SiteMinder. Can someone help me? What am I missing, I see no documentation on how to tell Liferay anything about the SiteMinder installation and policy servers, etc.
Posted on 1/25/10 11:53 AM.
Sorry Geoff I missed your comment somehow. Liferay does not do a deep integration with SiteMinder we only do SSO. The way you setup this is that you have the SiteMinder agent sitting in front of Liferay usually installed in Apache HTTPD. The agent takes care of connecting to policy servers and deciding whether the user is authenticated. The agent passes the request to Liferay and Liferay checks if this user is authenticated by SiteMinder if it is it does autologin with that user. The user information is usually retrieved from LDAP.

Hope this helps.
Posted on 2/10/10 12:32 AM in reply to Geoff Ruscoe.
I am new to LifeRay and would like to know where the Agent is? Do we get this from CA or is it in LifeRay?
Posted on 2/23/10 8:31 AM.
The agent is part of SiteMinder.
Posted on 2/23/10 9:15 AM in reply to Patrick Riley.
huanghuang tan
BTW, could you make a wiki article out of this entry? That way it's easier to find for people digging in the documentation and also becomes a place to extend the info when support for email is added.
Posted on 8/25/10 10:29 AM.
If I chose not to copy the user info from LDAP or if LDAP dont have the user's organization memebership etc., how can I build the complete user's profile with all the portal info like his organization mmebership, liferay role etc. I need this profile fully built/populated (just like the user logged in through the login portlet), because I want to display the users content/portlets based on his organization and roles. Should I do this manually using Liferay API?
Posted on 4/25/11 12:27 PM in reply to Mika Koivisto.