« 返回到 LDAP

CA SiteMinder Integration

Introduction #

Computer Associate’s (CA) SiteMinder is a centralized web access management system that enables user authentication and single sign-on, policy-based authorization, identity federation, and auditing of access to Web applications and portals.

Liferay has out of box SiteMinder integration as of version 5.1.2. The integration is based on CAS integration and only supports authenticating with screenName. It also knows how to properly terminate SiteMinder session. SiteMinder is usually connected to a LDAP so this integration is also able to import users from LDAP.

Enabling SiteMinder Integration #

You can enable it either throught portal-ext.properties or UI just like with CAS or OpenSSO.

To enable it through portal-ext.properties just add following sniplet

##

    1. SiteMinder
  1. Set this to true to enable CA SiteMinder single sign on. If set to true,
  2. then the property "auto.login.hooks" must contain a reference to the class
  3. com.liferay.portal.security.auth.SiteMinderAutoLogin and the
  4. "logout.events.post" must have a reference to
  5. com.liferay.portal.events.SiteMinderLogoutAction for logout to work.

siteminder.auth.enabled=true

  1. A user may be authenticated from SiteMinder and not yet exist in the
  2. portal. Set this to true to automatically import users from LDAP if they
  3. do not exist in the portal.

siteminder.import.from.ldap=true

  1. Set this to the name of the user header that SiteMinder passes to the
  2. portal.

siteminder.user.header=SM_USER}}}

Enabling through UI just go to Enterprise Admin portlet to Settings -> Authentication -> SiteMinder

SiteMinder integration pre 5.1.2 #

SiteMinder integration does not exist prior to Liferay 5.1.2 release but it is quite easy to create yourself. You can find some information about that from Integration with Siteminder SSO.

1 附件
95820 查看
平均 (1 投票)
满分为 5,平均得分为 1.0。
评论
讨论主题回复 作者 日期
Nice post. But I'd like to see some... cao wei 2014年2月17日 下午5:49

Nice post.
But I'd like to see some comments/advise on the security.
com.liferay.portal.security.auth.SiteMinderAutoLogin simply looked into the http header, if SM_USER is provide, it assumes this is a request from a login user.
Which means anyone can access any page as an administrator by put admin's user name in the http header, this is a big security flaw right?
How i can ensure the security?
在 14-2-17 下午5:49 发帖。