留言板

SAML support within Liferay?

Alex Ballarin,修改在16 年前。

SAML support within Liferay?

New Member 帖子: 13 加入日期: 06-11-18 最近的帖子
Hi all,

I have been looking for Google Apps integrations and they use SAML SSO (see: en.wikipedia.org/wiki/SAML).

I have seen articles explaining Tomcat integration with other systems using SAML, so I thought that could be achieved by Liferay (so we could use its powerful directory, user admin).

Any ideas will be greatly appreciated, since I need to integrate it with a portal or if I cannot, with simple web apps.

Thanks
Alex
thumbnail
Jonas X. Yuan,修改在13 年前。

RE: SAML support within Liferay?

Liferay Master 帖子: 993 加入日期: 07-4-27 最近的帖子
There are a few customers that have same requirements: SAML 2.0 SSO integration in Liferay portal.

Any updates?

http://issues.liferay.com/browse/LPS-8427

Thanks

Jonas Yuan
-----------------
The Author of Liferay Books:
Liferay Portal 6 Enterprise Intranets
Liferay Portal 5.2 Systems Development
Liferay Portal Enterprise Intranets
thumbnail
Franck Valetas,修改在13 年前。

RE: SAML support within Liferay?

New Member 发布: 1 加入日期: 10-9-14 最近的帖子
I'm a customer with this requirement : SAML 2.0 SSO integration in Liferay portal.

Regards.

Franck
Oleg Cohen,修改在13 年前。

RE: SAML support within Liferay?

New Member 帖子: 2 加入日期: 10-11-3 最近的帖子
Franck,

AssureBridge provides a fully-managed, hosted SAML 2.0 Single Sign-On service which includes an easy to implement Liferay SSO Adapter.

For more information please visit our web site: http://www.assurebridge.com.

Best,
Oleg Cohen
thumbnail
giampiero longobardi,修改在12 年前。

RE: SAML support within Liferay?

New Member 帖子: 7 加入日期: 10-12-17 最近的帖子
Oleg Cohen:
Franck,

AssureBridge provides a fully-managed, hosted SAML 2.0 Single Sign-On service which includes an easy to implement Liferay SSO Adapter.

For more information please visit our web site: http://www.assurebridge.com.

Best,
Oleg Cohen


Franck,
is AusserBridge hook able to delegate portal authentication (and more precisely to portlets within the portal) to authenticate to backing services on the user's behalf ?
How delegated SAML assertions are applied developing a portlet ?
thumbnail
Mika Koivisto,修改在13 年前。

RE: SAML support within Liferay?

Liferay Legend 帖子: 1519 加入日期: 06-8-7 最近的帖子
I've been lately looking into SAML 2.0 and there might be something coming in 6.1
thumbnail
Jonas X. Yuan,修改在13 年前。

RE: SAML support within Liferay?

Liferay Master 帖子: 993 加入日期: 07-4-27 最近的帖子
Good news. Thank you, Mika.

Would you be able to share the time frame? When is this integration expected?

Best regards,

Jonas Yuan

-----------------
The Author of Liferay Books:
Liferay User Interface Development for Liferay 6.0 and 6.1
Liferay Portal 6 Enterprise Intranets
Liferay Portal 5.2 Systems Development
Liferay Portal Enterprise Intranets
thumbnail
Karolin Anna Krieg,修改在13 年前。

RE: SAML support within Liferay?

Junior Member 帖子: 53 加入日期: 09-12-17 最近的帖子
Hey Mika

We use Liferay 6.0.5.
My Company already works with a SAML PHP solution, so the AssureBridge is no option for us.
You recently told that there is something in the pipline? Can you please give an update if a solution for SAML 2.0 is coming?

Thank you very much for a quick answer,

Karolin
Bruno Vernay,修改在13 年前。

RE: SAML support within Liferay?

Junior Member 帖子: 36 加入日期: 10-4-6 最近的帖子
I don't know if it could solve anyone's problem, but I managed to have:
  • Liferay authenticates with OpenAM (ex openSSO) with the direct integration provided by Liferay
  • SimpleSamlPHP using OpenAM too, with SAML 2

So I have SSO between Liferay and PHP applications.
Also, it is out of my scope currently, but OpenAM integrates with Google Apps.

(note: I don't know what will and can be done with SAML, but I was a bit deceived (with LDAP and openSSO) to find that authentication is a narrow subject and doesn't include user provisioning and full attributes and groups mapping.)
thumbnail
Mika Koivisto,修改在13 年前。

RE: SAML support within Liferay?

Liferay Legend 帖子: 1519 加入日期: 06-8-7 最近的帖子
SAML 2.0 IdP implementation will come with Liferay 6.1. The service provider part is not scheduled yet but you should be able to use Shibboleth with Liferay even with the current release.
thumbnail
Karolin Anna Krieg,修改在13 年前。

RE: SAML support within Liferay?

Junior Member 帖子: 53 加入日期: 09-12-17 最近的帖子
http://issues.liferay.com/browse/LPS-8427 got updated to priority 'critical' with fix version/s '--Sprint - 12/10, 6.1.X'

I can't find the information when 6.1.X will be released?
thumbnail
Mika Koivisto,修改在13 年前。

RE: SAML support within Liferay?

Liferay Legend 帖子: 1519 加入日期: 06-8-7 最近的帖子
There's no official release date for 6.1 yet but I wouldn't expect it any time soon as we just released 6.0 a few months ago.
Oleg Cohen,修改在13 年前。

RE: SAML support within Liferay?

New Member 帖子: 2 加入日期: 10-11-3 最近的帖子
Mika,

The AssureBridge SAML SSO solution includes Liferay plugins for both SAML SP and IdP integration. Our plugins are intended for those teams implementing Liferay that don't have exisiting SAML expertise/product and are not planning to acquire it. Our plugins are part of a fully-managed hosted SSO solution that includes connection set-up, configuration, and integration assitance. Using our services you can be up and running in just a few days.

For more info please visit our site at http://www.assurebridge.com.

Best,
Oleg Cohen
Ivan Morozov,修改在13 年前。

RE: SAML support within Liferay?

New Member 发布: 1 加入日期: 10-12-2 最近的帖子
Oleg,

Are there any configuration guide for SAML Single Sign-On Plugin 1.0.1 ?
Bruno Vernay,修改在13 年前。

RE: SAML support within Liferay?

Junior Member 帖子: 36 加入日期: 10-4-6 最近的帖子
So if I understand correctly, the LPS-8427 is about "SAML Identity Provider" only.

I would need Liferay to be a SAML "Service Provider".

You said that I should be able to use Liferay with Shibboleth already, but how if there is no SAML in Liferay ?? Do you mean CASify the Shibboleth http://code.google.com/p/casshib/ ?

Should I fill an Issue to request for a SAML SP (like the existing LDAP, CAS, NTML, FaceBook, OpenSSO, OpenID, SiteMinder) ??

Regards
Bruno
thumbnail
Mika Koivisto,修改在13 年前。

RE: SAML support within Liferay?

Liferay Legend 帖子: 1519 加入日期: 06-8-7 最近的帖子
There are several ways to do that. CASShib is one. Another one would be using shibboleth and header based authentication. Shibboleth SAM L SP is a Apache modules that handles all the saml communication and then can provide the user information as headers to Liferay. You could use Liferay's SiteMinder SSO for this as it's also similar header based AutoLogin.
Bruno Vernay,修改在13 年前。

RE: SAML support within Liferay?

Junior Member 帖子: 36 加入日期: 10-4-6 最近的帖子
So I can loging using Site Minder, but it is far from optimal.
  • Logout is not handled
  • I cannot follow Shibboleth best practices

I can't help to think that a SAML SP integration would be really useful. At least to me ...
thumbnail
Mika Koivisto,修改在13 年前。

RE: SAML support within Liferay?

Liferay Legend 帖子: 1519 加入日期: 06-8-7 最近的帖子
There is a SP implementation also coming. A community member provided a patch against trunk and I'm working on turning it into a plugin. We did the same thing with the IdP implementation. IdP functionality will most likely be EE only.
Bruno Vernay,修改在13 年前。

RE: SAML support within Liferay?

Junior Member 帖子: 36 加入日期: 10-4-6 最近的帖子
Could you warn me as soon as it is in SVN ??
Any delay ? days, weeks, month ???
I can test and report since I already have a working Shibboleth IdP/SP installation with Liferay's SiteMinder authentication.

My problem is that I have a very specific need (SAML for an ECP "Extended Client or Proxy" profile, in order to execute a delegated scenario) which I explain a bit here.

I am already able to read the SAML assertion in a post login hook and put it in the session so a portlet can use it. Now I have to implement the second part: the portlet has to use the assertion to authenticate against a webservice provider. Hopefully I should be able to leverage uPortal work.

Meanwhile, I voted for the SAML SP support: http://issues.liferay.com/browse/LPS-8427 The patch is very impressive, he redeveloped Shibboleth SP without the OpenSAML library.

Regards
Bruno
thumbnail
Mika Koivisto,修改在13 年前。

RE: SAML support within Liferay?

Liferay Legend 帖子: 1519 加入日期: 06-8-7 最近的帖子
We won't be supporting ECP profile at this point how ever it will probably come later as it's in the roadmap of the customer sponsoring this work. I will post here as soon as the SP plugin hits SVN.
Danilo Tuler,修改在13 年前。

RE: SAML support within Liferay?

New Member 帖子: 4 加入日期: 11-1-27 最近的帖子
Any progress on SAML integration?
Is Idp support really coming only on EE version? That's too bad.

Danilo
thumbnail
Mika Koivisto,修改在13 年前。

RE: SAML support within Liferay?

Liferay Legend 帖子: 1519 加入日期: 06-8-7 最近的帖子
Both SP and IdP plugins are submitted for review and I believe they will be EE only plugins. Both are slated for release with 6.1 but I expect them to become also available for 6.0 EE customers at some later SP release.
Bruno Vernay,修改在13 年前。

RE: SAML support within Liferay?

Junior Member 帖子: 36 加入日期: 10-4-6 最近的帖子
For the IdP I would understand that only EE customer got it.
Others can still install Shibboleth, OpenAM or other free SAML IdP.

But for the SP, it would only facilitate Liferay adoption. I don't understand why it would be restricted to EE. Besides, the current workaround to uses Liferay in a SAML SSO are far from perfect.

Well, I simply hope that SP will be available in the Community Edition.
thumbnail
Mika Koivisto,修改在13 年前。

RE: SAML support within Liferay?

Liferay Legend 帖子: 1519 加入日期: 06-8-7 最近的帖子
I'm also hoping we make the SP available for Community Edition.
thumbnail
Shagul Khajamohideen,修改在12 年前。

RE: SAML support within Liferay?

Liferay Master 帖子: 758 加入日期: 07-9-27 最近的帖子
Mika Koivisto:
Both SP and IdP plugins are submitted for review and I believe they will be EE only plugins. Both are slated for release with 6.1 but I expect them to become also available for 6.0 EE customers at some later SP release.


Hi Mika,

Are the SP and IdP still slated for 6.1 EE release?

Thanks,
thumbnail
Mika Koivisto,修改在12 年前。

RE: SAML support within Liferay?

Liferay Legend 帖子: 1519 加入日期: 06-8-7 最近的帖子
Yes they are.
Robert Bailey,修改在12 年前。

RE: SAML support within Liferay?

New Member 帖子: 2 加入日期: 10-9-8 最近的帖子
Mika Koivisto:
Both SP and IdP plugins are submitted for review and I believe they will be EE only plugins. Both are slated for release with 6.1 but I expect them to become also available for 6.0 EE customers at some later SP release.


Mika, have the plugins been accepted into the EE branch? Any can you provide any updates as to whether the SP functionality has made it into the CE trunk?
Greg King,修改在12 年前。

RE: SAML support within Liferay?

New Member 帖子: 6 加入日期: 09-10-21 最近的帖子
Hi Mika,

Understand these are included for 6.1 EE release scheduled for September but are they available as part of the 6.0 EE SP1 release which is available now?

Thanks
Greg
thumbnail
Mika Koivisto,修改在12 年前。

RE: SAML support within Liferay?

Liferay Legend 帖子: 1519 加入日期: 06-8-7 最近的帖子
It's scheduled to be released with 6.1 EE although I believe we are also releasing it for 6.0 EE SP2 at some point. SP1 does not have APIs required by the SAML plugins. In any case it still needs to go through QA before it will be made available so I wouldn't expect it before September.
thumbnail
Ben Chapman,修改在12 年前。

RE: SAML support within Liferay?

New Member 帖子: 23 加入日期: 11-3-8 最近的帖子
Mika Koivisto:
It's scheduled to be released with 6.1 EE although I believe we are also releasing it for 6.0 EE SP2 at some point. SP1 does not have APIs required by the SAML plugins. In any case it still needs to go through QA before it will be made available so I wouldn't expect it before September.


Is there an update on this? We are EE customers but I do not see the plugins for 6.0.12 yet. If the plugins are not available for 6.0.12, could you share a timeline with us?

Many thanks,

Ben Chapman
thumbnail
Mika Koivisto,修改在12 年前。

RE: SAML support within Liferay?

Liferay Legend 帖子: 1519 加入日期: 06-8-7 最近的帖子
I don't know if and when will they be released to 6.0.x EE but they should be on time for 6.1 EE.
Raj B Shrestha,修改在12 年前。

RE: SAML support within Liferay?

New Member 帖子: 2 加入日期: 09-6-24 最近的帖子
Mika Koivisto:
Yes they are.


Can you please confirm if SAML 2.0 SP (in addition to IDP) is included in the Liferay 6.1 EE version released in September 2011?

Thanks a lot.
thumbnail
Mika Koivisto,修改在12 年前。

RE: SAML support within Liferay?

Liferay Legend 帖子: 1519 加入日期: 06-8-7 最近的帖子
6.1 EE is not yet release but both SAML 2.0 SP and IdP will be available for it.
Raj B Shrestha,修改在12 年前。

RE: SAML support within Liferay?

New Member 帖子: 2 加入日期: 09-6-24 最近的帖子
Thanks for your quick response Mika.

Can you please advise when Liferay 6.1 EE version is due? Thanks.
thumbnail
Mika Koivisto,修改在12 年前。

RE: SAML support within Liferay?

Liferay Legend 帖子: 1519 加入日期: 06-8-7 最近的帖子
It is supposed to come out Q4 2011 which is already upon us so I would estimate by end of year. We are currently working through bugs that QA and Bugsquad finds. If you are current EE subscriber you should talk to your account manager or sales rep to get access to preview release once such is made. Feedback is very much welcome. I already have some improvements in mind. I'm also very interested in hearing what kind of setups people use it.
steven zhao,修改在12 年前。

RE: SAML support within Liferay?

New Member 帖子: 3 加入日期: 12-2-23 最近的帖子
I am trying Liferay 6.1 EE. How do I setup SAML on Liferay? Any user guide for that?
thumbnail
Mika Koivisto,修改在12 年前。

RE: SAML support within Liferay?

Liferay Legend 帖子: 1519 加入日期: 06-8-7 最近的帖子
I blogged about the Identity Provider setup few days ago. See Getting Started with Liferay SAML 2.0 Identity Provider.
Venky Venkatramani,修改在12 年前。

RE: SAML support within Liferay?

New Member 发布: 1 加入日期: 12-3-5 最近的帖子
Hi,

Is this supported in the 6.1 CE GA version? If not, is there a plan to provide this in the near future?
If I have my own implementation of SAML how do I hook it up.
My implementation is nothing but a simple class/method which takes a Configuration Object and generates an XML document (an Assertion or AuthnRequest). Or it takes a XMLDocument (Assertion) and returns the values as simple HashMap.
How can these methods be hooked so that the appropriate URL is called when doing a simple POST?

No requirement for Artifact Support and/or other features under SAML 2.0

Thanks
thumbnail
giampiero longobardi,修改在12 年前。

RE: SAML support within Liferay?

New Member 帖子: 7 加入日期: 10-12-17 最近的帖子
Mika Koivisto:
I blogged about the Identity Provider setup few days ago. See Getting Started with Liferay SAML 2.0 Identity Provider.


MIke,
is Liferay SAML 2.0 Identity Provider able to delegate portal authentication to a portlet authenticating to backing services on the user's behalf ?
thumbnail
Mika Koivisto,修改在12 年前。

RE: SAML support within Liferay?

Liferay Legend 帖子: 1519 加入日期: 06-8-7 最近的帖子
The IdP will delegate authentication to portal so what ever you can do with portal authentication hooks should be possible including SSO providers but those cases are not tested. With the IdP the idea is that the portal has the authority over the user.
Balakrishnan Ramasubbu,修改在9 年前。

RE: SAML support within Liferay?

New Member 帖子: 3 加入日期: 14-11-11 最近的帖子
Hi Mika ,

Can you please how we can achieve the saml functionality in community edition, my main requirement i want to make my life ray server as identity server for other application with saml standards.

Thanks
thumbnail
Mika Koivisto,修改在9 年前。

RE: SAML support within Liferay?

Liferay Legend 帖子: 1519 加入日期: 06-8-7 最近的帖子
The Liferay SAML portlet that provides the identity provider functionality is EE only.
Balakrishnan Ramasubbu,修改在9 年前。

RE: SAML support within Liferay?

New Member 帖子: 3 加入日期: 14-11-11 最近的帖子
Hi Mika,

Thanks for your reply.

I agree with you , I m seeing Shibboleth as open source which supports SAML , but my confusion is like how to make Liferay as identity provider using Shibboleth , can you please guide me .

Thanks for your support.
thumbnail
Mika Koivisto,修改在9 年前。

RE: SAML support within Liferay?

Liferay Legend 帖子: 1519 加入日期: 06-8-7 最近的帖子
The Shibboleth plugin is only SAML SP not IdP.
Balakrishnan Ramasubbu,修改在9 年前。

RE: SAML support within Liferay?

New Member 帖子: 3 加入日期: 14-11-11 最近的帖子
Mika Koivisto:
The Shibboleth plugin is only SAML SP not IdP.


Thanks Mika for your reply , can you suggest me some other plugin or way to implement SAML IDP in liferay , since we have released one version to customer with community edition . we cant go for enterprise edition.

Regards,
Bala
Denis Vaumoron,修改在12 年前。

RE: SAML support within Liferay?

New Member 帖子: 6 加入日期: 10-11-26 最近的帖子
Here a link about the implementation of the SP support, but that's in french, an english version should be available soon.

Blog Excilys » SAML 2 et Liferay – partie 1
thumbnail
Ben Chapman,修改在12 年前。

RE: SAML support within Liferay?

New Member 帖子: 23 加入日期: 11-3-8 最近的帖子
Denis Vaumoron:
Here a link about the implementation of the SP support, but that's in french, an english version should be available soon.

Blog Excilys » SAML 2 et Liferay – partie 1



Thanks for passing this along.
Prafull Kumar,修改在12 年前。

RE: SAML support within Liferay?

New Member 发布: 1 加入日期: 11-10-10 最近的帖子
Hello All,

I am looking for the Service Provider initiated SAML 2.0 SSO support in Liferay. According to whitepaper "Identity Management in Liferay - Overview and Best practices" it seems that for Liferay 6.0EE already supports SAML for SSO. Could you please confirm this and provide details to configure the SAML based SSO?

Also please confirm if the SAML support would be available in the CE version of Liferay 6.1?

Note: It seems to me that for the OpenSSO/CA SiteMinder/OAM the integration in Liferay6.0EE is proprietary and not the SAML compliant.

Regards, Prafull
thumbnail
Juan Gonzalez P,修改在12 年前。

RE: SAML support within Liferay?

Liferay Legend 帖子: 3089 加入日期: 08-10-28 最近的帖子
Danilo Tuler:

Is Idp support really coming only on EE version? That's too bad.

Danilo


Guess it is.
thumbnail
Mika Koivisto,修改在12 年前。

RE: SAML support within Liferay?

Liferay Legend 帖子: 1519 加入日期: 06-8-7 最近的帖子
Yes, it was released as EE only feature.
thumbnail
Mika Koivisto,修改在11 年前。

Thread Split

Liferay Legend 帖子: 1519 加入日期: 06-8-7 最近的帖子
Mahesh Panchal,修改在10 年前。

RE: SAML support within Liferay?

New Member 帖子: 3 加入日期: 11-6-3 最近的帖子
Hi Mika,
Do we have saml plugin available for 6.0.12 EE ?
thumbnail
Mika Koivisto,修改在10 年前。

RE: SAML support within Liferay?

Liferay Legend 帖子: 1519 加入日期: 06-8-7 最近的帖子
SAML was 6.1 feature so no we don't have it for 6.0.12.