Ask Questions and Find Answers
Important:
Ask is now read-only. You can review any existing questions and answers, but not add anything new.
But - don't panic! While ask is no more, we've replaced it with discuss - the new Liferay Discussion Forum! Read more here here or just visit the site here:
discuss.liferay.com
Autologin with kerberos SPNEGO
I'm trying to implement automatic login in Liferay using SPNEGO (http://spnego.sourceforge.net/) for kerberos authentication on Tomcat.
I followed the instructions and changed conf/web.xml accordingly to put kerberos working properly with SPNEGO - the authentication procedure is working fine.
Now, I want to be able to login automatically with the user authenticated from SPNEGO. I created my own com.liferay.portal.security.auth.AutoLogin implementation and added a reference to it in auto.login.hooks. I know my class is being called as I can output to the logger.
The problem is that I can't retrieve the authenticated user name. Shouldn't the user be returned when I call (HttpServletRequest) getUserPrincipal()? It's returning null.
What's the problem with this setup? Do I have to override some other class, or change the configuration?
Thanks in advance.
I followed the instructions and changed conf/web.xml accordingly to put kerberos working properly with SPNEGO - the authentication procedure is working fine.
Now, I want to be able to login automatically with the user authenticated from SPNEGO. I created my own com.liferay.portal.security.auth.AutoLogin implementation and added a reference to it in auto.login.hooks. I know my class is being called as I can output to the logger.
The problem is that I can't retrieve the authenticated user name. Shouldn't the user be returned when I call (HttpServletRequest) getUserPrincipal()? It's returning null.
What's the problem with this setup? Do I have to override some other class, or change the configuration?
Thanks in advance.
Take a look at the CASAutoLogin class at the following URI:
http://svn.liferay.com/browse/portal/trunk/portal-impl/src/com/liferay/portal/security/auth/CASAutoLogin.java?r=HEAD
Thanks.
http://svn.liferay.com/browse/portal/trunk/portal-impl/src/com/liferay/portal/security/auth/CASAutoLogin.java?r=HEAD
Thanks.
I took a look at CASAutoLogin and the interesting part is
Following that example, I printed the attributes available at the session, and I only got one attribute - HTTPS_INITIAL. It seems that the spnego http filter is not passing the HttpServletRequest correctly to my AutoLogin class. Perhaps it's a configuration problem?
I only put the reference to spnego in the web.xml file and changed auto.login.hooks to call my class.
Am I missing something?
HttpSession session = request.getSession();
String login = (String)session.getAttribute(CASFilter.LOGIN);
Following that example, I printed the attributes available at the session, and I only got one attribute - HTTPS_INITIAL. It seems that the spnego http filter is not passing the HttpServletRequest correctly to my AutoLogin class. Perhaps it's a configuration problem?
I only put the reference to spnego in the web.xml file and changed auto.login.hooks to call my class.
Am I missing something?
Rui,
Have you tried stepping through the CASAutoLogin code line by line?
Seeing Liferay in action and stepping through the code will help alot. The following websites show step by step instructions on how to connect to the Java Debugger attached to the JVM running Liferay to see Liferay in action:
http://www.liferay.com/community/wiki/-/wiki/Main/Eclipse
http://unorganizedmachines.com/site/software-and-technology/34-software-development/80-liferay-portlet-debugging-the-easy-way
Or for more results, search for "development liferay debugger":
http://www.google.com/search?hl=en&safe=off&q=development+liferay+debugger&aq=f&aqi=&aql=&oq=&gs_rfai=
Thanks.
Have you tried stepping through the CASAutoLogin code line by line?
Seeing Liferay in action and stepping through the code will help alot. The following websites show step by step instructions on how to connect to the Java Debugger attached to the JVM running Liferay to see Liferay in action:
http://www.liferay.com/community/wiki/-/wiki/Main/Eclipse
http://unorganizedmachines.com/site/software-and-technology/34-software-development/80-liferay-portlet-debugging-the-easy-way
Or for more results, search for "development liferay debugger":
http://www.google.com/search?hl=en&safe=off&q=development+liferay+debugger&aq=f&aqi=&aql=&oq=&gs_rfai=
Thanks.
Hello Rui,
Did you found any solution?
Did you found any solution?
We successfully implemented this configuration.
LIFERAY using CAS + SPNEGO + Kerberos to authenticate over LDAP
We are using:
Microsoft Windows Server 2008 R2 (Application Server)
Active Directory
Liferay 6.1 CE
CAS 3.4.11
Tomcat 7.0
JRE 1.6.19
1. First step, you must have or someone have access with the Domain Controller to set SPN at the same time creating of keytab file this is necessary to have trust link between the CAS server and KDC.
2. Prepare needed files such as: login.conf, kbr5.conf., Look for sample configuration then configure it as fit to your needs.
3. Configuration of your CAS. You need to configure your login-webflow.xml, cas-servlet, deployerConfigContext and lastly pom.xml that is located in Maven.
You also need to add necessary jar file to your CAS lib. That is being used in all the configuration you've done in CAS.
4. Configure your Liferay to CAS.
That all the step we did to accomplish this.
LIFERAY using CAS + SPNEGO + Kerberos to authenticate over LDAP
We are using:
Microsoft Windows Server 2008 R2 (Application Server)
Active Directory
Liferay 6.1 CE
CAS 3.4.11
Tomcat 7.0
JRE 1.6.19
1. First step, you must have or someone have access with the Domain Controller to set SPN at the same time creating of keytab file this is necessary to have trust link between the CAS server and KDC.
2. Prepare needed files such as: login.conf, kbr5.conf., Look for sample configuration then configure it as fit to your needs.
3. Configuration of your CAS. You need to configure your login-webflow.xml, cas-servlet, deployerConfigContext and lastly pom.xml that is located in Maven.
You also need to add necessary jar file to your CAS lib. That is being used in all the configuration you've done in CAS.
4. Configure your Liferay to CAS.
That all the step we did to accomplish this.
Community
Company
Feedback