Planned maintenance is scheduled for the week of June 15th - the exact date and time will be announced soon.
See More Details
Ask Questions and Find Answers
Important:
Ask is now read-only. You can review any existing questions and answers, but not add anything new.
But - don't panic! While ask is no more, we've replaced it with discuss - the new Liferay Discussion Forum! Read more here here or just visit the site here:
discuss.liferay.com
Integrating Liferay with exsiting CAS server
Hi All,
This is regarding CAS integration with Liferay portal.Am using Liferay tomcat server 6.1 ce ga3 server.
We have already installed and configured CAS and Microsoft AD LDAP SSO is working fine with our Java/non java applications.
Now we need to add liferay also in that list.
I have just enabled CAS authentication in Liferay portal settings page and given CAS login and logout url.
Also created a entry in CAS manage server page.
After that when ever I enter http://localhost:8080 its redirecting to CAS but am getting an error stating that,my application is not added into CAS server.
But I have added the liferay URL in the CAS manage page.
I do not know what am missing..
Can anyone please guide me to complete this.
If anyone know how to configure Liferay with the existing CAS please guide me with the steps/document..
Any help would be appreciated.Thanks in advance.
Chitra
This is regarding CAS integration with Liferay portal.Am using Liferay tomcat server 6.1 ce ga3 server.
We have already installed and configured CAS and Microsoft AD LDAP SSO is working fine with our Java/non java applications.
Now we need to add liferay also in that list.
I have just enabled CAS authentication in Liferay portal settings page and given CAS login and logout url.
Also created a entry in CAS manage server page.
After that when ever I enter http://localhost:8080 its redirecting to CAS but am getting an error stating that,my application is not added into CAS server.
But I have added the liferay URL in the CAS manage page.
I do not know what am missing..
Can anyone please guide me to complete this.
If anyone know how to configure Liferay with the existing CAS please guide me with the steps/document..
Any help would be appreciated.Thanks in advance.
Chitra
HI
https://www.liferay.com/community/wiki/-/wiki/Main/CAS+Liferay+6+Integration
https://www.liferay.com/community/wiki/-/wiki/Main/Single+SignOn+-+Integrating+Liferay+With+CAS+Server
https://www.liferay.com/marketplace/-/mp/application/15194077
https://www.liferay.com/community/wiki/-/wiki/Main/CAS++Authentication+using+multiple+Ldap+Servers
http://content.liferay.com/4.3/doc/installation/liferay_4_installation_guide/multipage/ch05s04.html
Regards,
Meera Prince
http://www.liferaysavvy.com
https://www.liferay.com/community/wiki/-/wiki/Main/CAS+Liferay+6+Integration
https://www.liferay.com/community/wiki/-/wiki/Main/Single+SignOn+-+Integrating+Liferay+With+CAS+Server
https://www.liferay.com/marketplace/-/mp/application/15194077
https://www.liferay.com/community/wiki/-/wiki/Main/CAS++Authentication+using+multiple+Ldap+Servers
http://content.liferay.com/4.3/doc/installation/liferay_4_installation_guide/multipage/ch05s04.html
Regards,
Meera Prince
http://www.liferaysavvy.com
Trying Liferay 7 ga5, deploying CAS 5.3.11 war in tomcat not able to see deploymentContext.xml file which in WEB-INF/lib . But able to login to CAS server .Can you help to place the secret and private key generated to be saved in which folder.I have placed in WEB-INF\classes\application.propertiescas.tgc.crypto.encryption.key=
cas.tgc.crypto.signing.key=
cas.webflow.crypto.signing.key=
cas.webflow.crypto.encryption.key=
cas.tgc.crypto.signing.key=
cas.webflow.crypto.signing.key=
cas.webflow.crypto.encryption.key=
Hi
You need add trusted keystore certificate to liferay used JRE.
Here the same key store certificate should be available to both servers JRE
http://www.liferaysavvy.com/2012/09/liferay-cas-issues-and-solutions.html
Regards,
Meera Prince
http://www.liferaysavvy.com
You need add trusted keystore certificate to liferay used JRE.
Here the same key store certificate should be available to both servers JRE
http://www.liferaysavvy.com/2012/09/liferay-cas-issues-and-solutions.html
Regards,
Meera Prince
http://www.liferaysavvy.com
Hi Meera,
Thank you very much for your reply.
To say the truth I have referred all the links before except the Liferay "CAS Issues and Solutions".
Actually I do not understand anything from this.
Every one is saying about building and deploying cas-war and enabling SSL and etc...
Let me clearly explain about my liferay set up and my queries,
Thanks in advance
Chitra
Thank you very much for your reply.
To say the truth I have referred all the links before except the Liferay "CAS Issues and Solutions".
Actually I do not understand anything from this.
Every one is saying about building and deploying cas-war and enabling SSL and etc...
Let me clearly explain about my liferay set up and my queries,
- In Liferay I have already implemented SSL and imported our domain CA certificate and it is working fine with 'https' protocol
- We have installed and configured CAS in separate server and its working fine for our external Java/Non java applications.
- Liferay 6.x versions are CASified by default (refer http://www.liferayaddict.com/home/-/blogs/51443;jsessionid=EBF26B4A2CD1B6B518CC8B14CDAB68B8 , https://wiki.jasig.org/display/CAS/CASifying+Applications)
- Here my query is,why should I deploy cas-web.war..?
- And what needs to be done for enabling CAS authentication in my Liferay setup...?
Thanks in advance
Chitra
Hi
I understand that you already have CAS in one server and your liferay in other server.
First make sure stand alone CAS is working or not.
means access your https://domainname.com/cas/login
enter credentials then you should get login success.. similarly you have to access https://domainname.com/cas/logout and it should log out success.
tell me your cas application context path...
Once cas working fine now we want use CAS for liferay means you will provide user credentils from liferay data base
Open you existed CAS application deploymentContext.xml file which in WEB-INF/lib
create data source for your liferay data base i.e lportal
<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource">
<property name="driverClassName">
<value>com.mysql.jdbc.Driver</value>
</property>
<property name="url">
<value>jdbc:mysql://localhost:3306/watsonportal2</value>
</property>
<property name="username">
<value>root</value>
</property>
<property name="password">
<value></value>
</property>
</bean>
and add Authenticate handler indeploymentContext.xml
<property name="authenticationHandlers">
<list>
<bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
p:httpClient-ref="httpClient" />
<bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationSHA1Base64">
<property name="dataSource" ref="dataSource"></property>
<property name="sql" value="SELECT password_ from User_ where lower(emailAddress) = lower(?)"></property>
</bean>
</list>
</property>
and Liferay used SHA1Base64 w need implement class QueryDatabaseAuthenticationSHA1Base64.java
see this post
https://www.liferay.com/community/forums/-/message_boards/message/4505633
once you done this in your existed cas server
now add cas-client-core-3.1.10.jar file in liferay portal tomcat/lib/ext
now configure your CAS server deatils in liferay from Admin screen go to portal setting and enable cass provide cas login and cas log out urls
In my www.liferaysavvy.com go to Cas Problems and Solition download entire zip file from that take cas-server-support-jdbc-3.4.11.jar add to your cas application lib directory in that i implemented QueryDatabaseAuthenticationSHA1Base64.java
and add above authentication handler to your cas deployemnt context for reference see my dowloaded cas-web deploymentContext.xml
and you need to add keystore certificate that you have used for your cas same certificate you need to add for liferay used jre using following command
keytool -import -alias tomcat1 -file ./server1.cert -keypass changeit -keystore "C:/Program Files/Java/jdk1.6.0_43/jre/lib/security/cacerts"
make sure your liferay server using which JRE in that jre/lib/security you have to add keystore file
I understand that you already have CAS in one server and your liferay in other server.
First make sure stand alone CAS is working or not.
means access your https://domainname.com/cas/login
enter credentials then you should get login success.. similarly you have to access https://domainname.com/cas/logout and it should log out success.
tell me your cas application context path...
Once cas working fine now we want use CAS for liferay means you will provide user credentils from liferay data base
Open you existed CAS application deploymentContext.xml file which in WEB-INF/lib
create data source for your liferay data base i.e lportal
<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource">
<property name="driverClassName">
<value>com.mysql.jdbc.Driver</value>
</property>
<property name="url">
<value>jdbc:mysql://localhost:3306/watsonportal2</value>
</property>
<property name="username">
<value>root</value>
</property>
<property name="password">
<value></value>
</property>
</bean>
and add Authenticate handler indeploymentContext.xml
<property name="authenticationHandlers">
<list>
<bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
p:httpClient-ref="httpClient" />
<bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationSHA1Base64">
<property name="dataSource" ref="dataSource"></property>
<property name="sql" value="SELECT password_ from User_ where lower(emailAddress) = lower(?)"></property>
</bean>
</list>
</property>
and Liferay used SHA1Base64 w need implement class QueryDatabaseAuthenticationSHA1Base64.java
see this post
https://www.liferay.com/community/forums/-/message_boards/message/4505633
once you done this in your existed cas server
now add cas-client-core-3.1.10.jar file in liferay portal tomcat/lib/ext
now configure your CAS server deatils in liferay from Admin screen go to portal setting and enable cass provide cas login and cas log out urls
In my www.liferaysavvy.com go to Cas Problems and Solition download entire zip file from that take cas-server-support-jdbc-3.4.11.jar add to your cas application lib directory in that i implemented QueryDatabaseAuthenticationSHA1Base64.java
and add above authentication handler to your cas deployemnt context for reference see my dowloaded cas-web deploymentContext.xml
and you need to add keystore certificate that you have used for your cas same certificate you need to add for liferay used jre using following command
keytool -import -alias tomcat1 -file ./server1.cert -keypass changeit -keystore "C:/Program Files/Java/jdk1.6.0_43/jre/lib/security/cacerts"
make sure your liferay server using which JRE in that jre/lib/security you have to add keystore file
Hi Meera,
Thank you for your detailed explanation.Will give a try and update you.
Thanks
Chitra
Thank you for your detailed explanation.Will give a try and update you.
Thanks
Chitra
HI
Chitra Thambirajan
did you resolve your problem....??
I understand you have CAS in another server..
1) connect your existed CAS to Liferay data base then only user can be authenticated other wise can cant get used information to authenticate user.
for this you need create data source to lporal database in Existed CAS server deploymentContext.xml file as i said earlier.
Liferay internally uses SHA Base64 algorithm to encrypt user password and store in data base .so we need to implement CAS authentication handler which should use same algorithm to do authentication against user who is in lportal
for this i already done in my cas-web ... you simple go my cas-web/lib you can find cas-server-support-jdbc-3.4.11.jar take this jar file and place in your existed CAS WEB-INF/lib
now configure authentication handler in deploymentContext.xml of your existed CAS for this i already show the code and you can see my cas-web deploymentContext.xml
i implemented authentication handler java class is QueryDatabaseAuthenticationSHA1Base64.java same you can use because u already add my jar file to you CAS
Now you need add same key store certificate for both servers JRE. because we are using https protocol the entire information encrypted by the public and private key whic is stored in key store cerificate.
here you are using two servers one for lifera another for CAS each jre should know these key when the encript and decript for this we need to share same keystore file in two servers JRE
You need to enables HTTPS port in liferay portal application server if it is tomcat then open server.xml file and enable HTTPS port as follows
<Connector port="7070" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="7443" />
<Connector port="7443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
<Connector port="7009" protocol="AJP/1.3" redirectPort="7443" />
you can see this information in my downloaded server.xml file
Now start liferay login as Admin liferay go to portal settings select CAS authentication
configure cas login url, cas logout url , case server name and enable cas using check box.
if you are using older version of Liferay before 6.x version then add cas-client-core.jar in tomacat/lib/ext this is called portal global lib because this jar file in included in portal in previous versions.. you can check this jar file in your portal ROOT.war/WEB-INF/lib if not available then add in liferay global lib .
Regards,
Meera Prince
Chitra Thambirajan
did you resolve your problem....??
I understand you have CAS in another server..
1) connect your existed CAS to Liferay data base then only user can be authenticated other wise can cant get used information to authenticate user.
for this you need create data source to lporal database in Existed CAS server deploymentContext.xml file as i said earlier.
Liferay internally uses SHA Base64 algorithm to encrypt user password and store in data base .so we need to implement CAS authentication handler which should use same algorithm to do authentication against user who is in lportal
for this i already done in my cas-web ... you simple go my cas-web/lib you can find cas-server-support-jdbc-3.4.11.jar take this jar file and place in your existed CAS WEB-INF/lib
now configure authentication handler in deploymentContext.xml of your existed CAS for this i already show the code and you can see my cas-web deploymentContext.xml
i implemented authentication handler java class is QueryDatabaseAuthenticationSHA1Base64.java same you can use because u already add my jar file to you CAS
Now you need add same key store certificate for both servers JRE. because we are using https protocol the entire information encrypted by the public and private key whic is stored in key store cerificate.
here you are using two servers one for lifera another for CAS each jre should know these key when the encript and decript for this we need to share same keystore file in two servers JRE
You need to enables HTTPS port in liferay portal application server if it is tomcat then open server.xml file and enable HTTPS port as follows
<Connector port="7070" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="7443" />
<Connector port="7443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
<Connector port="7009" protocol="AJP/1.3" redirectPort="7443" />
you can see this information in my downloaded server.xml file
Now start liferay login as Admin liferay go to portal settings select CAS authentication
configure cas login url, cas logout url , case server name and enable cas using check box.
if you are using older version of Liferay before 6.x version then add cas-client-core.jar in tomacat/lib/ext this is called portal global lib because this jar file in included in portal in previous versions.. you can check this jar file in your portal ROOT.war/WEB-INF/lib if not available then add in liferay global lib .
Regards,
Meera Prince
Hi Meera,
Thanks a lot for your time and posts.In this world we could find only few people with helping tendency.You are one among them.
As I mentioned earlier my CAS environment already configured to work with Tomcat applications.
So what I did is,Just enabled LDAP & CAS authentication in Liferay and added the necessary cas urls.
And then added a service entry for Liferay in CAS manage page. (my entry is - https://myserver.mydomain.com:8443/c/portal/login )
That's all. Everything is working fine.
Once again thank you for your time meera.
Also thank you Krzysztof.
Thank you guys.
Regards
Chitra
Thanks a lot for your time and posts.In this world we could find only few people with helping tendency.You are one among them.
As I mentioned earlier my CAS environment already configured to work with Tomcat applications.
So what I did is,Just enabled LDAP & CAS authentication in Liferay and added the necessary cas urls.
And then added a service entry for Liferay in CAS manage page. (my entry is - https://myserver.mydomain.com:8443/c/portal/login )
That's all. Everything is working fine.
Once again thank you for your time meera.
Also thank you Krzysztof.
Thank you guys.
Regards
Chitra
Hi
Nice to hear you that is you done successful configuration...
I have question only configuration done in Liferay your cas is working?
how do your CAS get the user details without data sources configured in CAS deploymentContext.xml file
Any way i am going write article on Liferay CAS integration....
Regards,
Meera Prince
Nice to hear you that is you done successful configuration...
I have question only configuration done in Liferay your cas is working?
how do your CAS get the user details without data sources configured in CAS deploymentContext.xml file
Any way i am going write article on Liferay CAS integration....
Regards,
Meera Prince
Hi Meera,
Extremely sorry for the late reply.
Actually in my concern CAS installation and configuration is done by a different team.
So I just showed the reply which you have posted and some other posts related to CAS integration.
They told like all the related steps are done already.
So I just touched the liferay alone to integrate CAS and it's worked.
Thanks
Chitra
Extremely sorry for the late reply.
Actually in my concern CAS installation and configuration is done by a different team.
So I just showed the reply which you have posted and some other posts related to CAS integration.
They told like all the related steps are done already.
So I just touched the liferay alone to integrate CAS and it's worked.
Thanks
Chitra
Krzysztof Gołębiowski, modified 12 Years ago.
Liferay Master
Posts: 549
Join Date: 6/25/11
Recent Posts
Hello,
I've deployed CAS with Liferay as user source once, but I took a different approach. If you use simple database user/password check then you ommit all Liferay authentication mechanism. Only the simplest username/password case works, If you try to use any different authenticator from chain (eg. LDAP) it will not work, this method does not even check if user is active.
I used Liferay API for authenticating users with CAS, it is quite simple cause you have to extend AbstractUsernamePasswordAuthenticationHandler class and override authenticateUsernamePasswordInternal method with similar code:
final String username = credentials.getUsername();
final String password = credentials.getPassword();
int status = UserLocalServiceUtil.authenticateByScreenName(
PortalUtil.getDefaultCompanyId(), username, password, null, null, null);
if(status == Authenticator.SUCCESS) {
authenticated = true;
} else if(status == Authenticator.FAILURE) {
log.info("User [" + username + "] has an active account but credentials are invalid. Authentication failed.");
authenticated = false;
} else if(status == Authenticator.DNE) {
log.info("User [" + username + "] does not have valid account. Authentication failed.");
authenticated = false;
}
return authenticated;
This requires CAS to be deployed on the same JVM, if it is other server then web service API should be used.
Regards,
KG
I've deployed CAS with Liferay as user source once, but I took a different approach. If you use simple database user/password check then you ommit all Liferay authentication mechanism. Only the simplest username/password case works, If you try to use any different authenticator from chain (eg. LDAP) it will not work, this method does not even check if user is active.
I used Liferay API for authenticating users with CAS, it is quite simple cause you have to extend AbstractUsernamePasswordAuthenticationHandler class and override authenticateUsernamePasswordInternal method with similar code:
final String username = credentials.getUsername();
final String password = credentials.getPassword();
int status = UserLocalServiceUtil.authenticateByScreenName(
PortalUtil.getDefaultCompanyId(), username, password, null, null, null);
if(status == Authenticator.SUCCESS) {
authenticated = true;
} else if(status == Authenticator.FAILURE) {
log.info("User [" + username + "] has an active account but credentials are invalid. Authentication failed.");
authenticated = false;
} else if(status == Authenticator.DNE) {
log.info("User [" + username + "] does not have valid account. Authentication failed.");
authenticated = false;
}
return authenticated;
This requires CAS to be deployed on the same JVM, if it is other server then web service API should be used.
Regards,
KG
Meera Prince:
Hi
I understand that you already have CAS in one server and your liferay in other server.
First make sure stand alone CAS is working or not.
means access your https://domainname.com/cas/login
enter credentials then you should get login success.. similarly you have to access https://domainname.com/cas/logout and it should log out success.
tell me your cas application context path...
Once cas working fine now we want use CAS for liferay means you will provide user credentils from liferay data base
Open you existed CAS application deploymentContext.xml file which in WEB-INF/lib
create data source for your liferay data base i.e lportal
<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource">
<property name="driverClassName">
<value>com.mysql.jdbc.Driver</value>
</property>
<property name="url">
<value>jdbc:mysql://localhost:3306/watsonportal2</value>
</property>
<property name="username">
<value>root</value>
</property>
<property name="password">
<value></value>
</property>
</bean>
and add Authenticate handler indeploymentContext.xml
<property name="authenticationHandlers">
<list>
<bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
p:httpClient-ref="httpClient" />
<bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationSHA1Base64">
<property name="dataSource" ref="dataSource"></property>
<property name="sql" value="SELECT password_ from User_ where lower(emailAddress) = lower(?)"></property>
</bean>
</list>
</property>
and Liferay used SHA1Base64 w need implement class QueryDatabaseAuthenticationSHA1Base64.java
see this post
https://www.liferay.com/community/forums/-/message_boards/message/4505633
once you done this in your existed cas server
now add cas-client-core-3.1.10.jar file in liferay portal tomcat/lib/ext
now configure your CAS server deatils in liferay from Admin screen go to portal setting and enable cass provide cas login and cas log out urls
In my www.liferaysavvy.com go to Cas Problems and Solition download entire zip file from that take cas-server-support-jdbc-3.4.11.jar add to your cas application lib directory in that i implemented QueryDatabaseAuthenticationSHA1Base64.java
and add above authentication handler to your cas deployemnt context for reference see my dowloaded cas-web deploymentContext.xml
and you need to add keystore certificate that you have used for your cas same certificate you need to add for liferay used jre using following command
keytool -import -alias tomcat1 -file ./server1.cert -keypass changeit -keystore "C:/Program Files/Java/jdk1.6.0_43/jre/lib/security/cacerts"
make sure your liferay server using which JRE in that jre/lib/security you have to add keystore file
Hey Meera,
I am trying the same. Can you please help me find the cas-server-support-jdbc-3.4.11.jar.
Hi you can find in the following location..
http://sourceforge.net/projects/meeralferay/files/LiferayCAS/
Regards,
Meera Prince
http://sourceforge.net/projects/meeralferay/files/LiferayCAS/
Regards,
Meera Prince
Hey Meera,
Thanks for reply. That was really helpful.
Thanks for reply. That was really helpful.
Hi chitra,
I want to know the steps you follow to integrate CAS with liferay.
Please revert back its urgent requirement
Regards
Robin Thakur
I want to know the steps you follow to integrate CAS with liferay.
Please revert back its urgent requirement
Regards
Robin Thakur
Community
Company
Feedback