Liferay as SP and OpenAM as IDP Using SAML 2.0

Mohit Soni
Mohit Soni
A Minute Read

In this blog we will configure OpenAM as Identity provider and Liferay as Service Provider using SAML 2.0.

Follow below steps :

 

 

  • Click on "Create default Configuration".

 

  • Provide password as shown in above diagram and click on create configuration.
  • After successfull completion page redirects to http://localhost:8081/OpenAM-11.0.0/UI/Login.
  • Provide username as amadmin and password as liferaypassword.
  • Now Open Liferay (I am using 6.2 which is running on port 8080).
  • Deploy SAML plugin.
  • Add below properties in portal-ext.properties :

saml.enabled=true

saml.role=sp 
saml.entity.id=test
saml.metadata.paths=http://localhost:8081/OpenAM-11.0.0/saml2/jsp/exportmetadata.jsp
 
# # Keystore #
saml.keystore.type=jks 
saml.keystore.path=/OpenAM-11.0.0/OpenAM-11.0.0/keystore.jks 
saml.keystore.password=changeit 
saml.keystore.credential.password[test]=changeit 
 
# # Service Provider #
saml.sp.default.idp.entity.id=http://localhost:8081/OpenAM-11.0.0
saml.sp.sign.authn.request=true 
saml.sp.assertion.signature.required=false 
saml.sp.clock.skew=3000 
 
saml.sp.user.attribute.mappings=screenName=uid\nemailAddress=mail\nfirstName=givenname\nlastName=sn
 
  • Restart Liferay server.
  • To configure OpenAM as IDP go to http://localhost:8081/OpenAM-11.0.0/task/Home
  • On the Common Tasks page, click on Create Hosted Identity Provider.

 

  • Now click on Register Remote Service Provider.

 

 

  • After registering Remote Service Provider, click on Federation tab , your screen should look like:

 

 

  • Now click on test link available under Entity Providers table and make sure following settings are checked, If not then mark it checked

 

  • Now go to Liferay Server and create a user with below details :

 

  • Now update the same user details in OpenAM, Go to Access Control tab.

  • Click the / (Top Level Realm) realm.

  • Select the Subjects tab.

  • Click on demo user.

  • Update first name as "demo" and emailaddress as "demo@liferay.com" and Save it.

 

  • Now Open a new browser clear all cache and hit http://localhost:8080/.

  • Click on SignIn link from Top right corner.

  • It will redirect you to OpenAM login page.

  • Fill username as demo and password as changeit.

  • It will be authenticated and redirected to Liferay successfully.

 

Thank You!!!

 

Page Comments
thumbnail
Corné Aussems
11 Years Ago
Hey Mohit,

Since i just succeeded in setting up Shibboleth by SAML, and knew OpenAM is supported by default Liferay not using SAML , i thought of toying with SAML on OpenAm myself to find your post JIT.

Thanks a bunch this saves me i night, and gives me a chance to discover new ideas i thought up with Sampsa today.

C.heers
Please sign in to reply.
amey pelapkar
10 Years Ago
Hi Mohit,
This is Amey.
The steps you have mentioned is straight forward but I am getting error as "null document" when I click configure button while creating "Create a SAMLv2 Remote Service Provider". On tomcat command prompt I can see error as "[Fatal Error] :1:1: Content is not allowed in prolog.".

May you please guide me.
Please sign in to reply.
thumbnail
Akash Mishra
8 Years Ago
Hey Guys,

In case someone is getting the "null document" issue while Registering Remote Service Provider, please provide the protocol along with the URL in the tab "URL where Metadata is located". For Eg:
http://localhost:8080/c/portal/saml/metadata

Hope it helps.

Thanks,
Akash
Please sign in to reply.

Related Assets...

No Results Found

More Blog Entries...