News

SiteMinder integration is here

thumbnail
Mika Koivisto
Published Date16 Years Ago - 44061 Views

You've been heard! Out of box SiteMinder integration is here.

Computer Associate’s (CA) SiteMinder is a centralized web access management system that enables user authentication and single sign-on, policy-based authorization, identity federation, and auditing of access to Web applications and portals.

Liferay has out of box SiteMinder integration as of recent Liferay 5.1.2 release. The integration is based on CAS integration and only supports authenticating with screenName. It also knows how to properly terminate SiteMinder session. SiteMinder is usually connected to a LDAP so this integration is also able to import users from LDAP.

You can enable it either throught portal-ext.properties or UI just like with CAS or OpenSSO.

Enabling from portal-ext.properties:

##
## SiteMinder
##

    #
    # Set this to true to enable CA SiteMinder single sign on. If set to true,
    # then the property "auto.login.hooks" must contain a reference to the class
    # com.liferay.portal.security.auth.SiteMinderAutoLogin and the
    # "logout.events.post" must have a reference to
    # com.liferay.portal.events.SiteMinderLogoutAction for logout to work.
    #
    siteminder.auth.enabled=true

    #
    # A user may be authenticated from SiteMinder and not yet exist in the
    # portal. Set this to true to automatically import users from LDAP if they
    # do not exist in the portal.
    #
    siteminder.import.from.ldap=true

    #
    # Set this to the name of the user header that SiteMinder passes to the
    # portal.
    #
    siteminder.user.header=SM_USER

Enabling from Liferay UI:

SiteMinder settings

Comment (10)

More Blog Entries

thumbnail

Webinar: Filthy Rich Portlets with ICEfaces and Liferay

thumbnail
Neil Griffin
30 Sep
29
thumbnail

New JIRA projects

thumbnail
Michael Young
03 Oct
1
Blogs
thumbnail
Jorge Ferrer
16 Years Ago
Very nice, Mika!
Please sign in to reply.
thumbnail
Jorge Ferrer Jorge Ferrer
16 Years Ago
BTW, could you make a wiki article out of this entry? That way it's easier to find for people digging in the documentation and also becomes a place to extend the info when support for email is added.
Please sign in to reply.
thumbnail
Mika Koivisto Jorge Ferrer
16 Years Ago
I've added it here http://www.liferay.com/web/guest/community/wiki/-/wiki/Main/CA+SiteMinder+Integration should merge it with http://www.liferay.com/web/guest/community/wiki/-/wiki/Main/Integration+with+Siteminder+SSO
Please sign in to reply.
Geoff Ruscoe
15 Years Ago
Sorry to be a latecomer to this post, but this is exactly what I'm working on now. I'm not sure if I understand how this is supposed to work. We are standing up SiteMinder and Liferay right now and I don't see how those three settings are enough to get it to work with SiteMinder. Can someone help me? What am I missing, I see no documentation on how to tell Liferay anything about the SiteMinder installation and policy servers, etc.
Please sign in to reply.
thumbnail
Mika Koivisto Geoff Ruscoe
15 Years Ago
Sorry Geoff I missed your comment somehow. Liferay does not do a deep integration with SiteMinder we only do SSO. The way you setup this is that you have the SiteMinder agent sitting in front of Liferay usually installed in Apache HTTPD. The agent takes care of connecting to policy servers and deciding whether the user is authenticated. The agent passes the request to Liferay and Liferay checks if this user is authenticated by SiteMinder if it is it does autologin with that user. The user information is usually retrieved from LDAP.

Hope this helps.
Please sign in to reply.
phani nayani Mika Koivisto
14 Years Ago
If I chose not to copy the user info from LDAP or if LDAP dont have the user's organization memebership etc., how can I build the complete user's profile with all the portal info like his organization mmebership, liferay role etc. I need this profile fully built/populated (just like the user logged in through the login portlet), because I want to display the users content/portlets based on his organization and roles. Should I do this manually using Liferay API?
Please sign in to reply.
huanghuang tan
14 Years Ago - Edited
BTW, could you make a wiki article out of this entry? That way it's easier to find for people digging in the documentation and also becomes a place to extend the info when support for email is added.
Please sign in to reply.