SAML Restore Tool

A configuration driven custom Gogo Shell Command that can be used to restore a non-prod environments SAML Configuration

thumbnail
Michael Wall
Published Date13 Days Ago - 403 Views

What is it?

  • The SAML Restore Tool is a configuration driven custom Gogo Shell command that can be used to restore a non-prod environments SAML Configuration e.g. after a prod backup is restored into the environment.

What are the benefits?

  • Support good practice of regularly restoring prod data into non-prod environments
  • Supports security good practice of prod and non-prod environments using separate SAML IdPs, Certificates and Private Keys etc.
  • Ensures that the SAML SP Metadata XML doesn't change, meaning it doesn’t need to be re-shared with the IdP team each time
  • Removes the manual effort of re-configuring SAML post-database restore

Features

  • Works in Liferay PaaS and Self Hosted *
    • Tested in Liferay DXP QR 2025.Q1 LTS and Liferay DXP 7.4 U92
  • Easy to run custom Gogo Shell Command samlRestoreTool:restoreSamlConfig
  • Configuration as Code
    • Tool configuration managed in DXP Cloud Repository:
    • liferay/configs/[ENV]/saml-restore-tool-config/virtual-instances
    • Dedicated KeyStore per Virtual Instance
    • KeyStore and Certificate passwords stored securely as Liferay PaaS Secrets
  • Handles Liferay DXP environments with multiple Virtual Instances
  • Handles Virtual Instances with multiple SAML Identity Provider Connections

* Liferay SaaS is not supported. This is an OSGi module because the /v1.0/saml-provider headless REST APIs are BETA, incomplete and abandoned. For example they don’t handle SAML Certificate management.

Known Limitations

  • Liferay DXP environment acting as a SAML Identity Provider (IdP) not handled
    • Liferay DXP is typically used as a SAML Service Provider (SP)
  • ALL environments (prod and non-prod) must be using the Document Library Keystore Manager
    • Document Library Keystore Manager is recommended for Liferay PaaS anyway
    • Steps to switch the Keystore Manager are included in the README
  • SAML Admin > Identity Provider Connections > Connection setting 'Keep Alive URL' value reset…
    • This can be manually updated via the SAML Admin GUI if used

Resources

  • Github Repository containing the module source code

  • README for detailed instructions including setup and usage. Please read the README fully before attempting to use.

SAML
Comment (0)

More Blog Entries

thumbnail

Setting cookies when using the GDPR Compliance for Cookies feature

thumbnail
Michael Wall
29 Jul
0
thumbnail

Liferay PaaS and RabbitMQ with Objects, CX and custom services

thumbnail
Michael Wall
08 Aug
0
Blogs