1. Home
  2. Development
  3. RE: postLoginEvent - liferay6.2

RE: postLoginEvent - liferay6.2

Mic Izy, modified 5 Years ago.
postLoginEvent - liferay6.2
New Member Posts: 8 Join Date: 7/9/20 Recent Posts
Hello,

I used oidc hook, and now i'm able to login to liferay through oidc provider (keycloack). Now I need to set group of user according to property i get in token. So i thought I will get the property in post login event, and set user group there. 
I'm stuck with trying to print  test  pre login. What i did is:

Added login.events.pre = com.proliferay.demo.CustomPreLoginAction in portal-ext.properties
Added CustomPreLoginAction class in my war file
Now after i get CustomPreLoginAction .

My CustomPreLoginAction  class :


public class CustomPreLoginAction extends Action{

    @Override
    public void run(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse)
            throws ActionException {
        /**
         * Write your custom code here
         */
       System.out.println("Invoking this line before Login");

    }

}


Can you please help me?
​​​​​​​Thank you 
thumbnail
Jack Bakker, modified 5 Years ago.
RE: postLoginEvent - liferay6.2
Liferay Master Posts: 978 Join Date: 1/3/10 Recent Posts
In Liferay v6.2, you are using the "OpenID Connect plugin from the marketplace. (https://web.liferay.com/marketplace/-/mp/application/78695724).
You want to associate Liferay usergroups with the user where the usergroups to be associated have the same name as roles associated with the user, roles that are returned by keycloak. You are using the add/update user feature that is built into the plugin.--Is what I write true ?
thumbnail
Jack Bakker, modified 5 Years ago.
RE: postLoginEvent - liferay6.2
Liferay Master Posts: 978 Join Date: 1/3/10 Recent Posts
What I did in a devtest Liferay v6.2.5 was override the Liferay62Adapter.createOrUpdateUser to import from LDAP based on username or email address with:

user = PortalLDAPImporterUtil.importLDAPUser(...

but you may not be using LDAP, and from what you write it looks like you want to use roles from token
Mic Izy, modified 5 Years ago.
RE: postLoginEvent - liferay6.2
New Member Posts: 8 Join Date: 7/9/20 Recent Posts
Yes, the problem is the groups from keycloack users are not imported by oidc plugin. So what i am trying to do is add additional field in token. Question is, is it possible to get the token field in post login event and assing group according to it.

Another way ( i belive it should be easier)  is to assing group according to email address, but still I am stack with trying to write post login action. 
thumbnail
Jack Bakker, modified 5 Years ago.
RE: postLoginEvent - liferay6.2
Liferay Master Posts: 978 Join Date: 1/3/10 Recent Posts
Hi again, so you possibly have at least the following two challenges: 1) writing a post login action and 2) extracting the roles from a token. Note that the code you gave is for a Pre not PostLogin. But, given the oidc-hook already has a Liferay62Adapter.createOrUpdateUser which adds or updates the Liferay user, why would you not also do the group association add/update in that same method ? You'd need to grab the source for the plugin.   
Mic Izy, modified 5 Years ago.
RE: postLoginEvent - liferay6.2
New Member Posts: 8 Join Date: 7/9/20 Recent Posts
That tip was very helpful, I didn't find way to extract info from token yet, but I did find way to modify group. 
Thank you so much!
thumbnail
Jack Bakker, modified 5 Years ago.
RE: postLoginEvent - liferay6.2
Liferay Master Posts: 978 Join Date: 1/3/10 Recent Posts
Now that you have source for the plugin, you can debug. Add breakpoint at:

oidc-lib/src/main/java/nl/finalist/liferay/oidc/LibAutoLogin.java:41

and see if you are getting back a token claim name like 'groups' (or 'roles' or ...) in the userInfo

if not then you'll need to go into Keycloak and configure it till you do

In my case: 
- in keycloak under "User Federation : Openldap : LDAP Mappers" I added a group-ldap-mapper
- under "Clients : MyClientId : Mappers : Create Protocol Mappers" I added a Mapper Type = Group Membership.

Once you see the groups (or another token claim name) in userInfo, then there is additional code to add to extract it in Java (like in oidc-lib/src/main/java/nl/finalist/liferay/oidc/providers/UserInfoProvider.java) 
Mic Izy, modified 5 Years ago.
RE: postLoginEvent - liferay6.2
New Member Posts: 8 Join Date: 7/9/20 Recent Posts
Hello,
I was able to add custom field in keycloack, and get it in LibAutoLogin:39. Thank you for your help.