RE: SAML SSO Implementation in Liferay 6.2 CE GA2

2019-04-10T13:07:33Z

Hi Anu,

Today i have done integration for liferay SSO with help of CAS and LDAP . So below step we need to follow as per my implementation
Note: before starting implementation need to take liferay port no 8080 because i have done integration testing using port no 8080
Note:please find attached document as reference.i have mention entire process for creating SSO connection.

Step 1 : need to change user authenticate by email address to screen name.
login with admin account into the liferay portal server.then go to control panel then portal setting Then go to Authentication tab then in general tab need to change below option
*** How do user authenticate*** ----- By ScreenName(is preferred value)

Step 2: need to install & configure apache ds server for ldap configuration
go to this url :http://archive.apache.org/dist/directory/apacheds/stable/1.0/1.0.2/
and find "apacheds-1.0.2-win32-setup.exe" for windows
after downloaded just install apache ds server into your local directory then go to bin directory and start apacheds server.
After that need to install JXplorer for creating user/organization..now open your jxplorer and need to connect with apacheds server using below details
hostname : localhost
port : 10389
Level : user+password
User DN : uid=admin,ou=system
password : secret

then click on ok button then you'll see home page .in the left side we have directory like com and we have sub directory called example
now right click on sub directory and select new option here we need to fill below entry

RDN entry cn=test
where test is our screen name according to liferay.then click on ok button
after that we need to fill test user information like :
sn : Test
displayName : test
givenName :Test
mail : test@liferay.com
uid:test
userPassword : test and encryption policy should be SHA
after that we need to submit this data.
now we have done our ldap server configuration.Now we have to go liferay ->control panel -> portal settings -> Authentication -> Ldap
and need to add ldap server using below information.
Server Name : ldap://localhost:10389
Connection
----------------
Base Provider URL : ldap://localhost:10389
Base DN : dc=example,dc=com
Principal : uid=admin,ou=system
Credential : secret
Auth Search Filter : (displayname=@screen_name@)
Import Search Filter : (objectClass=organizationalPerson)
User Mapping
---------------
screen name :displayname
Email Address :email
Password : userPassword
First Name : givenName
Last Name : sn
Job Title : title
Export
--------
Users DN : dc=example,dc=com
User Default Object Class : organizationalPerson,top,person,inetOrgPerson
then we have to save this configuration.

Step 3 : now need to setup CAS
go to liferay -> control panel -> portal settings -> Authentication -> CAS
fill below entry

1.Enabled option checked
2.Import option Uncheck
3. Login URL : https://localhost:8443/cas/login
4: Logout URL : https://localhost:8443/cas/logout
5.server name : localhost:8080
6.server url : https://localhost:8443/cas
No such user redirection : localhost:8080
then test your CAS Server
Now after that need to download cas setup files
(A) download CAS Server related zip file using below url
URL : http://developer.jasig.org/cas/
Version : cas-server-3.4.11-release.zip
please unzip this file to your local directory.then go to this unzip directory under modules folder and take cas-server-webapp-3.4.11 war file and copy & paste with the same folder and rename as cas.war
Because in liferay control panel we have configure cas login and logout url.now deploy this war file into the liferay server under webapps then it will create cas folder.
now go to that folder(.../webapps/cas/WEB-INF/....) and select cas.properties and we need to check below properties
1.server.prefix=http://localhost:8080/cas
2.cas.securityContext.serviceProperties.service=http://localhost:8080/cas/services/j_acegi
_cas_security_check
3.cas.securityContext.serviceProperties.adminRoles=ROLE_ADMIN
4.cas.securityContext.casProcessingFilterEntryPoint.loginUrl=http://localhost:8080/cas/l
ogin
5.cas.securityContext.ticketValidator.casServerUrlPrefix=http://localhost:8080/cas
6.cas.themeResolver.defaultThemeName=cas-theme-default
7.cas.viewResolver.basename=default_views
8.host.name=cas
9.database.hibernate.dialect=org.hibernate.dialect.MySQLDialect
then we need to change deployerConfigContext.xml as below
(A) find and replace
"<bean class="org.jasig.cas.authentication.handle r.support.SimpleTestUsernamePasswordAuthenticationHandler" />"
to
<bean class="org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler">
<property name="filter" value="cn=%u,dc=example,dc=com" />
<property name="contextSource" ref="contextSource" /></bean>
( need to add below bean before ending beans tag
<bean id="contextSource "class="org.springframework.ldap.core.support.LdapContextSource">
<property name="pooled" value="true"/>
<property name="urls">
<list><value>ldap://localhost:10389</value></list>
</property>
<property name="userDn" value="uid=admin,ou=system"/>
<property name="password" value="secret"/>
<property name="baseEnvironmentProperties"><map>
<entry>
<key><value>java.naming.security.authentication</value></key>
<value>simple</value>
</entry>
</map></property>
</bean>
now go to your cas server unzip directory as below :
.... \cas-server-3.4.11-release\cas-server-3.4.11\modules and take this jar file
"cas-server-support-ldap-3.4.11.jar" and paste inside liferay-portal-6.2-ce-ga2\tomcat-
7.0.42\webapps\cas\WEB-INF\lib folder
Now Download some external dependent jar file using below location

(1) Jar Name : ldaptemplate-1.0.2
Location : http://www.java2s.com/Code/Jar/l/Downloadldaptemplate102jar.htm

(2) Jar Name : spring-ldap-1.3.1.RELEASE-all.jar
Location :http://www.java2s.com/Code/Jar/s/Downloadspringldap131RELEASEalljar.htm
and paste inside liferay-portal-6.2-ce-ga2\tomcat-7.0.42\webapps\cas\WEB-INF\lib folder

After this need to create theme.properties file using below location
...../liferay-tomcat/webapps/cas/WEB-INF/classes/cas-theme-default.properties (copy this property file and paste with the same folder and rename as theme.properties).
Ex. File 1 : ...../liferay-tomcat/webapps/cas/WEB-INF/classes/cas-theme-default.properties
File 2 : ...../liferay-tomcat/webapps/cas/WEB-INF/classes/theme.properties

Step 4: Now Create Certificate
create 1 folder as a cas-key(in your local directory) then open cmd prompt and go to this newly created directory and performed below steps :
(A) try below command in your command prompt
Command : keytool -genkey -alias tomcat -keypass changeit -keyalg RSA
Example : D:\Softwares\cas-keys>keytool -genkey -alias tomcat -keypass changeit -keyalg RSA
Enter keystore password: changeit
Re-enter new password: changeit

make it first and last name as localhost and rest of the question no need to enter any thing

What is your first and last name: localhost
What is the name of your organizational unit
What is the name of your organization
What is the name of your City or Locality
What is the name of your State or Province
What is the two-letter country code for this unit
Is CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
correct: no : yes
( after completing step A try below command
Command : keytool -genkey -alias duke -keyalg RSA -validity 7 -keystore keystore
Example : D:\Softwares\cas-keys> keytool -genkey -alias duke -keyalg RSA -validity 7 -
keystore keystore
Enter keystore password : changeit
Re-enter new password : changeit
What is your first and last name: localhost
What is the name of your organizational unit
What is the name of your organization
What is the name of your City or Locality
What is the name of your State or Province
What is the two-letter country code for this unit
Is CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
correct : no: yes
Enter key password for duke
(RETURN if same as keystore password): changeit
Re-enter new password: changeit
(C) now after completing step B try below command
Command : keytool -export -alias tomcat -keypass changeit -file server.cert
Example:\Softwares\cas-keys>keytool -export -alias tomcat -keypass changeit -file server.cert
Enter keystore password : changeit
Certificate stored in file <server.cert>

(D) now after completing step C try below command
Command : keytool -import -alias tomcat -file server.cert -keypass changeit -keystore
"C:\Program Files\Java\jdk1.7.0_45\jre\lib\security\cacerts"
Example :
D:\Softwares\cas-keys>keytool -import -alias tomcat -file server.cert -keypass changeit -
keystore "C:\Program Files\Java\jdk1.7.0_45\jre\lib\security\cacerts"
Enter keystore password:changeit
Owner: CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown,
C=Unknown
Issuer: CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown,
C=Unknown
Serial number: 1d165110
------
------
Trust this certificate? no: yes
Certificate was added to keystore
(E) after completing step D try below command
Command : keytool -import -alias tomcatcert -file server.cert -keystore truststore
Example :
D:\Softwares\cas-keys>keytool -import -alias tomcatcert -file server.cert -keystor
tore
Enter keystore password: changeit
Re-enter new password: changeit
Owner: CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown,
C=Unknown
Issuer: CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown,
C=Unknown
Serial number: 1d165110
----
----
Trust this certificate? no: yes
Certificate was added to keystore
Step 5 : Now go to this directory
...\liferay-tomcat\liferay-portal-6.2-ce-ga2\tomcat-7.0.42\conf and open server.xml
and just un comment this tag with the changes

<Service name="Catalina">
---
---
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="C:/Users/vikash/.keystore"
keystorePass="changeit"
truststoreFile="C:/Program Files/Java/jdk1.7.0_45/jre/lib/security/cacerts/" />

Step 6 : Now create portal-ext.properties and system-ext.properties file
(1) portal-ext.properties (file location .....\liferay-tomcat\liferay-portal-6.2-ce-ga2\)
ldap.auth.password.encryption.algorithm=NONE
passwords.encryption.algorithm=NONE
ldap.connection.com.sun.jndi.ldap.read.timeout=20000
ldap.auth.enabled=true
ldap.auth.required=true
ldap.auth.method=bind
ldap.export.enabled=true
#CAS Configuration
cas.auth.enabled=true
(2) system-ext.properties(file location .......\liferay-tomcat\liferay-portal-6.2-ce-ga2\tomcat-7.0.42\webapps\ROOT\WEB-INF\classes\)
com.liferay.filters.sso.cas.CASFilter=true
Step 7 : Now to restart tomcat server
Step 8 : now open your browser and enter below address
https://localhost:8443/cas/login
username :test
password: test
after login you will see below screen with login successfully message.
now in the second tab trying to access liferay control panel
http://localhost:8080/group/control_panel
then you will see you have successfully login into the liferay portal

thank you
Ram

SAML SSO Implementation in Liferay 6.2 CE GA2

2019-04-09T11:53:51Z

Hi Team,

Please suggest , Can we implement SSO using SAML in Liferay CE 6.2 using any customization as we know it's directly supported to Liferay EE not to Liferay CE.

Regards,
Anu Arora