liferay SSO with azure AD

RE: liferay SSO with azure AD

2020-04-23T16:26:06Z

I am not sure if this will work easily. The problem is that this assumes that the application is deployed as a war file. In Liferay, an authentication module needs to be "inside" of Liferay as an OSGI module. Also, Spring and Liferay can be quite problematic too.
I have avoided Spring in the Liferay context for years now and so I fear, I can't even tell, what's necessary to do to make this work.

RE: liferay SSO with azure AD

2020-04-23T11:42:38Z

This is really useful. Are you saying liferay could leverage tomcat authentication? I'm new to liferay. I'm planning to test out a hello <username> web app on tomcat with azure sso using MSAL4J (https://docs.microsoft.com/en-us/samples/azure-samples/ms-identity-java-webapp/ms-identity-java-webapp/) If I could get that to work , does that mean it will work for liferay as well? I just need to configure liferay to use the same authenticator?

RE: liferay SSO with azure AD

2020-04-23T09:15:38Z

Since you need only an SP, maybe this library can help:
https://github.com/onelogin/java-saml
You could implement your own SAML2 SP Liferay Authenticator based on that.
Another idea: you could use the Shibboleth Apache plugin and do the SSO in Apache. I have used Shibboleth before, it isn't too hard to setup. It is just a bit "ugly" since you need to write the xml files by hand. And adding a Liferay AutoLogin module based on headers is pretty trivial too.

RE: liferay SSO with azure AD

2020-04-22T16:42:56Z

we plan to use the liferay free/community edition. The only CE SAML2 plugin one is not free at all. You basically have to subscribe to their identity services. If I'm going to pay for azure SSO for liferay CE, fine. I want to know if there is a consulting firm I could hire or a product which I could purchase.

RE: liferay SSO with azure AD

2020-04-22T15:38:51Z

As I said, Liferay only supports SAML2 for DXP. It helps to tell people the exact Liferay version you use to get better tips
OpenID != OpenID Connect
Basically OpenID is a dying standard, so the deprecation of OpenID support is quite reasonable.
https://help.liferay.com/hc/en-us/articles/360024805271-Authenticating-with-OpenID-Connect

RE: liferay SSO with azure AD

2020-04-22T12:20:42Z

"OpenID is deprecated in Liferay DXP 7.2 and has been removed." Is openID not supported anymore? As to SAML2, I see only one adapter for CE version, the documentation is quite bad.

RE: liferay SSO with azure AD

2020-04-19T15:28:55Z

You could use Kerberos, OpenID Connect or SAML2. You can find a SAML2 module for Liferay DXP in the marketplace. I never had to do it myself, but in general, all three ways should work.

liferay SSO with azure AD

2020-04-19T15:17:06Z

Is there a way to enable SSO with azure AD without a third party commercial identity provider? Google search gives me some rather dated information, does not seem to be a way to do that.