SSO via CAS in liferay

All creadit goes to Subhash Pavuskar

Here are some links with snapshots, which is same as below given 35 steps:
_{Reference
(a)- http://www.unicon.net/blog/apetro/casify_liferay_6_ee}

_{(b)- http://content.liferay.com/4.3/doc/installation/liferay_4_installation_guide/multipage/ch05s04.html}

Steps to follow:

1- Install CAS

Download the CAS server distribution(i'm using 3.4.5 version).All the (recent) downloads are available here : http://www.jasig.org/cas/download
Download either ZIP or TAR GZ

2- Exploding that tar.gz, I grabbed the cas-server-3.4.5/modules/cas-server-webapp-3.4.5.war,

3- Rename the file to cas-web.war.

4- Copy the war file and paste it to the Tomcat webapps directory.

5-

I didn't stop Tomcat before, so with Tomcat still running, I hit http://localhost:8080/cas-web/ in a browser and was helpfully redirected to http://localhost:8080/ cas-web/login .
Default demo CAS webapp authenticates where username equals password, so I tried logging in as "test@liferay.com" and password as "test@liferay.com"

6- CAS helpfully told me I was logged in, though of course not logged in to anything useful, since I didn't try to log in to any particular application.

Configure Liferay to use CAS for authentication

7- Create an account in liferay with test@liferay.com and password test@liferay.com, which is same as CAS account.

8- To download the Yale CAS Client 2.0.11 go to http://downloads.jasig.org/cas-clients/ and Download cas-client-2.0.11.tar.gz

9- extract the cas-client-2.0.11.tar file .

10- Navigate to the folder (cas-client-2.0.11\java\lib).

11- Copy the file(casclient.jar). which is present inside cas-client-2.0.11\java\lib folder

12- Go to the lib folder in Tomcat (webapps\ROOT\WEB_INF\lib) and paste the casclient.jar file to replace the existing one.

13- Open command prompt.In the command prompt go to the ROOT directory. (liferay-portal-6.1.1-ce-ga2\tomcat-7.0.27\webapps\ROOT )

14- Enter the following in command

keytool -genkey -alias tomcat -keypass changeit -keyalg RSA

15- Enter changeit for the password.

16- Answer the list of questions. Note that the first and last name must be the host name of your server and cannot be an IP address. This is very important because an IP address will fail client hostname verification even if it is correct.

Enter keystore password: changeit
What is your first and last name?
: localhost
What is the name of your organizational unit?
:
What is the name of your organization?
:
What is the name of your City or Locality?
:
What is the name of your State or Province?
:
What is the two-letter country code for this unit?
:
Is CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
: yes

17- Enter the following command to export the cert you generated from your personal keystore:

keytool -export -alias tomcat -keypass changeit -file server.cert

18- Enter changeit for the password.

19- Import the cert into Java's keystore with this command:

keytool -import -alias tomcat -file %FILE_NAME% -keypass changeit -keystore "%JAVA_HOME%/jre/lib/security/cacerts"

( Make sure in place of %FILE_NAME% type server.cert )

20- Enter changeit for the password.

21- Enter yes. Finally minimise command promt.

Now go to webapps\ROOT\WEB_INF\classes folder in Windows(that is not in command prompt)

22- To set up Liferay Portal, navigate to the classes file in Tomcat (webapps\ROOT\WEB_INF\classes).

23- Create portal-ext.properties if it does not exist yet, somewhere in the server classpath:

24- Open portal-ext.properties and enter:

cas.auth.enabled=true
cas.import.from.ldap=true
cas.login.url=http://localhost:8080/cas-web/login
cas.logout.url=http://localhost:8080/cas-web/logout
cas.server.url=http://localhost:8080/cas-web
cas.validate.url=http://localhost:8080/cas-web/proxyValidate

25- Save.

26- Re-Start Tomcat and go to Liferay Portal --> Login to Liferay through the username and password login box at left -- if users will exclusively login with CAS. ( Rather then clicking the Sign In link at the upper right. )

27- Go to Control Pannel -> Portal Settings -> Authentication -> CAS

(a)- Check on Enabled
(b)- Make sure type all URL same as mentioned in portal-ext.properties file

28- Save it.

29- Then Sign out from Liferay.

30- Again Sign In into Liferay by clicking the Sign In link at the upper right.

31- If everything is set up correctly you will be redirected to the CAS server’s login screen.

32- logging in as "test@liferay.com" with "test@liferay.com" as password.

33- CAS sends you back to Liferay with a valid Service Ticket, Liferay validates the Service ticket, and you are logged in Liferay as that test@liferay.com test user.

34- Then Click on Sign Out

35- Since Liferay is now configured to use CAS, it will send you to the CAS logout URL.

Congratulation you have configured Liferay with cas default functionality.

******NEW start**** We will configure cas to authenticate users from our liferay portal database.

Follow the link http://knowledge.esquareinfo.com/home?p_p_auth=CuyQEfa5&p_p_id=115&p_p_lifecycle=0&p_p_state=normal&p_p_mode=view&_115_struts_action=%2Fblogs_aggregator%2Fview_entry&_115_redirect=http%3A%2F%2Fknowledge.esquareinfo.com%2Fhome%3Bjsessionid%3DFBE2FCBB7E210836B4CBF8050CF640B8%3Fp_p_id%3D115%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_p_col_id%3Dcolumn-2%26p_p_col_count%3D1&_115_urlTitle=sso-integration-with-liferay-6-1ee-and-ce-ga2 from step 9 to configure cas to authenticate user from liferay portal database.

******NEW end****

Thanks

Mohammad azaruddin

azar7k1s@gmail.com

4 Comments

Please sign in to comment.

I think the tutorial in Liferay wiki is pretty clear:
http://www.liferay.com/community/wiki/-/wiki/Main/CAS+Liferay+6+Integration

Please sign in to reply.

@Fred Bloggs : The Link which you provided is "Error" pls check out that !!!

Please sign in to reply.

Due to some wired formatting in the comment area, when you copy and paste the link, it changes "Integration" in to "Integratio%C2%ADn"

Please double check the URL in your address bar.

Please sign in to reply.

Hi Mohammad,

I have some set queries regarding CAS integration with Liferay and need your advice on that,
>> We are already implemented CAS for our all internal applications and its working fine with all our internal applications and planning to implement for Liferay portal as well.
>> But I don't know how to start this.I surfed a lot and found nothing useful.
>> About my Liferay setup we are using Liferay 6.1.2-ce-ga3 where https enabled and imported our domain CA certificate and it is working fine with the https protocol.
>> We have installed CAS server in some VM(virtual machine) and liferay is in another VM.
>> Ok here my query,how can I implement CAS integration with liferay with my setup?
>> Pls have a look on this thread https://www.liferay.com/community/forums/-/message_boards/message/32202745
>> Here Meera & Krzysztof explained about this integration.But both ways are entirely different.So I really got confused and I don't which one will suit for me and how to proceed.

Thanks in advance
Chitra

Please sign in to reply.

Menu Display

Blogs

Category Filter

More Blog Entries

Google WebMaster tool in liferay

Radio Liferay Episode 25: Eduardo Lundgren and Zeno Rocha (AlloyUI)