Message Boards

authenticate user through external authetication system

Mac D, modified 11 Years ago.

authenticate user through external authetication system

Junior Member Posts: 30 Join Date: 9/29/12 Recent Posts
Hi,
I am facing some problem in liferay. We have some external authentication system that will validate a user credential. I need to write a hook that authenticate a user from external authentication system, bypassing literary authentication. Please let me guide with code/configuration in details.t
thumbnail
Samuel Kong, modified 11 Years ago.

RE: authenticate user through external authetication system

Liferay Legend Posts: 1902 Join Date: 3/10/08 Recent Posts
Look into the "auto.login.hooks" portal property. You'll need to implement your own AutoLogin class and add your class to this property.
thumbnail
Hitoshi Ozawa, modified 11 Years ago.

RE: authenticate user through external authetication system

Liferay Legend Posts: 7942 Join Date: 3/24/10 Recent Posts
Samuel, isn't that to get valid user/password pair rather than validate user credentials?

These classes will run in consecutive order for all unauthenticated users until one of them returns a valid user id and password combination.

http://www.liferay.com/documentation/liferay-portal/6.1/user-guide/-/ai/auto-login

I thought it was more of creating a custom Authentication Pipeline.

##
## Authentication Pipeline
##

#
# Input a list of comma delimited class names that implement
# com.liferay.portal.security.auth.Authenticator. These classes will run
# before or after the portal authentication begins.
#
# The Authenticator class defines the constant values that should be used
# as return codes from the classes implementing the interface. If
# authentication is successful, return SUCCESS; if the user exists but the
# passwords do not match, return FAILURE; and if the user does not exist on
# the system, return DNE.
#
# Constants in Authenticator:
# public static final int SUCCESS = 1;
# public static final int FAILURE = -1;
# public static final int DNE = 0;


# In case you have several classes in the authentication pipeline, all of
# them have to return SUCCESS if you want the user to be able to login. If
# one of the authenticators returns FAILURE or DNE, the login fails.

====================
#
# Set this to true to enable password checking by the internal portal
# authentication. If set to false, you're essentially delegating password
# checking is delegated to the authenticators configured in
# "auth.pipeline.pre" and "auth.pipeline.post" settings.
#
auth.pipeline.enable.liferay.check=true
asif aftab, modified 4 Years ago.

RE: authenticate user through external authetication system

Regular Member Posts: 123 Join Date: 9/2/13 Recent Posts
I want to login using autlogin when someone hit webdav url.
Is it possible to do in liferay ?
​​​​​​​I tried but not working
thumbnail
Christoph Rabel, modified 4 Years ago.

RE: authenticate user through external authetication system

Liferay Legend Posts: 1554 Join Date: 9/24/09 Recent Posts
The NtlmFilter only applies to /c/portal/login. I am not sure, if that can be changed and the filter also applied to other url patterns. Maybe somebody else has an idea here.
https://github.com/liferay/liferay-portal/blob/7.2.x/modules/apps/portal-security-sso-ntlm/portal-security-sso-ntlm-impl/src/main/java/com/liferay/portal/security/sso/ntlm/internal/servlet/filter/NtlmFilter.java
asif aftab, modified 3 Years ago.

RE: authenticate user through external authetication system

Regular Member Posts: 123 Join Date: 9/2/13 Recent Posts
Christoph Rabel:

The NtlmFilter only applies to /c/portal/login. I am not sure, if that can be changed and the filter also applied to other url patterns. Maybe somebody else has an idea here.
https://github.com/liferay/liferay-portal/blob/7.2.x/modules/apps/portal-security-sso-ntlm/portal-security-sso-ntlm-impl/src/main/java/com/liferay/portal/security/sso/ntlm/internal/servlet/filter/NtlmFilter.java

Thank you so much
asif aftab, modified 4 Years ago.

RE: authenticate user through external authetication system

Regular Member Posts: 123 Join Date: 9/2/13 Recent Posts
That didn't worked, then we changed something in liferay-web.xml file and the changes are 

<filter-mapping>
        <filter-name>WebDAV Servlet Filter</filter-name>
        <url-pattern>/webdav/*</url-pattern>
        <dispatcher>FORWARD</dispatcher>
        <dispatcher>INCLUDE</dispatcher>
        <dispatcher>REQUEST</dispatcher>
    </filter-mapping>

if we hit webdav servlet url then 
<filter>
        <filter-name>WebDAV Servlet Filter</filter-name>
        <filter-class>com.liferay.portal.servlet.filters.secure.SecureFilter</filter-class>
        <init-param>
            <param-name>digest_auth</param-name>
            <param-value>true</param-value>
        </init-param>
        <init-param>
            <param-name>portal_property_prefix</param-name>
            <param-value>webdav.servlet.</param-value>
        </init-param>
    </filter>

this filter invoke we changed here 
<filter-mapping>
        <filter-name>Auto Login Filter</filter-name>
        <url-pattern>/webdav/*</url-pattern>
        <dispatcher>FORWARD</dispatcher>
        <dispatcher>INCLUDE</dispatcher>
        <dispatcher>REQUEST</dispatcher>
    </filter-mapping>

Now on hitting /webdav/ url it is invoking our autologin hook. Here we are passing userid in url so autologin would work.But one problem is that we are not getting userid in webdavservlet then we created a component and extends httpservlet then we mention this class in web.xml by replacing 

<servlet>
        <servlet-name>WebDAV Servlet</servlet-name>
        <servlet-class>com.liferay.portal.webdav.WebDAVServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
        <async-supported>true</async-supported>
    </servlet>

<servlet>
        <servlet-name>WebDAV Servlet</servlet-name>
        <servlet-class>my.custom.webdav.CustomWebDAVServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
        <async-supported>true</async-supported>
    </servlet>
CustomWebDAVServlet this module project we placed inside tomcat/lib/ext folder so class would be available at the time of server starting.
But all these changes are not recommended but have to do bcz have to finish my task.