Events

Liferay Symposium North America 2013
Oct 20-22 2013,  San Franscisco, CA

Great opportunity for learning, knowledge sharing, and networking about Liferay.

A Free Template from Joomlashack

A Free Template from Joomlashack

Advertisement

SAML Configuration in Liferay 6.1 PDF Print E-mail
Written by Administrator   
Saturday, 10 December 2011 19:38

 

This article talks about SAML (Security Assertion Markup Language) in Liferay 6.1 and how it can be configured for SSO.

Liferay 6.1 CE is already available on Liferay.com to download and its enterprise edition is slated to be released sometime mid of Jan 2012. I did a test of SAML in LF 6.1 to see how it works and i would like to share the same in this article.

Security Assertion Markup Language (SAML) is an XML-based open standard for exchanging authentication and authorization data between security domains, that is, between an identity provider (a producer of assertions) and a service provider (a consumer of assertions)

First step would be to setup Liferay 6.1, one as Idp (Identity provider) and the other as SP (service provider)

I have configured Idp at http://localhost:8080 & SP at http://localhost:8085

Second step would be to setup SAML hook which provides SAML capabilities to Liferay. This is available only for enterprise edition customers.

Third step would be to extract the SP metadata using the url http://localhost:8085/c/portal/saml/metadata. Name it as metadata.xml. We'll use this xml file in Idp configuration.

Fourth step is to configure the SP. There are two steps

1. Generate a key in local keystore so that we can provide the public key to Idp

keytool -genkey -keyalg RSA -alias liferaysamlspdemo -keystore keystore.jks -storepass liferay -validity 360 -keysize 2048

2. Add SP SAML properties in portal-ext.properties

saml.enabled=true
saml.role=sp 
saml.entity.id=liferaysamlspdemo 
saml.metadata.paths=http://localhost:8080/c/portal/saml/metadata

# # Keystore #
saml.keystore.type=jks 
saml.keystore.path=${liferay.home}/data/keystore.jks 
saml.keystore.password=liferay 
saml.keystore.credential.password[liferaysamlspdemo]=liferay 

# # Service Provider # 
saml.sp.default.idp.entity.id=liferaysamlidpdemo 
saml.sp.sign.authn.request=true 
saml.sp.assertion.signature.required=false 
saml.sp.clock.skew=3000 
saml.sp.session.keepalive.url=http://localhost:8080/c/portal/saml/idp/keepalive 
saml.sp.user.attribute.mappings=

Fifth step is to configure the Idp. There are two steps

1. Generate a key in local keystore.

keytool -genkey -keyalg RSA -alias liferaysamlidpdemo -keystore keystore.jks -storepass liferay -validity 360 -keysize 2048

2. Add Idp SAML properties in portal-ext.properties

saml.enabled=true
saml.role=idp
saml.entity.id=liferaysamlidpdemo
saml.metadata.paths=\
http://localhost:8080/c/portal/saml/metadata,\
${liferay.home}/metadata.xml
saml.require.ssl=false
saml.sign.metadata=true
saml.keystore.path=${liferay.home}/data/keystore.jks
saml.keystore.password=liferay
saml.keystore.type=jks
saml.keystore.credential.password[liferaysamlidpdemo]=liferay
saml.idp.enabled=true
saml.idp.authn.request.signature.required=true
saml.idp.entity.id=liferaysamlidpdemo
saml.idp.session.timeout=3600
saml.idp.session.max.age=0
saml.idp.assertion.lifetime=36000
saml.idp.metadata.attributes.enabled=true
saml.idp.metadata.attributes.enabled[liferaysamlspdemo]=true
saml.idp.metadata.attribute.names[liferaysamlspdemo]=screenName,firstName,lastName,
emailAddress,uuid
saml.idp.metadata.session.keepalive.url[liferaysamlspdemo]=http://localhost:8085/c/portal/saml/sp/keepalive

The configuration is complete. To test if the above configuration works, Go to SP (http://localhost:8085). Click on sign-in link. You will see that the request is forwarded to Idp for login. So you should see the change in url (http://localhost:8080). Enter the login credentials in Idp and you should be redirected to SP and should be able to access the resources.

Reference: Liferay pdf




Add this page to your favorite Social Bookmarking websites
Reddit! Del.icio.us! Mixx! Free and Open Source Software News Google! Live! Facebook! StumbleUpon! TwitThis Joomla Free PHP
Last Updated on Saturday, 10 December 2011 21:14
 
 
Joomla 1.5 Templates by Joomlashack