Open the federation metadata xml file using a text editor. Saml integration basics saml security assertion markup language. You can authenticate and authorize apps remotely using the authverifier layer. Top 5 challenges implementing saml single signon for. After we are done we have a user that can move from liferay to salesforce without. Saml and liferaymika koivistosenior software engineer 2.
In this blog, i am listing the steps to configure sso in liferay with okta using saml 2. We have a requirement where user needs to login to portal with cas but saml way. This becomes even more challenging when dealing with a complex platform such as liferay portal and liferay dxp. Deploy saml app on your liferay enterprise edition portal. Since i didnt even have the oam installed ill detail all the steps i did. Liferay has supported cas and openid for a couple of versions. Copy values from the sso tab and paste them into the idp identity provider, the parameters that start with onelogin. The last piece of configuration that is required to complete the integration between liferay dxp and rh sso via saml is to define the idp options on the saml admin configuration page. Okta is an enterprise grade identity management service, built from the ground up in the cloud.
Idm 360 liferay identity management integration idm 360. Using liferay as an integration platform ensures all data, apps, software and websites are always connected. Create a new realm for the liferay integration in the secureauth idp web admin. In a related note, using saml might point to the scenario in which youre using liferay. Integrating openssoopenam with liferay portal on tomcat. Jasig cas was already configured as shibboleth authentication provider. This file contains information about the rhsso identity provider and should be used to link with liferay dxp. Remove silos and extend the life of legacy systems. Under the lucidchart sign in url section, enter your account domain.
Download saml plugin lkpg format from the marketplace and deploy saml. Lets see how the liferay saml plugin accomplishes this singlelogout. A quick demonstration of how it is possible and easy to create a web single sign on via saml v2. Select a server from the server pool and click next. After successful installation of saml app, you need to restart your liferay portal server. Click next at before you begin select rolebased or featurebased installation and click next. Okta identity management service provides directory services, sso, strong authentication, provisioning, workflow and built in reporting.
To do so, liferay dxp must be configured as an idp see the section on configuring liferay dxp with saml as an idp. It does this by reading the idps metadata information. Provide the easiest to use and most convenient secure access to liferay with saaspass twofactor authentication and single signon sso with saml integration. Oidc openid connect is an extension to the oauth standard that provides for exchanging authentication data between an identity provider idp and a service provider sp and does not require credentials to be passed from the identity provider to the application saml security assertion markup language is an open standard for exchanging authentication and authorization data between an. Setting up liferay dxp as a saml identity provider. There are numerous unexpected challenges that arise along the way. It is provided from liferay marketplace and allows liferay dxp to act as a saml 2. This article laid down the general steps required for the sso configuration, where in liferay dxp which will act as service provider and will. It is built on top of oxauth, the openid connect provider by gluu. Although liferay s sso solutions are incompatible with webdav, they can be used with liferay sync. An identity provider is a trusted provider that provides single signon for users to access other websites. This article will demonstrate how to integrate openssoopenam with liferay portal to achieve singlesignon liferay portal and opensso both require a minimum 1. Introduction liferay digital experience platform dxp provides feature to integrate with corporate single sign on server sso.
Now, as you might know there is no builtin oam support for liferay so i was stuck with configuring one myself. Twostep verification and secure single signon with saaspass will help keep your firms liferay access secure. Have a liferay enterprise account and the environment set up. Currently, it is understood that this is not possible due to the fact that liferay requires message level signature in order to authenticate, while azure active directory specifically does not support it. The oxauth liferay plugin is used to authenticate and autolog users from gluu server into liferay with the same credentials. Configure the followings tabs in the web admin before configuring the post authentication tab. Enable sso with robust authentication that supports saml, ldap, openid, oauth and more. Integration requires no coding and takes a matter of minutes. See the publishing files article for more information on webdav and liferay sync. This article laid down the general steps required for the sso configuration. If you are not familiar with saml check out my introduction to saml presentation slides in this post we will configure liferay to be saml identity provider and configure salesforce to be a service provider. The saml security assertion markup language adapter provides single sign on sso and single log off slo in your deployment.
Liferay sso and identity management integration make liferay into the enterprise portal it was meant to be. Click download certificate certificate and private key section. Verify to verify if saml request against the public certificate we have but it is failing when the saml response is generated by liferay. Onelogins secure single signon integration with liferay alex test saves your organization time and money while significantly increasing the security of your data in the cloud.
Each liferay dxp instance serves as either the service provider sp or the identity provider idp. The liferay portal is a powerful content portal with numerous features. Demo sso saml liferay as identity provider youtube. When you have finished it, you might want to publish it on marketplace. Top 5 challenges implementing saml single signon for liferay portal single signon sso using saml can easily become a serious undertaking for any project or application. When user clicks on sign out from a liferay application liferay configured as sp, the saml plugin intercepts the liferay s sign out url cportallogout and checks if the singlelogout is enabled. It would be beneficial to allow saml integration with azure active directory for sso. Liferay saml single signon integration assurebridge, inc.
Here oracle access manager as an sso provider for liferay. Liferay openid connect plugin to authenticate users using gluu idp. Liferay multi factor authentication mfa single sign on sso. Ability to accept multiple forms of authentication direct login, mobile, saml, openid, multifactor, iwa, custom, legacy, etc. Liferay spinitiated integration guide secureauth idp. You can set liferay dxp up as an identity provider or as a service provider. Contribute to mhederliferay shibbolethplugin development by creating an account on github. By using authentication pipeline we can write our own custom authentication logic. Easily connect active directory to liferay alex test.
Liferay custom authentication by hook posted on april 10, 2016 by hamidul islam in liferay. From admin applications, click on your recently created app. This plugin is provided as an app from liferay marketplace that allows liferay to act as a saml 2. The assurebridge idm360 sso for liferay extends the liferay portal as a true enterprise integration portal in a federated environment. Liferay alex test single signon sso active directory. Integration platforms bring systems and data into one place with liferay dxp. Sso within liferay can be implemented via saml, oauth, cas or openid.
Organizations wishing to extend liferay as a full enterprise portal often require additional capabilities including. Set up an ssl connection with the tomcat server to enable ssl on liferay. Security assertion markup language xml based protocol oasis approved standard saml 1. Now for saml integration in liferay, we need liferay 7.
Navigate to server manager add roles and features server roles. Select enable saml integration at the top of the page. Navigate to control panel configuration saml admin. The aim of this tutorial is to configure red hat single sign on rhsso to work as an identity provider idp for liferay dxp through saml. Security assertion markup language saml is a standard for logging users into applications based on their session in another context. Youll have to implement your own in order to use it with ce.
1021 725 1115 313 587 933 346 1123 227 1212 1055 1244 1214 1405 728 287 371 615 969 597 538 796 695 927 803 938 1494 811 130 1132 1174 1462 485 592 167 136 1015 108 87 969 1064