Liferay and SAML(2.0) integration


Title: Liferay and SAML(2.0) integration with portal cluster environment behind a load           balancer

  Introduction
        What is an SAML(Security Assertion Markup Language)?
                It is a XML-based, open-standard data format for exchanging authentication and 
                authorization data between parties, in particular, between an identity provider and a service
                provider.    
   
   Overview
             This brief article outlines a high level solution for using the Liferay SAML 2.0 EE Provider 
              plugin as the SAML SP in a clustered node environment.

             The solution extends from using Liferay SAML 2.0 EE Provider plugin as the SAML SP in a 
             single node environment.

     Scenario
              You wish to use SAML as the SSO solution for your environment.
              You have a Liferay Portal cluster with multiple nodes behind a load balancer 
              (e.g. F5 BigIP).
              You have a third-party product participating as the SAML Identity Provider (IdP), such as
               F5 BigIP.
               The Liferay Portal nodes will participate as SAML Service Providers (SPs).


 High Level Solution

     Step 1.  Configure SAML IdP and LP node 1 as SAML SP as per other instructions
                        eg. Use Case #2: Liferay as both IdP and SP
                        https://www.liferay.com/group/customer/knowledge/kb/-/knowledge_base/article
                       /40556658#use-case2


NOTE: In our case, we have a third-party IdP and LP will be the SP
NOTE: Ensure LP node 1 is using the load balancer as the web.server.host in portal-
              ext.properties.
 
            # Set the hostname that will be used when the portlet generates URLs.
            # Leaving this blank will mean the host is derived from the servlet
            # container.
           web.server.host=
     Step 2.   Repeat SAML SP config for LP node 2 as per node 1

     Step 3.   Copy keystore from LP node 1 to LP node 2
                The “keystone” contains the valid or self-signed certificate managed by the SAML 2.0 EE
                Provider plugin.
                The “keystore” is created by the Liferay 2.0 SAML EE Provider plugin in folder
                LIFERAY_HOME/data/keystore.jks
                Copy file “LIFERAY_HOME/data/keystore.jks” from LP node 1 to LP node 2

     Step 4. Review
                At this stage, the LP nodes have the same SAML SP configuration and either can respond 
                to web  requests and handle the SAML SP <>IdP protocol.

     Step 5. Test
                Test SAML as SSO solution by signing into LP via load balancer, navigating sites and 
                pages then signing out.

Comments

Post a Comment

Popular posts from this blog

Export & auto sync Liferay Calendar events with Outlook & Google Calendar

Image
          Introduction               If we need to export Liferay calendar events with Outlook & Google calendar then we need to configure .ics file and if requirement is export and auto sync up then we need .ics file to be downloaded from source portal. For example:   webcal://abc.com/abcCalendar.ics   or   http://www.abc.com/abcCalendar.ics   etc,    then we can configure the outlook Internet Calendar configuration and Google Calendar configuration or any other calendar applications portals using downloaded URL.     What is an .ICS file?                    Files that contain the .ics file extension are created by a variety of calendar and scheduling applications. These calendar files allow different users to store calendar information within a text file. That text file c...
Read more

Configure SOLR with Liferay

Image
  Follow below steps to configure SOLR server with Jetty with Liferay. 1.       Download and unzip Solr 4.3.1 to a convenient location       ( https://archive.apache.org/dist/lucene/solr/4.3.1/solr-4.3.1.zip ).        Treat the root of the unzipped Solr as $solr_home . 2.     Navigate to $solr_home/example and execute " java -jar start.jar " 3.     Your solr server is now running (on Jetty) on port 8983. You can change the port in $solr_home/example/etc/jetty.xml if you wish to do so. This article assumes you have not changed the port from the default value.     a.     Navigate to http://localhost:8983/solr to validate if solr is running properly.     b.     You should see Solr’s admin page: 4.    Once you’ve confirmed that the server is running, stop the Solr server. 5 .  ...
Read more

Liferay I18N support for Swahili Language

Liferay portal provides multilingual support of 34 languages for OOBT portlets. Below are the listed locale(languages) liferay provides supports for OOBT portlets, Arabic (Saudi Arabia) - ar_SA Basque (Spain) - eu_ES Bulgarian (Bulgaria) - bg_BG Catalan (Andorra) - ca_AD Catalan (Spain) - ca_ES Chinese (China) - zh_CN Chinese (Taiwan) - zh_TW Czech (Czech Republic) - cs_CZ Dutch (Netherlands) - nl_NL English (United States) - en_US Estonian (Estonia) - et_EE Finnish (Finland) - fi_FI French (France) - fr_FR galician (Spain) gl_ES German (Germany) - de_DE Greek (Greece) - el_GR Hebrew (Israel) - iw_IL Hindi (India) - hi_IN Hungarian (Hungary)- hu_HU Italian (Italy) - it_IT Japanese (Japan)- ja_JP Korean (South Korea) - ko_KR Norwegian - nb_NO Farsi/Persian (Iran) - fa_IR Polish (Poland) - pl_PL Portuguese (Brazil) - pt_BR Portuguese (Portugal) - pt_PT Russian (Russia) - ru_RU Slovak (Slovakia) - sk_SK Spanish (Spain) - es_ES Swedish (Sweden)...
Read more