Liferay
Thanks to Sebastien BAHLOUL for this documentation.
Presentation
Liferay is an entreprise portal.
Liferay can use LemonLDAP::NG as an SSO provider
but you have to manage how users are created:
- By hand in Liferay administration screens
- Imported from an LDAP directory
Of course, intergation will be full if you use the LDAP directory as
user backend for LemonLDAP::NG and Liferay.
Warning: if the
user is not created, or can not be created via LDAP import, the connection
to Liferay will be refused. With LDAP, login, mail, first name and last
name are required attributes. If one is missing, the user is not created.
This documentation just explains how to set up
the SSO part. Please refer to Liferay documentation to enable LDAP
provisionning.
Integration with
LemonLDAP::NG
Liferay
configuration
Access to Liferay (first time):
Login as administrator:
Go to
My Account:
Go to
Portal >
Settings:
Go to
Configuration >
Authentication:
In "General", fill at least the following
information:
- How do users authenticate? by
login
We advice to deactivate other options, cause users will use
LemonLDAP::NG portal to modify or reset their password.
Then use the SiteMinder tab to configure SSO:
- Enabled: Yes
- Import from LDAP: Yes (cf. presentation)
- User Header: Auth-User (case sensitive)
Do not forget to save your changes!
LemonLDAP::NG configuration
Just add a virtualhost inside Manager:
- Virtualhost: liferay.example.com
- HTTP Headers:
- Rules:
- default => accept
- ^/c/portal/logout => logout_app_sso
And configure this virtualhost in Apache:
<VirtualHost *>
ServerName liferay.example.com
ServerSignature Off
PerlHeaderParserHandler My::Package
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPreserveHost On
ProxyPass / http://liferayIP:8080/
ProxyPassReverse / http://liferayIP:8080/
LogLevel warn
ErrorLog /var/log/httpd/liferay-error.log
CustomLog /var/log/httpd/liferay-access.log combined
</VirtualHost>