Liferay multi factor authentication mfa single sign on sso. Copy values from the sso tab and paste them into the idp identity provider, the parameters that start with onelogin. The assurebridge idm360 sso for liferay extends the liferay portal as a true enterprise integration portal in a federated environment. Since i didnt even have the oam installed ill detail all the steps i did. Verify to verify if saml request against the public certificate we have but it is failing when the saml response is generated by liferay. Oidc openid connect is an extension to the oauth standard that provides for exchanging authentication data between an identity provider idp and a service provider sp and does not require credentials to be passed from the identity provider to the application saml security assertion markup language is an open standard for exchanging authentication and authorization data between an. Now, as you might know there is no builtin oam support for liferay so i was stuck with configuring one myself. Active directory federation services adfs saml integration. Youll have to implement your own in order to use it with ce. Click next at before you begin select rolebased or featurebased installation and click next. Make liferay into the enterprise portal it was meant to be. It is provided from liferay marketplace and allows liferay dxp to act as a saml 2. Top 5 challenges implementing saml single signon for liferay portal single signon sso using saml can easily become a serious undertaking for any project or application. By using authentication pipeline we can write our own custom authentication logic.
Onelogins secure single signon integration with liferay alex test saves your organization time and money while significantly increasing the security of your data in the cloud. Click download certificate certificate and private key section. If you are not familiar with saml check out my introduction to saml presentation slides in this post we will configure liferay to be saml identity provider and configure salesforce to be a service provider. A quick demonstration of how it is possible and easy to create a web single sign on via saml v2. Liferay openid connect plugin to authenticate users using gluu idp. Security assertion markup language xml based protocol oasis approved standard saml 1. Integration platforms bring systems and data into one place with liferay dxp. There are numerous unexpected challenges that arise along the way. Jasig cas was already configured as shibboleth authentication provider.
Although liferay s sso solutions are incompatible with webdav, they can be used with liferay sync. After we are done we have a user that can move from liferay to salesforce without. This file contains information about the rhsso identity provider and should be used to link with liferay dxp. You can authenticate and authorize apps remotely using the authverifier layer. The oxauth liferay plugin is used to authenticate and autolog users from gluu server into liferay with the same credentials. The aim of this tutorial is to configure red hat single sign on rhsso to work as an identity provider idp for liferay dxp through saml. Liferay saml single signon integration assurebridge, inc. You can set liferay dxp up as an identity provider or as a service provider. When user clicks on sign out from a liferay application liferay configured as sp, the saml plugin intercepts the liferay s sign out url cportallogout and checks if the singlelogout is enabled.
When you have finished it, you might want to publish it on marketplace. Now for saml integration in liferay, we need liferay 7. The saml security assertion markup language adapter provides single sign on sso and single log off slo in your deployment. This becomes even more challenging when dealing with a complex platform such as liferay portal and liferay dxp. From admin applications, click on your recently created app. Saml and liferaymika koivistosenior software engineer 2. The last piece of configuration that is required to complete the integration between liferay dxp and rh sso via saml is to define the idp options on the saml admin configuration page.
Currently, it is understood that this is not possible due to the fact that liferay requires message level signature in order to authenticate, while azure active directory specifically does not support it. Integrating openssoopenam with liferay portal on tomcat. Navigate to server manager add roles and features server roles. Create a new realm for the liferay integration in the secureauth idp web admin. The liferay portal is a powerful content portal with numerous features. Liferay has supported cas and openid for a couple of versions. Sso within liferay can be implemented via saml, oauth, cas or openid. This article laid down the general steps required for the sso configuration, where in liferay dxp which will act as service provider and will.
Select a server from the server pool and click next. Twostep verification and secure single signon with saaspass will help keep your firms liferay access secure. Each liferay dxp instance serves as either the service provider sp or the identity provider idp. Have a liferay enterprise account and the environment set up. Set up an ssl connection with the tomcat server to enable ssl on liferay. Navigate to control panel configuration saml admin. Enable sso with robust authentication that supports saml, ldap, openid, oauth and more. It would be beneficial to allow saml integration with azure active directory for sso.
This article laid down the general steps required for the sso configuration. It does this by reading the idps metadata information. Idm 360 liferay identity management integration idm 360. Provide the easiest to use and most convenient secure access to liferay with saaspass twofactor authentication and single signon sso with saml integration. Liferay spinitiated integration guide secureauth idp. Integration requires no coding and takes a matter of minutes. An identity provider is a trusted provider that provides single signon for users to access other websites. Contribute to mhederliferay shibbolethplugin development by creating an account on github. Okta identity management service provides directory services, sso, strong authentication, provisioning, workflow and built in reporting. Liferay alex test single signon sso active directory. Download saml plugin lkpg format from the marketplace and deploy saml. Configure the followings tabs in the web admin before configuring the post authentication tab. Deploy saml app on your liferay enterprise edition portal. This plugin is provided as an app from liferay marketplace that allows liferay to act as a saml 2.
Ability to accept multiple forms of authentication direct login, mobile, saml, openid, multifactor, iwa, custom, legacy, etc. Lets see how the liferay saml plugin accomplishes this singlelogout. Here oracle access manager as an sso provider for liferay. Demo sso saml liferay as identity provider youtube. Setting up liferay dxp as a saml identity provider. This article will demonstrate how to integrate openssoopenam with liferay portal to achieve singlesignon liferay portal and opensso both require a minimum 1. In this blog, i am listing the steps to configure sso in liferay with okta using saml 2.
In a related note, using saml might point to the scenario in which youre using liferay. Using liferay as an integration platform ensures all data, apps, software and websites are always connected. Saml integration with azure active directory liferay issues. In addition to more flexible authentication user experience and flow configuration, such a setup also enabled cascompatible systems to participate in sso without a need to implement. Select enable saml integration at the top of the page. Liferay sso and identity management integration make liferay into the enterprise portal it was meant to be. To do so, liferay dxp must be configured as an idp see the section on configuring liferay dxp with saml as an idp. Open the federation metadata xml file using a text editor. Organizations wishing to extend liferay as a full enterprise portal often require additional capabilities including. Security assertion markup language saml is a standard for logging users into applications based on their session in another context. Introduction liferay digital experience platform dxp provides feature to integrate with corporate single sign on server sso. Remove silos and extend the life of legacy systems. Top 5 challenges implementing saml single signon for.
Saml integration basics saml security assertion markup language. We have a requirement where user needs to login to portal with cas but saml way. Okta is an enterprise grade identity management service, built from the ground up in the cloud. See the publishing files article for more information on webdav and liferay sync. After successful installation of saml app, you need to restart your liferay portal server. Under the lucidchart sign in url section, enter your account domain. It is built on top of oxauth, the openid connect provider by gluu. Easily connect active directory to liferay alex test.
437 407 807 1586 1421 264 880 752 720 1644 1323 1313 1312 1517 9 117 166 1114 1250 1464 229 503 283 1452 782 1417 820 353 874 489 1028 248 995 726 197 269 22 1442 86 969