Currently we are having a servlet application which is getting authenticated against the Jboss portal.But now we are forced to move to Liferay portal from Jboss portal, we need to find the way to authenticate against Liferay portal Database from my servlet application.Currently in my servlet application , I am using webauthentication class to authenticate against Jboss portal.But in liferay I am not finding any custom class which is responsible for doing the servlet authentication. So do I need to write my custom login module ? Anybody please share me if u have any idea/reference on servlet Liferay authentication
Any help is appreciated..
Regards,
Suresh
Take a look at com.liferay.portal.servlet.filters.autologin.AutoLoginFilter specifically at getLoginRemoteUser method.
Also take a look at classes in com.liferay.portal.security.auth package.
There's a virtual LDAP plugin for Liferay, offering the Liferay user database through the LDAP protocol. Caveat: It seems to be "enterprise edition" only.
Related
I would like to use CAS to make authentication and database to manage roles and permissions with JEE7 on JBoss wildfly, does it support this kind of realm ?
Thanks
Yes, CAS provide a filter for JBoss integration, it hide the boilerplate related to CAS protocol
Your principal is injected, you can retrieve it and then get its roles and permissions from the database
I'm trying to setup saml sso with openam and weblogic.
The reason why I want to use saml is that I have multiple application where I can't change the web.xml to use the j2ee agent.
My question is if there is a good document explaining the setup with weblogic and openam.
I have read several guides, but I'm still confused...
Just looking for a good howto!
My current setup is
openam on tomcat installed on host1
weblogic installed on host2.
Webapp deployed on host2
So openam will be the IdP and weblogic will be the SP? right?
I have configured the openam hosted IdP.
I have added the saml identity asserter on weblogic and configured a web sso identity provider partner.
You can configure WebLogic to enable SAML SSO implementation. This requires the following steps to be completed.
WebLogic and IDP(OpeanAM) should be coupled - you can register OpeanAM as an authentication service provider inside WebLogic container using the administration console.
This requires a SSL communication, hence ideally, it's better to install a SSL certificate inside the container.
WebLogic can be configured to implement SAML SP (Identity asserter and Assertion consumer) by configuring the required through the administration console.
In fact it can be configured to work as a Credential mapper and Assertion receiver on the same way.
All these steps can be done inside a single WebLogic instance or between instances using a WebLogic federation.
Please refer the below link for more details.
I don't think WebLogic itself can act as SAML SP. Every application has to implement an SAML SP. Doing this via Spring Security SAML extension is quite neat. If you want more efforts look at the OpenAM Fedlet (it's also a lightweight SP). However the sample app generated when creating the Fedlet is not too helpful. The 'Fedlet' is not the sample all ,but more or less the jars and metadata included in the sample app.
I'm involved in an Java Web Application Migration project to IBM Websphere Portal (IBM WP) Platform.
The actual application in production environment validates manually user credentials (username and password) against a Database Table that stores the data. I understand that the idea behind a Portal application is that the Portal Container handles this Security issues, but I'm not sure how IBM WP can consume the credentials that now are on Database.
There's a brand new Tivoli Directory Server in the Company, and I'm aware that I can't connect IBM WP to this LDAP Server so, do I need to migrate every user in the Database to this LDAP Server, or there's a Way that Tivoli recognize the credentials that are on the database?
Trust Association Interceptor are powerful, but they totally override Websphere Authentication mechanisms, so be sure to write a quite robust one! As Carlos Gavidia suggested, I'd also give a look to Custom User Registry. I'd also suggest to consider Property Extenstion Repository (also know as Lookaside), so you can define your own attributes and read/write them directly from Portal API
http://www-01.ibm.com/support/docview.wss?uid=swg21248674
You can hook in any kind of custom authentication you need using a Trust Association Interceptor. Your custom authenticator would probably work a lot like the authentication code in your existing system. It would display a page prompting the user for their credentials, and then check them against the DB.
I'm not sure how this relates to your Tivoli LDAP, but there seems to be a provided TAI for TAM integration: Tivoli Access Manager Trust Association Interceptor (TAI++)
How openDS and openAM can be configured together to authenticate data.... ?
Is this possible that openDS is installed on some other machine on network and openAM is using it and if yes then how?
What is the use of LDAP here?
What is the use web agent and policy agents?
Please help me to find answers of these questions....
These questions are the basis of OpenAM and I recommend that you read some introduction materials about OpenAM. A good reference is the OpenAM book published by PacktPub : https://www.packtpub.com/openam/book.
OpenAM is embedding OpenDS as its configuration datastore, and can leverage OpenDS (or ForgeRock led OpenDJ, the continued open source LDAP directory project derived from OpenDS) as the user data store. In both cases, OpenAM interacts with OpenDS using LDAP, as OpenDS is an LDAP directory server.
OpenAM Installation guide describes installation of OpenAM with OpenDS/OpenDJ as the User datastore installed on a different machine: http://openam.forgerock.org/doc/install-guide/OpenAM-Install-Guide.html
Web agents and policy agents are software agents that are installed on Web applications to communicate with the OpenAM service and provide Authentication and Authorization.
Kind regards,
Ludovic.
I know glassfish can authenticate against an LDAP server, I also know it can authenticate against my own database. What I would like to do is authenticate users against LDAP, but get their roles from my own database.
Where would I start learning how to create my own custom authentication module?
HERE is the step-by-step instructions of how to do this.
See the Glassfish security FAQ, specifically "How do I write/configure my own login module and plug it into GlassFish?"
and this sun document