I am doing SSO integration in my project. Where my PHP application is hosted in linux environment with Apache server. I am currently trying to implement LDAP module and getting success when entered username and password.
But I need to know how I can implement autologin function if my website application client is using Windows OS and IE or other supporting browsers.
Kindly advice. Thanks in advance.
For doing the LDAP implementation you can use the php ldap library
http://php.net/ldap , I use it for my projects, but sometimes is a little tricky.
In the other hand, in able to do an autologin, the browser is the one that must pass the login information to your page(php) to be able to perform some kind of authentication. So to be honest, autologin is not possible it will be a very bad security risk to be able to get user credentials via a browser.
Related
I successfully set up simple authentication with Google using this link: https://learn.microsoft.com/en-us/azure/app-service/configure-authentication-provider-google,
It works on my azure site, but not when I try and use my localhost.
I redirect to "/.auth/login/google" and it says "Cannot GET /.auth/login/google"
What could be causing this error?
Apparently if you are doing the easy authentication system, the one that that link and its counterparts show, you can't use localhost with it. How one is supposed to develop in such an environment is beyond me, and why this wasn't pointed out in the docs is as well.
If you are reading this because you had the same problem, you may need a new auth system. This sort of thing has happened with the other Microsoft authentication crap I've tried. Ultimately just don't mess with their authentication systems I think. Just don't.
I'm developing a bookmark extension which communicate with my own web app. The user can install the extension on browser like Firefox and login. Currently I send the data per ajax to the server and check. I know this is not the secure way. I read about OAuth2, but this is only if I need data from a third part. Is there a good practice?
Based from this thread, you should always use OAuth 2.0 for authentication within extensions. You may check this article for the Security and Privacy: Best Practices on Building a Chrome Extension.
I am trying to follow http://liferaysatish.blogspot.de/2011/11/permissionchecker.html (which is basically a repost of another blog post).
I need to implement my own PermissionChecker to be able to support an SSO server (check if the user has been authenticated). However, there article mentions com.liferay.portal.security.permission.PermissionCheckerImpl, but there is no such class in whatever jars I was looking for it.
What I am trying to achive is to tie liferay's internal security to an external SSO Server (wso2). If there is another way to achieve this, I would love to try it.
I was trying with AdvancedPermissionChecker and SimplePermissionChecker, but I become endless redirects using them.
regards and thanks
Leon
I need to implement my own PermissionChecker
I don't believe so. At least you can make your life easier if you integrate your SSO just like any of the already integrated 6 (or so) SSO systems, authenticating the current user to Liferay and then leaving the actual permission check to Liferay.
SSO is typically used for making sure the user is who they are, then redirecting to the application they're providing their services to. If you want to maintain permissions externally to Liferay, you're best of to use an LDAP and group your users there. On the Liferay side, map those LDAP users/groups to Lifeary-usergroup-memberships. Provide the required permissions/memberships for those usergroups and you're set. Implementing your own permission checking (which will also be used internal to Liferay) is one of the least maintainable ideas that I've ever heard of.
I believe the latest Liferay does not have this file anymore. You should search for it in the 5.0 version. And the JAR itself is in \ROOT\WEB-INF\lib\portal-impl.jar
http://docs.liferay.com/portal/5.0/javadocs/portal-impl/com/liferay/portal/security/permission/PermissionCheckerImpl.java.html
I have developed a nodejs intranet linux application that can get a username/email/phone and other info based on the Windows user id from a corporate ldap directory. The user enters their Windows user id in the browser to access the application and then I do a simple lookup in the ldap directory. Of course they can enter any user id because I don't ask for password (not an option at the moment) so there is a hole there.
I would like to have the logged in Windows userid be passed to my nodejs (or at least have the ability to forward it to ldap to get the userid).
Where do I start? I have googled but I can't find any specific answers.
I have total control of of the intranet Linux server and if necessary i can implement an Apache/php solution.
I would also like this to be useable from Chrome/Firefox.
Thanks!
You can't get detailed environment information like that from within the browser's javascript sandbox. If anything, you'd probably have to end up relying on some browser plugin (whether you write one yourself or use java/flash/etc) to get the information for you.
There's an option to use Integrated Authentication with Apache and mod_auth_kerb.
See https://github.com/auth0/passport-windowsauth
I think SPNEGO could be useful for you.
I think that this is an usual question, but I'm reasking it cause I didn't got a real good question.
So, I have Liferay 6.1 CE running on Tomcat 7, and I want to import the users from an LDAP server and then make an SSO with CAS.
In my Portal, I have other application integrated (here also I have a problem with the integration of Alfresco) who need to be logged in also with the credantials from LDAP, this is why I need an SSO solution, like CAS.
How can I face this issue ? is there anyone who could help me fixing all this ?
Any information can help me, I have to accomplish all this in two weeks...I hope that everything that I'm asking are feasible.
Thanks & Regards
Liferay provide all necessary infrastructure to resolve your requirement. Look for CAS and LDAP at portal.properties https://github.com/liferay/liferay-portal/blob/master/portal-impl/src/portal.properties and configure this in your portal-ext.properties Liferay: How to configure Liferay Portal
You have two tasks here, importing users from LDAP and authenticating users with CAS. You can configure both from the Control Panel (UI) or the portal-ext.properties file. If you configure using both methods and there's a property conflict, the Control Panel settings take precedence.
Importing users from LDAP isn't difficult (I've done it in both 5.2.3 and 6.1), although importing/not importing the password can be confusing. Try tackling this task first and make sure you're able to authenticate against LDAP. I'd recommend using an authentication chain (multiple means of authentication where if one method fails, a second method will be attempted, and so on). It would be useful to configure it this way in the event of an outage with CAS so you don't have a single point of failure. Note: If you use portal-ext.properties, be sure to read this post and add properties mentioned (even if you aren't going to use them):
ldap.user.custom.mappings.1=
ldap.contact.mappings.1=
ldap.contact.custom.mappings.1=
Regarding authentication against CAS, I've been using it for a couple years on Liferay 5.2.3, and in my experience it's worked very reliably.