I have a requirement like while login in liferay i have to initiate a domino session for that user. How about the possibilities and is there any work around.
thanks in advance.
Domino needs to be configured for SSO.
Liferay and Domino servers must share the same DNS Domain.
You need to create the LtpaToken cookie manually.
I achieved this by writing a custom com.liferay.portal.security.auth.Authenticator that intercepts the username and password (after the Liferay login) and tries to login on Domino via DIIOP.
lotus.domino.Session session = lotus.domino.NotesFactory.create(hostname, username, password);
If the login succeeds you can get the LtpaToken by calling session.getSessionToken();
Just put the token into a custom Cookie called LtpaToken by default which is valid for the DNS Domain your servers share.
Related
For authentication purpose, I want to get the windows username of my users when they access to the index page. I will use this windows username to check a database and if this user is knowned, then he will be logged otherwise I will redirect him to an authentication form.
I found this (http://www.rgagnon.com/javadetails/java-0441.html) where a JSP page uses the NTML protocol to get the windows username. It works (only on IE). But...
... I would like to do the same but with JSF 2.0 technology (to have this information on the server side and use it for authentication).
Do you think it's possible?
I use Tomcat 7 with JDBCRealm and a FORM authentication method.
Has anybody had any success creating an XPage application that includes SSO so that the user logs into notes client and is able to open an XPage application (Database) which uses the Social Enabler to integrate Connections data into the XPage? The key to my projects success is to not need to prompt the user for their username and password (The user has just logged into notes!).
I have seen #nheidloff blog about SSO using the LTPA token between an xpage and connections, however I need this to work within the notes client. If anybody has any success in creating this, can you share any tips please.
I have blogged about a technique...
http://lotusnotus.com/lotusnotus_en.nsf/dx/authenticating-notes-users-for-web-apps-automatically....htm
To sum up, we need a LtpaToken for web-based authentication. We have ability to create an LtpaToken inside Notes client using a Java method of the session object. So my solution has two parts.
A java agent that produces a valid LtpaToken for the authenticated user on the client side. We are calling this java agent from any Lotusscript routine.
The second part is a redirection web page on any database that can be accessed anonymously. This might be a Lotusscript agent, servlet or XAgent. It will get LTPAToken and a target URL from a GET request, add the LTPAToken into cookies and redirect the user back to the target URL.
In Lotus Notes client, any Lotusscript action might call the Java agent, acquire a valid LTPAToken and launch a constructed URL which points to the redirection web page with necessary parameters.
There is a couple of bugs I have detected on Domino Web server. For details of the technique and workarounds about these bugs, you might refer to my blog entry.
I think that I have configured web SSO (SPNEGO) on our test 8.5.3 server. I created a test discussion data base and when I access it with a web client my credentials are displayed. But if I acces my Xpage first the #Username function shows Anonymous. If I display the discussion page first then return to my Xpage the #Username gives the correct name.
Any ideas ?
I would check the ACL of the databases and see what anonymous is set to.
I suspect that in the discussion anonymous is set to 'no access' so it triggers the login process via SPNEGO and logs you in with your credentials but the XPage app may have anonymous set as reader so it is just letting you in as anonymous.
When you access the discussion before the xpage app the ltpatoken SSO cookie is being set so when you hit the xpage app it knows your logged in via SSO which is why it is showing the correct credentials in that case.
I have another web app, that uses the liferay user database. But before a user can access this website he needs be authenticated first. How can I achieve this functionality, I've tried searching the WS api for authentication using email/password, but found none.
Also the user should still be able to login to the liferay portal. And the login should be like another liferay web service.
Any hints?
Hmm, since I have access to the database maybe 1 way is to hash the password given by the client? and validate against the values stored in the database.
Found out that PwdEncryptor class is the one responsible for encrypting the password, unfortunately it has too many dependencies with liferay that I'm unable to pull it out :-?
Thanks
It might not be the best approach but this solution might be what you're looking for. It will just require the company id, email and password of the user. In my case I have the default company id from liferay.
To authenticate an email/password, you can call other liferay webservice in my case: get-user-id-by-email-address. And then authenticate the user via HTTP Basic. When using jersey rest webservice to call the liferay web service you can code that like this:
String url += String.format("user/get-user-id-by-email-address?companyId=%s&emailAddress=%s",
properties.getProperty("default.company.id"), email);
ClientConfig config = new DefaultClientConfig();
Client client = Client.create(config);
client.addFilter(new HTTPBasicAuthFilter(email, password));
WebResource service = client.resource(url);
ClientResponse response = service.accept("application/json").post(ClientResponse.class);
if (response.getClientResponseStatus() == com.sun.jersey.api.client.ClientResponse.Status.OK) {
//valid user
} else {
//invalid user
}
You could implement a Single-Sign-On solution on your site by configuring Liferay to use CAS or OpenSSO. There are various sources: OpenSSO-Liferay, CAS-Liferay.
I am using JMeter to load test some pages that reside in a SharePoint 2007 Site. The farm that contains the pages resides in a different domain than the machine running the test, and uses Windows Authenticiation. The connection to the server is over an unencrypted (non-SSL) connection. Because of this, I need to pass login credentials to the server.
How do I configure JMeter to login to the server using windows authentication?
make sure to use http sampler=JAVA
Try this
Edit based on the reply: new link
Scroll down to the Parameters section,
Username The username to authorize.
Password The password for the user.
Domain The domain to use for NTLM.
Realm The realm to use for NTLM.
Add HTTP Authorization Manager to the Thread Group.
Using [domain]username[#realm] as your Windows login example.
BASE URL: [yourdomainurl]
USERNAME: [domain\username] <- UPPERCASE ONLY
PASSOWORD: [password]
This work for my case.