How to Integrate Liferay with OpenSSO on Tomcat

I have recently been testing Liferay and OpenSSO integration. I wanted to share my experience with you.

Part 1 Install OpenSSO on Tomcat

Assumption: Tomcat 6.0.18 + OpenSSO V1 Build 4.5 on Windows XP Professional.

1. Download and install JDK 1.6 to C:\java\jdk1.6.0_07;
2. Download Tomcat 6.0.18 and extract to C:\tomcat;
3. Edit C:\tomcat\bin\catalina.bat and add the following to the beginning of the file:
   set JAVA_HOME=C:\java\jdk1.6.0_07
   set CATALINA_OPTS="-Xms512m -Xmx1024m"
4. Download openSSO and extract to C:\Temp;
5. Copy C:\temp\opensso\deployable-war\opensso.war to C:\tomcat-6.0.18\webapps;
6. Start Tomcat by running C:\tomcat\bin\startup.bat;
7. Go to http://opensso.host.domain:8080/opensso;
8. Click on "Create Default Configuration"
9. Fill in passwords and click Create... (IE6 may have issues with this screen, use Firefox instead);
10. Login as amadmin and the password specified above;

Part 2 Setup Liferay

Assume you have a liferay 5.1.1 running at http://portal.host.domain:8080/. If you don't, it is time now to set up one.

Install Liferay from a bundle

1. Download a Liferay + Tomcat bundle from http://www.liferay.com/;
2. Extract to a directory (say c:\liferay);
3. Edit c:\liferay\bin\catalina.bat to add CATALINA_OPTS and JAVA_HOME such as step 3 above;

Create an account in OpenSSO:

1. Go to http://opensso.host.domain:8080/opensso
2. Login as amadmin, access control -> opensso -> subjects -> New
3. ID: joebloggs, Last Name: Bloggs, Full Name: joebloggs, Password: welcome1
4. Click OK
5. Click on joebloggs, add email address: test@liferay.com
6. Click Save

Configure Liferay

1. Login to liferay as admin: test@liferay.com and password test
2. Go to My Places -> My Community -> Private Pages (2)
3. In the Enterprise Admin section, click Organizations -> Settings -> Authentication -> OpenSSO...
4. Check Enabled
5. Login URL: http://opensso.host.domain:8080/opensso/UI/Login?goto=http://portal.host.domain:8080/c/portal/login
6. Logout URL: http://opensso.host.domain:8080/opensso/UI/Logout?goto=http://portal.host.domain:8080/portal/logout
7. Service URL: http://opensso.host.domain:8080/openssoSave
8. Click Save
9. You are now asked to login to opensso, login as joebloggs and password is what you specified above
10. To test: go to http://portal.host.domain:8080/, you should be prompted for OpenSSO login, login as joebloggs/welcome1, you should be logged in to Liferay without asking for another password

But Wait! Something Not Quite Right

You may notice that once you have provided OpenSSO credentials for OpenSSO, it does not redirect you to Liferay. This is more obvious in Firefox, where it errors out indicating a dead loop.

Liferay 5.1.1 has an issue in its code com.liferay.portal.servlet.filters.sso.opensso.OpenSSOUtil class. The fix is to change the following line in method _setCookieProperty:

• from: sb.append(cookieValue);
• to: sb.append("\"" + cookieValue + "\"");

And then you need to recompile and deploy portal-impl.jar.

Do Not Reinvent Portal from Scratch

Today I had a meeting with our "Portal Development Team" at work to discuss the techinical architecture they are pursuing. It turns out that they are actually trying to build a Portal themself from ground up. And, this is not the first time I hear technical people, knowingly or unknowingly, making the mistake by reinventing the wheel.

Among other things, Portal is defined as an application framework that provides content aggregation, personalization and Single Sign-On. Open source or commercial, they are maturely and readily available. It does a lot of things right out of box.

The senior technical resource explained to us his vision. He wanted to put his entire new application in a portlet (debatable), and use Apache Tiles to assemble this and other portlets to form Web pages.

Why would one reinvent the wheel if a technology is readily available and has been proven by the community?