Tuesday, September 30, 2008

How to Integrate Liferay with OpenSSO on Tomcat

I have recently been testing Liferay and OpenSSO integration. I wanted to share my experience with you.

Part 1 Install OpenSSO on Tomcat

Assumption: Tomcat 6.0.18 + OpenSSO V1 Build 4.5 on Windows XP Professional.

  1. Download and install JDK 1.6 to C:\java\jdk1.6.0_07;
  2. Download Tomcat 6.0.18 and extract to C:\tomcat;
  3. Edit C:\tomcat\bin\catalina.bat and add the following to the beginning of the file:
    set JAVA_HOME=C:\java\jdk1.6.0_07
    set CATALINA_OPTS="-Xms512m -Xmx1024m"
  4. Download openSSO and extract to C:\Temp;
  5. Copy C:\temp\opensso\deployable-war\opensso.war to C:\tomcat-6.0.18\webapps;
  6. Start Tomcat by running C:\tomcat\bin\startup.bat;
  7. Go to http://opensso.host.domain:8080/opensso;
  8. Click on "Create Default Configuration"
  9. Fill in passwords and click Create... (IE6 may have issues with this screen, use Firefox instead);
  10. Login as amadmin and the password specified above;

Part 2 Setup Liferay

Assume you have a liferay 5.1.1 running at http://portal.host.domain:8080/. If you don't, it is time now to set up one.

Install Liferay from a bundle

  1. Download a Liferay + Tomcat bundle from http://www.liferay.com/;
  2. Extract to a directory (say c:\liferay);
  3. Edit c:\liferay\bin\catalina.bat to add CATALINA_OPTS and JAVA_HOME such as step 3 above;

Create an account in OpenSSO:

  1. Go to http://opensso.host.domain:8080/opensso
  2. Login as amadmin, access control -> opensso -> subjects -> New
  3. ID: joebloggs, Last Name: Bloggs, Full Name: joebloggs, Password: welcome1
  4. Click OK
  5. Click on joebloggs, add email address: test@liferay.com
  6. Click Save

Configure Liferay

  1. Login to liferay as admin: test@liferay.com and password test
  2. Go to My Places -> My Community -> Private Pages (2)
  3. In the Enterprise Admin section, click Organizations -> Settings -> Authentication -> OpenSSO...
  4. Check Enabled
  5. Login URL: http://opensso.host.domain:8080/opensso/UI/Login?goto=http://portal.host.domain:8080/c/portal/login
  6. Logout URL: http://opensso.host.domain:8080/opensso/UI/Logout?goto=http://portal.host.domain:8080/portal/logout
  7. Service URL: http://opensso.host.domain:8080/openssoSave
  8. Click Save
  9. You are now asked to login to opensso, login as joebloggs and password is what you specified above
  10. To test: go to http://portal.host.domain:8080/, you should be prompted for OpenSSO login, login as joebloggs/welcome1, you should be logged in to Liferay without asking for another password

But Wait! Something Not Quite Right

You may notice that once you have provided OpenSSO credentials for OpenSSO, it does not redirect you to Liferay. This is more obvious in Firefox, where it errors out indicating a dead loop.

Liferay 5.1.1 has an issue in its code com.liferay.portal.servlet.filters.sso.opensso.OpenSSOUtil class. The fix is to change the following line in method _setCookieProperty:

  • from: sb.append(cookieValue);
  • to: sb.append("\"" + cookieValue + "\"");

And then you need to recompile and deploy portal-impl.jar.

Posted by at

6 comments:

Phuc Bui said...

Hi Simon !
I have followed your instruction, but I got a problem !!!
When I logged in OpenSSO, I was not logged in Liferay ???
But when I logged out Liferay first, I was logged out OpenSSO too, it's ok
But when I logged out OpenSSO first, then logged out Liferay, it notified "Authentication Exception due to incorrect handler".

One more problem,
when I start tomcat (after configuration of OpenSSO in liferay), the console always notified OpenSSOAutoLogin : Null Pointer Exception (please see the picture here for more detail http://i400.photobucket.com/albums/pp88/bmphuc/OpenSSO_Error.jpg)

Looking forward to your help.
Thanks about this article

Phuc Bui

March 3, 2009 at 8:43 AM
Unknown said...

Hi Simon,

Could you send me the altered OpenSSOUtil.class file?

Do you have the original source files?

Gijsbert

March 11, 2009 at 8:41 AM
srinath said...

hi Simon;

I am facing a Browser Redirect Loop problem in firefox . I am using Liferay 5.2 ,Tomcat 6.0.18 and OpenSSO 8.0 on Ubuntu , I followed all your steps but i am unable to login successfully;

what the Problem would be ,even i tried deleting Cookies many times, I found some code in OpenSSOutil.java (sb.append("\"" + cookieValue + "\"");) to be changed , is it the solution ??

please help me in this issue

June 7, 2009 at 4:42 AM
Jonttu said...

We got it working the way Simon described with the fix on the OpenSSOUtil class (fyi too srinath if you're still interested).

We are using OpenSSO Express 8 and Liferay 5.2.3.

Thank you very much Simon for the tutorial. We'll look how we could get the fix directly in to the Liferay code.

January 11, 2010 at 7:07 AM
nkshirsa said...
This comment has been removed by the author.
April 29, 2011 at 7:06 AM
Raghu said...

Hi Simon
On the login page we are trying to call a public page of Liferay which has guest access. But on clicking the link, the opensso login page is called. Is there any way by which we can bypass the opensso login page for this particular public page.

Appreciate if you could help me.

Thanks
Raghu

June 18, 2011 at 6:50 PM

Post a Comment

Subscribe to: Post Comments (Atom)