integrating open am with liferay portal

Integrating OpenAM with Liferay Portal 2013

Integrating OpenAM with Liferay Portal on Tomcat

Liferay Portal and OpenAM both require a minimum 1.6 JVM. Make sure that your JAVA_HOME environment variable is correctly set to point to your Java 6 installation.

For OpenSSO to work correctly with Liferay Portal, both servers need to be running in the same domain. To solve this issue while running both servers on a single machine, edit the hosts file (/etc/hosts or %SystemRoot%system32driversetc) and add/update your localhost entry:

127.0.0.1 localhost localhost.example.com

where example.com is your actual domain.

Install Liferay Portal :

Liferay Portal is an open source portal. Liferay comes in two editions, Enterprise Edition (EE) and Community Edition (CE).

Installation consisted of:

1.Unzip liferay-portal-tomcat-6.0-5.2.3.zip to a directory. This will create a liferay-portal-5.2.3 folder.

On Linux/MacOS, you will need to add execute permissions to all of the shell scripts in the bin directory: chmod +x *.sh

2.In liferay-portal-5.2.3/tomcat-6.0.18/bin/, executing startup.sh (or startup.bat) will start Tomcat, and deploy Liferay Portal.

3.Open a browser to http://localhost.example.com:8080, and you will see the Liferay login page. You can login with [email protected]/test.

Install OpenSSO/OpenAM :

OpenSSO is an open source access management and federation server platform. Announced by Sun Microsystems in July 2005, OpenSSO was based on Sun Java System Access Manager, and was the core of Sun’s commercial access management and federation product, OpenSSO Enterprise (formerly Sun Access Manager and Sun Federation Manager). Oracle completed their acquisition of Sun Microsystems in February 2010 and announced that OpenSSO would no longer be their strategic product. OpenSSO will continue to be developed and supported by ForgeRock under the name of OpenAM.

openam_10.1.0.zip from ForgeRock - http://forgerock.com/download-stack/

Created by Prabhakaran

mailto:[email protected]/test


As OpenAM also requires a servlet container, Download the latest Tomcat (6.0.29).

Installation of the Tomcat server consisted of:

1.Unzip apache-tomcat-6.0.29 zip file. This will create an apache-tomcat-6.0.29 folder.

2.As both Liferay Portal and OpenAM will be running on the same machine, to update the ports that the OpenAM Tomcat server was using.

Edit apache-tomcat-6.0.29/conf/server.xml. change all of the ports from 8xxx to 9xxx. For example, 8080 to 9080, 8443 to 9443, etc.

On Linux/MacOS, you will need to add execute permissions to all of the shell scripts in the bin directory: chmod +x *.sh

3.Edit catalina.sh (or catalina.bat) and add the following line to the start of the file, after the comment block listing the various Environment Variable Prequisites:

Linux/MacOS: JAVA_OPTS="$JAVA_OPTS -Xmx1024m -XX:MaxPermSize=256m"

Windows: set JAVA_OPTS="%JAVA_OPTS% -Xmx1024m -XX:MaxPermSize=256m"

Installation of OpenAM consisted of:

To Deploy OpenAM

The openam-server-10.1.0-Xpress.war file contains all OpenAM server components and samples. How you deploy the .war file depends on your web application container.

1. Deploy the .war file on your container.

For example, copy the file to deploy on Apache Tomcat webapps directory.

2. After Tomcat has deployed OpenAM, you will see the exploded war file as apache-tomcat-6.0.29/webapps/openam

3. Open a browser to http://localhost.example.com:9080/openam, which should redirect you to http://localhost.example.com:9080/openam/config/options.htm, to complete the OpenAM configuration..


http://localhost.example.com:9080/openam/config/options.htm


4. You should see the OpenAM configuration options page. Under Custom Configuration click Create New Configuration. Enter the following

Default User Password — password

5. Server Settings — default entries are ok



6. Configuration Data Store Settings — select First Instance, select OpenAM as Configuration Data Store, leave other entries

7. User Data Store Settings — select OpenAM User Data Store



8. Site Configuration — select No

9. Default Policy Agent User — policy01 (password/password)



10. Configurator Summary Details – click Create Configuration. This will create the configuration for your OpenAM server under ~/opensso (or c:Documents and Settings{username}opensso).

11. When this completes, in the Configuration Complete dialog, click Proceed to Login, which should now redirect you to http://localhost.example.com:9080/openam/UI/Login.Type amAdmin as the username, password as the password, and click Log In. You should now see the OpenAM Console.



Additional OpenAM Configuration

To get OpenAM to work correctly with Liferay, you need to set Encode Cookie Value to Yes. This will prevent infinite redirection between Liferay and OpenAM on login.

1.In the OpenAM Console, select the Configuration tab.



2.Select the Servers and Sites tab.

3.Click Default Server Settings.

4.Select the Security tab.



5.In the Cookie section, select the Yes checkbox beside Encode Cookie Value.

6.Click Save.

Before updating Liferay to use OpenAM, I recommend adding the default Liferay user, [email protected], to OpenAM.

1.In the OpenAM Console, select the Access Control tab and Click the / (Top Level Realm) realm.



2. Select the Subjects tab.



3.Click New…

Setup the default Liferay user:

ID — joebloggs

First Name — Joe

Last Name — Bloggs

Full Name — Joe Bloggs

Password — password

Click OK to create the user.

4.Click Joe Bloggs to add the email address. Enter [email protected] for the Email Address, and click Save.



Integrate Liferay Portal with OpenAM

Now you are ready to update Liferay Portal to integrate with OpenAM for authentication

1.If Liferay is running, shut it down (bin/shutdown).

2.Create a new file, called portal-ext.properties, in your Liferay directory, under liferay-portal-5.2.3/tomcat-6.0.18/webapps/ROOT/WEB-INF/classes/.

3.Edit this file, and add the following properties:



4.Start Liferay (bin/startup).

5.Once Liferay has started, open a browser to http://localhost.example.com/8080, and you should be redirected to the OpenAM login page

Enter joebloggs for the User Name, and password for the Password. Click Log In.

You will be authenticated against OpenAM, and redirected to Liferay.



Now that Liferay is using OpenAM for authentication, if you create a new user in OpenAM, that user will also be created in Liferay on the first log in. That newly created user in Liferay will only have the basic information filled in – First Name, Last Name, Screenname, Email Address – and will have the default Roles, Groups, and Organizations assigned.

References’:

1. http://sourceforge.net/projects/lportal/files/Liferay%20Portal/5.2.2/

2. http://forgerock.com/download-stack/

3. http://tomcat.apache.org/download-60.cgi

4. https://wikis.forgerock.org/confluence/display/openam/integrate+OpenAM+with+Liferay


http://tomcat.apache.org/download-60.cgi

http://forgerock.com/download-stack/