using liferay portal with ldap and single sign-on
DESCRIPTION
During the 5th Liferay Netherlands user group meeting, Sander Bilo from the Firelay team (then Proteon) discussed during a lightning talk the benefits for a portal like Liferay, its users and administrators, to connect to a LDAP (like Active Directory) using a Single Sign-on server.TRANSCRIPT
Using Liferay portal with LDAP and Single-Sign -On
Sander BiloJava/Linux consultant
Using Liferay portal with LDAP and Single-Sign -On
Sander BiloJava/Linux consultant
Or
Using Liferay portal with LDAP and Single-Sign -On
“how to connect your stuff”
Sander BiloJava/Linux consultant
Or
Introduction
Introduction
Sander Bilo
twitter: @sanderbilo
Scenario
Scenario
Introduction of Liferay as collaboration platform within an existing environment.
Risks
Risks
• Legacy/other systems
Risks
• Legacy/other systems
• User acceptance
Risks
• Legacy/other systems
• User acceptance
• Security
Risks
• Legacy/other systems
• User acceptance
• Security
• (App.) Administrators / ICT departments
Legacy/other systems
Legacy/other systems
Legacy/other systems
• ‘This piece of software is just better suited for the job’
Legacy/other systems
• ‘This piece of software is just better suited for the job’
• ‘We don't have time to implement this functionality in Liferay (yet)’
Legacy/other systems
• ‘This piece of software is just better suited for the job’
• ‘We don't have time to implement this functionality in Liferay (yet)’
• ‘Other parties use this software, we need it to stay compatible’
Legacy/other systems
• ‘This piece of software is just better suited for the job’
• ‘We don't have time to implement this functionality in Liferay (yet)’
• ‘Other parties use this software, we need it to stay compatible’
User acceptance
User acceptance
• ‘Oh, no not another system I have to use’
User acceptance
• ‘Oh, no not another system I have to use’
• ‘Do I also have to register here?’
User acceptance
• ‘Oh, no not another system I have to use’
• ‘Do I also have to register here?’
• ‘My current tools work fine’
User acceptance
• ‘Oh, no not another system I have to use’
• ‘Do I also have to register here?’
• ‘My current tools work fine’
• ‘This tool will make me obsolete!’
User acceptance
• ‘Oh, no not another system I have to use’
• ‘Do I also have to register here?’
• ‘My current tools work fine’
• ‘This tool will make me obsolete!’
• ‘What is the login/password for this system? I lost track!’
User acceptance
• ‘Oh, no not another system I have to use’
• ‘Do I also have to register here?’
• ‘My current tools work fine’
• ‘This tool will make me obsolete!’
• ‘What is the login/password for this system? I lost track!’
Security
Security
• ‘I got a new password for this application, lets put it on a post-it’
Security
• ‘I got a new password for this application, lets put it on a post-it’
• ‘Lets use the same password everywhere’
Security
• ‘I got a new password for this application, lets put it on a post-it’
• ‘Lets use the same password everywhere’
• .. ‘and put it on a post-it’
Security
• ‘I got a new password for this application, lets put it on a post-it’
• ‘Lets use the same password everywhere’
• .. ‘and put it on a post-it’
• ‘Just make everybody administrator so we don't have to think about roles for this system as well’
Security
• ‘I got a new password for this application, lets put it on a post-it’
• ‘Lets use the same password everywhere’
• .. ‘and put it on a post-it’
• ‘Just make everybody administrator so we don't have to think about roles for this system as well’
(App.) Administrators
(App.) Administrators
• ‘I don’t want to manage another application’
(App.) Administrators
• ‘I don’t want to manage another application’
• ‘How will I keep user-accounts in sync with reality?’
Solutions
Solutions
• Central user management
Solutions
• Central user management
• Single point of authentication and authorization
Solutions
• Central user management
• Single point of authentication and authorization
• Integration of services (applications)
Solutions
• Central user management
• Single point of authentication and authorization
• Integration of services (applications)
• Self-service for end users
Solutions (LDAP)
Solutions (LDAP)
• ‘Lightweight Directory Access Protocol’
• Active Directory (Microsoft)
• OpenDJ (ForgeRock)
• OpenLDAP (OpenLDAP foundation)
• eDirectory (Novell)
• Directory Server Enterprise (Oracle)
Solutions (LDAP)
Solutions (LDAP)
• Central user management
Solutions (LDAP)
• Central user management
• Single point of authentication
Solutions (LDAP)
• Central user management
• Single point of authentication
• Most (larger) companies already have one
Solutions (LDAP)
Solutions (LDAP)
Solutions (LDAP)
LIFERAY
Solutions (LDAP)
LIFERAYLOGIN
Solutions (LDAP)
LIFERAYLOGIN
userName: piet.janssenpassword: *********
Solutions (LDAP)
LIFERAYLOGIN
Solutions (LDAP)
LIFERAYLOGIN
LDAP
Solutions (LDAP)
LIFERAYLOGIN
LDAP
LOGIN
Solutions (LDAP)
LIFERAYLOGIN
LDAP
LOGIN
userName: piet.janssenpassword: *********
Solutions (LDAP)
LIFERAYLOGIN
LDAP
LOGIN
Solutions (LDAP)
LIFERAYLOGIN
LDAP
LOGIN
PROFILE
Solutions (LDAP)
LIFERAYLOGIN
LDAP
LOGIN
PROFILE
lastName: JanssenfirstName: Piet
email: [email protected]
Solutions (LDAP)
LIFERAYLOGIN
LDAP
LOGIN
PROFILE
Solutions (LDAP)
LIFERAYLOGIN
LDAP
LOGIN
PROFILE
ERP
Solutions (LDAP)
LIFERAYLOGIN
LDAP
LOGIN
PROFILE
ERPLOGIN
Solutions (LDAP)
LIFERAYLOGIN
LDAP
LOGIN
PROFILE
ERPLOGIN
LOGIN
Solutions (LDAP)
LIFERAYLOGIN
LDAP
LOGIN
PROFILE
ERPLOGIN
LOGIN
PROFILE
Solutions (SSO)
Solutions (SSO)
• One account unlocks all
Solutions (SSO)
• One account unlocks all
• Self-service (profile page) for endusers
Solutions (SSO)
• One account unlocks all
• Self-service (profile page) for endusers
• Policy management for connected systems
Solutions (SSO)
Solutions (SSO)
• CAS (Yale University)
Solutions (SSO)
• CAS (Yale University)
• Shibboleth (Internet2)
Solutions (SSO)
• CAS (Yale University)
• Shibboleth (Internet2)
• OpenAM (ForgeRock)
Solutions (SSO)
• CAS (Yale University)
• Shibboleth (Internet2)
• OpenAM (ForgeRock)
• Access Manager (Oracle)
Solutions (SSO)
• CAS (Yale University)
• Shibboleth (Internet2)
• OpenAM (ForgeRock)
• Access Manager (Oracle)
• Facebook Connect
Solutions (SSO)
Solutions (SSO)
Solutions (SSO)
LIFERAY
Solutions (SSO)
LIFERAY
VISIT
Solutions (SSO)
OPENAMLIFERAY
VISIT
Solutions (SSO)
OPENAMLIFERAY
VISIT
Solutions (SSO)
OPENAMLIFERAY
VISIT
Solutions (SSO)
OPENAMLIFERAY
Solutions (SSO)
OPENAMLIFERAY
Solutions (SSO)
OPENAMLIFERAYLO
GIN
Solutions (SSO)
OPENAMLIFERAYLO
GIN
userName: piet.janssenpassword: *********
Solutions (SSO)
OPENAMLIFERAYLO
GIN
Solutions (SSO)
OPENAMLDAPLIFERAY
LOGIN
Solutions (SSO)
OPENAMLDAPLIFERAY
LOGIN
Solutions (SSO)
OPENAMLDAPLIFERAY
LOGIN
userName: piet.janssenpassword: *********
Solutions (SSO)
OPENAMLDAPLIFERAY
LOGIN
Solutions (SSO)
OPENAMLDAPLIFERAY
Solutions (SSO)
OPENAMLDAPLIFERAY
TOKE
N
Solutions (SSO)
OPENAMLDAPLIFERAY
Solutions (SSO)
OPENAMLDAPLIFERAY
Solutions (SSO)
OPENAMLDAPLIFERAY
TOKEN
Solutions (SSO)
OPENAMLDAPLIFERAY
TOKENLogged
in !
Solutions (SSO)
OPENAMLDAPLIFERAY
TOKEN
Solutions (SSO)
OPENAMLDAPLIFERAY
TOKEN
Solutions (SSO)
OPENAMLDAPLIFERAY
Solutions (SSO)
OPENAMLDAPLIFERAY
Solutions (SSO)
OPENAMLDAPLIFERAY
ERP
Solutions (SSO)
OPENAMLDAPLIFERAY
ERP
TOKEN
Solutions (SSO)
OPENAMLDAPLIFERAY
ERP
TOKEN
Solutions (SSO)
OPENAMLDAPLIFERAY
ERP
lastName: JanssenfirstName: Piet
email: [email protected]
TOKEN
Solutions (SSO)
OPENAMLDAPLIFERAY
ERP
TOKEN
Solutions (SSO)
OPENAMLDAPLIFERAY
ERP
TOKEN
Logged in !
Solutions (SSO)
OPENAMLDAPLIFERAY
ERP
TOKEN
Benefits
Benefits
• One password to rule them all
Benefits
• One password to rule them all
• Central role, policy and user management
Benefits
• One password to rule them all
• Central role, policy and user management
• Integration of legacy functionality
Q(&A?)
Sander Bilo
twitter: @sanderbilo
+31 6 24458392