Differences

This shows you the differences between two versions of the page.

Link to this comparison view

documentation:latest:applications:liferay [2016/07/19 12:10] (current)
Line 1: Line 1:
 +====== Liferay ======
 +
 +{{ :​applications:​liferay_logo.png |}}
 +
 +===== Presentation =====
 +
 +[[http://​www.liferay.com/​|Liferay]] is an enterprise portal.
 +
 +Liferay can use LL::NG as an SSO provider but you have to manage how users are created:
 +  * By hand in Liferay administration screens
 +  * Imported from an LDAP directory
 +
 +Of course, integration will be full if you use the LDAP directory as users backend for LL::NG and Liferay.
 +
 +<note important>​If the user is not created, or can not be created via LDAP import, the connection to Liferay will be refused. With LDAP, login, mail, first name and last name are required attributes. If one is missing, the user is not created.</​note>​
 +
 +This documentation just explains how to set up the SSO part. Please refer to Liferay documentation to enable LDAP provisionning.
 +
 +===== Configuration =====
 +
 +==== Liferay administration ====
 +
 +Access to Liferay (first time):
 +
 +{{ :​documentation:​liferay_1.png?​600 |}}
 +
 +Login as administrator:​
 +
 +{{ :​documentation:​liferay_2.png?​600 |}}
 +
 +Go to ''​My Account'':​
 +
 +{{ :​documentation:​liferay_3.png?​600 |}}
 +
 +Go to ''​Portal''​ » ''​Settings'':​
 +
 +{{ :​documentation:​liferay_4.png?​600 |}}
 +
 +Go to ''​Configuration''​ » ''​Authentication'':​
 +
 +{{ :​documentation:​liferay_5.png?​600 |}}
 +
 +In ''​General'',​ fill at least the following information:​
 +  * **How do users authenticate?​**:​ by login
 +
 +<note tip>We advice to deactivate other options, cause users will use LL::NG portal to modify or reset their password.</​note>​
 +
 +{{ :​documentation:​liferay_6.png?​600 |}}
 +
 +<note important>​
 +You need to activate LDAP authentication,​ else SSO authentication will not work. Do this in the control panel or in the configuration file:
 +<​file>​
 +ldap.auth.enabled=true
 +</​file>​
 +</​note>​
 +
 +Then use the ''​SiteMinder''​ tab to configure SSO:
 +  * **Enabled**:​ Yes
 +  * **Import from LDAP**: Yes (see [[#​presentation|presentation]])
 +  * **User Header**: Auth-User (case sensitive)
 +
 +{{ :​documentation:​liferay_7.png?​600 |}}
 +
 +<note important>​Do not forget to save your changes!</​note>​
 +
 +==== Liferay virtual host ====
 +
 +Configure Liferay virtual host like other [[..configvhost|protected virtual host]].
 +
 +  * For Apache:
 +<file apache>
 +<​VirtualHost *:80>
 +       ​ServerName liferay.example.com
 +
 +       ​PerlHeaderParserHandler Lemonldap::​NG::​Handler
 +
 +       ...
 +       
 +</​VirtualHost>​
 +</​file>​
 +
 +  * For Nginx:
 +<file nginx>
 +server {
 +  listen 80;
 +  server_name liferay.example.com;​
 +  root /​path/​to/​application;​
 +  # Internal authentication request
 +  location = /lmauth {
 +    internal;
 +    include /​etc/​nginx/​fastcgi_params;​
 +    fastcgi_pass unix:/​var/​run/​llng-fastcgi-server/​llng-fastcgi.sock;​
 +    # Drop post datas
 +    fastcgi_pass_request_body ​ off;
 +    fastcgi_param CONTENT_LENGTH "";​
 +    # Keep original hostname
 +    fastcgi_param HOST $http_host;
 +    # Keep original request (LLNG server will received /llauth)
 +    fastcgi_param X_ORIGINAL_URI ​ $request_uri;​
 +  } 
 + 
 +  # Client requests
 +  location / {
 +    auth_request /lmauth;
 +    auth_request_set $lmremote_user $upstream_http_lm_remote_user;​
 +    auth_request_set $lmlocation $upstream_http_location;​
 +    error_page 401 $lmlocation;​
 +    try_files $uri $uri/ =404;
 + 
 +    ...
 + 
 +    include /​etc/​lemonldap-ng/​nginx-lua-headers.conf;​
 +  }
 +  location / {
 +    try_files $uri $uri/ =404;
 +  }
 +}
 +</​file>​
 +
 +==== Liferay virtual host in Manager ====
 +
 +Go to the Manager and [[..configvhost#​lemonldapng_configuration|create a new virtual host]] for Liferay.
 +
 +Just configure the [[..writingrulesand_headers#​rules|access rules]]. You can add a rule for logout:
 +<​code>​
 + ​^/​c/​portal/​logout => logout_sso
 +</​code>​
 +
 +Configure the ''​Auth-User''​ [[..writingrulesand_headers#​headers|header]].