Liferay, Alfresco, SSO and LDAP Full Integration - PowerPoint PPT Presentation

1 / 17
About This Presentation
Title:

Liferay, Alfresco, SSO and LDAP Full Integration

Description:

An application protocol for querying and modifying directory ... public static String retrieve(String url) throws IOException { BufferedReader r = null; ... – PowerPoint PPT presentation

Number of Views:1158
Avg rating:3.0/5.0
Slides: 18
Provided by: charl62
Category:

less

Transcript and Presenter's Notes

Title: Liferay, Alfresco, SSO and LDAP Full Integration


1
Liferay, Alfresco, SSO and LDAP Full Integration
  • A generic solution of SSO plus LDAP against
  • - Liferay Portals and Alfresco portlets
  • Alfresco (compliant) standalone applications
  • Jonas Yuan
  • July 18, 2007

2
Agenda
  • Overview
  • LDAP SSO
  • Filters in Action
  • Portlets In Action
  • Real Examples
  • Summary

3
Liferay
Alfresco
Others
Portlet
SSO 1
SSO 3
SSO 4
SSO 2
Alfresco
SSO
Authentication
Authentication
LDAP
4
What is LDAP?
  • LDAP Lightweight Directory Access Protocol
  • An application protocol for querying and
    modifying directory services running over TCP/IP.
  • A Directory Information Tree (DIT) is data
    represented in a hierarchical tree-like structure
    consisting of the Distinguished names (DNs) of
    the directory entries.

5
What is SSO?
  • SSO Single Sign-On
  • Single sign-on (SSO) is a method of access
    control that enables a user to authenticate once
    and gain access to the resources of multiple
    software systems.
  • The JA-SIG Central Authentication Service (CAS)
    is an open single sign-on service that allows web
    applications the ability to defer all
    authentication to a trusted central server or
    servers.

6
Filters In Action
  • Enhanced SSO Filter
  • Authenticating SSO Server with LDAP
  • Enhanced validating URL in SSO Server
  • Authenticating with LDAP
  • Log-in Automatically
  • E. g. SSO 1, 2, 3

FILTER
SSO
Session Manager
LDAP
7
Enhanced SSO Filter
  • ltfiltergtltfilter-namegtCAS Filterlt/filter-namegt
  • ltfilter-classgtcom.cignex.filters.sso.cas.CASFilte
    rlt/filter-classgt
  • ltinit-paramgt
  • ltparam-namegtcas_server_urllt/param-namegt
  • ltparam-valuegthttps//docs.cignex.com/cas-weblt/pa
    ram-valuegt
  • lt/init-paramgt
  • ltinit-paramgt
  • ltparam-namegtservice_pathlt/param-namegt
  • ltparam-valuegt/index.jsplt/param-valuegt
  • lt/init-paramgt
  • ltinit-paramgt
  • ltparam-namegtapplication_typelt/param-namegt
  • ltparam-valuegtalfrescolt/param-valuegt
  • lt/init-paramgtlt/filtergt
  • ltfilter-mappinggtltfilter-namegtCAS
    Filterlt/filter-namegt
  • lturl-patterngt/index.jsplt/url-patterngtlt/filter-map
    pinggt
  • ltfilter-mappinggtltfilter-namegtCAS
    Filterlt/filter-namegt
  • lturl-patterngt/logoutlt/url-patterngtlt/filter-mappin
    ggt

8
Authenticating SSO with LDAP
  • Add Adaptors - LDAP Authentication
  • Configure SSO server with LDAP server
  • ltbean id"contextSource" class"org.jasig.cas.adap
    tors.ldap.util.AuthenticatedLdapContextSource"gt
  • ltproperty name"urls"gt
  • ltlistgt
  • ltvaluegtldap//docs.cignex.co
    m10389lt/valuegt
  • lt/listgt
  • lt/propertygt
  • lt/beangt

9
Enhanced validating URL in SSO Server
  • public static String retrieve(String url) throws
    IOException
  • BufferedReader r null
  • try
  • url url.replace("https//", "http//") //add
  • URL u new URL(url)
  • URLConnection uc u.openConnection()
  • uc.setRequestProperty("Connection",
    "close")
  • r new BufferedReader(new
    InputStreamReader(uc.getInputStream()))
  • String line
  • StringBuffer buf new
    StringBuffer()
  • while ((line r.readLine()) ! null)
  • buf.append(line "\n")
  • return buf.toString()
  • finally

10
Authenticating with LDAP
  • Configurable
  • ltbean id"ldapExtInitialDirContextFactory"
    class"com.cignex.portal.security.authentication.l
    dap.LDAPInitialDirContextFactoryImpl"gt
  • ltproperty name"initialDirContextEnvironme
    nt"gt
  • ltmapgt
  • lt!-- The LDAP provider --gt
  • ltentry key"java.naming.factory.in
    itial"gt
  • ltvaluegtcom.sun.jndi.ldap.LdapC
    txFactorylt/valuegt
  • lt/entrygt
  • ltentry key"java.naming.provider.url"gt
  • ltvaluegtldap//docs.cignex.com
    10389lt/valuegt
  • lt/entrygt
  • ltentry key"java.naming.security.authentication"gt
  • ltvaluegtsimplelt/valuegt
  • lt/entrygt
  • lt/mapgt
  • lt/propertygt

11
Log-in Automatically
  • Reuse log-in mechanism of different applications
    Liferay Portal, Alfresco, Others.
  • One Interface, many implementations
  • Initialize applications
  • Redirection

12
Portlets In Action
  • Loading portlet
  • Tracing current user from Filter
  • Authenticating portlet with LDAP
  • Log-in Automatically
  • E.g. SSO 4

FILTER
SSO
PORTLETS
LDAP
13
Generic Portlet Interface
Portlet
JSON Portlet
MyFaces Portlet
ICEFaces Portlet
Portlet
14
Authenticating Portlet with LDAP
  • Configurable Reusable
  • lt!-- Single Sign On Authentication --gt
  • ltbean name"ssoExtAuthenticationContext"
    class"com.cignex.portal.security.authentication.s
    so.SSOAuthenticationContext" gt
  • ltproperty name"allowSingleSignOn"gt
  • ltvaluegttruelt/valuegt
  • lt/propertygt
  • ltproperty name"filter"gt
  • ltvaluegtCAS_SSOlt/valuegt
  • lt/propertygt
  • lt/beangt

15
Log-in Automatically
  • Reuse log-in mechanism of different portlets
    Alfresco (MyFaces), Other (ICEfaces).
  • One Interface, multiple implementations
  • Initialize portlet
  • Trace session context Portlet Servlet
  • Redirection

16
Real Examples
  • SSO CAS plus LDAP ADS against Alfresco Standalone
    Application (v 2.0.1)
  • SSO CAS plus LDAP ADS against Alfresco Compliant
    Standalone Application
  • SSO CAS plus LDAP ADS against Liferay Portal
    (4.3) and Alfresco Portlet (v 2.0.1)

17
Summary
  • A generic solution of SSO CAS plus LDAP ADS
    against
  • Alfresco Standalone Application (v 2.0.1)
  • Alfresco Compliant Standalone Application
  • Liferay Portal (4.3) and Alfresco Portlet (v 2.1)
  • Instructions for Do-It-Yourselfers
  • Sources - http//liferay.cignex.com
  • Q A
Write a Comment
User Comments (0)
About PowerShow.com