Liferay Authentication Extensions

From MyWiki

Jump to: navigation, search

Here are some Liferay authentication extensions we have developed or have modified for use on NCSA projects.

The LiferayPedia article Developing a Custom Authentication System has helpful background information.

Contents

Authenticator

Authenticator methods implement the com.liferay.portal.security.auth.Authenticator interface and plug in to the authentication pipeline via auth.pipeline.pre and auth.pipeline.post.

Radius (One Time Passwords)

For the NCASSR Palantir project, we use a modified version of Rutger Heijmerikx's Radius Authenticator.

Configuration: 

 ##
 ## RADIUS (OTP) Authentication
 ##
 
 # Is RADIUS required?  Choose one of the following:
 # - YES: RADIUS is required and Liferay passwords are disabled.
 #        Uncomment the following lines.
 #auth.impl.radius.enabled=true
 #auth.impl.radius.required=true
 #auth.pipeline.enable.liferay.check=false
 #auth.pipeline.pre=com.liferay.portal.security.auth.MyRadiusAuth
 # -  NO: Either RADIUS or Liferay passwords may be accepted.
 #        Note: In this case, RADIUS logins set the user's Liferay
 #        password to the RADIUS password.
 #        Uncomment the following lines.
 #auth.impl.radius.enabled=true
 #auth.impl.radius.required=false
 #auth.pipeline.enable.liferay.check=true
 #auth.pipeline.pre=com.liferay.portal.security.auth.MyRadiusAuth
 #
 # Configure RADIUS server IP address, port, and shared secret
 auth.impl.radius.ipaddress=141.142.2.252
 auth.impl.radius.port=1812
 auth.impl.radius.sharedsecret=7fyUy5hbQk9TmFvhkeLsWvllVBWipnem9wVUAp8tIRz5R7oUbeikTZ7LY1IJZtY

(The auth.impl.radius.sharedsecret value above is just a random value. You need to replace it with your own.)

AutoLogin

AutoLogin methods implement the com.liferay.portal.security.auth.AutoLogin interface and plug in via auto.login.hooks.

HTTP Headers (REMOTE_USER)

For the NCASSR Palantir project, we have an AutoLogin module for logging in via HTTP headers set by Apache, such as REMOTE_USER and SSL_CLIENT_S_DN_CN.

Configuration: 

 ##
 ## Custom Auto Login Hooks:
 ##   - Keep default Liferay cookie BasicAutoLogin
 ##   - Add Apache header logins (RemoteUserAutoLogin)
 ##
 auto.login.hooks=com.liferay.portal.security.auth.BasicAutoLogin,com.liferay.portal.security.auth.RemoteUserAutoLogin
Retrieved from "http://mywiki.ncsa.uiuc.edu/wiki/Liferay_Authentication_Extensions"
Personal tools