Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

OpenAM with lifreray

299 views

Published on

OpenAM Integration with Liferay

Published in: Software
  • Be the first to comment

OpenAM with lifreray

  1. 1. OPENAM WITH LIFERAY March 9, 2016 SEE MORE : WWW.LIFERAYSOLUTION.COM Install OpenDJ 1) Download OpenAM-11.0.0.war from https://backstage.forgerock.com/#!/downloads/OpenAM/OpenAM%20Enterprise/11.0.0/OpenAM%2 011#list 2) you can deploy this war file in the same tomcat where your Liferay is running or you can deploy in separate tomcat server (apache-tomcat-7.0.68). My recommendation is , use separate tomcat server for that 3) For our comfort, rename war file from OpenAM-11.0.0.war to OpenSSO.war and start tomcat server for deployment 4) Once it's deployed into tomcat, you can access it through http://jignesh.openam.com:7070/OpenSSO. Here jignesh.openam.com:7070 is the host name which i configured for newly installed tomcat server. Also make sure that server have enough JVM memory allocation using below line in startup.bat set JAVA_OPTS=-Dfile.encoding=UTF-8 -Xms128m -Xmx1024m -XX:PermSize=64m - XX:MaxPermSize=256m 5) Click on create new configuration link 6) Give the password called password1 for General >> Default user password
  2. 2. OPENAM WITH LIFERAY March 9, 2016 SEE MORE : WWW.LIFERAYSOLUTION.COM 7)Click next 8) Provide host name and other setting given in below snap 9) click next and Configure Data store setting given as below screen
  3. 3. OPENAM WITH LIFERAY March 9, 2016 SEE MORE : WWW.LIFERAYSOLUTION.COM 10) click next and Configure User Data store setting given as below screen where you will give your OpenDJ related setting where your User is stored
  4. 4. OPENAM WITH LIFERAY March 9, 2016 SEE MORE : WWW.LIFERAYSOLUTION.COM 11) Click next and don't make any change in Site Configuration 12) click on next and give the password calles password2 for Default Policy Agent [UrlAccessAgent] 13) click next and check the summary
  5. 5. OPENAM WITH LIFERAY March 9, 2016 SEE MORE : WWW.LIFERAYSOLUTION.COM 14) Click on Create configuration button which will take 2-3 minutes time to configure OpenSSO if you configured everything properly. You are done with setup !!!! Now you may have to make sure whether the configuration you did is correct or not for OpenAM and its reading all the users from OpenDJ or not.
  6. 6. OPENAM WITH LIFERAY March 9, 2016 SEE MORE : WWW.LIFERAYSOLUTION.COM OpenAM Configuration if you have done this setup proper then it will bring you to the login screen of OpenAM which can be access byhttp://jignesh.openam.com:7070/OpenSSO you can login with amadmin password1 (First default user password which you set through configuration step) 1) Once you login, you will be able to see below screen
  7. 7. OPENAM WITH LIFERAY March 9, 2016 SEE MORE : WWW.LIFERAYSOLUTION.COM 2) Go to Access Control Tab where you can create your own Realm or can use / (Top Level Realm) which is available 3) click on / (Top Level Realm) and go to Subjects tab where you should be able to see all your users which is available and if its not then you need to to Data stores tab where you can find your data store link and can configure proper LDAP settings. 4) Also here you will have to create Joe bloggs user in LDAP OpenDJ under people group so it will be available for us. use the same email,first name, last name and screen name to create user in OpenDJ 5) No we will have to create J2ee agent inside OpenAM which will be needed for SSO with Liferay 6) Go to Agents >> J2EE tab 7) Click on new button to create new agent called LiferayEEagent
  8. 8. OPENAM WITH LIFERAY March 9, 2016 SEE MORE : WWW.LIFERAYSOLUTION.COM 8) Now you also need to apply the agent for the tomcat server where your SSO application is running Download Tomcat-v6-Agent_3.5.0.zip from https://backstage.forgerock.com/#!/downloads/OpenAM/J2EE%20Policy%20Agents/3.5.0/Apache% 20Tomcat%206,%207%20and%208#list extract the zip file and put tomcat_v6_agent folder in some directory go to tj2ee_agentstomcat_v6_agentbin folder and run agentadmin --install from command prompt it will ask you couple of questions for configuration and tomcat paths which will be given as below Tomcat Server Config Directory : C:jigneshapache-tomcat-7.0.68conf OpenAM server URL : http://jignesh.openam.com:7070/OpenSSO $CATALINA_HOME environment variable : C:jigneshapache-tomcat-7.0.68 Agent URL : http://jignesh.openam.com:7070/agentapp Agent Profile name : LiferayEEagent Agent Profile Password file name : C:jigneshapache-tomcat-7.0.68agent-pass.txt Verify your settings above and decide from the choices below. 1. Continue with Installation 2. Back to the last interaction 3. Start Over 4. Exit Please make your selection [1]: 1 here make sure you give the same
  9. 9. OPENAM WITH LIFERAY March 9, 2016 SEE MORE : WWW.LIFERAYSOLUTION.COM Agent Profile name : LiferayEEagent Agent Profile Password file name : C:jigneshapache-tomcat-7.0.68agent-pass.txt which you used during j2ee agent creation time from OpenAM. password you may need to put some txt file and you may need to provide location 9) you setup j2ee policy agent in openAm as well as tomcat server so you are good to go ahead now. Note: if your server doesn start after applying agent for tomcat, just go to config folder and replace server.xml file and also you may need to put set JAVA_OPTS=%JAVA_OPTS% - Dopenam.agents.bootstrap.dir=C:/jignesh/tomcat_v6_agent/Agent_001/configin your startup.bat file of tomcat where your sso is running 10) Now go to Configuration >> Servers and Sites tab from access control panel and click on default server setting button and security tab 11) Go to Cookie section and mark Encode Cookie Value: true and save the configurations You are done from OpenAM side configurations. Liferay Configuration Put below properties in portal-ext.properties file : open.sso.auth.enabled=true open.sso.login.url=http://jignesh.openam.com:7070/OpenSSO/UI/login?goto=http://jignesh.openam.com: 8080/c/portal/login open.sso.logout.url=http://jignesh.openam.com:7070/OpenSSO/UI/Logout?goto=http://jignesh.openam.co m:8080/c/portal/logout open.sso.service.url=http://jignesh.openam.com:7070/OpenSSO open.sso.screen.name.attr=uid open.sso.email.address.attr=mail open.sso.first.name.attr=givenname open.sso.last.name.attr=sn open.sso.logout.on.session.expiration=false Add below code in your web.xml file <filter> <description>SJS Access Manager Tomcat Policy Agent Filter</description> <display-name>Agent</display-name> <filter-name>Agent</filter-name> <filter-class>com.sun.identity.agents.filter.AmAgentFilter</filter-class> </filter> <filter-mapping> <filter-name>Agent</filter-name> <url-pattern>/web*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>INCLUDE</dispatcher> <dispatcher>FORWARD</dispatcher> <dispatcher>ERROR</dispatcher> </filter-mapping>
  10. 10. OPENAM WITH LIFERAY March 9, 2016 SEE MORE : WWW.LIFERAYSOLUTION.COM Restart Liferay tomcat How to Test Go to your Liferay server URL : jignesh.openam.com:8080 click on signin link it will bring you to openAM login once you login with your joebloggs credentials , it will redirect you to liferay and you will alrady logged in there in liferay Enjoy!!!!!!!!!!!!!

×