1. Integrating OpenAM with Liferay Portal
2013
Integrating OpenAM with Liferay Portal on Tomcat
Liferay Portal and OpenAM both require a minimum 1.6 JVM. Make sure that your JAVA_HOME
environment variable is correctly set to point to your Java 6 installation.
For OpenSSO to work correctly with Liferay Portal, both servers need to be running in the same domain.
To solve this issue while running both servers on a single machine, edit the hosts file (/etc/hosts or
%SystemRoot%system32driversetc) and add/update your localhost entry:
127.0.0.1 localhost localhost.example.com
where example.com is your actual domain.
Install Liferay Portal :
Liferay Portal is an open source portal. Liferay comes in two editions, Enterprise Edition (EE) and
Community Edition (CE).
Installation consisted of:
1.Unzip liferay-portal-tomcat-6.0-5.2.3.zip to a directory. This will create a liferay-portal-5.2.3 folder.
On Linux/MacOS, you will need to add execute permissions to all of the shell scripts in the bin directory:
chmod +x *.sh
2.In liferay-portal-5.2.3/tomcat-6.0.18/bin/, executing startup.sh (or startup.bat) will start Tomcat, and
deploy Liferay Portal.
3.Open a browser to http://localhost.example.com:8080, and you will see the Liferay login page. You can
login with test@liferay.com/test.
Install OpenSSO/OpenAM :
OpenSSO is an open source access management and federation server platform. Announced by Sun
Microsystems in July 2005, OpenSSO was based on Sun Java System Access Manager, and was the core
of Sun’s commercial access management and federation product, OpenSSO Enterprise (formerly Sun
Access Manager and Sun Federation Manager). Oracle completed their acquisition of Sun Microsystems
in February 2010 and announced that OpenSSO would no longer be their strategic product. OpenSSO will
continue to be developed and supported by ForgeRock under the name of OpenAM.
openam_10.1.0.zip from ForgeRock - http://forgerock.com/download-stack/
As OpenAM also requires a servlet container, Download the latest Tomcat (6.0.29).
Installation of the Tomcat server consisted of:
Created by Prabhakaran
Page 1
2. Integrating OpenAM with Liferay Portal
2013
1.Unzip apache-tomcat-6.0.29 zip file. This will create an apache-tomcat-6.0.29 folder.
2.As both Liferay Portal and OpenAM will be running on the same machine, to update the ports that the
OpenAM Tomcat server was using.
Edit apache-tomcat-6.0.29/conf/server.xml. change all of the ports from 8xxx to 9xxx. For example, 8080
to 9080, 8443 to 9443, etc.
On Linux/MacOS, you will need to add execute permissions to all of the shell scripts in the bin directory:
chmod +x *.sh
3.Edit catalina.sh (or catalina.bat) and add the following line to the start of the file, after the comment
block listing the various Environment Variable Prequisites:
Linux/MacOS: JAVA_OPTS="$JAVA_OPTS -Xmx1024m -XX:MaxPermSize=256m"
Windows: set JAVA_OPTS="%JAVA_OPTS% -Xmx1024m -XX:MaxPermSize=256m"
Installation of OpenAM consisted of:
To Deploy OpenAM
The openam-server-10.1.0-Xpress.war file contains all OpenAM server components and samples. How
you deploy the .war file depends on your web application container.
1. Deploy the .war file on your container.
For example, copy the file to deploy on Apache Tomcat webapps directory.
2. After Tomcat has deployed OpenAM, you will see the exploded war file as apache-tomcat6.0.29/webapps/openam
3. Open a browser to http://localhost.example.com:9080/openam, which should redirect you to
http://localhost.example.com:9080/openam/config/options.htm, to complete the OpenAM configuration..
Created by Prabhakaran
Page 2
3. Integrating OpenAM with Liferay Portal
2013
4. You should see the OpenAM configuration options page. Under Custom Configuration click Create
New Configuration. Enter the following
Default User Password — password
5. Server Settings — default entries are ok
Created by Prabhakaran
Page 3
4. Integrating OpenAM with Liferay Portal
2013
6. Configuration Data Store Settings — select First Instance, select OpenAM as Configuration Data Store,
leave other entries
7. User Data Store Settings — select OpenAM User Data Store
Created by Prabhakaran
Page 4
5. Integrating OpenAM with Liferay Portal
2013
8. Site Configuration — select No
9. Default Policy Agent User — policy01 (password/password)
Created by Prabhakaran
Page 5
6. Integrating OpenAM with Liferay Portal
2013
10. Configurator Summary Details – click Create Configuration. This will create the configuration for
your OpenAM server under ~/opensso (or c:Documents and Settings{username}opensso).
11. When this completes, in the Configuration Complete dialog, click Proceed to Login, which should
now redirect you to http://localhost.example.com:9080/openam/UI/Login.
Type amAdmin as the username, password as the password, and click Log In. You should now see the
OpenAM Console.
Created by Prabhakaran
Page 6
7. Integrating OpenAM with Liferay Portal
2013
Additional OpenAM Configuration
To get OpenAM to work correctly with Liferay, you need to set Encode Cookie Value to Yes. This will
prevent infinite redirection between Liferay and OpenAM on login.
1.In the OpenAM Console, select the Configuration tab.
Created by Prabhakaran
Page 7
8. Integrating OpenAM with Liferay Portal
2013
2.Select the Servers and Sites tab.
3.Click Default Server Settings.
Created by Prabhakaran
Page 8
9. Integrating OpenAM with Liferay Portal
2013
4.Select the Security tab.
5.In the Cookie section, select the Yes checkbox beside Encode Cookie Value.
Created by Prabhakaran
Page 9
10. Integrating OpenAM with Liferay Portal
2013
6.Click Save.
Before updating Liferay to use OpenAM, I recommend adding the default Liferay user, test@liferay.com,
to OpenAM.
1.In the OpenAM Console, select the Access Control tab and Click the / (Top Level Realm) realm.
2. Select the Subjects tab.
Created by Prabhakaran
Page 10
11. Integrating OpenAM with Liferay Portal
2013
3.Click New…
Setup the default Liferay user:
ID — joebloggs
Created by Prabhakaran
Page 11
12. Integrating OpenAM with Liferay Portal
2013
First Name — Joe
Last Name — Bloggs
Full Name — Joe Bloggs
Password — password
Click OK to create the user.
4.Click Joe Bloggs to add the email address. Enter test@liferay.com for the Email Address, and click
Save.
Integrate Liferay Portal with OpenAM
Now you are ready to update Liferay Portal to integrate with OpenAM for authentication
1.If Liferay is running, shut it down (bin/shutdown).
Created by Prabhakaran
Page 12
13. Integrating OpenAM with Liferay Portal
2013
2.Create a new file, called portal-ext.properties, in your Liferay directory, under liferay-portal5.2.3/tomcat-6.0.18/webapps/ROOT/WEB-INF/classes/.
3.Edit this file, and add the following properties:
4.Start Liferay (bin/startup).
5.Once Liferay has started, open a browser to http://localhost.example.com/8080, and you should be
redirected to the OpenAM login page
Enter joebloggs for the User Name, and password for the Password. Click Log In.
You will be authenticated against OpenAM, and redirected to Liferay.
Created by Prabhakaran
Page 13
14. Integrating OpenAM with Liferay Portal
2013
Now that Liferay is using OpenAM for authentication, if you create a new user in OpenAM, that user will
also be created in Liferay on the first log in. That newly created user in Liferay will only have the basic
information filled in – First Name, Last Name, Screenname, Email Address – and will have the default
Roles, Groups, and Organizations assigned.
References’:
1. http://sourceforge.net/projects/lportal/files/Liferay%20Portal/5.2.2/
2. http://forgerock.com/download-stack/
3. http://tomcat.apache.org/download-60.cgi
4. https://wikis.forgerock.org/confluence/display/openam/integrate+OpenAM+with+Liferay
Created by Prabhakaran
Page 14