Web-SSO between Liferay and Alfresco with CAS and Penrose (part 1/2)

I know it, It is nothing new. But I always encounter this situation and I have always come back to explain again and again.

The requirements are:

  1. CAS for Authentication and SSO.
  2. Web application to do SSO between they: Liferay Portal 6.0.5 CE and Alfresco 3.2 CE.
  3. Penrose Virtual Directory with OpenDS as backend to store user credentials and to get a LDAP interface.

This post is based on a previous one about Liferay Portal Server LDAP Authentication with Penrose Server, I recommend you read it for it will be easier to follow.

I. Install and configure CAS server

Note:

  • CAS server v3.3.5 comes with appropriate libraries for Tomcat 5 and OpenJDK bundled in CentOS. Otherwise you will have to recompile and / or include some libraries more.

1. See preview post on “Liferay Portal Server LDAP Authentication with Penrose Server” (here)

2. Download CAS server (http://www.jasig.org/cas/download/cas-server-335-final) and deploy cas-server-webapp-3.3.5.war into any Java Web Server, in this case we will deploy into Tomcat server previuosly installed in CentOS box.

In my case, CentOS has installed Penrose Virtual Directory Server and has already loaded a LDAP tree with several users/identities (see details in last blog post).

3. Verify if Tomcat is installed into CentOS:

[root@directorysrv1 /]# rpm -ql tomcat5
/etc/logrotate.d/tomcat5
/etc/rc.d/init.d/tomcat5
/etc/sysconfig/tomcat5
/etc/tomcat5
/etc/tomcat5/Catalina
/etc/tomcat5/Catalina/localhost
...
/var/log/tomcat5
/var/log/tomcat5/catalina.out
[root@directorysrv1 /]#

If tomcat is not installed, you can download RPM packages and then install it:

[root@directorysrv1 /]# yum install tomcat5 tomcat5-webapps tomcat5-admin-webapps

We are using OpenJDK (this is the CentOS Java by default):

[root@directorysrv1 /]# java -version
java version "1.6.0"
OpenJDK  Runtime Environment (build 1.6.0-b09)
OpenJDK Client VM (build 1.6.0-b09, mixed mode)
[root@directorysrv1 /]#

4. Copy CAS server (cas-server-webapp-3.3.5.war) in Tomcat and start the server:

[root@directorysrv1 /]# cp /temp/cas-server-webapp-3.3.5.war /usr/share/tomcat5/webapps/
[root@directorysrv1 /]# ll /usr/share/tomcat5/webapps/
total 19248
-rw-r--r--  1 root root   19658857 Dec 31 11:00 cas-server-webapp-3.3.5.war
drwxrwxr-x 21 root tomcat     4096 Aug 13 11:35 jsp-examples
drwxrwxr-x  4 root tomcat     4096 Aug 13 11:35 ROOT
drwxrwxr-x  4 root tomcat     4096 Aug 13 11:35 servlets-examples
drwxrwxr-x 12 root tomcat     4096 Aug 13 11:35 tomcat-docs
drwxrwxr-x  3 root tomcat     4096 Aug 13 11:35 webdav
[root@directorysrv1 /]# service tomcat5 start
Starting tomcat5:                                          [  OK  ]
[root@directorysrv1 /]#

To have tomcat start automatically when the system boots, use “chkconfig tomcat5 on”.

5. Verify that CAS server has been deployed successfully. Open a browser with this
url: http://directorysrv1:8080/cas-server-webapp-3.3.5

6. To avoid errors, it’s vital that you ensure the Tomcat process owner (user tomcat) has write privileges to the path where cas.log and/or perfStats.log would be written.
Then, edit CAS’s log4j.xml or log4j.properties and add a valid path (for example: /usr/share/tomcat5/logs/) to these log (cas.log and/or perfStats.log) files:

[root@directorysrv1 /]# cd /usr/share/tomcat5/webapps/cas-server-webapp-3.3.5/WEB-INF/classes
[root@directorysrv1 /]# nano log4j.properties

Add a valid path to log file.

...
log4j.appender.logfile=org.apache.log4j.RollingFileAppender
log4j.appender.logfile.File=/usr/share/tomcat5/logs/cas.log
log4j.appender.logfile.MaxFileSize=512KB
# Keep three backup files.
log4j.appender.logfile.MaxBackupIndex=3
# Pattern to output: date priority [category] - message
...

7. After the changes in log4j.xml or log4j.properties, restart the Tomcat server and open the CAS login page: http://directorysrv1:8080/cas-server-webapp-3.3.5/login

If everything is ok, you should see the following:

Login page in CAS Server

Login page in CAS Server

8. By default, CAS server has enable basic authentication based in userid/password where any userid is equal to password, for example, test with rogerc/rogerc, you should see the message of “log in successful”.

Successfully log into CAS with default authentication model

Successfully log into CAS with default authentication model

II. Configure CAS server with Penrose Virtual Directory Server

Now we have to change simple test authentication (userid = pwd) model for the LDAP authentication (existing users and password stored in LDAP tree “ou=Employees,dc=intix,dc=info” previously loaded – see last blog post here -).

In other words, instead of authenticating with userid=rogerc/password=rogerc we will use
userid=roger@intix.info and password=xxxx in CAS.

1. Edit the deployerConfigContext.xml file:

[root@directorysrv1 /]# cd /usr/share/tomcat5/webapps/cas-server-webapp-3.3.5/WEB-INF
[root@directorysrv1 /]# nano deployerConfigContext.xml

.. comment SimpleTestUsernamePasswordAuthenticationHandler and add these lines:

<!-- step 1  SimpleTestUsernamePasswordAuthenticationHandler disabled -->
    <!-- bean        class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" /--></p>
<p><!-- step 2  Add new AuthN handler for Penrose Virtual Directory Server -->
    <bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" >
	  <property name="filter" value="mail=%u" />
	  <property name="searchBase" value="ou=Employees,dc=intix,dc=info" />
	  <property name="contextSource" ref="contextSource" />
    </bean>
</list>
</property>
</bean></p>
<p><!-- step 3 Add LDAP tree of Penrose Virtual Directory server -->
<bean id="contextSource"  	class="org.springframework.ldap.core.support.LdapContextSource">
	<property name="pooled" value="false"/>
	<property name="urls">
		<list>
			<value>ldap://directorysrv1:10389/</value>
		</list>
	</property>
	<property name="userDn" value="uid=admin,ou=system"/>
	<property name="password" value="secret"/>
	<property name="baseEnvironmentProperties">
	<!-- 	Set the LDAP connect and read timeout(in ms) for the java ldap class 	See http://java.sun.com/products/jndi/tutorial/ldap/connect/create.html 	-->
		<map>
		<entry>
			<key>
			<value>java.naming.security.authentication</value>
			</key>
			<value>simple</value>
		</entry>
		</map>
	</property>
</bean>

You can download deployerConfigContext.xml file from here.

2. Start Tomcat. You will see in catalina.out

...
INFO: SessionListener: contextInitialized()
Dec 31, 2010 2:05:16 PM org.apache.coyote.http11.Http11BaseProtocol start
INFO: Starting Coyote HTTP/1.1 on http-8080
Dec 31, 2010 2:05:16 PM org.apache.jk.common.ChannelSocket init
INFO: JK: ajp13 listening on /0.0.0.0:8009
Dec 31, 2010 2:05:16 PM org.apache.jk.server.JkMain start
INFO: Jk running ID=0 time=0/15  config=null
Dec 31, 2010 2:05:16 PM org.apache.catalina.storeconfig.StoreLoader load
INFO: Find registry server-registry.xml at classpath resource
Dec 31, 2010 2:05:16 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 4294 ms
...
2010...,660 INFO [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Setting path for ...>
2010...,877 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - <Starting...
2010...,878 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - <0 found ...
2010...,878 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - <Finished...

3. Test CAS server with BindLdapAuthenticationHandler. Open a browser, go to the CAS login page and enter any usr/pwd that exists in the LDAP tree “ou=Employees,dc=intix,dc=info”, for example: userid= Aamod.Wroclawski@intix.info with password=test

Successfully log into CAS with userid=Aamod.Wroclawski@intix.info with password=test

Successfully log into CAS with userid=Aamod.Wroclawski@intix.info with password=test

In the catalina.out you can see the following:

...
2010...,575 INFO [...successfully authenticated ... [username: Aamod.Wroclawski@intix.info]>
2010...,984 INFO [... ] - <Reloading registered services.>

III. Enable HTTPS and configure SSL Certificate on Tomcat server that contains CAS server

Note:

  • SSL Certificate is used to enable secure channel by communication between CAS server and any Webapp that does the authentication and Web-SSO with CAS.
  • It is necessary to install the Root SSL Certificate of the CAS server for each trusted certificate repository of Web Server container (or Java Virtual Machine).
  • All certificates will be selfsigned, only for testing purposes.

1. Create a key pairs for the new SSL certificate for CAS server with 730 days of validity:

keytool -genkey -alias tomcat -keypass <CERT_PWD> -keyalg RSA -keystore ./<MY_KEYSTORE> -validity 730</p>
<p>Where:
CERT_PWD is "changeit"
CAS_KEYSTORE is "cas-3_3_5.keystore"

.. create self signed SSL certificate:

[root@directorysrv1 /]# keytool -genkey -alias tomcat -keypass changeit -keyalg RSA -keystore /usr/share/tomcat5/cas-3_3_5.keystore -validity 730
Enter keystore password:
Re-enter new password:
What is your first and last name?
  [Unknown]:  directorysrv1
What is the name of your organizational unit?
  [Unknown]:  INTIX I+D
What is the name of your organization?
  [Unknown]:  INTIX.info
What is the name of your City or Locality?
  [Unknown]:  BARCELONA
What is the name of your State or Province?
  [Unknown]:  CATALUNYA
What is the two-letter country code for this unit?
  [Unknown]:  ES
Is CN=directorysrv1, OU="INTIX I+D", O=INTIX.info, L=BARCELONA, ST=CATALUNYA, C=ES correct?
  [no]:  yes</p>
<p>[root@directorysrv1 bin]#

2. Export the SSL certificate:

[root@directorysrv1 /]# keytool -export -alias tomcat -keypass changeit -keystore /usr/share/tomcat5/cas-3_3_5.keystore -storepass changeit -file /usr/share/tomcat5/directorysrv1_730days.crt
Certificate stored in file </usr/share/tomcat5/directorysrv1_730days.crt>
[root@directorysrv1 /]#

3. Remove comments in /usr/share/tomcat5/conf/server.xml and enable HTTPS:

...
<!-- Define a SSL HTTP/1.1 Connector on port 8443 --></p>
<p><!-- sept 1, SSL in CAS server -->
<Connector port="8443" maxHttpHeaderSize="8192"            maxThreads="150" minSpareThreads="25" maxSpareThreads="75"            enableLookups="false" disableUploadTimeout="true"            acceptCount="100" scheme="https" secure="true"            clientAuth="false" sslProtocol="TLS"            keystoreFile="/usr/share/tomcat5/cas-3_3_5.keystore"            keystorePass="changeit" /></p>
<p><!-- Define an AJP 1.3 Connector on port 8009 -->
...

You can download server.xml from here.

5. Now you can test CAS server on SSL, in this case you have to open a browser with this URL: https://directorysrv1:8443/cas-server-webapp-3.3.5/login

CAS login on SSL

CAS login on SSL

IV. Configure Liferay with CAS and LDAP Authentication

1. Import CAS server SSL public certificate in the JVM/JRE where Liferay is running, in my case I have Liferay running in WinXP box called “lfry01”.

c:\>keytool -import -alias tomcat -file c:\0share1\cas-3.3.5_cert\directorysrv1_730days.crt -keystore c:\1bpms-demo\liferay-portal-6.0.5\tomcat-6.0.26\jre1.6.0_21\win\lib\security\cacerts
Enter keystore password:
Owner: CN=directorysrv1, OU="INTIX I+D", O=INTIX.info, L=BARCELONA, ST=CATALUNYA, C=ES
Issuer: CN=directorysrv1, OU="INTIX I+D", O=INTIX.info, L=BARCELONA, ST=CATALUNYA, C=ES
Serial number: 4d1df9bc
Valid from: Fri Dec 31 16:41:48 GMT+01:00 2010 until: Sun Dec 30 16:41:48 GMT+01:00 2012
Certificate fingerprints:
         MD5:  11:4D:72:BB:80:42:EE:F7:4A:CA:E9:EA:F6:4F:86:8D
         SHA1: 7F:6B:12:64:31:8B:47:4E:11:33:D7:FE:EF:C6:D4:65:12:59:8D:2E
         Signature algorithm name: SHA1withRSA<br />
         Version: 3
Trust this certificate? [no]:  yes
Certificate was added to keystore</p>
<p>c:\>

2. Configure Liferay CAS and LDAP Authentication:

In last blog post We configured LDAP Authentication in Liferay, in this new example we just should add CAS server configuration in Liferay.

* Enabled: Yes
* Import from LDAP: Yes
* Login URL: https://directorysrv1:8443/cas-server-webapp-3.3.5/login
* Logout URL: https://directorysrv1:8443/cas-server-webapp-3.3.5/logout
* Server Name: lfry01:8080
* Server URL: https://directorysrv1:8443/cas-server-webapp-3.3.5
* Service URL: http://lfry01:8080/c/portal/login
CAS configuration in Liferay Control Panel

CAS configuration in Liferay Control Panel

3. Test LDAP Authentication and CAS with Liferay:

  • Go to Liferay http://lfry01:8080
  • Click on “Sign in” link located on the top right

    Click on "Sign in" (top right on guest page of Liferay)

    Click on "Sign in" (top right on guest page of Liferay)

  • CAS login form appears, enter with userid=Aamod.Wroclawski@intix.info and pwd=test

    Login page when requesting a protected resource in Liferay

    Login page when requesting a protected resource in Liferay

  • If authentication is OK, then you will be redirected to the Aamod.Wroclawski’s page within liferay

    When doing a successful logon in CAS, we are redirected to the requested page in Liferay

    When doing a successful logon in CAS, we are redirected to the requested page in Liferay

V. Install and configure Alfresco with CAS and LDAP Authentication

In the next post will explain how to configure Alfresco with CAS to do SSO and Authentication.

We also will see the importance of using an LDAP for supplying identidates and verify the SSO between Liferay and Alfresco.

See you soon.

References:

@Chilcano

Tagged with: , , , , , ,
Posted in ECM, Portal, Security
30 comments on “Web-SSO between Liferay and Alfresco with CAS and Penrose (part 1/2)
  1. hg says:

    I really interesed next post “Install and configure Alfresco with CAS and LDAP Authentication”.

  2. […] Server pre-configured (Virtual Directory/LDAP) named “directorysrv1″ of last blog post (Web-SSO between Liferay and Alfresco with CAS and Penrose (part 1/2)) but with a few […]

  3. Chua Wen Ching says:

    Hi Roger,

    I got all working except the last part.

    I enabled CAS, and when i login with this user Josyula.Wynblatt@acskl.com (or other users), i will redirect to this url
    http://192.168.1.7:8085/c/portal/login?ticket=ST-5-pSteVpnyHx2ykP5METiY-cas and I can’t see anything on the page (blank page). Tested with chrome and firefox, both seeing the same blank page issue.

    Any idea what’s wrong or missing? I believe is something to do with service url. Does all liferay will always return domain:port/c/portal/login for service url?

    Now if I want to go back to see what’s wrong and modify, I can’t seem to use test@liferay.com account anymore? Anyway to fallback?

    Any help? Thanks.

    • Could be many things, check following:

      1. Login, logout, service,… Urls of CAS in liferay control panel.

      2. Redirect after login in CAS config, make sure to use the same url in liferay control panel

      3.verify CAS log when login in liferay…

      Keep in touch.

  4. Chua Wen Ching says:

    Hi Roger,

    I still can’t get it to work. I ensure I have the right settings, get the cert registered properly on cacerts (saw a few solutions in liferay forums, yet I still can’t resolve the blank page issue).

    3 questions:-

    a)
    I changed the cas.properties to cater to the right URLs that is the same with Liferay CAS settings:-

    cas.securityContext.serviceProperties.service=https://192.168.1.7:8443/cas-server-webapp-3.3.5/services/j_acegi_cas_security_check
    cas.securityContext.casProcessingFilterEntryPoint.loginUrl=https://192.168.1.7:8443/cas-server-webapp-3.3.5/login
    cas.securityContext.ticketValidator.casServerUrlPrefix=https://192.168.1.7:8443/cas-server-webapp-3.3.5

    host.name=cas (i tried fqdn – ubuntu.acskl.com also no difference)

    Makes no difference here.

    b)
    When I login with a user, it will redirect me to CAS website. Upon login, it will redirect me to blank page.

    Below are the loggings:-

    catalina.out where my cas server resides in /var/lib/tomcat6 which i get as below:-


    … INFO [org.jasig.cas.web.flow.InitialFlowSetupAction] –
    … INFO [org.jasig.cas.authentication.AuthenticationManager] –
    … INFO [org.jasig.cas.CentralAuthenticationServiceImpl] – Granted service ticket [ST-1-B4B5aoohVtIGIBwqmxrE-cas] for service [http://192.168.1.87:8085/c/portal/login] for user [Josyula.Wynblatt@acskl.com]>

    So I believe my CAS is working fine. I tested CAS with http and https, it worked before this. Until I integrates with liferay, then blank page happened.

    Then in liferay tomcat logs, this is what i got:-

    i got this error sun.security.validator.ValidatorException: PKIX path building failed – sun.security.provider.certpath.suncertpathbuilderexception unable to find valid certification path to requested target

    I got a lot of them… but again i got the cert registered properly to cacerts. I tried few times too. Tried this approach here http://www.liferay.com/community/forums/-/message_boards/message/5270500

    c) I am using liferay 6.0.6 CE bundled with Tomcat. I believe it is using hypersonic database. How can I remove the CAS enabled settings so I can fallback back to previous settings? Like disable CAS, so I can still use test@liferay.com?

    Any help? Thanks.

  5. Chua Wen Ching says:

    Ok it is working now :)

    I recommmend to use installcert to install the cert properly.

    when create the keystore/cert, make sure specify the right hostname so which my case is ubuntu.

    then when place the configurations in liferay cas, make sure specific ubuntu:8443 than 192.168.1.7:8443. IP will not work no matter how you solve it. I read it somewhere, not recommended to use IP as IP may change in future too.

    Glad it is working now :) Thanks Roger, going to your part 2 now :)

    the only problem, if i use the ldap approach .. which account is the administrator account similar to test@liferay.com?

  6. Chua Wen Ching says:

    To remove PortletPreferences in hypersonic (say you place IP than want to change to domain name), check the info here http://www.liferay.com/community/forums/-/message_boards/message/9120734

  7. Carlo says:

    Hi Roger,

    I’m experiencing some problems with the version 3.4.8 of cas server.

    I’ve got a working installation of cas-server + liferay (5.2.3) on tomcat 6, but when I changed the SimpleTestUsernamePasswordAuthenticationHandler I got this error message:

    ERROR [org.springframework.web.context.ContextLoader] –
    org.springframework.beans.factory.BeanCreationException: Error creating bean with name ‘auditTrailManagementAspect’ defi
    ned in ServletContext resource [/WEB-INF/spring-configuration/auditTrailContext.xml]: Cannot resolve reference to bean ‘auditTrailManager’ while setting constructor argument with key [0]; nested exception is org.springframework.beans.factor
    y.NoSuchBeanDefinitionException: No bean named ‘auditTrailManager’ is defined

    It seems that the “auditTrailManager” bean is missing.

    Is it an upgrade problem (you use the 3.3 verson of cas)?
    Do you know where to find that bean?

    Thanks in advance

    • Carlo says:

      I found the solution to this problem: it was sufficent add a line to the deployerConfigContext.xml:

      but now another error rised:

      ERROR [org.springframework.web.context.ContextLoader] –
      org.springframework.beans.factory.BeanCreationException: Error creating bean with name ‘centralAuthenticationService’ de
      fined in ServletContext resource [/WEB-INF/spring-configuration/applicationContext.xml]: Cannot resolve reference to bea
      n ‘authenticationManager’ while setting bean property ‘authenticationManager’; nested exception is org.springframework.b
      eans.factory.BeanCreationException: Error creating bean with name ‘authenticationManager’ defined in ServletContext reso
      urce [/WEB-INF/deployerConfigContext.xml]: Cannot create inner bean ‘org.jasig.cas.adaptors.ldap.BindLdapAuthenticationH
      andler#1df4449’ of type [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] while setting bean property ‘authent
      icationHandlers’ with key [1]; nested exception is org.springframework.beans.factory.CannotLoadBeanClassException: Canno
      t find class [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] for bean with name ‘org.jasig.cas.adaptors.ldap
      .BindLdapAuthenticationHandler#1df4449’ defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]; nested
      exception is java.lang.ClassNotFoundException: org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler

      any idea?

  8. Hi Carlo,
    yes, you need build CAS from scratch using Maven. SimpleTestUsernamePasswordAuthenticationHandler requires new libraries. More info here:
    https://wiki.jasig.org/display/CASUM/LDAP (for LDAP Auth)

    Regards.

  9. ham says:

    hi, everybody
    i try to integrete cas liferay my infrastructure
    1) ldap server +tomcat+cas in 172.57.178.13
    2) two instance liferay one in 172.57.178.11 the onther in 172.57.178.19
    the connexion between ldap nad cas is ok
    i did configuration liferay cas in both of the liferay
    my problem is:
    when i connected in liferay1, im redirected to cas interface in enter email/passwd and i m conencted to the liferay1
    normaly when i’ll connected to liferay2 i don’t have to enter email/passwd, it’s the main of SSO no?
    but when i m connected to liferay2 i have to enter email/passwd
    any idea /help ?
    thanks

    • yes, SSO is “single sign-on” and you do not need entry usr/pwd again.

      1) verify AuthN with CAS in each liferay work successfully, 2) then verify sync (import) of user already been done in each liferay, then 3) after login in liferay1, go to private page of liferay2, you should be able to access the page without to enter usr/pwd, otherwise review your CAS configuration.

      Regards.

  10. ham says:

    thks Roger i ensure that i verified all paramaters and all is ok i pass u my config liferay for both liferays:
    1)liferay1
    Login URL:http://172.57.178.13:8080/cas-server-webapp-3.3.5/login
    Logout URL: http://172.57.178.13:8080/cas-server-webapp-3.3.5/logout
    Server Name: liferay1
    Server UR:L http://172.57.178.13:8080/cas-server-webapp-3.3.5
    Service URL: http://liferay1/c/portal/login

    2)liferay2
    Login URL:http://172.57.178.13:8080/cas-server-webapp-3.3.5/login
    Logout URL: http://172.57.178.13:8080/cas-server-webapp-3.3.5/logout
    Server Name: liferay2
    Server URL: http://172.57.178.13:8080/cas-server-webapp-3.3.5
    Service URL: http://liferay2/c/portal/login

    thks

  11. ham says:

    must i use https?
    if yes, have i to generate two certificates for diferent liferays on the ca server?

    thks

    • yes, HTTPS is necessary when validating authenticaded session.
      you need install CAS’s certificate in each JVM CA store in order to trust relationship. do not forget to update URLs in liferay.

      regards.

  12. ham says:

    hi Roger,thks for ur response no cas work but i have one last problem (i hope)
    i have this message error in my liferays:

    Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    any idea please?
    thks

    • Hi Waraki Hamza, you have to create 3 Certs (2 for each liferay and last one for CAS) self-signed (more easy) and have to install in each JVM cert store and ***trusted*** them.
      The error is because CAS can not validate authenticated session, because CAS does not trust on them.

      Anything, emailme.

  13. ham says:

    i have to create for each server liferay one certificate?
    i have create just one on the cas server
    i don’t understand :s

    • Sorry, you have to install CAS cert into JVM CA Cert Store only (make sure installed cert is to set as trusted).
      Liferay bundle comes with JRE (JVM), make sure you are using this CACert store.

  14. ham says:

    thks roger for ur efforts
    have i to modify /usr/share/tomcat5/conf/server.xml and enable HTTPS on the liferferays server because that u know i have 3 seperated servers

    thks

  15. ham says:

    thks roger for ur efforts
    have i to modify /usr/share/tomcat5/conf/server.xml and enable HTTPS on the liferferays server because that u know i have 3 seperated servers

    thks Roger

  16. ham says:

    please how to Import CAS server SSL public certificate in the JVM/JRE where Liferay is running on the distance server not on local
    thks for u help

  17. […] between Liferay and Alfresco with CAS and Penrose part 1 and part 2 Posted by Roger Carhuatocto Filed in PORTAL, Security, SSO Tags: CAS, Liferay, SSO […]

  18. i enabled CAS but the issue is password is same as the username. i.e test@liferay.com…I want to use my own database in CAS…..I also modified deployerconfig.xml too bt still no conclusion can u guide me how to resolve dis issue

  19. Hi Himanshu,

    If you want to connect CAS server with your own Database storing users/identities, then you have to go CAS documentation, here: https://wiki.jasig.org/display/CASUM/JDBC

    If you want to connect CAS server with LDAP Server, then follow this blogpost (see “II. Configure CAS server with Penrose Virtual Directory Server” section).

    Regards.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Archives
%d bloggers like this: