Liferay is an enterprise portal.
Liferay can use LL::NG as an SSO provider but you have to manage how users are created:
Of course, integration will be full if you use the LDAP directory as users backend for LL::NG and Liferay.
This documentation just explains how to set up the SSO part. Please refer to Liferay documentation to enable LDAP provisionning.
Access to Liferay (first time):
Login as administrator:
Go to My Account:
Go to Portal » Settings:
Go to Configuration » Authentication:
In General, fill at least the following information:
ldap.auth.enabled=true
Then use the SiteMinder tab to configure SSO:
Configure Liferay virtual host like other protected virtual host.
<VirtualHost *:80> ServerName liferay.example.com PerlHeaderParserHandler Lemonldap::NG::Handler ... </VirtualHost>
server {
listen 80;
server_name liferay.example.com;
root /path/to/application;
# Internal authentication request
location = /lmauth {
internal;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
# Drop post datas
fastcgi_pass_request_body off;
fastcgi_param CONTENT_LENGTH "";
# Keep original hostname
fastcgi_param HOST $http_host;
# Keep original request (LLNG server will received /llauth)
fastcgi_param X_ORIGINAL_URI $request_uri;
}
# Client requests
location / {
auth_request /lmauth;
auth_request_set $lmremote_user $upstream_http_lm_remote_user;
auth_request_set $lmlocation $upstream_http_location;
error_page 401 $lmlocation;
try_files $uri $uri/ =404;
...
include /etc/lemonldap-ng/nginx-lua-headers.conf;
}
location / {
try_files $uri $uri/ =404;
}
}
Go to the Manager and create a new virtual host for Liferay.
Just configure the access rules. You can add a rule for logout:
^/c/portal/logout => logout_sso
Configure the Auth-User header.