SSO - integrate SAML 2.0 SSO

Details

Type: New Feature
Status: Closed
Priority: Critical
Resolution: Duplicate
Affects Version/s: 6.0.5 GA
Fix Version/s: --Sprint 12/11, 6.1.0 CE RC1
Component/s: API > JavaScript
Labels:
None
Environment:
PRD-349 6.x or above

Similar Issues:

Show 5 results

Description

integrate SAML 2.0 SSO

Security Assertion Markup Language 2.0 (SAML 2.0) is a version of the SAML OASIS standard for exchanging authentication and authorization data between security domains. SAML 2.0 is an XML-based protocol that uses security tokens containing assertions to pass information about a principal (usually an end-user) between an identity provider and a web service. SAML 2.0 enables web-based authentication and authorization scenarios including single sign-on (SSO).

Refer to http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Download All

Attachments

LPS-8427-build-70637.patch

19/Jan/11 2:37 AM

131 kB

Denis Vaumoron

Issue Links

relates

LPS-22121 SAML: Can't sign-out from SP when SLO is enabled

Options
- Show All
- Show Open

Sub-Tasks

1.	SSO - SAML 2.0 Web SSO		Resolved	Kiyoshi Lee
2.	SSO - SAML 2.0 Single Logout		Resolved	Kiyoshi Lee

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Oleg Cohen added a comment - 02/Nov/10 6:25 PM

Another option to enable Liferay SAML 2.0 SSO is to use the AssureBridge SSO adapter plugin which enables Liferay integration with the AssureBridge fully-managed, hosted SSOExchange service. For more details please visit this page: http://www.assurebridge.com/integrations/liferay-saml-single-sign-on-integration.

Show

Oleg Cohen added a comment - 02/Nov/10 6:25 PM Another option to enable Liferay SAML 2.0 SSO is to use the AssureBridge SSO adapter plugin which enables Liferay integration with the AssureBridge fully-managed, hosted SSOExchange service. For more details please visit this page: http://www.assurebridge.com/integrations/liferay-saml-single-sign-on-integration .

Hide

Permalink

Denis Vaumoron added a comment - 19/Jan/11 2:37 AM

Hi Mika,

here is the patch implementing the service provider part of SAML 2.0 and 1.1 in Liferay, as we discussed earlier, this implementation support a post endpoint for assertion consumer service, a redirect endpoint for single logout and use the binding redirect for send request, but for the moment it does not support encryption, only signature. The IdP metadata location on filesystem is in portal.properties, the SP metadata are generated and can be read on server at /saml/metadata.xml. I have tested it with the IDP simpleSAMLphp and Authentic.

Hope it help...

Best regards,

Denis

Show

Denis Vaumoron added a comment - 19/Jan/11 2:37 AM Hi Mika, here is the patch implementing the service provider part of SAML 2.0 and 1.1 in Liferay, as we discussed earlier, this implementation support a post endpoint for assertion consumer service, a redirect endpoint for single logout and use the binding redirect for send request, but for the moment it does not support encryption, only signature. The IdP metadata location on filesystem is in portal.properties, the SP metadata are generated and can be read on server at /saml/metadata.xml. I have tested it with the IDP simpleSAMLphp and Authentic. Hope it help... Best regards, Denis

Hide

Permalink

Denis Vaumoron added a comment - 19/Jan/11 2:43 AM

I forgot to mention that this patch also include ~~LPS-14104~~ and ~~LPS-14345~~

Show

Denis Vaumoron added a comment - 19/Jan/11 2:43 AM I forgot to mention that this patch also include LPS-14104 and LPS-14345

Hide

Permalink

Mika Koivisto added a comment - 19/Jan/11 10:34 AM

Thanks Denis.

Show

Mika Koivisto added a comment - 19/Jan/11 10:34 AM Thanks Denis.

Hide

Permalink

Marco Bencivenni added a comment - 14/Apr/11 7:37 AM

Hi Denis,

we tryed to use your patch but we miss 4 classes:

com.liferay.portal.model.Assertion
com.liferay.portal.NoSuchAssertionException
com.liferay.portal.service.base.AssertionLocalServiceBaseImpl
com.liferay.portal.service.AssertionLocalServiceUtil

Where can we find these classes?
Thanks,
Marco B

Show

Marco Bencivenni added a comment - 14/Apr/11 7:37 AM Hi Denis, we tryed to use your patch but we miss 4 classes: com.liferay.portal.model.Assertion com.liferay.portal.NoSuchAssertionException com.liferay.portal.service.base.AssertionLocalServiceBaseImpl com.liferay.portal.service.AssertionLocalServiceUtil Where can we find these classes? Thanks, Marco B

Hide

Permalink

Denis Vaumoron added a comment - 16/Apr/11 1:04 AM

You need to launch the service builder to generate them

Show

Denis Vaumoron added a comment - 16/Apr/11 1:04 AM You need to launch the service builder to generate them

Hide

Permalink

Michael Han added a comment - 20/Oct/11 10:24 PM

Duplicated ticket...EE only features

Show

Michael Han added a comment - 20/Oct/11 10:24 PM Duplicated ticket...EE only features

People

Assignee:

Kristoffer Onias

Reporter:

Jonas Yuan

Participants of an Issue:

Denis Vaumoron, Jonas Yuan, Kristoffer Onias, Marco Bencivenni, Michael Han, Mika Koivisto, Oleg Cohen

Vote (22)

Watch (28)

Dates

Due:

23/May/11

Created:

17/Mar/10 3:06 PM

Updated:

20/Oct/11 10:24 PM

Resolved:

20/Oct/11 10:24 PM

Days since last comment:

1 year, 30 weeks, 5 days ago

Agile

View on Board

LPS-13976	SSO - SAML 2.0 Web SSO
LPS-13977	SSO - SAML 2.0 Single Logout
~~LPS-16693~~	SSO (LDAP on Active Directory + NTLM) + Webdav
LPS-9572	Authentication - Facebook SSO
~~LPS-22260~~	When trying to login to an SP via SAML, I have to do it twice