PUBLIC - Liferay Portal Community Edition

SSO - integrate SAML 2.0 SSO

Details

  • Type: New Feature New Feature
  • Status: Closed Closed
  • Priority: Critical Critical
  • Resolution: Duplicate
  • Affects Version/s: 6.0.5 GA
  • Fix Version/s: --Sprint 12/11, 6.1.0 CE RC1
  • Component/s: Framework/API
  • Labels:
    None
  • Environment:
    PRD-349 6.x or above
  • Similar Issues:
    Show 5 results 

Description

integrate SAML 2.0 SSO

Security Assertion Markup Language 2.0 (SAML 2.0) is a version of the SAML OASIS standard for exchanging authentication and authorization data between security domains. SAML 2.0 is an XML-based protocol that uses security tokens containing assertions to pass information about a principal (usually an end-user) between an identity provider and a web service. SAML 2.0 enables web-based authentication and authorization scenarios including single sign-on (SSO).

Refer to http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security

Issue Links

This issue relates:
LPS-22121 SAML: Can't sign-out from SP when SLO is enabled Major Closed

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Oleg Cohen added a comment -

Another option to enable Liferay SAML 2.0 SSO is to use the AssureBridge SSO adapter plugin which enables Liferay integration with the AssureBridge fully-managed, hosted SSOExchange service. For more details please visit this page: http://www.assurebridge.com/integrations/liferay-saml-single-sign-on-integration.

Show
Oleg Cohen added a comment - Another option to enable Liferay SAML 2.0 SSO is to use the AssureBridge SSO adapter plugin which enables Liferay integration with the AssureBridge fully-managed, hosted SSOExchange service. For more details please visit this page: http://www.assurebridge.com/integrations/liferay-saml-single-sign-on-integration.
Hide
Permalink
Denis Vaumoron added a comment -

Hi Mika,

here is the patch implementing the service provider part of SAML 2.0 and 1.1 in Liferay, as we discussed earlier, this implementation support a post endpoint for assertion consumer service, a redirect endpoint for single logout and use the binding redirect for send request, but for the moment it does not support encryption, only signature. The IdP metadata location on filesystem is in portal.properties, the SP metadata are generated and can be read on server at /saml/metadata.xml. I have tested it with the IDP simpleSAMLphp and Authentic.

Hope it help...

Best regards,

Denis

Show
Denis Vaumoron added a comment - Hi Mika, here is the patch implementing the service provider part of SAML 2.0 and 1.1 in Liferay, as we discussed earlier, this implementation support a post endpoint for assertion consumer service, a redirect endpoint for single logout and use the binding redirect for send request, but for the moment it does not support encryption, only signature. The IdP metadata location on filesystem is in portal.properties, the SP metadata are generated and can be read on server at /saml/metadata.xml. I have tested it with the IDP simpleSAMLphp and Authentic. Hope it help... Best regards, Denis
Hide
Permalink
Denis Vaumoron added a comment -

I forgot to mention that this patch also include LPS-14104 and LPS-14345

Show
Denis Vaumoron added a comment - I forgot to mention that this patch also include LPS-14104 and LPS-14345
Hide
Permalink
Mika Koivisto added a comment -

Thanks Denis.

Show
Mika Koivisto added a comment - Thanks Denis.
Hide
Permalink
Marco Bencivenni added a comment -

Hi Denis,

we tryed to use your patch but we miss 4 classes:

com.liferay.portal.model.Assertion
com.liferay.portal.NoSuchAssertionException
com.liferay.portal.service.base.AssertionLocalServiceBaseImpl
com.liferay.portal.service.AssertionLocalServiceUtil

Where can we find these classes?
Thanks,
Marco B

Show
Marco Bencivenni added a comment - Hi Denis, we tryed to use your patch but we miss 4 classes: com.liferay.portal.model.Assertion com.liferay.portal.NoSuchAssertionException com.liferay.portal.service.base.AssertionLocalServiceBaseImpl com.liferay.portal.service.AssertionLocalServiceUtil Where can we find these classes? Thanks, Marco B
Hide
Permalink
Denis Vaumoron added a comment -

You need to launch the service builder to generate them

Show
Denis Vaumoron added a comment - You need to launch the service builder to generate them
Hide
Permalink
Michael Han added a comment -

Duplicated ticket...EE only features

Show
Michael Han added a comment - Duplicated ticket...EE only features

People

Vote (22)
Watch (28)

Dates

  • Due:
    Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.4#664-r167664) | Report a problem
Powered by a free Atlassian JIRA open source license for Liferay. Try JIRA - bug tracking software for your team.