Type: Technical Support
Resolution: Won't Fix
Affects Version/s: 4.3.6
Fix Version/s: 4.3.6
Environment:JBOSS App Server=jboss-4.0.3SP1 , LifeRayPortal=liferay-portal-4.3.4,OS=i686 i686 i386 GNU/Linux,WebServer=Apache
For Our SSO (with any application in our Environment) we use a Genereric SSO page.The process goes as below
We have a Policy Server setup and then we communicate it the URL to be protected and once all relative configurations are done then URL becomes a protected one.
When the URL (in this case Liferay Portal URL , for ex. Lets say http://abc.com/ or http://abc.com/liferay) is hit in the Browser,then Policy Server checks whether the URL is protected or not and if found a protected one then Forwards the request to a Predefined SSO Page(normaly catered by a simple Java application) and then user enters his/her credentials.Once the Policy Server verifies the proper credentials It forwards the request to originally requested URL (i.e. http://abc.com/ or http://abc.com/liferay as the case may be).
After this the application (LifeRay Portal in this case) is supposed to take these credentials and log in into the Normal Requested Application.
So with respect to LifeRay-Portal please help us to figure out what else we need to add/change in requestHeader being forwarded by PolicyServer(after user acuthentication is verified) so as not to get the Portal Login Page again.
However I must say that as per the normal policy ,Policy Server is not allowed to forward password from its side.Rest all is fine.
We thought of integrating CAS but since it has its own LoginPage so even the SSO page(i.e Policy Server) forwards the request to the applicaton and that is not understood by CAS and therfore it comes with its own Login page which is not desirable.
So I removed the CAS setting and as per before getting the same Portal Login page after the user gets properly authenticated from our SSO page.
Please help us to figure out the change and/or improvement or process/methodolgies to achive this.