• Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 5.0.1
    • Fix Version/s: 5.1.0
    • Component/s: None
    • Labels:



      From Tony Lin:

      I was trying to enable OpenSSO for Liferay, but could not get it to work after enabled OpenSSO in the Liferay Admin, so I decided to look into the code in order to find out why it didn't work for me.

      After spent few days on the source code of both OpenSSO and Liferay, I found few bugs in Liferay's OpenSSO integration code and finally got it to work, here are those changes:

      1) in the file portal-impl/src/com/liferay/portal/security/auth/

      Change this line:

      BufferedReader reader = new BufferedReader(
      new InputStreamReader((InputStream)con.getContent()));


      BufferedReader reader = new BufferedReader(
      new InputStreamReader((InputStream)con.getInputStream()));
      Reason: getContent() will first check the "Content-Type" header of the response content, and then create the proper content handler according to the content type, but unfortunately, OpenSSO returns a page without the "Content-Type" header, so getContent will throw an exception.

      2) in the same file, when caught the NoSuchUserException, it will try to add the new user as a new into Liferay, but sometimes it could not find the default theme and the locale for the new user, and it will fail to add the new user.

      I changed this part (within "catch (NoSuchUserException nsue)") from:

      ThemeDisplay themeDisplay = (ThemeDisplay)req.getAttribute(WebKeys.THEME_DISPLAY);
      user = addUser(companyId, firstName, lastName, emailAddress, screenName, themeDisplay.getLocale());to:

      ThemeDisplay themeDisplay = (ThemeDisplay)req.getAttribute(WebKeys.THEME);
      Locale themeLocale = null;
      themeLocale = themeDisplay==null ? Locale.CANADA : themeDisplay.getLocale();
      user = addUser(companyId, firstName, lastName, emailAddress, screenName, themeLocale);

      3) under the Liferay web interface Liferay=> Enterprise Admin=>Settings=>Authentication=>OpenSSO

      Change the LoginURL to something like:


      and Change the LoginoutURL to something like:


      Reason: This will fix the issue of needing to login twice.

      But, there is another problem need to be fixed, when the session times out, the cookie(OpenSSO token) remains in the browser, so when you are trying to login again, Liferay will still try to verify the SSO token with the OpenSSO server, and it will then failed on the OpenSSO server, so Liferay will redirect you back to Liferay login page, so you will not be able to login to OpenSSO again unless you delete your saved cookies in your browser.

      So when the session times out, we need to remove all OpenSSO (or the current SSO solution) cookie from the client side browser so the users are able to login again.

      Hope this is helpful for those who want to use OpenSSO with Liferay, but you will need to setup Liferay dev environment to compile the code after the changes.




            • Votes:
              0 Vote for this issue
              0 Start watching this issue


              • Created: