Details

    • Type: Feature Request Feature Request
    • Status: Open
    • Priority: Minor Minor
    • Resolution: Unresolved
    • Affects Version/s: 6.0.6 GA, 6.1.0 CE GA1, 6.1.10 EE GA1, 6.2.0 CE M2
    • Fix Version/s: None
    • Labels:
    • Liferay Contributor's Agreement:
      Accept
    • Similar Issues:
      Show 5 results 

      Description

      Digital certificates are widely used in public administration to identify citizens, and it can be a valuable new feature for Liferay.
      The digital certificate is usually stored in the web browser, so the portal should be able to access that information and open a new session in Liferay for that authenticated user.

      Here's the wiki with the project proposal for Digital Certificate Login feature for the community.

      Aaron has submitted a first implementation that needs to be reviewed and improved to be a first attempt of implementation: https://github.com/b-aron/cert-auth-hook.

        Activity

        Hide
        Cynthia Wilburn (Inactive) added a comment -

        Aron - In order for this contribution to be considered for inclusion, please click the "contribute solution" button in the workflow of this ticket, accept the contributor's agreement and then accept the contribution in the workflow. This places the ticket in a state that indicates that an engineer must review your contributions. Thanks! Cynthia

        Show
        Cynthia Wilburn (Inactive) added a comment - Aron - In order for this contribution to be considered for inclusion, please click the "contribute solution" button in the workflow of this ticket, accept the contributor's agreement and then accept the contribution in the workflow. This places the ticket in a state that indicates that an engineer must review your contributions. Thanks! Cynthia
        Hide
        Áron Budea added a comment -

        Contribution agreement accepted. Thank you, Cynthia.

        Show
        Áron Budea added a comment - Contribution agreement accepted. Thank you, Cynthia.
        Hide
        James Falkner added a comment -

        Hey Aron, thanks for this contribution! We are beyond the point where we could include this into the 6.1 release as it is very close to finished, and we are only fixing bugs from here on out. I would suggest that you could also place this into the community repository and eventually the Liferay Marketplace, once it is operational. The repository can be found at http://www.liferay.com/downloads/liferay-portal/community-plugins

        Show
        James Falkner added a comment - Hey Aron, thanks for this contribution! We are beyond the point where we could include this into the 6.1 release as it is very close to finished, and we are only fixing bugs from here on out. I would suggest that you could also place this into the community repository and eventually the Liferay Marketplace, once it is operational. The repository can be found at http://www.liferay.com/downloads/liferay-portal/community-plugins
        Hide
        Áron Budea added a comment -

        Hi James. Thanks for the idea, that sounds good. Before doing that, however, I would appreciate feedback whether the solution conforms the proposal. I'm also wondering if modifications apart from the core autologin module, in particular the portlet UI adjustments should be part of the hook (and if they should, is there anything else I've overlooked).

        Finally, there is this issue mentioned in the readme about the insecure session cookie. I'm not entirely comfortable with the workaround of disabling HTTP access to the portal altogether (which is basically the only guest view in this case). Could someone check and let me know if there is a different way? Thanks!

        Show
        Áron Budea added a comment - Hi James. Thanks for the idea, that sounds good. Before doing that, however, I would appreciate feedback whether the solution conforms the proposal. I'm also wondering if modifications apart from the core autologin module, in particular the portlet UI adjustments should be part of the hook (and if they should, is there anything else I've overlooked). Finally, there is this issue mentioned in the readme about the insecure session cookie. I'm not entirely comfortable with the workaround of disabling HTTP access to the portal altogether (which is basically the only guest view in this case). Could someone check and let me know if there is a different way? Thanks!
        Hide
        Juan Fernández added a comment -

        Hi Áron:
        First of all, thank you very much for this awesome contribution and sorry for the delay in the response.
        This feature is something a lot of customers and community members have been asking for a long time.
        I'm reviewing it to analyze if we can include it in the Liferay core for the next version, so I will contact you soon to discuss over the issues you mention in the "Readme "file
        Thanks a lot,
        Juan Fernández

        Show
        Juan Fernández added a comment - Hi Áron: First of all, thank you very much for this awesome contribution and sorry for the delay in the response. This feature is something a lot of customers and community members have been asking for a long time. I'm reviewing it to analyze if we can include it in the Liferay core for the next version, so I will contact you soon to discuss over the issues you mention in the "Readme "file Thanks a lot, Juan Fernández
        Hide
        Juan G added a comment - - edited

        This is a very good idea, but I see a problem in this. What happens when server is behind cluster with SSL termination? In this case connections are made in http from ssl termination to J2EE server (Liferay), hence certificate won't be available, isn't it?

        Even ignoring previous fact, source should be adapted to map Liferay attributes (email, screenName, etc) to custom certificate fields (example, spanish Id Card).

        This can be achieved using CAS, anyway.

        Show
        Juan G added a comment - - edited This is a very good idea, but I see a problem in this. What happens when server is behind cluster with SSL termination? In this case connections are made in http from ssl termination to J2EE server (Liferay), hence certificate won't be available, isn't it? Even ignoring previous fact, source should be adapted to map Liferay attributes (email, screenName, etc) to custom certificate fields (example, spanish Id Card). This can be achieved using CAS, anyway.
        Hide
        Randy Zhu added a comment -

        In preparation for Ideation; we are moving this contributed solution tickets to “Feature Request”. Additional information to follow.

        Show
        Randy Zhu added a comment - In preparation for Ideation; we are moving this contributed solution tickets to “Feature Request”. Additional information to follow.

          People

          • Votes:
            7 Vote for this issue
            Watchers:
            8 Start watching this issue

            Dates

            • Created:
              Updated:
              Days since last comment:
              2 years, 1 day ago

              Development

                Structure Helper Panel