We are starting OpenAM integration by considering we have setup OpenDJ with Liferay. See http://www.liferaysolution.com/2016/03/opendj-liferay-62.html
Install OpenDJ
1) Download OpenAM-11.0.0.war from https://backstage.forgerock.com/#!/downloads/OpenAM/OpenAM%20Enterprise/11.0.0/OpenAM%2011#list
2) You can deploy this war file in the same tomcat where your liferay is runinng or you can deploy in separate tomcat server (apache-tomcat-7.0.68). My recommendation is , use separate tomcat server for that
3) For our comfort, rename war file from OpenAM-11.0.0.war to OpenSSO.war and start tomcat server for deployment
4) Once it's deployed into tomcat, you can access it through http://jignesh.openam.com:7070/OpenSSO. Here jignesh.openam.com:7070 is the host name which i configured for newly installed tomcat server.
Also make sure that server have enough JVM memory allocation using below line in startup.bat
set JAVA_OPTS=-Dfile.encoding=UTF-8 -Xms128m -Xmx1024m -XX:PermSize=64m -XX:MaxPermSize=256m
5) Click on create new configuration link
6) Give the password called password1 for General >> Default user password
7)Click next
8) Provide host name and other setting given in below snap
9) click next and Configure Data store setting given as below screen
10) click next and Configure User Data store setting given as below screen where you will give your OpenDJ related setting where your User is stored
11) Click next and don't make any change in Site Configuration
12) click on next and give the password calles password2 for Default Policy Agent [UrlAccessAgent]
13) click next and check the summary
14) Click on Create configuration button which will take 2-3 minutes time to configure OpenSSO if you configured everything properly.
You are done with setup !!!!
Now you may have to make sure whether the configuration you did is correct or not for OpenAM and its reading all the users from OpenDJ or not.
OpenAM Configuration
if you have done this setup proper then it will bring you to the login screen of OpenAM which can be access by http://jignesh.openam.com:7070/OpenSSO
you can login with
amadmin
password1 (First default user password which you set through configuration step)
1) Once you login, you will be able to see below screen
2) Go to Access Control Tab where you can create your own Realm or can use / (Top Level Realm) which is available
3) click on / (Top Level Realm) and go to Subjects tab where you should be able to see all your users which is available and if its not then you need to to Data stores tab where you can find your data store link and can configure proper LDAP settings.
4) Also here you will have to create Joe bloggs user in LDAP OpenDJ under people group so it will be available for us. use the same email,first name, last name and screen name to create user in OpenDJ
5) No we will have to create J2ee agent inside OpenAM which will be needed for SSO with Liferay
6) Go to Agents >> J2EE tab
7) Click on new button to create new agent called LiferayEEagent
8) Now you also need to apply the agent for the tomcat server where your SSO application is running
Download Tomcat-v6-Agent_3.5.0.zip from https://backstage.forgerock.com/#!/downloads/OpenAM/J2EE%20Policy%20Agents/3.5.0/Apache%20Tomcat%206,%207%20and%208#list
extract the zip file and put tomcat_v6_agent folder in some directory
go to tj2ee_agents\tomcat_v6_agent\bin folder and run agentadmin --install from command prompt
it will ask you couple of questions for configuration and tomcat paths which will be given as below
Tomcat Server Config Directory : C:\jignesh\apache-tomcat-7.0.68\conf
OpenAM server URL : http://jignesh.openam.com:7070/OpenSSO
$CATALINA_HOME environment variable : C:\jignesh\apache-tomcat-7.0.68
Agent URL : http://jignesh.openam.com:7070/agentapp
Agent Profile name : LiferayEEagent
Agent Profile Password file name : C:\jignesh\apache-tomcat-7.0.68\agent-pass.txt
Verify your settings above and decide from the choices below.
1. Continue with Installation
2. Back to the last interaction
3. Start Over
4. Exit
Please make your selection [1]: 1
here make sure you give the same
Agent Profile name : LiferayEEagent
Agent Profile Password file name : C:\jignesh\apache-tomcat-7.0.68\agent-pass.txt
which you used during j2ee agent creation time from OpenAM. password you may need to put some txt file and you may need to provide location
9) you setup j2ee policy agent in openAm as well as tomcat server so you are good to go ahead now.
Note: if your server doesn start after applying agent for tomcat, just go to config folder and replace server.xml file and also you may need to put set JAVA_OPTS=%JAVA_OPTS% -Dopenam.agents.bootstrap.dir=C:/jignesh/tomcat_v6_agent/Agent_001/config in your startup.bat file of tomcat where your sso is running
10) Now go to Configuration >> Servers and Sites tab from access control panel and click on default server setting button and security tab
11) Go to Cookie section and mark Encode Cookie Value: true and save the configurations
You are done from OpenAM side configurations.
Liferay Configuration
Put below properties in portal-ext.properties file :
open.sso.auth.enabled=true
open.sso.login.url=http://jignesh.openam.com:7070/OpenSSO/UI/login?goto=http://jignesh.openam.com:8080/c/portal/login
open.sso.logout.url=http://jignesh.openam.com:7070/OpenSSO/UI/Logout?goto=http://jignesh.openam.com:8080/c/portal/logout
open.sso.service.url=http://jignesh.openam.com:7070/OpenSSO
open.sso.screen.name.attr=uid
open.sso.email.address.attr=mail
open.sso.first.name.attr=givenname
open.sso.last.name.attr=sn
open.sso.logout.on.session.expiration=false
Add below code in your tomcat web.xml file
<filter>
<description>SJS Access Manager Tomcat Policy Agent
Filter</description>
<display-name>Agent</display-name>
<filter-name>Agent</filter-name>
<filter-class>com.sun.identity.agents.filter.AmAgentFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>Agent</filter-name>
<url-pattern>/web*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
Restart Liferay tomcat
How to Test
Go to your Liferay server URL : jignesh.openam.com:8080
click on signin link
it will bring you to openAM login
once you login with your joebloggs credentials , it will redirect you to liferay and you will alrady logged in there in liferay
Note: New OpenAM version 13 doesnt work with Liferay as it may need some more configurations which I am not much aware about :)
Enjoy!!!!!!!!!!!!!
Posts
