Thursday, August 12, 2010

Sign-up for Liferay portal with OpenID provided By WSO2Identity Server

Here i am going to describe the steps how we can configure to use openid provided by identity server to sign-up with Liferay 4.4.2 portal

1. First  download WSO2Identity server from here (Alpha3 Build of latest version) and you can extract in to a directory in your file system. Lets call as CARBON_HOME

2. Then configure host name (assume change it to "wso2is") First configure following parameters in carbon.xml which can be found in CARBON_HOME/conf

 <ServerURL>https://wso2is:${carbon.management.port}${carbon.context}/services/</ServerURL>
 <HostName>wso2is</HostName>

configure following parameters in identity.xml which can be found in same location

    <OpenIDServerUrl>https://wso2is:9443/openidserver</OpenIDServerUrl>
    <OpenIDUserPattern>https://wso2is:9443/openid/</OpenIDUserPattern>

if you are running in local machine, make sure to add your new host name in to the hosts file

3. You can start Identity server by running  wso2server.sh (in unix) or wso2server.bat (in windows)  file in the CARBON_HOME/bin directory

openid url of default admin will look like  https://wso2is:9443/openid/admin

4. Import Identity server public certificate to the java cacerts which is the trust-store for Liferay (This step, if you use default keystore, wso2carbon.jks for identity server or any self sign key store)

Liferay use java cacerts as its trust-store. But wso2carbon.jks contains self signed certificate. So public key should be imported to the cacerts that is used by Liferay. Then Liferay can trust the Openid provided by wso2identity server.

first export wso2carbon cert from wso2carbon.jks which can be found in CARBON_HOME/resources/security directory. sample keytool command

> keytool -export -keystore wso2carbon.jks -file carbon.cert -alias localhost -keypass wso2carbon

Then import it to cacerts in JAVA_HOME/jre/lib/security

> keytool -import -keystore cacerts -file carbon.cert -alias carbon -keypass changeit

5. Download latest version of Liferay portal 4.4.2  from here and you can extract in to a directory in your file system. Lets call as LIFERAY_HOME

6. Set CATALINA_HOME =LIFERAY_HOME/tomcat_dir

7. Start Liferay portal by running  catalina.sh run (in unix) or catalina.bat file in CATALINA_HOME/bin directory.

8. Add Full Name as a default attribute in identity user profiles and Fill the user profile

In order to perform the registration (sign-up) in Liferay using OpenID, when user first logins with an OpenID, Liferay asks some information from WSO2Identity Server (Openid provider) about the user. The provider must be able to provide this information through OpenID protocol extensions (Identity Server have implemented the Simple Registration Extension protocol).  Here Full Name and Email attributes are retrieved from identity server. So these two should be configure in user profiles.

--Full name is not supported by default. so first you need to update the claim mapping. Goto Claim management ->  http://wso2.org/claims claim dialect -> full name claim mapping and tick on "Supported by Default" and update.




--Then Goto My profile and fill default or you can add a new profile.

                                                                                                                                  
9. Now try to sign-up by providing your openid , https://wso2is:9443/openid/admin

6 comments:

  1. Do you know why i would get the following error?

    Error! Relying Party initialization failed

    when attempting to login into my local test instance of stratos 1.5.1 ?

    I used url https://cloud-test.wso2.com:9443/carbon/relyingparty/index.jsp


    ReplyDelete
  2. Do you know if Identity Server can use Liferay as an authentication authority? Thanks

    ReplyDelete
  3. Thanks for taking the time to discuss this, I feel strongly about it and love learning more on this topic. If possible, as you gain expertise, would you mind updating your blog with extra information? It is extremely helpful for me. company in singapore

    ReplyDelete
  4. Positive site, where did u come up with the information on this posting?I have read a few of the articles on your website now, and I really like your style. Thanks a million and please keep up the effective work. security guard company

    ReplyDelete
  5. Great article Lot's of information to Read...Great Man Keep Posting and update to People..Thanks HiLook CCTV

    ReplyDelete
  6. I found so many interesting stuff in your blog especially its discussion. From the tons of comments on your articles, I guess I am not the only one having all the enjoyment here! keep up the good work... spy cam

    ReplyDelete