web-servicessingle-sign-onliferaycredentials

How to create SSO from Liferay to another portal / service?


I am developing an integration from Liferay to another service in two possible different ways:

1) I want associate another site to the account and the user would browse that another service on a iFrame with the credentials given automatically from some storage associated with her Liferay account.

2) I want to attach a web services to some account on another system and fetch some data of that user to the screen as a feed. Again, web services uses some credentials that are associated to the Liferay account of that person.


Solution

  • For 1, I'd go with a proper SSO solution: Integrate both, Liferay and your other solution in to a common SSO server. This handles the SSO aspect quite well. This works especially well when you're already using LDAP for identity information, so you can easily use it as well from your SSO server.

    You can also make Liferay provide the user's identity to your external application, but as this is rather nonstandard I'd like to advise the standard SSO route. Granted, you need one more component, but this is typically well understood, has a good focus on SSO and is maintained and updated independently from a homegrown solution.

    If you're talking about "just a small solution", e.g. rather a workaround, your mileage may vary (e.g. a dedicated SSO might be too much infrastructure).

    For 2) I'm not completely sure what you're talking about, but it might as well be solved by central user management (e.g. LDAP) and impersonation - maybe with the help of the SSO solution - of certain users.