1

We need to show document from alfresco in Liferay portlets. We would use the CMIS connector with the document library. But we are required that the users be authenticated with OpenAM (a sso).

All the research I've done seam to indicate that ootb it doesn't work. But I can't find anyone that made it works.

So is it possible to use the CMIS connector with an SSO authenticated user?

If yes, what step should we do, or is there some doc already available?

If no, Is there any work around or other solution to connect Liferay with alfresco with an SSO authenticated user?

Jonatan Cloutier
  • 899
  • 9
  • 26
  • Did you have a look at http://stackoverflow.com/questions/25969373/liferay-integration-with-openam-using-active-directory ? – Bernhard Thalmayr Sep 26 '14 at 06:58
  • Well that's a step before where I'm at. – Jonatan Cloutier Sep 26 '14 at 15:07
  • With any kind of SSO integration you will not get the password of the user, only the 'princial name'. If the CMIS connector requires the password you are out of luck – Bernhard Thalmayr Sep 30 '14 at 06:52
  • yes but there is some techno like CAS proxyGrantingTicket that make this possible event without having the real user password, and it's in this line that I ask if some one successfully made it work with the given setup. There is also some way to 'hack' a SSO session with javascript by forcing the user to "login" to the target system (alfesco) in our case ant then use the http header the user got to use in back end connection with the other system. But we'd really prefer not to do this. – Jonatan Cloutier Oct 01 '14 at 01:03
  • Looking at the code for com.liferay.portal.repository.cmis.CMISAtomPubRepository there seems no other option as to leverage username and password I did not check if Liferay allows to plugin a custom CMIS repository which would allow the send the SSO Token to Alfresco (if it is also protected by OpenAM ... or send a request header/parameter with some id Alfresco could leverage ... agreed somewhat unsecure – Bernhard Thalmayr Oct 02 '14 at 07:23
  • We are actually looking in creating our own CMIS connector on the liferay side and probably adding a custom authentication on alfresco side,but we are still unsure about how to build that one to stay secure. Thanks for your answers – Jonatan Cloutier Oct 02 '14 at 16:20

1 Answers1

0

So to summarize the situation, no, by default there is no way to use Liferay document librairy/cmis connector with any SSO.

But, it is possible to use it by modifying the Liferay feature (With hook) and using a specific strategies (This go from proxy sso to some java script hack that I wont go to deep into as we decides not to do it) to get the required info to send to alfresco.

Other solution (that we chooses) is to implement a custom authentication on alfresco and to use a password that is not the user one as password, but there is some security concern that need to be taken into account with this solution because the simple way to do it create a "master password" that could be used by anyone.

So basically there is really no one size fit all solutions on this subject.

Jonatan Cloutier
  • 899
  • 9
  • 26