Dashboard > Tempo > ... > FAQ > SSO Integration Tempo, Liferay with CAS > View
Tempo Log In   View a printable version of the current page.
SSO Integration Tempo, Liferay with CAS
Browse Space    
Added by Nicolas Modrzyk, last edited by Nicolas Modrzyk on Sep 11, 2008  

Integrate Central Authentication Service(CAS), tempo and liferay with ui-fw-portlet

Let's use this system infrastructure for example:

Set up CAS server

  1. Deploy the project "cas-server-webapp" to your server or run the TRUNK/rsc/scripts/create_tomcat.rb to create a new tomcat server (You will find a webapp cas under the webapp root).
  2. Change the tokenService bean in WEBAPP_ROOT/cas/WEB-INF/deployerConfigContext.xml:

    <bean id="tokenService" class="org.intalio.tempo.security.ws.TokenClient">
    <constructor-arg value="http://tempo.com:8080/axis2/services/TokenService" />
    </bean>

  3. Enable the SSL connection of your CAS server using the keystore: TRUNK/rsc/liferay501/tempokeystore (if you setup the server via create_tomcat.rb, you don't need to do that). eg:

    <Connector port="8443" maxHttpHeaderSize="8192"
    maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
    enableLookups="false" disableUploadTimeout="true"
    acceptCount="100" scheme="https" secure="true"
    clientAuth="false" sslProtocol="TLS" keystoreFile="var/config/tempokeystore"/>

  4. Import the certification(TRUNK/rsc/liferay501/tempo.cert) into JRE (Actually the tempo.cert is a selfcert for localhost, doesn't really work for cas.com, you have to use your own cert for your domain) 
    eg: keytool -import -file TRUNK/rsc/liferay501/tempo.cert -alias tempo -keystore $JAVA_HOME/lib/security/cacerts

Set up tempo

  1. Run the script TRUNK/rsc/scripts/create_tomcat.rb to create a new tempo tomcat bundle.

Set up the liferay server with ui-fw-portlet

  1. Change the configuration file TRUNK/rsc/scripts/config.yml to enable the liferay server build up. (uncomment the 'server: liferay_v501')
  2. Run the script TRUNK/rsc/scripts/create_tomcat.rb to create a new liferay tomcat bundle.
  3. Change the file WEBAPP_ROOT/ROOT/WEB-INF/classes/portal-ext.properties

    cas.login.url=https://cas.com:8443/cas/login
    cas.logout.url=https://cas.com:8443/cas/logout
    cas.service.url=http://liferay.com:8080/c/portal/login
    cas.validate.url=https://cas.com:8443/cas/proxyValidate
    cas.proxycallback.url=https://liferay.com:8443/c/portal/CasProxyServlet

  4. Change the file WEBAPP_ROOT/ui-fw-portlet/WEB-INF/web.xml: 
    <servlet>
  <servlet-name>JsonUpdate</servlet-name>
  <servlet-class>org.intalio.tempo.uiframework.service.JsonUpdate</servlet-class>
  <init-param>
    <param-name>TaskManagementServices</param-name>
    <param-value>http://tempo.com:8080/axis2/services/TaskManagementServices</param-value>
  </init-param>
</servlet>
  5. Change the file WEBAPP_ROOT/ui-fw-portlet/WEB-INF/tempo-ui-fw-portlet.xml 
        <bean id="tokenService" class="org.intalio.tempo.security.ws.TokenClient">
        <constructor-arg value="http://tempo.com:8080/axis2/services/TokenService"/>
    </bean>
Comments
Site powered by a free Open Source Project / Non-profit License (more) of Confluence - the Enterprise wiki.
Learn more or evaluate Confluence for your organisation.
Powered by Atlassian Confluence, the Enterprise Wiki. (Version: 1.4.1 Build:#212 Jun 02, 2005) - Bug/feature request - Contact Administrators