Recent Bloggers

Saurang Suthar
Posts: 5
Stars: 0
Date: 7/4/17
Jyoti Verma
Posts: 3
Stars: 0
Date: 6/28/17
Pankti Patel
Posts: 1
Stars: 0
Date: 5/26/17
Chandrika Baraiya
Posts: 5
Stars: 0
Date: 5/26/17
Atith Patel
Posts: 5
Stars: 0
Date: 5/22/17
Nisarg Pujara
Posts: 6
Stars: 0
Date: 5/10/17
Pranavsinh Parmar
Posts: 4
Stars: 0
Date: 5/3/17
Ankit Prajapati
Posts: 5
Stars: 0
Date: 5/3/17
Pratik Solanki
Posts: 5
Stars: 0
Date: 4/7/17
Chirag Patel
Posts: 4
Stars: 0
Date: 3/30/17
« Back

Use secure channel(https) after login in liferay portal

If you want to configure liferay portal in a way that the credentials supplied (especially during the login process) are always encrypted (by using HTTPS) but still it is possible to browse the public content by HTTP for guest users.

 

Goal of this blog is to provide following functionalities :

  • Liferay portal runs on both HTTP and HTTPs protocol

  • Guest user can access liferay portal on HTTP protocol

  • As soon as user tries to login, he/she immediately redirected to HTTPs url.

  • After login, user access the portal on HTTPs protocol so that data being encrypted on further process

  • After logout, user access liferay portal on HTTP protocol


We can achieve above functionalities by putting a few properties in portal-ext.properties file and configuring virtual host in apache web server.

In our example, lets assume we will access our site with www.example.com

 
Step-1 : Add Properties
 
Add following properties in portal-ext.properties :

 

# Set this For Front ending Apache with Liferay

web.server.http.port=80

web.server.host=www.example.com

 

# Added SSL

company.security.auth.requires.https=true

web.server.protocol=https

web.server.https.port=443

default.logout.page.path = http://www.example.com

 

Restart the server.

 
Step-2 : Generate Certificate and key
 

Now you need to generate SSL certificate, key and add certificate to JVM of your system.

Please refer following blog for above. Make sure you generate key and certificate under directory ‘ /etc/apache2/ssl/’.

http://www.surekhatech.com/blog/liferay-sso-integration

 
Step-3 : Apache configuration
 
First enable following modes :
 

sudo a2enmod ssl

sudo a2enmod proxy_http

sudo a2enmod proxy_ajp

sudo a2enmod headers

 

Now configure apache virtual host as following :

 

<VirtualHost *:80>

 

   ServerName www.example.com

   ServerAdmin admin@surekhatech.com

   ServerAlias www.example.com

   

   LogLevel warn

   ErrorLog /var/log/apache2/example.error.log

   CustomLog /var/log/apache2/example.access.log combined

 

   <Proxy *>

       AddDefaultCharset Off

       Order deny,allow

       Allow from all

   </Proxy>

 

   ProxyPass / ajp://localhost:8009/

   ProxyPassReverse / ajp://localhost:8009/

 

</VirtualHost>

 

<VirtualHost *:443>

 

   ServerName www.example.com

   ServerAdmin admin@surekhatech.com

   ServerAlias www.example.com

 

   Header set Access-Control-Allow-Origin "*"

 

   LogLevel warn

   ErrorLog /var/log/apache2/example.ssl.error.log

   CustomLog /var/log/apache2/example.ssl.access.log combined

 

   SSLEngine on

   SSLProxyEngine on

   SSLCertificateFile   /etc/apache2/ssl/example.crt

   SSLCertificateKeyFile /etc/apache2/ssl/example.key

 

   ProxyRequests On

   ProxyVia On

   ProxyPreserveHost On

 

   ProxyPass / ajp://localhost:8009/

   ProxyPassReverse / ajp://localhost:8009/


</VirtualHost>

 

Now you should be able to view the portal on https://www.example.com and on http://www.example.com but if you try to login on a http URL you will be immediately redirected to the https://www.example.com and stay there for the whole session.


For more implementation details or support you may contact us at enquiry@surekhatech.com.

Comments
No comments yet. Be the first.

Contact Us

Loading

Get in touch

Headquarter :
302, Landmark,
Nr. Titanium City Center,
Prahlad Nagar Road,
Ahmedabad, India - 380015.