Use Secure Channel(Https) After Login In Liferay Portal

blog-banner

If you want to configure liferay portal in a way that the credentials supplied (especially during the login process) are always encrypted (by using HTTPS) but still it is possible to browse the public content by HTTP for guest users.

Goal of this blog is to provide following functionalities :

  • Liferay portal runs on both HTTP and HTTPs protocol

  • Guest user can access liferay portal on HTTP protocol

  • As soon as user tries to login, he/she immediately redirected to HTTPs url.

  • After login, user access the portal on HTTPs protocol so that data being encrypted on further process

  • After logout, user access liferay portal on HTTP protocol


We can achieve above functionalities by putting a few properties in portal-ext.properties file and configuring virtual host in apache web server.

Step-1 : Add Properties

In our example, lets assume we will access our site with www.example.com

# Set this For Front ending Apache with Liferay

web.server.http.port=80

web.server.host=www.example.com

 

# Added SSL

company.security.auth.requires.https=true

web.server.protocol=https

web.server.https.port=443

default.logout.page.path = http://www.example.com

Step-2 : Generate Certificate and key

Now you need to generate SSL certificate, key and add certificate to JVM of your system.

Please refer following blog for above. Make sure you generate key and certificate under directory ‘ /etc/apache2/ssl/’.

http://www.surekhatech.com/blog/liferay-sso-integration

Step-3 : Apache configuration

First enable following modes :

sudo a2enmod ssl

sudo a2enmod proxy_http

sudo a2enmod proxy_ajp

sudo a2enmod headers

Now configure apache virtual host as following :

<VirtualHost *:80>

 

   ServerName www.example.com

   ServerAdmin [email protected]

   ServerAlias www.example.com

   

   LogLevel warn

   ErrorLog /var/log/apache2/example.error.log

   CustomLog /var/log/apache2/example.access.log combined

 

   <Proxy *>

       AddDefaultCharset Off

       Order deny,allow

       Allow from all

   </Proxy>

 

   ProxyPass / ajp://localhost:8009/

   ProxyPassReverse / ajp://localhost:8009/

 

</VirtualHost>

 

<VirtualHost *:443>

 

   ServerName www.example.com

   ServerAdmin [email protected]

   ServerAlias www.example.com

 

   Header set Access-Control-Allow-Origin "*"

 

   LogLevel warn

   ErrorLog /var/log/apache2/example.ssl.error.log

   CustomLog /var/log/apache2/example.ssl.access.log combined

 

   SSLEngine on

   SSLProxyEngine on

   SSLCertificateFile   /etc/apache2/ssl/example.crt

   SSLCertificateKeyFile /etc/apache2/ssl/example.key

 

   ProxyRequests On

   ProxyVia On

   ProxyPreserveHost On

 

   ProxyPass / ajp://localhost:8009/

   ProxyPassReverse / ajp://localhost:8009/


</VirtualHost>

Now you should be able to view the portal on https://www.example.com and on http://www.example.com but if you try to login on a http URL you will be immediately redirected to the https://www.example.com and stay there for the whole session.

Contact us

For Your Business Requirements

Text to Identify Refresh CAPTCHA
Background Image Close Button

2 - 4 October 2024

Hall: 10, Booth: #B8 Brussels, Belgium