Use Secure Channel(Https) After Login In Liferay Portal - ST 2024
Use Secure Channel(Https) After Login In Liferay Portal
If you want to configure liferay portal in a way that the credentials supplied (especially during the login process) are always encrypted (by using HTTPS) but still it is possible to browse the public content by HTTP for guest users.
Goal of this blog is to provide following functionalities :
Liferay portal runs on both HTTP and HTTPs protocol
Guest user can access liferay portal on HTTP protocol
As soon as user tries to login, he/she immediately redirected to HTTPs url.
After login, user access the portal on HTTPs protocol so that data being encrypted on further process
After logout, user access liferay portal on HTTP protocol
We can achieve above functionalities by putting a few properties in portal-ext.properties file and configuring virtual host in apache web server.
Step-1 : Add Properties
In our example, lets assume we will access our site with www.example.com
# Set this For Front ending Apache with Liferay
web.server.http.port=80
web.server.host=www.example.com
# Added SSL
company.security.auth.requires.https=true
web.server.protocol=https
web.server.https.port=443
default.logout.page.path = http://www.example.com
Step-2 : Generate Certificate and key
Now you need to generate SSL certificate, key and add certificate to JVM of your system.
Please refer following blog for above. Make sure you generate key and certificate under directory ‘ /etc/apache2/ssl/’.
http://www.surekhatech.com/blog/liferay-sso-integration
Step-3 : Apache configuration
First enable following modes :
sudo a2enmod ssl
sudo a2enmod proxy_http
sudo a2enmod proxy_ajp
sudo a2enmod headers
Now configure apache virtual host as following :
<VirtualHost *:80>
ServerName www.example.com
ServerAdmin [email protected]
ServerAlias www.example.com
LogLevel warn
ErrorLog /var/log/apache2/example.error.log
CustomLog /var/log/apache2/example.access.log combined
<Proxy *>
AddDefaultCharset Off
Order deny,allow
Allow from all
</Proxy>
ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/
</VirtualHost>
<VirtualHost *:443>
ServerName www.example.com
ServerAdmin [email protected]
ServerAlias www.example.com
Header set Access-Control-Allow-Origin "*"
LogLevel warn
ErrorLog /var/log/apache2/example.ssl.error.log
CustomLog /var/log/apache2/example.ssl.access.log combined
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /etc/apache2/ssl/example.crt
SSLCertificateKeyFile /etc/apache2/ssl/example.key
ProxyRequests On
ProxyVia On
ProxyPreserveHost On
ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/
</VirtualHost>
Now you should be able to view the portal on https://www.example.com and on http://www.example.com but if you try to login on a http URL you will be immediately redirected to the https://www.example.com and stay there for the whole session.
For Your Business Requirements
2 - 4 October 2024
Hall: 10, Booth: #B8 Brussels, Belgium