通过CAS登录Liferay,通过登录Portlet创建帐户功能 [英] Liferay login via CAS, create account functionality via Login Portlet
问题描述
我们使用Liferay 6.1.0,OpenLDAP来存储用户,并使用CAS来实现SSO.我将Liferay配置为使用CAS进行登录.但是,只有在单击右上角的登录"链接时,才能通过CAS登录.用户也可以通过Login portlet登录,但不使用CAS.首先,我以为可以隐藏或删除登录portlet来强制用户通过CAS登录,但是后来我丢失了登录portlet提供的创建帐户"链接.而且我需要Liferay的创建帐户"功能,因为它非常实用(例如,它将新用户导出到LDAP).
We use Liferay 6.1.0, OpenLDAP for storing users, and CAS for SSO. I configured Liferay to use CAS for login. However, login via CAS works only if one clicks the "Sign In" link in the upper right corner. Users can also log in via the Login portlet but that does not use CAS. First I thought I can hide or remove the Login portlet to force the users to log in via CAS, but then I lose the "Create Account" link which is provided by the login portlet. And I need the Create Account functionality of Liferay because it is very practical (it exports new users to the LDAP for instance).
我该如何吃蛋糕? IE.是否提供Liferay的创建帐户"链接,而不显示其余的登录Portlet,并且强制"仅通过CAS登录的已注册用户?任何帮助,将不胜感激.谢谢.
How can I have the cake and eat it? I.e. offer Liferay's Create Account link without showing the rest of the Login portlet, and "force" already registered users logging in via CAS only? Any help would be appreciated. Thanks.
推荐答案
在我终于弄清楚了这个问题的同时,回答了我自己的问题...
Answering my own question as I finally figured it out...
我创建了一个钩子来替换JSP文件$TOMCAT/webapps/ROOT/html/portlet/login/login.jsp,其中$TOMCAT是Liferay捆绑软件中的Tomcat服务器目录. (有关操作方法,请参见 Liferay指南创建JSP挂钩.)
I created a hook to replace the JSP file $TOMCAT/webapps/ROOT/html/portlet/login/login.jsp where $TOMCAT is the Tomcat server directory in the Liferay bundle. (Check the Liferay guide on how to create JSP hooks.)
其想法是测试是否启用了CAS,如果是,则隐藏"表单中的用户名,密码字段和登录按钮.我在Liferay Shibboleth插件中找到的测试条件.这是从101行或其附近开始的JSP的相关部分:
The idea is to test whether CAS is enabled, and if yes, then "hide" the username, password fields and the login button in the form. The test condition I found in a Liferay Shibboleth plugin. Here is the relevant part of the JSP, starting from Line 101 or thereabouts:
<liferay-ui:error exception="<%= UserPasswordException.class %>" message="authentication-failed" />
<liferay-ui:error exception="<%= UserScreenNameException.class %>" message="authentication-failed" />
<%-- When CAS is enabled, don't show the normal login fields --%>
<c:choose>
<c:when test="<%= PrefsPropsUtil.getBoolean(company.getCompanyId(), PropsKeys.CAS_AUTH_ENABLED, PropsValues.CAS_AUTH_ENABLED) %>" >
<%-- CAS is enabled --%>
<div><p>
Please sign in via CAS using the "Sign In" link in the upper right corner.
</p></div>
</c:when>
<c:otherwise> <%-- original login fields --%>
<aui:fieldset>
<%
String loginLabel = null;
if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
loginLabel = "email-address";
}
else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
loginLabel = "screen-name";
}
else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
loginLabel = "id";
}
%>
<aui:input label="<%= loginLabel %>" name="login" showRequiredLabel="<%= false %>" type="text" value="<%= login %>">
<aui:validator name="required" />
</aui:input>
<aui:input name="password" showRequiredLabel="<%= false %>" type="password" value="<%= password %>">
<aui:validator name="required" />
</aui:input>
<span id="<portlet:namespace />passwordCapsLockSpan" style="display: none;"><liferay-ui:message key="caps-lock-is-on" /></span>
<c:if test="<%= company.isAutoLogin() && !PropsValues.SESSION_DISABLED %>">
<aui:input checked="<%= rememberMe %>" inlineLabel="left" name="rememberMe" type="checkbox" />
</c:if>
</aui:fieldset>
<aui:button-row>
<aui:button type="submit" value="sign-in" />
</aui:button-row>
</c:otherwise>
</c:choose>
<%-- end of CAS-dependent login field part --%>
</aui:form>
诚然,这是一个hack,但它可以工作. :-)
Admittedly it is a hack but it works. :-)
这篇关于通过CAS登录Liferay,通过登录Portlet创建帐户功能的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
