2

My softwares are: Liferay 6.0.6 with Tomocat 6.0.29, OpenSSO 9.5.2_RC1 Build 563 with tomcat 6.0.35, CentOS 6.2 Operating system Setup: I have setup both liferay and opensso on the same CenOS machine, making sure that both of its tomcat run on very different port, I have installed and configured OpenSSO with Liferay as per the guidelines availaible on liferay forums Problem: when i hit my application URL i get redirected to Opensso login page which is what i want, when i login with proper authentication details it trys to redirect to my application which is exactly how it should behave, however this redirect goes in a loop and i don't see my application dashboard. The conclusion i come to is that the redirect is trying to authenticate in liferay but somehow it does not get what it is looking for and goes back to opensso and this repeats infinitely. I can find similar issues been reported here. Unfortunetly, it did not work.

Later i decided to debug the liferay code and i put a break point on com.liferay.portal.servlet.filters.sso.opensso.OpenSSOUtil and com.liferay.portal.servlet.filters.sso.opensso.OpenSSOFilter. The way i understand this code is written is it first goes to the OpenSSOUtil.processFilter() method which get's the openSSO setting information that i have configured on liferay and later checks if it is authenticated by calling the method OpenSSOUtil.isAuthenticated(). This particular implementation basically reads the cookie information sent and tries to set the cookie property on liferay by calling the method OpenSSOUtil._setCookieProperty(). This is where it fails, it tries to read the cookie with name [iPlanetDirectoryPro] from the liferay class com.liferay.util.CookieUtil using the HttpServletRequest object but all it get's a NULL. this value set's the authenticate status to false and hence the loop executes.

Following is the code from class com.liferay.util.CookieUtil

public static String get(HttpServletRequest request, String name) {
    Cookie[] cookies = request.getCookies();

    if (cookies == null) {
        return null;
    }

    for (int i = 0; i < cookies.length; i++) {
        Cookie cookie = cookies;

        String cookieName = GetterUtil.getString(cookie.getName());

        if (cookieName.equalsIgnoreCase(name)) {
            return cookie.getValue();
        }
    }

    return null;
}

Can anyone please let me know why liferay is not able to find the cookie that opensso sent. If its related to Opensso setting about enable cookie value, then i have done that already which is here In OpenSSO go to: Configuration -> Servers and Sites -> -> Security -> Cookie -> check Encode Cookie Value (set to Yes)

What works: when this loop is executing i open another tab and login to my application explicitly, from my application when i signout it get's signout from opensso also. This is strange to me.

For more information, while this redirect loop happens, following URL's give me these set of information

http://opensso.ple.com:9090/openam/identity/getCookieNameForToken

 string=iPlanetDirectoryPro

http://opensso.ple.com:9090/openam/identity/isTokenValid

  boolean=true
Dani
  • 3,744
  • 4
  • 27
  • 35
Vinodborole
  • 165
  • 2
  • 15
  • I have solved this problem. It was the domain issue. My opensso application was running on domain http://opensso.test1.com and my application was running on the domain http://server.test2.com. Due to different domain names test1.com and test2.com. The cookies that opensso created was not getting shared. – Vinodborole Apr 02 '12 at 12:20
  • Hey, I am struggling with the exact same problem at the moment. How are you testing your SSO and Liferay if they are in different domains? What do you need to configure? – semonte Apr 02 '12 at 13:33

0 Answers0