Liferay 7 辅助实例 Siteminder SSO
Liferay 7 secondary instance Siteminder SSO
我们希望使用 Liferay 的 multi-tenancy 功能进行新的实现。
在过去的 Liferay 版本(7 之前)中,我们已经能够使用 Siteminder(在控制面板 -> 门户设置 -> 身份验证 -> Siteminder 下)分别集成和保护 Liferay 的每个实例。
似乎在 Liferay 7 中,这不再可能了。通过使用基于令牌的 SSO 和能力指定 SSO 身份验证请求 header,Siteminder SSO 配置已移动到仅具有默认实例(?)。在控制面板中似乎没有任何方法可以为辅助实例进行配置。
有人在 Liferay 7 中使用 Siteminder SSO 吗?如果是这样,基于令牌的 SSO 是否适用于默认实例(例如 abc.com)?有没有人将此用于辅助实例(例如 xyz.com)?
非常感谢任何见解!
谢谢
尝试导出配置并将配置文件放入 osgi/config 文件夹,并在名称后附加公司 ID com.liferay.portal.security.sso.token.configuration.TokenConfiguration-20116.config(或 cfg)
如果这不起作用,原因是有人忘记将 scope = ExtendedObjectClassDefinition.Scope.COMPANY 添加到 TokenConfiguration
一个选项是覆盖此 class 并添加范围。我只是担心需要帮助者来提取公司特定的配置。
在此帮助某人。我从 Liferay 那里听到了以下消息。我将进行测试并将 post 更新:
Token Based SSO has been elevated to a system setting in Liferay DXP.
This means that when the feature is enabled it is available for every
instance. There is no longer an option in Liferay itself to provide
instance-level support for Token Based SSO. The SSO is
enabled/disabled for every instance because it is set at the system
level.
Liferay DXP only cares that a token has been provided. What this means
is that whether the token is for the right instance is up to the
authentication servers being used. It is conceptually possible for
each instance to be able to use its own token. This can be tested by
seeing if the authentication servers lead to the right instances when
they provide their tokens. If that does not work then modifying the
authentication servers to ensure that they are providing the right
tokens to be directed to the right instance may be the next best step.
In regards to whether or not each instance can be individually
protected, because Token Based SSO is enabled at the system level if
instance level authentication is also enabled then both
authentications would be hit during the log-in process. If Token Based
SSO is set at the default security feature and the instance-level
authentication as the secondary, then each instance can be
individually protected.
我们希望使用 Liferay 的 multi-tenancy 功能进行新的实现。
在过去的 Liferay 版本(7 之前)中,我们已经能够使用 Siteminder(在控制面板 -> 门户设置 -> 身份验证 -> Siteminder 下)分别集成和保护 Liferay 的每个实例。
似乎在 Liferay 7 中,这不再可能了。通过使用基于令牌的 SSO 和能力指定 SSO 身份验证请求 header,Siteminder SSO 配置已移动到仅具有默认实例(?)。在控制面板中似乎没有任何方法可以为辅助实例进行配置。
有人在 Liferay 7 中使用 Siteminder SSO 吗?如果是这样,基于令牌的 SSO 是否适用于默认实例(例如 abc.com)?有没有人将此用于辅助实例(例如 xyz.com)?
非常感谢任何见解! 谢谢
尝试导出配置并将配置文件放入 osgi/config 文件夹,并在名称后附加公司 ID com.liferay.portal.security.sso.token.configuration.TokenConfiguration-20116.config(或 cfg)
如果这不起作用,原因是有人忘记将 scope = ExtendedObjectClassDefinition.Scope.COMPANY 添加到 TokenConfiguration
一个选项是覆盖此 class 并添加范围。我只是担心需要帮助者来提取公司特定的配置。
在此帮助某人。我从 Liferay 那里听到了以下消息。我将进行测试并将 post 更新:
Token Based SSO has been elevated to a system setting in Liferay DXP. This means that when the feature is enabled it is available for every instance. There is no longer an option in Liferay itself to provide instance-level support for Token Based SSO. The SSO is enabled/disabled for every instance because it is set at the system level.
Liferay DXP only cares that a token has been provided. What this means is that whether the token is for the right instance is up to the authentication servers being used. It is conceptually possible for each instance to be able to use its own token. This can be tested by seeing if the authentication servers lead to the right instances when they provide their tokens. If that does not work then modifying the authentication servers to ensure that they are providing the right tokens to be directed to the right instance may be the next best step.
In regards to whether or not each instance can be individually protected, because Token Based SSO is enabled at the system level if instance level authentication is also enabled then both authentications would be hit during the log-in process. If Token Based SSO is set at the default security feature and the instance-level authentication as the secondary, then each instance can be individually protected.