Skip to main content


Showing posts from March, 2016

Identity Federation with SAML 2.0 and Mod Mellon (PART 1)

In this post, I am going to share how you can use Apache Mod_Mellon in conjunction with any SAML 2.0 vendor such as OneLogin, Ping Identity, WSO2 and MS Azure to create federation based Single Sign On for multiple applications. We will first identify each component and their role and create a quick set up of our problem context. PROBLEM STATEMENT We have many custom applications running where many different users from different organization can login to view and act on these applications. Our goal is to make sure that these applications do not handle authentication (even authorization) themselves and end users use their enterprise login information to gain access to these systems. Our goal is to say we never store client credentials for end users in any of our systems. APPROACH to SOLUTION Our basic goal is to eliminate single application integration with end client identity providers as we may add or remove applications from our portfolio without having to add/remove integration

Set up a MessageListener with Liferay

In a previous post , I briefly mentioned about Liferay's MessageListener interface. This interface is part of Liferay's Message Bus framework which can be used to send messages between Liferay and other web applications. This interface can also be used to schedule jobs within Liferay. In order to use this interface and create a scheduled Job, you can Create a basic portlet: I usually stick to the GenericPortlet interface unless I have a really good reason to use some of the other interfaces specific to Liferay.  Once you created this interface, go ahead and create a class that implements the MessageListener interface. Following code snippet is an example of such an object. public class DemoListener implements MessageListener, ApplicationContextAware { private ApplicationContext appContext; private final static String SOME_ID = "someId"; private final Logger log = LoggerFactory.getLogger(DemoListener.class); @Override pub

I deleted Liferay's default guest account now what!!!

I recently had the opportunity to work with Liferay Portal version 6.2 ga4. Liferay is a platform that allows you to create dynamic web applications using Portal technology where you can create Java Portlets. Liferay supports many different relational database systems. Our project utilized PostgreSQL. Depending on how you install Liferay, you can either pre-populate the database or let Liferay create the database during initial start up.  In our project, we had the need to synchronize users to our Liferay instance from other datasources specifically from an Oracle database instance. In order to handle this synchronization, we relied on Liferay's MessageListener interface. This interface allowed us to hook into Liferay's scheduler mechanism so that we were able to use cron style scheduling.  In this implementation, we queried our source database and used Liferay's API to insert, update, and delete users and roles into Liferay. During delete, we had logic to ski