Liferay Keycloak integration

Liferay Keycloak integration using OpenID

Overview

This tutorial explains how to configure OpenID SSO between Liferay 7.2 and Keycloak 7.0.1

Installation instructions

KeyCloak Configuration

1. Install and startup Keycloak server

  1. Download latest Keycloak server: https://www.keycloak.org/downloads.html
  2. Unzip keycloak-7.0.1.zip folder.
  3. Run keycloak-7.0.1/bin/standalone.sh (or keycloak-7.0.1/bin/standalone.bat) file.
Keycloak should be started on 8080 port: http://localhost:8080

2. Create default admin user:



and sign in to Admin Console.

3. Check OpenID configuration

Click on "OpenID Endpoint Configuration":


JSON configuration should appear, like this:
{
  "issuer": "http://localhost:8080/auth/realms/master",
  "authorization_endpoint": "http://localhost:8080/auth/realms/master/protocol/openid-connect/auth",
  "token_endpoint": "http://localhost:8080/auth/realms/master/protocol/openid-connect/token",
  "token_introspection_endpoint": "http://localhost:8080/auth/realms/master/protocol/openid-connect/token/introspect",
  "userinfo_endpoint": "http://localhost:8080/auth/realms/master/protocol/openid-connect/userinfo",
  "end_session_endpoint": "http://localhost:8080/auth/realms/master/protocol/openid-connect/logout",
  "jwks_uri": "http://localhost:8080/auth/realms/master/protocol/openid-connect/certs",
  "check_session_iframe": "http://localhost:8080/auth/realms/master/protocol/openid-connect/login-status-iframe.html",
  ...
}

4. Create a new client



5. Configure the client


  • Set client name;
  • Set "Access Type" to "confidential";
  • Set "Valid Redirect URIs" to "*".

6. Copy client secret

Copy client secret from "Credentials" tab:


7. Create Identity Provider


8. Configure Identity Provider


Set URLs from configuration in step 3:
  • Authorization URL: http://localhost:8080/auth/realms/master/protocol/openid-connect/auth
  • Token URL: http://localhost:8080/auth/realms/master/protocol/openid-connect/token
  • Logout URL: http://localhost:8080/auth/realms/master/protocol/openid-connect/logout
Set Client ID and Secret (see steps 4-6 above).

9. Create sample user to test SSO

Create sample user:

and setup password on 'Credentials' tab.

Liferay Configuration

1. Install and startup Liferay

  1. Make sure, Liferay is configured to use different port than Keycloak (for example, 8081).
  2. Start Liferay server.
  3. Check if it's running: http://localhost:8081

2. Go to SSO configuration in System Settings:

3. Enable OpenID:

4. Create new "OpenID Connect Provider":




Checking SSO Login

1. Go to Login page, click on "OpenId Connect":



2. Choose Identity provider and click Sign In:



3. Sign in to Keycloak:



4. After successful login Liferay user should be created and logged into Liferay:



Enjoy 😏

Comments

Post a Comment

Popular posts from this blog

Liferay Search Container Example

Or how to implement a custom search container in Liferay Overview   Search Containers are used in Liferay to display the table data. This article shows a simple example of how to implement a custom search container.  Example < liferay-portlet :renderURL varImpl ="iteratorURL" /> < liferay-ui :search-container total =" <%= ProjectLocalServiceUtil. getProjectsCount (scopeGroupId) %> "                              delta ="10"                              emptyResultsMessage ="no-projects-found"                              iteratorURL =" <%= iteratorURL %> " >     < liferay-ui :search-container-results             results =" <%= ProjectLocalServiceUtil. getProjects (scopeGroupId, searchContainer.getStart(), searchContainer.getEnd()) %> " />     < liferay-ui :search-container-row className ="com.sample.sb.model.Project" modelVar ="project" keyP
Read more

Liferay DXP - max upload file size

Image
Liferay DXP - increase Maximum Upload Request Size By default, Liferay has limit to 100 MB for file upload. Sometimes you need to upload larger files, and this restriction can be changed in configuration. Go to Control Panel -> Configuration -> System Settings -> Infrastructure. Click on "Upload Servlet Request". Modify " Overall Maximum Upload Request Size"  value and set which you need: Save the configuration. Now you should be able to upload large files to your Liferay DXP instance.
Read more