Liferay Portal 6 Enterprise Intranets -Book Review

Just to guide you on book   Liferay Portal 6 Enterprise Intranets, whether what you are looking for is in there or not :)

Chapter 1:Introducing Liferay for your Intranet



This chapter describes what all you can do using Liferay, along with giving a glance on the standards that are followed in Liferay architecture.


1) Creation of Discussion boards

2) Wiki's for collaborative document's creation

3) Blog's for team and individuals: Where in team don't need to be technical, they can update the contents using WYSIWYG editors.

4) Document store for managing and publishing document;s with role based access control

5) Workflow to control document publishing

6) Integration of social office , social networking site's for better collaboration and one point view.

7) Shared calendar's.

8) SOA based support to integrate with other third party system and have single point of

access to all systems in a portal.



Chapter 2: Setting Up a Home Page and Navigation Structure for the Intranet


1) Setting up Liferay portal in windows / Linux environment with installation steps.

2) Setting up production environment, here the book talks about JVM parameters to be set up

for production environment but never explains why? or what those parameters mean.

3) Good explanation of portal.properties which can be extended for the customization of the portal, which gives an easy way for administrators to modify or have the customization done.

4) Describes the way of creating default database connections via JNDI and populating the DB with default data. The good thing that I found here is how to configure ""NULL IS NULL" check.

5) Describes the way to configure the mail's [SMTP/ IMAP /POP3] server.


There are description of portal.properties / portal-ext.properties. Somehow I miss a screenshot

of the directory structure when the portal is installed, so that I can easily map the file's with the structure that the text written indicates to.

Chapter 3: Bringing in users

This chapter talks about users accessing the built system and controlling their authentication and authorization as per the roles they perform in an organization.

This chapter details on:

1) Setting up an Organization and its sub-orginizations.

2) Adding /Modifying / Deleting Departments to the Organization

3) Adding /Modifying / Deleting locations to the organization / departments.

4) Associating users to the Organization / SubOrganization / Department / Location.

5) Key point to note while removing (deleting) any location /department is that you need to remove
   the associated users from there. Then only you will be able to delete them.

6) Describes the properties in portal.properties which define the above associations and properties.
   I was looking for a deep dive on these properties where in how should I be able to configure
   my organization and add some properties if possible by modifying the portal-ext.properties.  
   Short examples showing the modification shoule have been provided.

7) The chapter introduces the Shared Global space but dosent talks about it in detail. Hope to see the
   details on how to manage this space in details in other chapters.

8) Creating users to and adding them to groups. I was expecting screen shots for the same.

9) Managing users (Impersonating / update / Activate / Deactivate / Delete)and their profiles.

10) Connecting to LDAP and importing the users from there.

11) Authenticating user via SSO (CAS / NTLM /OpenID /OpenSSO /Siteminder), book describes the configurable portal properties.

12) Managing Roles in an organization and assigning members to those roles.

13) Assigning Portal and portlet level permissions.

Chapter 4:Forums , Categorization and Asset Publishing

Ongoing Admin Tasks

Book: Liferay Poratl 6 Enterprise Intranets

Sample Chapter:Ongoing Admin Tasks

In this Sample Chapter you will learn to.

• Manage Servers and Portal Instances
• Use Dynamic data Source called database  read writing and database Sharding
• Use password policies, Update portal settings, and monitor user activities.
• Building clustering environment  and run the portal in a cloud computing environment.

 I am currently reading this book and will be publishing my comments / learnings on 

all the chapters of the book. 

Liferay OpenDS and CAS Integration

Integrating OpenDS and CAS in Liferay

I am using Liferay 5.2.3, openDs-2.2.0 and CAS (http://www.jasig.org/cas)


OpenDS LDAP

1) Open DS (http://www.opends.org/) . I am going with minimal configuration for LDAP.

Steps to Follow:

1) Install plain open DS from http://www.opends.org/, without default configuration.

While installation I changed the default port form 389 to 10389.

a) provided hostname [PC name]:abc

b) Create Admin as say: cn=admin,ou=system with password changeit.

c) create a Base DN entry as: dc=company,dc=com

d) Create user entry under ou=people. under this basedn entry.

e) Connect OpenDS via JExplorer LDAP Browser ( http://jxplorer.org/) and you can see those entries as.:

For connecting via JExplorer use:

Host: abc , port:10389
protocal: LDAP V3
BaseDN: dc=company,dc=com
Level: user + password
userDn: cn=admin,ou=system
password: changeit

You should see something like:



Now we are done with LDAP Setting successfully.
Liferay + LDAP
2) Install Liferay Tomcat Bundle downloaded from http://www.liferay.com/ (I am using liferay 5.2.3).

a) Open up the bundle extract it to some directory say: d:\ in windows.

b) Start liferay (TOMCAT_HOME/bin/start) of the above bundle.

c) Go to control panel of Liferay: (Login as bruno admin and under drop down menu "control panel")

d) In control Panel Go to Portal->Settings->Authentication->LDAP.
Here provide the details as:

Enabled :Check
Base provider URL: ldap://abc:10398/
BaseDN: dc=company,dc=com
Principal: cn=admin,ou=system
credentails=chageit[Photo]
Now test the LDAP connection using "Test LDAP Connection" button. It should give you successful result.
Under users section provide details as:
Authentication Search Filter:(mail=@email_address@)
Import Search Filter (objectClass=inetOrgPerson)
Screen Name: cn
Password: userPassword
EmailAddress:mail
FirstName: givenName
LastName: sn
JobTitle: title
Group: groupMembership

After this Click on "Test LDAP Users" You should see the users we created while LDAP setup.

Here under import /export section: check import Enabled, export Eanbled.
userDn: ou=people,dc=company,dc=com
Leave rest details as default.
Save the details and you are set to go.You can test via logging form user;s in LDAP in Liferay :)....
Now we will proceed with Integration of CAS over these settings which we have done till now.

3) CAS Integration:

a) Download CAS : cas-server-3.3.5-release from http://www.jasig.org/cas. Explode the Zip file and you will find cas-server-webapp-3.3.5.war in modules folder.
b) Prepare a fresh installtion of tomcat say at port : 8081 because liferay will be running on 8080.
a) For this open the server.xml file in fresh insalled tomcat and chnage port 8080 to 8081.
b)Un-comment the following section to enable https. <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" />
c)Rename the cas-server-webapp-3.3.5.war as cas-web.war and put it in webapps folder of the fresh tomcat installation.
d)Start this tomcat server.
e) After starting the tomcat. Stop the tomcat server, you should see cas-web folder now in webapps directory.
f) Now go to cas-web/web-inf folder open deployerConfigContext.xml and provide following enteries:
g) Under : <property name="authenticationHandlers"> ....<bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient" />......add
<bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"> <property name="filter" value="cn=%u" /> <property name="searchBase" value="ou=People,dc=company,dc=com" /> <property name="contextSource" ref="contextSource" /> </bean>

h). Since we are creating a reference to contextSource above, so we need to add a bean with that reference. Add a new bean entry as: <bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource"> <property name="urls"> <list> <value>ldap://abc:10389/</value> </list> </property> <property name="userDn" value="cn=admin,ou=system"/> <property name="password" value="changeit"/> <property name="baseEnvironmentProperties"> <map> <entry> <key> <value>java.naming.security.authentication</value> </key> <value>simple</value> </entry> </map> </property></bean>
3) save ths file.
4) Now we will configure Liferay to enable CAS authentication. For this goto Liferay -> control panel >Settings->Authentication->CAS
5) Do the following changes:
Enabled: checked
Import from LDAP: checked
Login URL: https://abc:8443/cas-web/login (Assuming CAS is also on abc)
Logout URL: https://abc:8443/cas-web/logout
server name: abc:8080 (Liferay is on 8080)
Service URL: http://abc:8080/c/portal/login
validate URL: https://abc:8443/cas-web/proxyValidate
save the settings.
Now shutdown Liferay and Tomcat (CAS one) both.
Now we have completed our basic conficuration, the only thing missing is the certificate by which authentication will be done via CAS. So let's generate certificated and make it trusted for things to work like butter :)
Generate the SSL cert with Java keytool ;
In any directory enter the command :
keytool -genkey -alias tomcat -keypass password -keyalg RSA
Answers the Q's (note that your firstname and lastname MUST be hostname of your server and cannot be a IP address)
Enter keystore password: changeit
What is your first and last name? [Unknown]: abc
What is the name of your organizational unit? [Unknown]: abc
What is the name of your City or Locality? [Unknown]:
What is the name of your State or Province? [Unknown]:
What is the two-letter country code for this unit? [Unknown]: Is CN=abc, OU=abc, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct? [no]: yes
Then Enter command:
keytool -export -alias tomcat -keypass changeit -file server.cert
This command exports the cert you generated from your personal keystore (In windows .keystore file) . To save the certificate on file named server.cert
Finally import the cert into Java's keystore with this command.
keytool -import -alias tomcat -file server.cert keypass changeit -keystore %JAVA_HOME%/jre/lib/security/cacerts
Note: This import of certificate should be done for all the JRE's [The tomcat JRE for CAS and the JRE for Liferay], probably the liferay bundle would be having its own JRE, so import the certificate there as well as in the Tomcat installation JRE or JDK , should be Java_home :).

After this....Yeah we are all set.......
Start OpenDS, Start CAS Tomcat, Start Liferay.
Form home click "sign in" in liferay, you will be redirected to CAS login screen. Enter the credentials which we added in LDAP [Note: CAS authenticates with userId not email which liferay does], so put Id we used in LDAP into CAS login screen with password, put password and submit. You should now be redirected to Liferay and logged in with Signed in User.
Some Problems that I faced during above activity:
1) Exporting to LDAP fails if the user doesn't have a Job Title: Well provide jobTitle...Its required by Liferay. so go to LDAP browser and for each user provide value for title.
2) I have to use Passwords as plain text as passwords are exported to LDAP via Liferay is in form of Plain Text.
3) CAS uses username for authentication and for liferay its the ScreenName. so authentication is for screenname even if we supply email as authentication in Liferay.
4) Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] : This error comes up whenever the certificates are not matching on both the JVM's where CAS and Liferay is running. So, just ensure they are correct and at proper place, This problem will be resolved.