问题
We use Liferay 6.1.0, OpenLDAP for storing users, and CAS for SSO. I configured Liferay to use CAS for login. However, login via CAS works only if one clicks the "Sign In" link in the upper right corner. Users can also log in via the Login portlet but that does not use CAS. First I thought I can hide or remove the Login portlet to force the users to log in via CAS, but then I lose the "Create Account" link which is provided by the login portlet. And I need the Create Account functionality of Liferay because it is very practical (it exports new users to the LDAP for instance).
How can I have the cake and eat it? I.e. offer Liferay's Create Account link without showing the rest of the Login portlet, and "force" already registered users logging in via CAS only? Any help would be appreciated. Thanks.
回答1:
Answering my own question as I finally figured it out...
I created a hook to replace the JSP file $TOMCAT/webapps/ROOT/html/portlet/login/login.jsp where $TOMCAT is the Tomcat server directory in the Liferay bundle. (Check the Liferay guide on how to create JSP hooks.)
The idea is to test whether CAS is enabled, and if yes, then "hide" the username, password fields and the login button in the form. The test condition I found in a Liferay Shibboleth plugin. Here is the relevant part of the JSP, starting from Line 101 or thereabouts:
<liferay-ui:error exception="<%= UserPasswordException.class %>" message="authentication-failed" />
<liferay-ui:error exception="<%= UserScreenNameException.class %>" message="authentication-failed" />
<%-- When CAS is enabled, don't show the normal login fields --%>
<c:choose>
<c:when test="<%= PrefsPropsUtil.getBoolean(company.getCompanyId(), PropsKeys.CAS_AUTH_ENABLED, PropsValues.CAS_AUTH_ENABLED) %>" >
<%-- CAS is enabled --%>
<div><p>
Please sign in via CAS using the "Sign In" link in the upper right corner.
</p></div>
</c:when>
<c:otherwise> <%-- original login fields --%>
<aui:fieldset>
<%
String loginLabel = null;
if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
loginLabel = "email-address";
}
else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
loginLabel = "screen-name";
}
else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
loginLabel = "id";
}
%>
<aui:input label="<%= loginLabel %>" name="login" showRequiredLabel="<%= false %>" type="text" value="<%= login %>">
<aui:validator name="required" />
</aui:input>
<aui:input name="password" showRequiredLabel="<%= false %>" type="password" value="<%= password %>">
<aui:validator name="required" />
</aui:input>
<span id="<portlet:namespace />passwordCapsLockSpan" style="display: none;"><liferay-ui:message key="caps-lock-is-on" /></span>
<c:if test="<%= company.isAutoLogin() && !PropsValues.SESSION_DISABLED %>">
<aui:input checked="<%= rememberMe %>" inlineLabel="left" name="rememberMe" type="checkbox" />
</c:if>
</aui:fieldset>
<aui:button-row>
<aui:button type="submit" value="sign-in" />
</aui:button-row>
</c:otherwise>
</c:choose>
<%-- end of CAS-dependent login field part --%>
</aui:form>
Admittedly it is a hack but it works. :-)
来源:https://stackoverflow.com/questions/13237244/liferay-login-via-cas-create-account-functionality-via-login-portlet