Liferay© SSO and Identity Management Integration

The AssureBridge IDM360 SSO for Liferay© extends the Liferay© Portal as a true enterprise integration portal in a federated environment. The Liferay Portal is a powerful content portal with numerous features.  Organizations wishing to extend Liferay as a full enterprise portal often require additional capabilities including:

• Ability to accept multiple forms of authentication (Direct Login, Mobile, SAML, OpenID, Multi-factor, IWA, Custom, Legacy, etc.)
• Seamless login to internally and externally hosted web applications and services
• Unify and manage User, Group and Role data across multiple internal and external directories
• Support multi-tenancy with each tenant having a separate form of authentication
• Scale to hundreds of thousands of users

The AssureBridge IDM360 Liferay© SSO solution provides powerful features to turn your Liferay into a powerful enterprise-class portal.

If you are hosting your applications in a Liferay Portal, you may have multiple customers, partners, vendors, etc. who wish to sign into your Liferay using single sign-on.  Each of your SSO partners will have a separate SSO solution such as Microsoft ADFS, Ping Identity, Shibboleth, IBM Tivoli, CA SiteMinder, Google Apps, or one  of many others.   They will support protocols such as SAML 1.1, SAML 2.0, WS-Federation, OAuth 1.0, OAuth 2.0 or OpenID Connect.  Some users will not use SSO and will login directly into your portal with a user ID and password.  Only IDM360 SSO for Liferay© supports multiple, simultaneous SSO connections to multiple partners.

• Each connection can be routed to a separate Liferay organization to make your installation a truly multi-tenant portal solution.
• Flexible rules are used to determine when and how SSO handshake should take place.
• Each partner connection is fully isolated from the rest and uses its own dedicated partner metadata.
• Identity and attribute processing can be configured for each partner connection separately.

IDM360 SSO for Liferay© works exactly the same on both Liferay EE and CE.  This allows substantial savings on licensing when enterprise edition is not required.  Take advantage of world-class Single sign-on capability using community edition exclusively or a mix of CE and EE.

Enterprise class portals need to accept logins from customers via Single Sign-On by acting as Service Providers (SP).

At the same time they need to perform SSO to other web sites and applications either hosted on separate servers or embedded as portlets in Liferay.  This requires Liferay to serve as an Identity Provider (IDP). IDM360 supports connecting external cloud-hosted sites and in-house applications using different SSO protocols, including SAML, OpenIDConnect, OAuth, WS-Federations, and others. For applications that don’t support SSO capabilities IDM360 provides a number of lightweight adapters that help achieve SSO integration in record times.

IDM360 SSO for Liferay© supports multiple simultaneous upstream customers and connects them to multiple simultaneous downstream applications.  IDM360 SSO for Liferay© keeps track of how users originally log in so that bookmarks and email notifications are handled correctly and seamlessly.

IDM360 SSO for Liferay© supports not only all brands of Corporate SSO solutions (e.g. Ping, Shibboleth, ADFS,  etc.) but all major social sign-on platforms.

These include Facebook, Twitter, Google Circles, LinkedIn, and many more.  As always, you’re free to mix and match the SSO protocols you wish to support.  IDM360 allows to configure the system for a Social Sing-On via flexible rules and extensive configuration options. Less trusted sign-ons such as users with Twitter accounts can be further secured with a variety of corporate/enterprise two-factor authentication mechanisms (see next section).

Sensitive data on you portal requires extra security.

IDM360 SSO for Liferay© allows single sign-on to be combined with multi-factor authentication.  In addition to a wide range of SSO protocols (SAML, OpenID, etc.) you can choose to prompt your users with a 2nd factor such as a one-time PIN code, secret questions or personal data (e.g. last 4 digits of SSN).

Multi-factor can be configured by client, user-time or location.  Powerful rules are used to drive decisions on when the additional factor is to be used. For more information on IDM360 Multi-factor capabilities, please click here.

If you run your Liferay with virtual hosting, only IDM360 SSO for Liferay© allows users to be routed to different hosts depending on where they sign in from.  Users from different companies can each have their own host or multiple partners can share a host.

IDM360 SSO for Liferay© allows each of your customers to see a login page with custom themes including colors, logos and styles.  Further, each customer can get a customized, user friendly and themed error page if something goes wrong during signon.

Single sign-on can be difficult.  SSO protocols such as SAML and OAuth have many configuration options and not all your partners, customers and vendors SSO solutions will support every configuration.  IDM360 SSO for Liferay© has the most support flexibility of any SSO solution on the market.  In addition to supporting the widest range of protocols, it supports WSRP embedding, SHA2/SHA256 certificates, all NameID formats, Audience types, session timeouts, and configurable logout options by client.

AssureBridge guarantees SSO connectivity with your partners.  You will not be left to decipher the bewildering array of configuration options.  A trained AssureBridge technician will work with your partner’s technical staff and to configure and test the SSO connection making sure that both single sign-on works flawlessly.