How to implement custom resolvers for Liferay Connector to SAML 2.0

Environment

Resolution

This sample module (^source is attached to this page) aims to provide minimal boilerplate code one can use to implement custom Liferay SAML 2.0 resolvers for:

  • com.liferay.saml.opensaml.integration.resolver.AttributeResolver(extension point for Liferay DXP IdP)
  • com.liferay.saml.opensaml.integration.resolver.NameIdResolver(extension point for Liferay DXP IdP)
  • com.liferay.saml.opensaml.integration.resolver.UserResolver(extension point for Liferay DXP SP)

Each of the custom resolvers sets a higher service.ranking as a @Component property in order to ensure that the custom resolvers will be used over the default ones shipped with Liferay's SAML 2.0 connector.

Dependencies

License: Liferay DXP developer or production license.

Source: (Optional) You can download the Maven-style source JARs of the Liferay Connector to SAML 2.0 modules through your Purchased Apps page from Liferay Marketplace or request it through Liferay Support by opening a ticket if you don't find the source of a given version.

Compile: See build.gradlein the attached source.

Notes:

  • You need to extract com.liferay.saml.opensaml.integration-x.y.z.jar from the Liferay Connector to SAML 2.0.lpkg (you can download it from Marketplace) and put it into a folder called libs created in the module's root folder.
  • Version 3.0.14 of com.liferay.saml.persistence.api used in this sample is included in Liferay Connector to SAML 2.0 v5.0.1 and is available in Liferay's Nexus repository. This was the latest available release at the time of writing. If you are using a newer version of the SAML 2.0 connector, you will need to adjust the version of the dependencies accordingly. Alternatively, you can extract it from Liferay Connector to SAML 2.0.lpkg and have it in the libs folder. In this case, you can remove the explicit dependency from build.gradle.

Runtime:

  • Liferay DXP 7.2 SP2+/FP5+
  • Liferay Connector to SAML 2.0 v5.0.1

Note: the customization method should be the same for previous versions of the Liferay Connector to SAML 2.0, as well (4.1+ for DXP 7.1 and 3.1+ for DXP 7.0). You just need to update the dependencies accordingly.

Build

  1. Download and unzip the ^source attached to this page
  2. Place the module's source into the modules folder of your Liferay Workspace or use Liferay Developer Studio
  3. Run gradlew deploy or gradlew assemble.

Deploy

  1. Place Liferay Connector to SAML 2.0.lpkg into [Liferay Home]/osgi/marketplace
  2. Place com.liferay.custom.saml.resolvers-x.y.z.jar produced by the build into [Liferay Home]/osgi/deploy
  3. Start Liferay DXP

You should see log messages in the console like these:

2020-09-09 13:05:15.073 INFO [Refresh Thread: Equinox Container: 20022c4f-8479-4d66-a8fc-dcfe51951f12][BundleStartStopLogger:46] STARTED com.liferay.custom.saml.resolvers_3.0.30 [718]
2020-09-09 13:05:15.076 DEBUG [Refresh Thread: Equinox Container: 20022c4f-8479-4d66-a8fc-dcfe51951f12][CustomAttributeResolver:64] Activated
2020-09-09 13:05:15.076 DEBUG [Refresh Thread: Equinox Container: 20022c4f-8479-4d66-a8fc-dcfe51951f12][CustomAttributeResolver:67] Default resolver: class com.liferay.saml.opensaml.integration.internal.resolver.DefaultAttributeResolver
2020-09-09 13:05:15.077 DEBUG [Refresh Thread: Equinox Container: 20022c4f-8479-4d66-a8fc-dcfe51951f12][CustomNameIdResolver:71] Activated
2020-09-09 13:05:15.078 DEBUG [Refresh Thread: Equinox Container: 20022c4f-8479-4d66-a8fc-dcfe51951f12][CustomNameIdResolver:74] Default resolver: class com.liferay.saml.opensaml.integration.internal.resolver.DefaultNameIdResolver
2020-09-09 13:05:15.079 DEBUG [Refresh Thread: Equinox Container: 20022c4f-8479-4d66-a8fc-dcfe51951f12][CustomUserResolver:66] Activated
2020-09-09 13:05:15.079 DEBUG [Refresh Thread: Equinox Container: 20022c4f-8479-4d66-a8fc-dcfe51951f12][CustomUserResolver:68] Default resolver: class com.liferay.saml.opensaml.integration.internal.resolver.DefaultUserResolver


Testing

As a quick test, you can create two Virtual Instances in your Liferay DXP installation and configure them as a SAML IdP and SP respectively. When the sample module is deployed, you should see the following log messages in Liferay DXP's console upon authenticating a user:

2020-09-09 12:00:13.051 DEBUG [http-nio-7211-exec-6][CustomNameIdResolver:51] Resolving
2020-09-09 12:00:28.846 DEBUG [http-nio-7211-exec-6][CustomAttributeResolver:48] Resolving
2020-09-09 12:00:30.356 DEBUG [http-nio-7211-exec-10][CustomUserResolver:46] Resolving
Was this article helpful?
0 out of 0 found this helpful