The authentication process is a pipeline through which users can be validated by one or several systems. As a developer, you can authenticate users to anything you wish, rather than be limited by what Liferay DXP supports out of the box.
Here’s how authentication works under most circumstances:
-
Users provide their credentials to the Login Portlet to begin an authenticated session in a browser.
-
Alternatively, credentials are provided to Liferay DXP’s API endpoints, where they are sent in an HTTP BASIC Auth header.
-
Alternatively, credentials can be provided by another system. These are managed by
AutoLogin
components. -
Credentials are checked by default against the database, but they can be delegated to other systems instead of or in addition to it. This is called an Authentication Pipeline. You can add
Authenticator
s to the pipeline to support any system. -
You can also customize the Login Portlet to support whatever user interface any of these systems need. This gives you full flexibility over the entire authentication process.
This structure lets you support an authentication mechanism and/or accept credentials from a system that Liferay DXP doesn’t yet support. If you don’t like the user interface for signing in, you can replace it with your own.
These tutorials guide you through these customizations. You’ll discover three kinds of customizations:
-
Auto Login: the easiest of the three, this enables authentication to Liferay DXP using credentials provided in the HTTP header from another system.
-
Authentication Pipelines: if you must check credentials against other systems instead of or in addition to Liferay DXP’s database, you can create a pipeline.
-
Custom Login Portlet: if you want to change the user’s sign-in experience completely, you can implement your own Login portlet.
Read on to discover how to customize your users’ sign-in experience.