Hi,

I am evaluating Joget for use with our Liferay Portal.   What I would like to do is embed a Joget App into Liferay Portal using an iFrame.  

I'm trying to figure out the best way to Single Sign On from Liferay Portal (or OpenAM) to Joget.  I have seen some discussions around using Javascript to facilitate the Sign On but it involves sending the password in plain text.

Is there a more secure way to go about this type of integration in V3?

Thanks,
Jamie

  • No labels

3 Comments

  1. Tiensoon

    Hi Jamie, in the JavaScript API documentation, the AssignmentManager.login function is mentioned. One of the variants available, is using hash, instead of clear text password. This function is available since v2.0.1

  2. Jamie L Sammons

    Hi Tiensoon, in our case Liferay doesn't store the users password.  It is stored in LDAP as SHA.  I guess I'm not sure on how I would go about retrieving the password and then submitting it to Joget as an MD5 hash since Liferay doesn't technically know what the password is.

    Would it be possible for Joget to someday support Web SSO products like JASIG CAS or OpenAM (what we currently use) to make this type of integration easier?

    Thanks,
    Jamie

    1. Arun Kumar

      Hi Jamie,

      I had the same requirement and have integrated JoGet and Liferay but it would require code change in the Liferay source code. Believe me it's a simple code change -

      1. Identify the login jsp page in Liferay

      2. change the default submit action of the login button and call a javascript function

      3. Javascript function will call the JoGet JSON authentication method and then submit the form

      When you call the javascript fucntion you can also pass the password textbox value. Hope this helps!

      note - I believe that you have developed custom JoGet user management plugin.