SSO Architecture using OpenID Connect (OIDC) protocol with Liferay DXP
SSO Architecture using OpenID Connect (OIDC) protocol with Liferay DXP Read More »
Java portal
Understanding SSO – Part 1
Understanding SSO concepts
To better understand SSO we first understand the evolution of authentication .
1) Simple authentication architecture (Without SSO)
- There is a client (who is using the browser).
- There is a server (which is basically a web server for the application) .
- Client calls the login page and enters the Credentials .
- Server authenticates the credentials again the DB .
- Once authentication succeeds a session cookies is established between the client and server .
2) Generic SSO architecture
- The First call made to the web-application is redirected to the Identity provider (IdP) login page.
- User enters the credentials via browser and get back the token from the Identity provider (IdP).
- Token is sent to the Web application .
- Web app had a trust relationship with Idp or can have a key from Identity Provider (IdP) which is used to check the validity of the token.
- Once the validation succeeds the Web application puts a session cookie on the browser and the connection is established .
3) Understanding the Protocols
Now since we have understood the basic SSO mechanism , now is the time to get an understanding of the underlying authentication protocols used .
whenever we talk SSO we quite often hear about SAML , Open ID Connect , OAuth2 , OIDC etc.
Lets try to understand these
- First thing first we need to understand that Open ID Connect and OIDC are the same protocol , so let’s not confusion over that .
- Second important point is While OAuth 2.0 is an authorization protocol, OIDC is an identity authentication protocol .
- Third point we need to know is The OpenID Connect (OIDC) protocol is built over the OAuth 2.0 protocol and helps authenticate users and convey information about them .
- SAML is XML based and OIDC is JSON based protocol
- SAML is quite old is Industry hence is quite matured but at the same time Complex .
- SAML has highest security standard where as OIDC is moderate
- OIDC is top in sense of user friendliness and implementations
So I hope you got the gist now i.e. SAML and OIDC can be used for identity authentication. These 2 protocols hence are also used for SSO implementations .
4) Differences between SAML and OIDC
Stay tuned to check more about SSO in our next article…
Understanding SSO – Part 1 Read More »
GraphQL in Liferay DXP
Checkout the flow diagram here
What is GraphQL ?
GraphQL is basically a query language to read or mutate data in API . In simple words its a way to call API for read and write purpose using query like syntax . Using GraphQL feels like you are querying an API service instead of a database . This was developed by Facebook .
Challenges with REST
REST API calls has lot of advantages which is well known to developers but at the same time there are few drawbacks which REST API calls doesn’t address . Lets talk about few of them
Over fetching: This is when the API endpoint provides way more information than required by the client.
Under fetching: This is when the API endpoint doesn’t provide all of the required information. So, the client has to make multiple requests (API Calls) to get everything the application needs.
When to use GraphQL ?
Architectural Scenarios
- While writing code for mobile devices, smartwatches, and IOT Platforms , where bandwidth usage is critical parameter.
- Application requirements where nested data needs to be fetched in a single call ( For example a case when we need USER details then PRODUCTS details bought by USER ).
- A composite pattern, where an application retrieves data from multiple, different storage APIs.
How to use GraphQL in Liferay ?
Liferay by default comes with Out of the box List of APIs which you can access
- First Login as Admin
- Use the same browser to call the following URL
http://[host]:[port]/o/api
For example, if you’re running Liferay DXP locally on port 8080, the URL for discovering the GraphQL API is
3) Once you are on this page you can click GraphQL link on the top Right of the page
Example to Read
Here are steps to read all the blog content through GraphQL API
- Login as Admin
- Hit the URL http://localhost:8080/o/api
- Go to Graphql Tab
- write the Following query
query
{
blogPostings(filter:””,page:1,pageSize:10,search:””,siteKey:”47311″,sort:””)
{
page
items
{
id
headline
creator
{
name
}
}
}
}
Get the siteKey from Site configuration page of the site as shown in the Image 3 and replace in your query. If you have any blogs in that site then the query will give back some results else you can do the next step (To enter a blog entry via API) First and then retry this query again to get back some results . In my case since I had an entry you can see the API output on the Right hand side in the screenshot .
Image 1
Image 2
Example to Mutate (Write)
Here are steps to read all the blog content through GraphQL API
- Login as Admin
- Hit the URL http://localhost:8080/o/api
- Go to Graphql Tab
- write the Following query
mutation CreateBlog($blog: InputBlogPosting)
{
createSiteBlogPosting(blogPosting: $blog, siteKey: “47311” )
{
headline
articleBody
id
friendlyUrlPath
}
}
}
In the Query Variables you can enter the entry like following
{
“blog”:
{
“articleBody”: “Contact us for EU based Liferay Consultants at Liferayconsulting.com !”,
“headline”: “Liferayconsulting.com”
}
}
now run the query and the API call to write or mutate is done . You can now rerun the read query to find your entry appearing there .
Diagram Links
GraphQL in Liferay DXP Read More »
Moduler Approach in Liferay DXP
1) How moduler approach in Liferay helps creating customized solutions.
2) Liferay can be better explained as set of cubes where each cube is a different feature .
3) Customizing the vanilla (Default) Liferay Bundle by simply ADDING or REMOVING these cubes (Features).
4) Enabling/ disabling Multiple (OOB) security features as per customers need .( Example – Enabling SSO with NTLM, CAS, SiteMinder, OpenSSO, OpenID, Facebook)
5) Scaling the solution as per expected number of enduser (can be achieved using features like autoscaling in LIferay DXP Cloud ).
Link – https://lnkd.in/eWZHmtgc
#architect #security #cloud #Liferay #liferaydxp
#digital #experience #liferayExperienceCloud #architecture #design
Moduler Approach in Liferay DXP Read More »
Comparing Drupal, Joomla, WordPress, and Liferay
Let’s compare Drupal, Joomla, WordPress, and Liferay, which are popular content management systems (CMS) and portal platforms:
- Drupal:
- Strengths: Drupal is known for its flexibility, scalability, and robustness. It offers a highly customizable framework that can handle complex websites and applications. It has a strong community and provides advanced content management features, granular user access controls, and excellent security.
- Use cases: Drupal is often used for large-scale websites, government portals, educational platforms, and enterprise-level applications.
- Joomla:
- Strengths: Joomla is user-friendly and has a good balance between flexibility and ease of use. It offers a wide range of extensions and templates, making it suitable for various website types. It has a strong community and provides good multilingual support.
- Use cases: Joomla is commonly used for community websites, small to medium-sized businesses, non-profit organizations, and e-commerce sites.
- WordPress:
- Strengths: WordPress is highly popular, user-friendly, and easy to set up. It has a vast selection of themes and plugins, allowing for quick customization and functionality expansion. It is particularly well-suited for blogs, small to medium-sized websites, and content-focused platforms.
- Use cases: WordPress is widely used for blogs, personal websites, small business websites, news websites, and online stores (with the help of e-commerce plugins).
- Liferay:
- Strengths: Liferay is a robust portal platform that combines CMS and collaboration features. It offers comprehensive content management, user management, social collaboration tools, and integration capabilities. It provides a unified interface for creating personalized and role-based portals.
- Use cases: Liferay is often used for building employee portals, customer portals, intranets, extranets, and enterprise-level collaboration platforms.
Choosing the most suitable platform depends on your specific requirements, technical expertise, scalability needs, and the type of website or portal you intend to build. Consider factors such as ease of use, community support, available extensions, customization capabilities, security, and long-term scalability when making a decision.
Comparing Drupal, Joomla, WordPress, and Liferay Read More »
Liferay or AEM (Adobe Experience Manager) : Which is better choice for us ?
Liferay and AEM (Adobe Experience Manager) are both popular content management systems (CMS) used for building and managing websites and digital experiences. While they serve similar purposes, there are differences between the two platforms. Let’s compare Liferay and AEM in various aspects:
- Company and Community Support:
- Liferay: Liferay is an open-source platform developed by Liferay, Inc. It has an active and passionate community supporting it, providing regular updates, plugins, and extensions.
- AEM: AEM is a proprietary platform developed by Adobe. It also has a significant user base and community, and Adobe provides support and regular updates.
- Flexibility and Customization:
- Liferay: Liferay is known for its flexibility and extensive customization options. It offers a modular architecture that allows developers to build custom applications, integrations, and workflows.
- AEM: AEM provides a highly flexible platform for building websites and digital experiences. It offers a component-based approach and supports customization through Adobe’s Experience Manager Component Library.
- User Interface and Authoring Experience:
- Liferay: Liferay provides a comprehensive user interface and authoring experience. It offers features like drag-and-drop page building, customizable content structures, and workflow management.
- AEM: AEM emphasizes a seamless authoring experience with its intuitive user interface. It provides a WYSIWYG editor, visual components, and advanced authoring capabilities.
- Digital Marketing and Personalization:
- Liferay: Liferay includes digital marketing features such as targeting, segmentation, and campaign management. It provides tools for personalization and allows marketers to deliver targeted content.
- AEM: AEM is renowned for its robust digital marketing capabilities. It offers advanced personalization features, marketing automation, A/B testing, analytics, and integration with Adobe Marketing Cloud.
- Scalability and Performance:
- Liferay: Liferay is designed to handle large-scale deployments and offers horizontal scalability. It can efficiently handle high-traffic websites and supports clustering and load balancing.
- AEM: AEM is known for its scalability and performance. It leverages a scalable architecture and supports clustering, caching, and content delivery networks (CDNs) to ensure optimal performance.
- Pricing:
- Liferay: Liferay has an open-source Community Edition that is free to use. It also offers a commercial Enterprise Edition with additional features and support, which requires a subscription.
- AEM: AEM is a commercial product, and its pricing typically involves licensing fees based on factors like the number of users and required modules. It is generally more expensive compared to Liferay.
Ultimately, the choice between Liferay and AEM depends on specific requirements, budget, and preferences. Liferay may be a better fit for organizations seeking flexibility, customization, and an open-source solution, while AEM might be preferable for those who prioritize advanced marketing capabilities and a seamless Adobe ecosystem integration. It’s advisable to use Liferay if your requirement is more than Just CMS and you need flexible approach for future .
Connect with YoungIT if you need help in deciding your next platform .
Liferay or AEM (Adobe Experience Manager) : Which is better choice for us ? Read More »
This Flow diagram illustrate SSO Flow using OpenID Connect (OIDC) protocol with Liferay DXP Portal.
Following are the steps .
Step 1) User request SignIn page using browser , SignIn Page Open up , User clicks on the SignIn Link.
Step 2) Liferay redirects to the SignIn page (called Authorization Endpoint)of the OIDC Provider screen (Provider could be Microsoft azure ,google or any other provider).
Step 3) User enters the credentials.
Step 4) OIDC Provider process the request and generate a Token and sends back to the user browser.
Step 5) Browser redirect the request to Liferay Redirect URI along with the Token.
Step 6) Liferay Validates the token using Providers JWKS URI which contains the public keys that can verify the token. Once token Validation is successful Liferay adds a session cookie on to the browser which to keeps the session with the browser alive .
#datasecurity #singlesignon #liferay #liferaydxp #liferayExperienceCloud #architecture #SSO #saml #openid #saml #oidc #design