Liferay SSO with LDAP – Configuration & Flow Explained

 Single Sign-On (SSO) with LDAP is a common enterprise requirement where user authentication and authorization are centralized in a directory service such as Active Directory or OpenLDAP.

Liferay DXP provides native LDAP integration, allowing organizations to authenticate users using their corporate credentials.

This blog explains how Liferay SSO with LDAP works, its configuration, and best practices.

🔹 1. What Is LDAP SSO in Liferay?

LDAP (Lightweight Directory Access Protocol) is a directory service used to store:

  • Users

  • Groups

  • Roles

  • Organizational units

With LDAP SSO, users:

  • Log in once using LDAP credentials

  • Access Liferay without creating separate passwords

  • Are automatically synced into Liferay

👉 Liferay does not store passwords locally when LDAP authentication is enabled.

🔹 2. Liferay LDAP SSO Architecture

Authentication Flow

  1. User enters credentials on Liferay login page

  2. Liferay forwards credentials to LDAP

  3. LDAP validates username & password

  4. On success:

    • User is created/updated in Liferay

    • Roles and groups are synced

  5. User is logged into Liferay

User → Liferay → LDAP Server → Liferay → Portal Access

🔹 3. Supported LDAP Servers

Liferay supports:

  • Microsoft Active Directory

  • OpenLDAP

  • Apache Directory Server

  • IBM Tivoli Directory Server

🔹 4. Enable LDAP Authentication in Liferay

Step 1: Login as Portal Administrator

Navigate to:

Control PanelConfigurationSystem Settings

Step 2: Configure LDAP Server

Go to:

Security → LDAP → LDAP Server Configuration

Enable:

  • ✅ LDAP Authentication Enabled

  • ✅ Import Enabled

🔹 5. LDAP Connection Configuration

Typical configuration parameters:

SettingExample
Base Provider URLldap://ldap.company.com:389
Base DNdc=company,dc=com
Principalcn=admin,dc=company,dc=com
Credentials********
Authentication MethodSimple

👉 For Active Directory, use:

Principal: administrator@company.com

🔹 6. User Mapping Configuration

Navigate to:

LDAP → Users

Example mappings:

Liferay FieldLDAP Attribute
Screen NamesAMAccountName
Email Addressmail
First NamegivenName
Last Namesn
UUIDobjectGUID

🔹 7. Group & Role Mapping

Navigate to:

LDAP → Groups

  • Map LDAP groups to Liferay Roles

  • Enable Group Import

  • Assign default site roles automatically

Example:

LDAP Group: IT_USERS
→ Liferay Role: Portal User

🔹 8. Import & Sync Behavior

Liferay supports:

  • Automatic import on login

  • Scheduled sync (via scheduler)

  • Manual sync from Control Panel

Sync options:

  • Users only

  • Groups only

  • Users + Groups

🔹 9. Common LDAP SSO Issues & Fixes

❌ User cannot login

✔ Check Base DN
✔ Verify credentials
✔ Test LDAP connection

❌ User created but cannot authenticate

✔ Ensure LDAP authentication is enabled
✔ Disable local password authentication

❌ Groups not syncing

✔ Check group search filter
✔ Verify group DN
✔ Enable group import

🔹 10. Security Best Practices

✔ Use LDAPS (port 636)
✔ Restrict LDAP service account permissions
✔ Enable audit logs
✔ Do not allow local password override
✔ Use scheduled sync carefully

🔹 11. LDAP vs Other SSO Options in Liferay

SSO TypeUse Case
LDAPInternal enterprise users
SAMLExternal partners
OAuth2 / OIDCModern apps & APIs
CASLegacy systems

✅ Conclusion

Liferay’s LDAP SSO integration provides a secure, centralized, and enterprise-grade authentication solution. It simplifies user management, improves security, and ensures consistent access control across systems.

LDAP SSO is ideal when:

  • Users already exist in Active Directory

  • Centralized identity management is required

  • Passwords must not be stored locally


💼 Professional Support Available

If you are facing issues in real projects related to enterprise backend development or workflow automation, I provide paid consulting, production debugging, project support, and focused trainings.

Technologies covered include Java, Spring Boot, PL/SQL, CMS, Azure, and workflow automation (jBPM, Camunda BPM, RHPAM).

Comments

Post a Comment

Popular posts from this blog

Scopes of Signal in jBPM

Image
💡 Introduction Signals in jBPM 7 are a core part of event-driven workflow design. They allow asynchronous communication between process instances, making it possible to start , interrupt , or coordinate processes without direct linking. However, signals can have different scopes , which define how far the signal travels and who receives it . Let’s explore the four available scopes in detail: 🔹 Process Scope 🔹 Default Scope 🔹 External Scope 🔹 Project Instance Scope 🧩 1️⃣ Process Scope 📘 Definition Process scope signals are local to a single process instance or its child subprocesses . They are not visible outside that instance hierarchy. 📋 Use Case Used for communication inside the same process , like triggering subprocesses or event sub-processes. 🖼️ Process Scope Example Below is an example of a simple process-scoped signal. Only this process (or its subprocess) will catch this signal. ⚙️ 2️⃣ Default Scope 📘 Definition The default scope ...
Read more

OOPs Concepts in Java | English | Object Oriented Programming Explained

Image
🔹OOPS (Object Oriented Programming System) in Java Object-Oriented Programming (OOPS) is a programming paradigm that uses classes and objects to design software. It simplifies development and maintenance by applying key concepts: 📌 Class: Class   is a user-defined data type which defines its properties and its functions. Class is the only logical representation of the data. For example, Human beings in an organisation is a class like Employee. The age, name, department, salary etc. of a human being/employee are its properties, and the jobs performed by the employees in an organisation are known as functions.  The class does not occupy any memory space till the time an object is instantiated. A class is a user-defined data type that defines properties and functions. For example: Class: Employee Properties: name, age, salary Functions: work(), attendMeeting() A class does not occupy memory until an object is created. ...
Read more

jBPM Installation Guide: Step by Step Setup

  jBPM Installation Guide – Step by Step for Beginners If you are starting with jBPM (Java Business Process Management) , the first step is to set up your environment. In this guide, we’ll walk through how to install jBPM, configure it, and run your first business process. 🔎 What is jBPM? Before we dive into installation, a quick recap: jBPM is an open-source Business Process Management (BPM) suite , written in Java, that allows you to model, execute, and monitor workflows using BPMN 2.0 standards. It can run standalone , embedded in applications , or deployed on a Java EE server . 🖥️ Prerequisites Before installing jBPM, make sure you have: Java JDK 11 or later (Java 17 is commonly used) Maven 3.x (for building and managing dependencies) Git (optional, if you want to clone sample projects) A Database (H2, MySQL, PostgreSQL, or Oracle) – jBPM ships with H2 for testing At least 4GB RAM (8GB recommended for Workbench & KIE Server) 📦 Download ...
Read more