Liferay Authentication with OAuth2 — Complete Guide

 Modern applications rarely authenticate users directly.

They delegate authentication to trusted identity providers like Google, Azure AD, or Keycloak using OAuth2.

In Liferay, OAuth2 allows secure Single Sign-On (SSO) across microservices and external apps.

This guide explains how OAuth2 works in Liferay and how to configure it.

📌 What is OAuth2 in Liferay?

OAuth2 enables:

  • External login (Google / Azure / IdP)

  • Secure API access

  • Token-based authentication

  • Decoupled frontend & backend

Instead of sending passwords → apps exchange access tokens.

🖼️ OAuth2 Authentication Flow

🧠 OAuth2 Roles

RoleDescription
Resource OwnerUser
ClientLiferay
Authorization ServerIdentity Provider
Resource ServerAPIs

🛠 Step 1 — Enable OAuth2 in Liferay

Go to:

Control PanelSecurityOAuth2 Administration

Create a new OAuth2 Application.

🛠 Step 2 — Configure Client

Fill:

  • Name

  • Client ID

  • Client Secret

  • Redirect URI

Example:

http://localhost:8080/c/portal/oauth2/redirect

🖼️ OAuth2 Configuration

🛠 Step 3 — Configure Identity Provider

Example Keycloak:

Valid Redirect URI:
http://localhost:8080/*

Scopes:

openid profile email

🛠 Step 4 — Map User Attributes

Map IdP fields → Liferay user:

IdP FieldLiferay
emailemailAddress
given_namefirstName
family_namelastName

🧠 Step 5 — Access Token Usage

After login Liferay receives:

access_token
refresh_token
id_token

Use token in APIs:

Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9

🖼️ Token Example

⚠️ Common Issues

Invalid redirect URI

Must match exactly

User not created

Attribute mapping missing

Login loop

Clock difference between servers

Token rejected

Wrong audience / scope

🔐 Security Best Practices

✔ Use HTTPS only
✔ Short token expiry
✔ Use refresh tokens
✔ Restrict scopes
✔ Sync server time (NTP)

📚 Related Articles

These help build secure enterprise architectures.

🎯 Conclusion

OAuth2 integration makes Liferay enterprise-ready:

  • Centralized authentication

  • Secure APIs

  • Scalable microservices access

Once configured correctly, users can log in seamlessly across all connected applications.

💼 Professional Support Available

If you are facing issues in real projects related to enterprise backend development or workflow automation, I provide paid consulting, production debugging, project support, and focused trainings.

Technologies covered include Java, Spring Boot, PL/SQL, CMS, Azure, and workflow automation (jBPM, Camunda BPM, RHPAM).


Comments

Post a Comment

Popular posts from this blog

OOPs Concepts in Java | English | Object Oriented Programming Explained

Image
🔹OOPS (Object Oriented Programming System) in Java Object-Oriented Programming (OOPS) is a programming paradigm that uses classes and objects to design software. It simplifies development and maintenance by applying key concepts: 📌 Class: Class   is a user-defined data type which defines its properties and its functions. Class is the only logical representation of the data. For example, Human beings in an organisation is a class like Employee. The age, name, department, salary etc. of a human being/employee are its properties, and the jobs performed by the employees in an organisation are known as functions.  The class does not occupy any memory space till the time an object is instantiated. A class is a user-defined data type that defines properties and functions. For example: Class: Employee Properties: name, age, salary Functions: work(), attendMeeting() A class does not occupy memory until an object is created. ...
Read more

Scopes of Signal in jBPM

Image
💡 Introduction Signals in jBPM 7 are a core part of event-driven workflow design. They allow asynchronous communication between process instances, making it possible to start , interrupt , or coordinate processes without direct linking. However, signals can have different scopes , which define how far the signal travels and who receives it . Let’s explore the four available scopes in detail: 🔹 Process Scope 🔹 Default Scope 🔹 External Scope 🔹 Project Instance Scope 🧩 1️⃣ Process Scope 📘 Definition Process scope signals are local to a single process instance or its child subprocesses . They are not visible outside that instance hierarchy. 📋 Use Case Used for communication inside the same process , like triggering subprocesses or event sub-processes. 🖼️ Process Scope Example Below is an example of a simple process-scoped signal. Only this process (or its subprocess) will catch this signal. ⚙️ 2️⃣ Default Scope 📘 Definition The default scope ...
Read more

jBPM Installation Guide: Step by Step Setup

  jBPM Installation Guide – Step by Step for Beginners If you are starting with jBPM (Java Business Process Management) , the first step is to set up your environment. In this guide, we’ll walk through how to install jBPM, configure it, and run your first business process. 🔎 What is jBPM? Before we dive into installation, a quick recap: jBPM is an open-source Business Process Management (BPM) suite , written in Java, that allows you to model, execute, and monitor workflows using BPMN 2.0 standards. It can run standalone , embedded in applications , or deployed on a Java EE server . 🖥️ Prerequisites Before installing jBPM, make sure you have: Java JDK 11 or later (Java 17 is commonly used) Maven 3.x (for building and managing dependencies) Git (optional, if you want to clone sample projects) A Database (H2, MySQL, PostgreSQL, or Oracle) – jBPM ships with H2 for testing At least 4GB RAM (8GB recommended for Workbench & KIE Server) 📦 Download ...
Read more