Skip to content
This repository has been archived by the owner on Apr 18, 2023. It is now read-only.

This is an osgi plugin that provides single sign-on using OAuth

License

Notifications You must be signed in to change notification settings

aquent/dotcms.plugins.oauth

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

plugins-dotcms-oauth

This is an osgi plugin that provides an example of single sign-on using OAuth2. This intended to be a drop in replacement for the standard dotcms login, both for front end users and for backend users and effectivly disables the out of the box authentication. This plugin is provided as a code example and should not be used in a production environment without careful understanding of what the code does.

It provides an example Google and a Facebook implementation.

Building

To download and build,clone the repo, cd into the cloned directoy and run

git clone https://github.com/dotCMS/plugin-dotcms-oauth.git
cd ./plugin-dotcms-oauth
MAKE CONFIG CHANGES
./gradlew jar

the plugin will be built under ./build/lib

Using

To use this plugin, you will need to have a developer account with the providers (Google, Facebook) and a application registered with the providers. In each application, make sure you:

  • Authorize the application scopes required by the plugin
  • Authorize the Callback host to receive the callback.
  • Copy the application API key and API secret and set them in the oauth.properties file.

See the oauth.properties for the required scopes.

This plugin "rewrites" the urls Dotcms uses to login (both front and backend) and points them to the OAuth provider specified. You can see and or add/delete/modify these "rewrites" in the Activator class here.

https://github.com/dotCMS/plugin-dotcms-oauth/blob/master/src/main/java/com/dotcms/osgi/oauth/Activator.java

If you want to avoid using oauth and authenticate via the standard Dotcms authentication, you can pass the url parameter native=true like this:

http://localhost:8080/html/portal/login.jsp?native=true 

or

http://localhost:8080/dotCMS/login?native=true 

OSGi Exports

Below is a list of exports that are required by this plugin

org.apache.velocity.tools.view.tools,
org.apache.velocity.tools.view.servlet,
org.apache.velocity.tools.view,
javax.xml.bind,
com.liferay.portal.util,
com.liferay.portal.model,
com.liferay.portal.auth,
com.dotmarketing.viewtools,
com.dotmarketing.util.json,
com.dotmarketing.util,
com.dotmarketing.osgi,
com.dotmarketing.filters,
com.dotmarketing.exception,
com.dotmarketing.cms.login.factories,
com.dotmarketing.cms.factories,
com.dotmarketing.business,

Troubleshooting

If you get an exception with the TLS algorithm, e.g. something like:

javax.net.ssl.SSLHandshakeException: Could not generate secret

You can disable DHE as a supported algorithm in your JAVA_HOME/lib/security/java.security file, e.g.

jdk.tls.disabledAlgorithms=SSLv3, DHE.

About

This is an osgi plugin that provides single sign-on using OAuth

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Java 100.0%