Feature #2030

Liferay portal Microsoft login hook

Added by Panagiota Koltsida almost 3 years ago. Updated about 2 years ago.

Status:ClosedStart date:Jan 21, 2016
Priority:NormalDue date:Jul 22, 2016
Assignee:Massimiliano Assante% Done:

80%

Category:-
Sprint:Liferay migration to 6.2 Version
Milestones:
Duration: 132

Description

Create a hook for logging in to liferay portal using twitter account

Liferay version target is 6.2


Related issues

Related to gCube - Feature #2031: Provide a Social login portlet for liferay Closed Jan 21, 2016 Mar 31, 2016

History

#1 Updated by Massimiliano Assante almost 3 years ago

  • Priority changed from Normal to Low

#2 Updated by Massimiliano Assante almost 3 years ago

  • Related to Feature #2031: Provide a Social login portlet for liferay added

#3 Updated by Massimiliano Assante over 2 years ago

  • Priority changed from Low to High
  • Due date set to Jul 22, 2016
  • Subject changed from Liferay portal Twitter login hook to Liferay portal Microsoft login hook

As I understand Twitter is problematic, let's go to Microsoft login

#4 Updated by Pasquale Pagano over 2 years ago

who has a Microsoft login? It does not seem to me the same. Twitter account was needed since it is a popular service .. Microsoft account is not and in any case it is not the same. Can you clarify a bit better? thanks

#5 Updated by Massimiliano Assante over 2 years ago

Lino, lots of people have Microsoft (live.com / outlook.com / office.com) Accounts. Any user with Windows (i think) and a Windows Phone has one. Also, if I'm not mistaken your Skype account is a Microsoft account (should be verified though)

#6 Updated by Pasquale Pagano over 2 years ago

lots of people have an Apple account but we do not support it. If needed I can understand the choice but it is not the same as requesting a twitter account, even for perception reasons about privacy and confidentiality.

#7 Updated by Michalis Nikolopoulos over 2 years ago

  • Assignee changed from Michalis Nikolopoulos to Massimiliano Assante

Hi @massimiliano.assante@isti.cnr.it , you can find the microsoft login hook here: http://maven.research-infrastructures.eu/nexus/service/local/repositories/gcube-snapshots/content/gr/cite/microsoft/microsoft-hook-login/1.0.0-SNAPSHOT/microsoft-hook-login-1.0.0-20160719.143837-3.war,
Let me remind you, that you should update the login.form.navigation.socials property of the file portal.properties of the login hook like that: login.form.navigation.socials=google, linkedIn, windowsLive
Let me know if there is any issue.

#8 Updated by Massimiliano Assante over 2 years ago

  • % Done changed from 0 to 80
  • Status changed from New to In Progress

thanks, I will try this on pre.d4science.org and let you know. A question, should I authorise redirect URLs on a Microsoft site? (Like I did with Google and LinkedIn) If so, where should I go to do such action? Could you provide me the URL or instruction? Thanks

#9 Updated by Michalis Nikolopoulos over 2 years ago

@massimiliano.assante@isti.cnr.it you should should set as redirect url in your app here https://apps.dev.microsoft.com, this : {host}/c/portal/windowslive_login
if this does not help much let me know.

#10 Updated by Massimiliano Assante over 2 years ago

ok, I did deploy everything on http://pre.d4science.org

then in the Application Id (ac22534f-406e-4a50-8bf6-3f55fbc3f1f6) as Client ID in Liferay Control Panel for the Windows Liva Authentication Tab and the Private Key provided by Microsoft in the Client Secret (under ClientId, same Tab of course)

When I try to login by clicking on the Windows Live button on the Login portlet I get an error but it seems is not up to us:

We're unable to complete your request

Microsoft account is experiencing technical problems. Please try again later.

#11 Updated by Massimiliano Assante over 2 years ago

Hi @mnikolopoulos@cite.gr it seems i'm not able to configure it properly. I was able to get the error though it seems the "client secret" is not set properly

The webpage at https://pre.d4science.org/c/portal/windowslive_login?error=unauthorized_client&error_description=The%20client%20does%20not%20have%20a%20secret%20configured.%20If%20you%20are%20the%20client%20application%20developer%2c%20configure%20a%20secret%20through%20the%20application%20management%20site%20at%20https://manage.dev.live.com/. m

RedirectURI should be ok
https://pre.d4science.org/c/portal/windowslive_login

while in the Client Secret field in Liferay I put the password (Type Password) I find in Application Secrets. Guess this is wrong

#12 Updated by Massimiliano Assante over 2 years ago

@mnikolopoulos@cite.gr helped me in the correct configuration of the Application, now I am successfully redirected and can login on the Microsoft page successfully but then when microsoft redirect to us the browser report this error:

Chrome

This site can’t be reached

The webpage at https://pre.d4science.org/c/portal/windowslive_login?code=M97c91dc9-d94b-2953-2ef7-f56979a5a7a8 might be temporarily down or it may have moved permanently to a new web address.
ERR_CONTENT_DECODING_FAILED

Safari:

Safari can’t open the page “https://pre.d4science.org/c/portal/windowslive_login?code=M97c91dc9-d94b-2953-2ef7-f56979a5a7a8”. The error is: “cannot decode raw data” (NSURLErrorDomain:-1015)

@andrea.dellamico@isti.cnr.it could this be an nginx problem?

#13 Updated by Michalis Nikolopoulos over 2 years ago

@massimiliano.assante@isti.cnr.it whenever and if possible, can i have a look at the logs?

#15 Updated by Andrea Dell'Amico over 2 years ago

Massimiliano Assante wrote:

andrea.dellamico@isti.cnr.it could this be an nginx problem?

I don't think so. I tried disabling the compression configuration, but nothing changed. I did this because firefox returned The page you are trying to view cannot be shown because it uses an invalid or unsupported form of compression but I think there's something else involved.

#16 Updated by Michalis Nikolopoulos over 2 years ago

After some research, it seems like Microsoft has altered the Authentication API. Even thought they still support the old created applcations, the newly created applications should use the new API. Further investigation is required.

#17 Updated by Massimiliano Assante over 2 years ago

  • Priority changed from High to Normal

#19 Updated by Massimiliano Assante over 2 years ago

Yes it does work now, however it doesn't say you'r loggin on behalf of D4Science Infrastructure, the Sign in page is different. I suppose is ok anyway

#20 Updated by Massimiliano Assante over 2 years ago

I mean yesterday the microsoft login page was showing the D4Science App name and logo

#21 Updated by Massimiliano Assante over 2 years ago

@mnikolopoulos@cite.gr I noticed the hook keep logging this at INFO level, seems like a poller (no one is using it)

14:30:49,102 INFO  [http-bio-9090-exec-272][WindowsLiveAutoLogin:36] Is windows live enabled: true
14:30:49,102 INFO  [http-bio-9090-exec-272][WindowsLiveAutoLogin:67] User's mail form session: 
14:31:10,994 INFO  [http-bio-9090-exec-279][WindowsLiveAutoLogin:36] Is windows live enabled: true
14:31:10,994 INFO  [http-bio-9090-exec-279][WindowsLiveAutoLogin:67] User's mail form session: 
14:31:55,299 INFO  [http-bio-9090-exec-239][WindowsLiveAutoLogin:36] Is windows live enabled: true
14:31:55,300 INFO  [http-bio-9090-exec-239][WindowsLiveAutoLogin:67] User's mail form session: 
14:31:56,271 INFO  [http-bio-9090-exec-252][WindowsLiveAutoLogin:36] Is windows live enabled: true
14:31:56,272 INFO  [http-bio-9090-exec-252][WindowsLiveAutoLogin:67] User's mail form session: 
14:31:59,985 INFO  [http-bio-9090-exec-266][WindowsLiveAutoLogin:36] Is windows live enabled: true
14:31:59,986 INFO  [http-bio-9090-exec-266][WindowsLiveAutoLogin:67] User's mail form session: 
14:32:00,993 INFO  [http-bio-9090-exec-251][WindowsLiveAutoLogin:36] Is windows live enabled: true
14:32:00,993 INFO  [http-bio-9090-exec-251][WindowsLiveAutoLogin:67] User's mail form session: 

#22 Updated by Michalis Nikolopoulos over 2 years ago

@massimiliano.assante@isti.cnr.it, this message was used to debug the login hook, the logging level is a bit off, it should have been debug of course. Thsi will be fixed at once and the ETICS build will have the correct version. The Sign in page should not have been altered by microsoft login hook. Does this behaviour perist, if one of the other login methods is used?

#23 Updated by Massimiliano Assante about 2 years ago

  • Status changed from In Progress to Closed

Given the fact that Microsoft does not support the multiple auth redirection addresses we cannot enable the plugin.

Also available in: Atom PDF