This article is a legacy article. It applies to previous versions of the Liferay product. While the article is no longer maintained, the information may still be applicable.
After successfully configuring Liferay with NTLM, a user can authenticate simply by clicking "Sign In" within Liferay. While this is certainly a nice feature, there may be an additional requirement to extend the NTLM integration so that users are authenticated automatically when they navigate to any page in the portal.
To achieve this, there is a straight-forward solution of modifying a section of the liferay-web.xml, and a change to NTLMFilter.java. Please note that this is a customization and is not supported by Liferay Support.
Resolution
In order to implement seamless integration (or auto-login as some refer to it), there are changes to two files: liferay-web.xml and NTLMFilter.java.
- liferay-web.xml
Liferay-web.xml is a file that controls the filters that run when certain URLs on the portal are accessed. Change the file so the NTLM filter runs on every page of the portal instead of just on the login page.
In the filter-mapping section for SSO Ntlm Filter, change<url-pattern>/c/portal/login</url-pattern>to<url-pattern>/*<url-pattern>. The result will look like this:<filter-mapping> <filter-name>SSO Ntlm Filter</filter-name> <url-pattern>/*<url-pattern> <dispatcher>FORWARD</dispatcher> <dispatcher>REQUEST</dispatcher> </filter-mapping>
- NTLMFilter.java contains the class that is called when the NTLM filter runs. Make the following change so that the class so that the class runs on all pages except logout pages.
Change:if (path != null && path.endsWith("/login")) {toif (path != null &&!(path.endsWith("/guest/home") || path.endsWith("/portal/logout") || path.endsWith("/portal/layout"))) {Now, instead of only running the filter on the login page, the filter will run on all pages with the exception of the logout pages.