Expand my Community achievements bar.

Enhance your AEM Assets & Boost Your Development: [AEM Gems | June 19, 2024] Improving the Developer Experience with New APIs and Events

LifeRay and CQ Portlet: SSO via cqpsso cookie


Level 4


This is somewhat a long post.  I try to provide as much details as possible and highlight questions in bold.

With reference to https://docs.adobe.com/docs/en/aem/6-1/administer/integration/cq-as-portal.html, we were able to install the CQ Portlet to Liferay, add the portlet to a page in Liferay and get the geometrixx-outdoors and geometrixx site contents.  We are trying to go one step further and use SSO.  

The documentation states

The authenticator service can be configured to use SSO and transmit the current portal user with format Basic as a cookie named cqpsso to CQ

Based on what we can understand from the documentation, the Portlet can be configured to use SSO by

1. Enabling CQ to accept trusted credentials (we did this on our publish instance, via the  Apache Felix JAAS Configuration Factory).  Although, I am not sure if we actually configured this correctly.

The documentation had the following

<LoginModule class="com.day.crx.security.authentication.CRXLoginModule">
  <param name="trust_credentials_attribute" value="TrustedInfo"/>
  <param name="anonymous_principal" value="anonymous"/>


I assumed we just create a new entry in Apache Felix JAAS Configuration and set class to "com.day.crx.security.authentication.CRXLoginModule".  I also assumed that we add the 2 param name/values as new options entry, like this

trust_credentials_attribute=TrustedInfo anonymous_principal=anonymous

Can you review and advise if the above is correct?

2. We enabled SSO authentication in the CQ WCM and verified the cookie name as "cqpsso"

3. We configured and enabled SSO authentication in the CQ Portlet on our Liferay by setting the Mode to SSO, leaving everything else as default

4. We made sure to login with userA, who exists on BOTH Liferay and the CQ Publish instance

On Chrome, we did not see any cqpsso for localhost.  I doubt the cookie was ever created. Is the cookie creation done by the portlet?

The documentation also showed this

C-12-#001898 -> [GET /mynet/en/_jcr_content/par/textimage/image.img.png HTTP/1.1 ]
C-12-#001963 -> [cq5:locale: en ]
C-12-#001979 -> [cq5:used-locale: en ]
C-12-#002000 -> [cq5:locales: en,en_US ]
C-12-#002023 -> [cqp:user: wpadmin ]
C-12-#002042 -> [cqp:portal: IBM WebSphere Portal/6.1 ]
C-12-#002080 -> [cqp:windowid: 7_CGAH47L000CE302V2KFNOG0084 ]
C-12-#002124 -> [cqp:windowstate: normal ]
C-12-#002149 -> [cqp:portletmode: view ]
C-12-#002172 -> [User-Agent: Jakarta Commons-HttpClient/3.1 ]
C-12-#002216 -> [Host: ]
C-12-#002238 -> [Cookie: $Version=0; cqpsso=Basic+d3BhZG1pbg%3D%3D ]
C-12-#002289 -> [ ]


It would be nice to know how we can find this information.  Is this logged in the portlet?  In Liferay?  How does the deployed portlet know how to transmit the current portal user with format Basic as a cookie?  Is this a setting that we need to configure?

Any advise or pointers would be greatly appreciated.

Thank You

0 Replies