Configuring Liferay Authentication With Auth0 Using OpenId Connect

This tutorial guides you through integrating Auth0, your Identity Provider (IdP), with your Liferay environment using OpenID Connect.

Prerequisites

  • Auth0 account
  • Liferay DXP environment
  • A user who has administrative access to Auth0’s dashboard
  • A user who has administrative access to Liferay’s Control Panel

Auth0 Configuration

  1. Log in to Auth0.

  2. Open Auth0’s dashboard

  3. Select Applications from the side menu and create a new application.

    Select Applications from the side menu and create a new application.

  4. Set a name of your choice, and choose Regular Web Applications for your application type.

    Choose Regular Web Applications type

  5. Click Create to have your application ready.

  6. The Client ID and Client Secret can be found in the Settings tab. You’ll need them later on.

    The Client ID and Client Secret can be found in the Settings tab

  7. Scroll down to the Application URIs section to set the Allowed Callback URLs field, and enter https://[your_liferay_environment]/c/portal/login/openidconnect.

    Set the Allowed Callback URLs field under Application URIs section

  8. Access the Advanced Settings at the bottom of the page to edit any additional settings.

  9. Click Save Changes to save your application settings.

  10. With the Auth0 configuration complete, you can now configure your Auth0 application to Liferay DXP.

Note

If you are testing and do not have any users, make sure to create your users by navigating to User Management → Users.

Configuring the OpenID Connect Provider Connection

Now that Auth0 is configured, use Liferay’s interface to set up the provider connection. All configuration is done through the provider’s Well-Known Configuration Endpoint.

Note

The Auth0’s Well-Known URI is https://[your-default-tenant].us.auth0.com/.well-known/openid-configuration. To find your default tenant, navigate to your profile and look for Default Tenant, or on the url before /profile.

  1. On your DXP instance, navigate to Global MenuControl PanelInstance SettingsSecuritySSO.

  2. Go to OpenID Connect Provider Connection tab and add a new connection entry.

  3. Fill out the fields with the requested data, as showed in the table below. These values you can find on the Well-known URL mentioned on the note above.

    FieldData
    Provider NameAuth0 OIDC
    Scopesscopes_supported url
    Authorization Endpointauthorization_endpoint url
    Issuer URLissuer url
    JWKS URIjwks_uri url
    ID Token Signing Algorithmsid_token_signing_alg_values_supported url
    Subject Typessubject_types_supported url
    Token Endpointtoken_endpoint url
    User Information Endpointuserinfo_endpoint url
    OpenID Connect Client IDUnder the Settings tab of your application in Auth0
    OpenID Connect Client SecretUnder the Settings tab of your application in Auth0

Be sure to click Save to ensure your changes are preserved.

Once that is done, enable OpenID Connect. To enable the OpenId Connect:

  1. On your DXP instance, navigate to Global MenuControl PanelConfigurationInstance Settings.

  2. Click on SSO under the security section.

  3. Go to the OpenID Connect tab, click the Enabled checkbox and click Save.

    Click the Enabled checkbox to enable the OpenID Connection

Validation

  1. Start your Liferay DXP instance

  2. Click on the Sign In button and choose OpenId Connect.

    Click on the Sign In button and choose OpenId Connect

  3. Choose Auth0 OIDC from the list and sign in with your Auth0 account.

    Choose Auth0 from the list and sign in with your Auth0 account

  4. Once you click Sign In, you’ll be redirected to Auth0’s log in page.

    Once you click Sign In, you'll be redirected to Auth0's log in page

  5. Type in the email address and password for your user. You have successfully logged in.

  6. Sign back in with your Liferay administrator account. Navigate to Control PanelUsers and Organizations, and verify that the account came into Liferay.

Conclusion

Congratulations! Users may now authenticate to your environment by using Auth0.

Tips and Troubleshooting

Callback URL mismatch

If you encounter an error like the image below, verify that your Allowed Callback URLs are configured correctly in Auth0 with the appropriate path and Hypertext Transfer Protocol (HTTP or HTTPS). You can find them in your Auth0 account by navigating to the application you created → Settings tab → Application URIs section.

Error when not using appropriate path and Hypertext Transfer Protocol in the allowed callback URLs

Capabilities

Product

Contact Us

Connect

Powered by Liferay
© 2024 Liferay Inc. All Rights Reserved • Privacy Policy