17.10.2012 Stefan Thomé Yves Kising

Access your Company s Knowledge Simple, Secure, Comprehensive 17.10.2012 Stefan Thomé Yves Kising Seite 1 edicos Access your Company's Knowledge

edicos Your Corporate Web Competence for Portal and WCMS solutions Information Portals with Liferay Corporate Websites with OpenText Consulting, Implementation and Support Consulting in Digital Marketing and SocialMedia Implementation with strong JAVA Know-How Ongoing Support with edicos Support Center Technology Partnerships Liferay Silver Partner OpenText Premier Partner Seite 2 edicos Access your Company's Knowledge

edicos your specialist edicos Solutions edicos UserInterface easy and comfortable AddOn for web content authoring with Liferay edicos SocialMediaBridges Multichannel Publishing directly from the Liferay authoring environment Facts Locations: Hamburg, Hanover, Cologne, Munich Employees: 45 Experience: Since 2003 more than 100 complex web and portal projects Seite 3 edicos Access your Company's Knowledge

Business case Seite 4 edicos Access your Company's Knowledge

Problems and solution A lot reusable and valuable knowledge spread over different projects and people This knowledge is indispensable for future projects to be successful! Existing Knowledge Management System is not accepted by consultants Based on OpenText Content Server Project Experiences and Skill Profiles are stored as documents or/and as metadata Standard OpenText User Interface without Corporate Design SOLUTION: Knowledge Management Portal to make all these information easily accessible and to fit future requirements for Knowledge Management Seite 5 edicos Access your Company's Knowledge

Why Liferay? No licenses costs. Subscription model for Enterprise Edition Flexible theming to fit customers layout style guide (CD) Intuitive user interface with Drag n Drop (like igoogle) Use of Out-of-the-Box feature for many requirements Main implementation tasks: layout, custom portlets, authentication Easy integration of web applications via JSR-286 portlet standard Extensible for future requirements Active Liferay-community Seite 6 edicos Access your Company's Knowledge

Three main challenges of the project Simple Secure Comprehensive Seite 7 edicos Access your Company's Knowledge

Liferay Portal and OpenText Content Server Simple Secure Comprehensive Seite 8 edicos Access your Company's Knowledge

Accessing content from the OT Content Server The user wants to know the skills of the person which he just found within the People finder portlet. GET /skillprofile?uid=11681 GET /km?function=getxmlskillp rofile?uid=11681 Liferay gets the request and sends a new request extended with some additional information to the OT CS, as if it is the user itself. Seite 9 edicos Access your Company's Knowledge

Accessing content from the OT Content Server The OT CS delivers the XML to Liferay Portal Metadata Metadata Metadata Metadata Metadata Metadata XML Metadata XML Metadata Metadata XML The OT CS collects the relevant documents and data. The OT CS extracts the metadata and Seite 10 edicos Access your Company's Knowledge The OT CS creates an XML file with the metadata

Accessing content from the OT Content Server Liferay delivers the HTML to the user. Liferay transforms the XML to HMTL. The user reads the informations. Seite 11 edicos Access your Company's Knowledge

Security Simple Secure Comprehensive Seite 13 edicos Access your Company's Knowledge

GetAccess Entrust GetAccess is a high performance, scalable Web access control solution. It centrally manages access to multiple applications through a single portal, providing users with single sign-on to the applications and content they are authorized to see The GetAccess component is integrated as an ISAPI-Filter into the Webserver GetAccess is responsible for the security It offers simple Windows Login functionality and two-factor authentication GetAccess can be configured such that certain URLs are protected only by Windows Login and others by two factor authentication (PKI-Card and digit) Seite 14 edicos Access your Company's Knowledge

User Management Because no user directory exists, we implement a Liferay service which imports and updates the users from the OT CS into the Liferay portal SSO is achieved by the GetAccess module and an autologin hook The GetAccess module provides the user s emailaddress within the HTTP- Header Seite 15 edicos Access your Company's Knowledge

Single Sign On 1 2 GetAccess adds a new variable remote_user to the http-request 5 4 3 The user is logged in and redirected to his personal page. The autologin hook compares this remoter_user to the OT CS users table and if this is successful The autologin hook compares this remoter_user to its users table. Seite 16 edicos Access your Company's Knowledge

Two-factor authentication 1 GA - cookie The user requests a secured portal page /skillprofile?ui d=11641 GetAccess asks for PKI card and password 5 3 https GA - Cookie 4 2 After successful authentication, the GetAccess cookie is provided within the HTTP Header Liferay extracts the GA-cookie and creates a new request with that cookie. Liferay delivers the content to the user GetAccess accepts the GA cookie. Liferay can identify itself as the user Seite 17 edicos Access your Company's Knowledge OT CS provides the requested data to the portal

Federated Query Simple Secure Comprehensive Seite 18 edicos Access your Company's Knowledge

Federated Query Technical breakdown The user searches in all pots. The results are transformed Corporate Intranet Liferay Portal Blogs OT Content Server Proj-Exper. Skill-Profils General The results are displayed to the user. Seite 19 edicos Access your Company's Knowledge

The result Seite 20 edicos Access your Company's Knowledge

Lessons Learned Certain Liferay portlets are prone to XSS Vulnerabilities, e.g. there is no default HTML-Sanitizer Liferay-Support provides answers and solutions very quickly For efficient debugging of portlet code etc. Liferay source (EE) code should be available Hard customizing of Liferay standard portlets is tricky - one JSP is used within different portlets Evaluate the two options: Create custom portlets on Liferay services Customize existing standard portlets Seite 22 edicos Access your Company's Knowledge

Any questions? Your contact Stefan Thomé Managing Director Tel.: +49 (0)89 628339-200 stefan.thome@edicos.de Yves P. Kising Senior IT Consultant Tel.: +49 (0)89 628339-260 yves.kising@edicos.de www.edicos.de Seite 23 edicos Access your Company's Knowledge

edicos Group Locations and contacts Hannover Prinzenstraße 14 30159 Hannover rolf.henning@edicos.de Hamburg Im Spitalerhof Kurze Mühren 1 20095 Hamburg gerold.schwarz@edicos.de Köln Robertstraße 2 51105 Köln joerg.scholtz@edicos.de München In der Kraemer`schen Kunstmühle Birkenleiten 41 81543 München gabriele.steg@edicos.de www.edicos.de Seite 24 edicos Access your Company's Knowledge