Introduction

Portal Authentication allows custom web applications to authenticate users previously authenticated by the Liferay portal. When a user logs into the Liferay portal, Liferay calls an application called the token generator. The token generator creates a token that encapsulates information for the user's session. If developers wish to add their own portlet that requires authentication from an outside web application into the Liferay portal , they can use the services depicted in the diagram below to have their outside web application authenticate users automatically.

Portal Authentication Outline

When logging into Liferay, it calls the token generator, which in turn generates a token for this particular user. When a user logs into the portal, Liferay contacts a URL in your web application and appends the encoded token information to the request. Your web application calls the call-back servlet,passing the contents of the encoded token to begin user validation. The call-back servlet then passes that token information to the token generator. The token generator obtains a user profile, and sends it back to the call-back servlet. The call-back servlet then passes that user profile information, encoded as an XML string, back to your web application to the user who was authenticated.