Ace 7 years ago
parent 15bea25074
commit 327f49cfd9

@ -33,6 +33,8 @@
"identityProviderUrl" : "https://%iot.keymanager.host%:%iot.keymanager.https.port%/samlsso", "identityProviderUrl" : "https://%iot.keymanager.host%:%iot.keymanager.https.port%/samlsso",
"acs": "https://%iot.manager.host%:%iot.manager.https.port%/devicemgt/uuf/sso/acs", "acs": "https://%iot.manager.host%:%iot.manager.https.port%/devicemgt/uuf/sso/acs",
"identityAlias": "wso2carbon", "identityAlias": "wso2carbon",
"defaultNameIDPolicy": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified",
"isPassive":false,
"responseSigningEnabled" : true, "responseSigningEnabled" : true,
"validateAssertionValidityPeriod": true, "validateAssertionValidityPeriod": true,
"validateAudienceRestriction": true, "validateAudienceRestriction": true,

@ -63,6 +63,9 @@ var constants = {
APP_CONF_AUTH_MODULE_SSO: "sso", APP_CONF_AUTH_MODULE_SSO: "sso",
APP_CONF_AUTH_MODULE_SSO_ENABLED: "enabled", APP_CONF_AUTH_MODULE_SSO_ENABLED: "enabled",
APP_CONF_AUTH_MODULE_SSO_ISSUER: "issuer", APP_CONF_AUTH_MODULE_SSO_ISSUER: "issuer",
APP_CONF_AUTH_MODULE_SSO_ACS: "acs",
APP_CONF_AUTH_MODULE_SSO_IS_PASSIVE: "isPassive",
APP_CONF_AUTH_MODULE_SSO_DEFAULT_NAME_ID_POLICY: "defaultNameIDPolicy",
APP_CONF_AUTH_MODULE_SSO_RESPONSE_SIGNING_ENABLED: "responseSigningEnabled", APP_CONF_AUTH_MODULE_SSO_RESPONSE_SIGNING_ENABLED: "responseSigningEnabled",
APP_CONF_AUTH_MODULE_SSO_KEY_STORE_NAME: "keyStoreName", APP_CONF_AUTH_MODULE_SSO_KEY_STORE_NAME: "keyStoreName",
APP_CONF_AUTH_MODULE_SSO_KEY_STORE_PASSWORD: "keyStorePassword", APP_CONF_AUTH_MODULE_SSO_KEY_STORE_PASSWORD: "keyStorePassword",

@ -271,7 +271,9 @@ var module = {};
} }
function getSsoLoginRequestParams() { function getSsoLoginRequestParams() {
var ssoClient = require("sso").client;
var ssoConfigs = getSsoConfigurations(); var ssoConfigs = getSsoConfigurations();
var carbon = require('carbon');
// Identity Provider URL // Identity Provider URL
var identityProviderUrl = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_IDENTITY_PROVIDER_URL]; var identityProviderUrl = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_IDENTITY_PROVIDER_URL];
if (!identityProviderUrl || (identityProviderUrl.length == 0)) { if (!identityProviderUrl || (identityProviderUrl.length == 0)) {
@ -284,6 +286,13 @@ var module = {};
} }
// Issuer // Issuer
var issuer = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_ISSUER]; var issuer = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_ISSUER];
var nameIDPolicy = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_DEFAULT_NAME_ID_POLICY];
var signingEnabled = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_RESPONSE_SIGNING_ENABLED];
var identityProviderUrl = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_IDENTITY_PROVIDER_URL];
var isPassive = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_IS_PASSIVE];
var acs = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_ACS];
var superTenant = carbon.server.superTenant;
if (!issuer || (issuer.length == 0)) { if (!issuer || (issuer.length == 0)) {
var msg = "Issuer is not given in SSO configurations in Auth module configurations in " var msg = "Issuer is not given in SSO configurations in Auth module configurations in "
+ "application configuration file '" + constants.FILE_APP_CONF + "'."; + "application configuration file '" + constants.FILE_APP_CONF + "'.";
@ -294,7 +303,12 @@ var module = {};
// SAML authentication request // SAML authentication request
var encodedSAMLAuthRequest; var encodedSAMLAuthRequest;
try { try {
encodedSAMLAuthRequest = (require("sso")).client.getEncodedSAMLAuthRequest(issuer); if (signingEnabled) {
encodedSAMLAuthRequest = ssoClient.getEncodedSignedSAMLAuthRequest(issuer,
identityProviderUrl, acs, isPassive, superTenant.tenantId, superTenant.domain, nameIDPolicy);
} else {
encodedSAMLAuthRequest = ssoClient.getEncodedSAMLAuthRequest(issuer);
}
} catch (e) { } catch (e) {
log.error("Cannot create SAML login authorization token with issuer '" + issuer + "'."); log.error("Cannot create SAML login authorization token with issuer '" + issuer + "'.");
log.error(e.message, e); log.error(e.message, e);
@ -529,7 +543,7 @@ var module = {};
response.sendError(500, msg); response.sendError(500, msg);
return; return;
} }
/** /**
* @type {{sessionId: string, loggedInUser: string, sessionIndex: string, samlToken: * @type {{sessionId: string, loggedInUser: string, sessionIndex: string, samlToken:
* string}} * string}}

Loading…
Cancel
Save