* Added auth routes to con

* Supported login/logout and assertion consumer url
* Implemented the auth header
* Included the auth header on pages
* Added logout button to UI
* Added related configs and a lib to read configs efficiently
revert-dabc3590
Dulitha Wijewantha 10 years ago
parent 1a78ae08c2
commit 6b0909f810

@ -0,0 +1,16 @@
{
"APP_CONTEXT" : "/cdm/",
"API_CONTEXT" : "api",
"HTTPS_URL": "%https.ip%",
"HTTP_URL": "%http.ip%",
"ssoConfiguration": {
"enabled": true,
"issuer": "cdm",
"identityProviderURL": "%https.ip%/sso/samlsso.jag",
"keyStorePassword": "wso2carbon",
"identityAlias": "wso2carbon",
"responseSigningEnabled": "true",
"storeAcs": "%https.ip%/emm/acs",
"keyStoreName": "/repository/resources/security/wso2carbon.jks"
}
}

@ -1,76 +1,18 @@
<%
var dataConfi = require('/config/emm.js').config();
var dataConfig = require('/modules/mdm-props.js').config();
var sso = require("/modules/sso.js").sso;
var log = new Log();
var keyStoreParams = {
keyStoreName: dataConfi.ssoConfiguration.keyStoreName,
keyStorePassword: dataConfi.ssoConfiguration.keyStorePassword,
identityAlias: dataConfi.ssoConfiguration.identityAlias
keyStoreName: dataConfig.ssoConfiguration.keyStoreName,
keyStorePassword: dataConfig.ssoConfiguration.keyStorePassword,
identityAlias: dataConfig.ssoConfiguration.identityAlias
}
sso.configure(dataConfi.ssoConfiguration.issuer, "emm", keyStoreParams, dataConfi.ssoConfiguration.identityProviderURL);
sso.configure(dataConfig.ssoConfiguration.issuer, "cdm", keyStoreParams, dataConfig.ssoConfiguration.identityProviderURL);
sso.acs(function(loggedInUser) {
session.put("LOGGED_IN_USER", loggedInUser);
session.put("Loged", "true");
session.put("USER", loggedInUser);
var username = loggedInUser;
var userModule = require('/modules/user.js').user;
var db = common.getDatabase();
var user = new userModule(db);
var objUser = user.getUser({
'userid': username,
login: true
});
if (objUser != null) {
var userFeed = {};
userFeed.tenantId = stringify(objUser["tenantId"]);
userFeed.username = objUser["username"];
userFeed.email = objUser["email"];
userFeed.firstName = objUser["firstName"];
userFeed.lastName = objUser["lastName"];
userFeed.mobile = objUser["mobile"];
userFeed.tenantDomain = user.getTenantDomainFromID(stringify(objUser["tenantId"]));
var parsedRoles = parse(objUser["roles"]);
userFeed.roles = parsedRoles;
var isEMMAdmin = false;
var isAdmin = false;
for (var i = 0; i < parsedRoles.length; i++) {
if (parsedRoles[i] == 'Internal/emmadmin') {
isEMMAdmin = true;
break;
}
if (parsedRoles[i] == 'admin') {
isAdmin = true;
isEMMAdmin = true;
break;
}
}
userFeed.isEMMAdmin = isEMMAdmin;
userFeed.isAdmin = isAdmin;
session.put("emmConsoleUserLogin", "true");
session.put("emmConsoleUser", userFeed);
//var db = common.getDatabase();
var startupModule = require('/modules/startup.js').startup;
var startup = new startupModule(db);
startup.onUserLogin(userFeed);
var groupModule = require('/modules/group.js').group;
var group = new groupModule(db);
if (!group.roleExists("Internal/emmadmin")) {
var userList = new Array();
group.addGroup({
'name': 'Internal/emmadmin',
'users': userList
});
}
var appController = require('/controller/app.js');
if (isAdmin || isEMMAdmin) {
response.sendRedirect('console/dashboard');
} else {
response.sendRedirect(appController.appInfo().server_url + 'users/devices?user=' + userFeed.username);
}
}
log.debug("User logged in: "+username);
response.sendRedirect('/cdm/dashboard');
}, function() {
response.sendRedirect('/emm');
response.sendRedirect('/cdm');
}); %>

@ -1,17 +1,18 @@
<%
(function(){
if (!session.get("emmConsoleUserLogin")) {
var dataConfi = require('/config/emm.js').config();
var sso = require("/modules/sso.js").sso;
var keyStoreParams = {
keyStoreName : dataConfi.ssoConfiguration.keyStoreName,
keyStorePassword : dataConfi.ssoConfiguration.keyStorePassword,
identityAlias : dataConfi.ssoConfiguration.identityAlias
}
sso.configure(dataConfi.ssoConfiguration.issuer, "emm", keyStoreParams, dataConfi.ssoConfiguration.identityProviderURL);
sso.login();
if (!session.get("USER")) {
var dataConfig = require('/modules/mdm-props.js').config();
var sso = require("/modules/sso.js").sso;
var keyStoreParams = {
keyStoreName : dataConfig.ssoConfiguration.keyStoreName,
keyStorePassword : dataConfig.ssoConfiguration.keyStorePassword,
identityAlias : dataConfig.ssoConfiguration.identityAlias
}
sso.configure(dataConfig.ssoConfiguration.issuer, "cdm", keyStoreParams, dataConfig.ssoConfiguration.identityProviderURL);
sso.login();
}else{
response.sendRedirect("/emm");
response.sendRedirect("/cdm");
}
}());
%>

@ -1,15 +1,15 @@
<%
var user = session.get("emmConsoleUser");
var user = session.get("USER");
if (user === null) {
response.sendRedirect('/emm');
response.sendRedirect('/cdm/dashboard');
} else {
var dataConfi = require('/config/emm.js').config();
var dataConfi = require('/modules/mdm-props.js').config();
var sso = require("/modules/sso.js").sso;
var keyStoreParams = {
keyStoreName: dataConfi.ssoConfiguration.keyStoreName,
keyStorePassword: dataConfi.ssoConfiguration.keyStorePassword,
identityAlias: dataConfi.ssoConfiguration.identityAlias
}
sso.configure(dataConfi.ssoConfiguration.issuer, "emm", keyStoreParams, dataConfi.ssoConfiguration.identityProviderURL);
sso.configure(dataConfi.ssoConfiguration.issuer, "cdm", keyStoreParams, dataConfi.ssoConfiguration.identityProviderURL);
sso.logout(user);
} %>

@ -1,3 +1,23 @@
<%
// This will have the auth headers
<%
/*
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
var loggedUser = session.get("USER");
if(loggedUser==null){
response.sendRedirect("/cdm/login");
}
%>

@ -18,6 +18,7 @@
<li><a href="/cdm/dashboard">Dashboard</a></li>
<li><a href="#">Configuration</a></li>
<li><a href="#">Management</a></li>
<li><a href="/cdm/logout">Logout</a></li>
</ul>
</div>
</div>

@ -2,6 +2,18 @@
"welcomeFiles": ["pages/dashboard.jag"],
"initScripts": ["/init.js"],
"urlMappings": [
{
"url": "/login",
"path": "/controller/login.jag"
},
{
"url": "/logout",
"path": "/controller/logout.jag"
},
{
"url": "/acs",
"path": "/controller/acs.jag"
},
{
"url": "/devices/*",
"path": "/pages/device.jag"

@ -0,0 +1,37 @@
/*
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
var config = function () {
var conf = application.get("PINCH_CONFIG");
if (!conf) {
var pinch = require('/modules/pinch.min.js').pinch,
server = require('carbon').server;
config = require('/config/config.json'),
pinch(config, /^/, function (path, key, value) {
if ((typeof value === 'string') && value.indexOf('%https.ip%') > -1) {
return value.replace('%https.ip%', server.address("https"));
} else if ((typeof value === 'string') && value.indexOf('%http.ip%') > -1) {
return value.replace('%http.ip%', server.address("http"));
}
return value;
});
application.put("PINCH_CONFIG", config);
conf = config;
}
return conf;
};

@ -0,0 +1,22 @@
/*
* *
* * Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
* *
* * Licensed under the Apache License, Version 2.0 (the "License");
* * you may not use this file except in compliance with the License.
* * You may obtain a copy of the License at
* *
* * http://www.apache.org/licenses/LICENSE-2.0
* *
* * Unless required by applicable law or agreed to in writing, software
* * distributed under the License is distributed on an "AS IS" BASIS,
* * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* * See the License for the specific language governing permissions and
* * limitations under the License.
*
*/
(function(){var k=function(a,c){return a.length!==c.length?!1:a.every(function(a,b){return c[b]===a})},j=function(a,c,d){var b,e;if("[object Array]"===Object.prototype.toString.call(a)){b=0;for(e=a.length;b<e;b++)c.apply(d,[b,a[b],a])}else for(b in a)a.hasOwnProperty(b)&&c.apply(d,[b,a[b],a])},h=function(a){for(var c=[],d=!1,b=0,e=a.length,f="",g=function(){f&&(c.push(f),f="")};b<e;b++)a[b].match(/\[|\]/)?(g(),d="]"===a[b]?!1:!0):'"'!==a[b]&&"'"!==a[b]&&("."===a[b]&&!d?g():f+=a[b]),b===e-1&&g();return c},
g=function(a,c,d){var b=-1!==["string","object"].indexOf(typeof a),e="string"===typeof c||c&&c.test&&c.exec,f=-1!==["string","object","function"].indexOf(typeof d);b&&e&&f&&("string"===typeof a?(this.instance=JSON.parse(a),this.json=!0):this.instance=a,this.pattern="string"===typeof c?c.replace(/'/g,'"'):c,this.replacement=d,this.createIndex(this.instance))};g.prototype.createIndex=function(a,c){var d=this;this.index=this.index||[];c=c||"";j(a,function(a,e){var f,a=a+"";f=a.match(/^[a-zA-Z]+$/)?c?
c+"."+a:a:a.match(/\d+/)?c+"["+a+"]":c+'["'+a+'"]';d.index.push(f);"object"===typeof e&&d.createIndex(e,f)})};g.prototype.replace=function(){var a=this;j(this.index,function(c,d){if(a.pattern&&a.pattern.test&&a.pattern.exec&&d.match(a.pattern))return a.replaceValue(d);if("string"===typeof a.pattern){var b=h(d),e=h(a.pattern);if(k(b,e))return a.replaceValue(d)}});return this.json?JSON.stringify(this.instance):this.instance};g.prototype.replaceValue=function(a){var c=this,d=h(a);d.reduce(function(b,
e,f){if(f===d.length-1)f="function"===typeof c.replacement?c.replacement(a,e,b[e]):c.replacement,b[e]=f;else return b[e]},this.instance)};var i=function(a,c,d,b){a=(new g(a,c,d)).replace();return"function"===typeof b?b(null,a):a};"undefined"!==typeof module&&module.exports?module.exports=i:"undefined"!==typeof define?define(function(){return i}):this.pinch=i})();

@ -49,9 +49,16 @@ var ssoMod = require("sso");
sso.sessionId = session.getId();
var referer = request.getHeader("referer");
sso.relayState = (referer ? referer : sso.relayState);
sso.relayState = sso.relayState + request.getQueryString(); // append query string
sso.relayState = sso.relayState;// append query string
var log = new Log();
if(request.getQueryString()){
sso.relayState += request.getQueryString();
}
sso.encodedSAMLAuthRequest = ssoMod.client.getEncodedSAMLAuthRequest(sso.issuer);
var postUrl = sso.address + sso.ssoService;
log.info(sso.relayState);
print("<div><p>You are now being redirected to SSO Provider. If the redirection fails, please click on the button below.</p> <form method='post' action='"+postUrl+"'><p><input type='hidden' name='SAMLRequest' value='"+sso.encodedSAMLAuthRequest+"'/><input type='hidden' name='RelayState' value='"+sso.relayState+"'/><input type='hidden' name='SSOAuthSessionID' value='"+sso.sessionId+"'/><button type='submit'>Redirect manually</button></p></form></div><script type = 'text/javascript' >document.forms[0].submit();</script>");
}
sso.logout = function(user){

@ -18,6 +18,7 @@
* under the License.
*/
var title="WSO2 CDM";
include("/includes/auth-header.jag");
%>
<html lang="en">
<%

@ -18,6 +18,7 @@
* under the License.
*/
var title="WSO2 CDM";
include("/includes/auth-header.jag");
%>
<html lang="en">
<%

Loading…
Cancel
Save