From 1b8d52e5e278aec0f45868e4caf08ed4e88c41de Mon Sep 17 00:00:00 2001 From: ayyoob Date: Mon, 16 Jan 2017 16:08:23 +0530 Subject: [PATCH 01/13] fixed multi tenant login issue --- modules/analytics/distribution/src/ues/designer.json | 2 +- modules/core/distribution/identity_config_change.xml | 9 +++++++++ .../conf/identity/service-providers/API_STORE.xml | 2 +- .../conf/identity/service-providers/devicemgt.xml | 2 +- .../conf/identity/service-providers/portal.xml | 2 +- .../repository/jaggeryapps/portal/configs/designer.json | 2 +- pom.xml | 6 +++--- 7 files changed, 17 insertions(+), 8 deletions(-) diff --git a/modules/analytics/distribution/src/ues/designer.json b/modules/analytics/distribution/src/ues/designer.json index 477b04eb..35737370 100644 --- a/modules/analytics/distribution/src/ues/designer.json +++ b/modules/analytics/distribution/src/ues/designer.json @@ -43,7 +43,7 @@ "password":"admin", "dynamicClientAppRegistrationServiceURL": "https://localhost:9443/dynamic-client-web/register", "apiManagerClientAppRegistrationServiceURL": "https://localhost:9443/api-application-registration/register/tenants", - "grantType": "password refresh_token urn:ietf:params:oauth:grant-type:saml2-bearer urn:ietf:params:oauth:grant-type:jwt-bearer", + "grantType": "password refresh_token urn:ietf:params:oauth:grant-type:saml2-carbon urn:ietf:params:oauth:grant-type:jwt-bearer", "tokenScope": "admin", "callbackUrl": "https://localhost:9445/portal", "saasApp":true diff --git a/modules/core/distribution/identity_config_change.xml b/modules/core/distribution/identity_config_change.xml index 2b56094e..27e2ded7 100644 --- a/modules/core/distribution/identity_config_change.xml +++ b/modules/core/distribution/identity_config_change.xml @@ -29,4 +29,13 @@ org.wso2.carbon.identity.oauth2.grant.jwt.JWTGrantValidator ]]> + + //s:Server/s:OAuth/s:SupportedGrantTypes/s:SupportedGrantType[s:GrantTypeName='iwa:ntlm'] + + + urn:ietf:params:oauth:grant-type:saml2-carbon + org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant.ExtendedSAML2BearerGrantHandler + org.wso2.carbon.identity.oauth.common.SAML2GrantValidator + ]]> + \ No newline at end of file diff --git a/modules/core/distribution/src/repository/conf/identity/service-providers/API_STORE.xml b/modules/core/distribution/src/repository/conf/identity/service-providers/API_STORE.xml index 4ae3fdaf..d77e49a3 100644 --- a/modules/core/distribution/src/repository/conf/identity/service-providers/API_STORE.xml +++ b/modules/core/distribution/src/repository/conf/identity/service-providers/API_STORE.xml @@ -44,7 +44,7 @@ true - false + true diff --git a/modules/core/distribution/src/repository/conf/identity/service-providers/devicemgt.xml b/modules/core/distribution/src/repository/conf/identity/service-providers/devicemgt.xml index 156eb6e1..2c7c52d9 100644 --- a/modules/core/distribution/src/repository/conf/identity/service-providers/devicemgt.xml +++ b/modules/core/distribution/src/repository/conf/identity/service-providers/devicemgt.xml @@ -44,7 +44,7 @@ true - false + true diff --git a/modules/core/distribution/src/repository/conf/identity/service-providers/portal.xml b/modules/core/distribution/src/repository/conf/identity/service-providers/portal.xml index 7f84e5ab..3cd65666 100644 --- a/modules/core/distribution/src/repository/conf/identity/service-providers/portal.xml +++ b/modules/core/distribution/src/repository/conf/identity/service-providers/portal.xml @@ -44,7 +44,7 @@ true - false + true diff --git a/modules/core/distribution/src/repository/jaggeryapps/portal/configs/designer.json b/modules/core/distribution/src/repository/jaggeryapps/portal/configs/designer.json index f6c0c85a..a2461d88 100644 --- a/modules/core/distribution/src/repository/jaggeryapps/portal/configs/designer.json +++ b/modules/core/distribution/src/repository/jaggeryapps/portal/configs/designer.json @@ -43,7 +43,7 @@ "password":"admin", "dynamicClientAppRegistrationServiceURL": "https://localhost:9443/client-registration/v0.10/register", "apiManagerClientAppRegistrationServiceURL": "%https.host%/api-application-registration/register/tenants", - "grantType": "password refresh_token urn:ietf:params:oauth:grant-type:saml2-bearer urn:ietf:params:oauth:grant-type:jwt-bearer", + "grantType": "password refresh_token urn:ietf:params:oauth:grant-type:saml2-carbon urn:ietf:params:oauth:grant-type:jwt-bearer", "tokenScope": "admin", "callbackUrl": "%https.host%/portal", "saasApp":true diff --git a/pom.xml b/pom.xml index e4a61e2c..0ea2d15a 100644 --- a/pom.xml +++ b/pom.xml @@ -1529,17 +1529,17 @@ 4.7.0 - 2.0.7 + 2.0.8-SNAPSHOT [2.0.0, 3.0.0) 3.0.0-SNAPSHOT - 3.0.6 + 3.0.7-SNAPSHOT - 6.1.35 + 6.1.47 (6.0.0,7.0.0] From c7251e251aba5078d1948f8d90a3dd14cd953726 Mon Sep 17 00:00:00 2001 From: ayyoob Date: Mon, 16 Jan 2017 19:42:59 +0530 Subject: [PATCH 02/13] renaming worker to backend --- modules/core/p2-profile-gen/pom.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/core/p2-profile-gen/pom.xml b/modules/core/p2-profile-gen/pom.xml index 8856f6a6..57e62a36 100644 --- a/modules/core/p2-profile-gen/pom.xml +++ b/modules/core/p2-profile-gen/pom.xml @@ -783,7 +783,7 @@ - p2-profile-generation-devicetype-worker-profile + p2-profile-generation-devicetype-backend-profile package materialize-product @@ -795,7 +795,7 @@ file:${basedir}/target/wso2carbon-core-${carbon.kernel.version}/repository/components - devicetype-worker + devicetype-backend @@ -3080,7 +3080,7 @@ p2-profile-gen - devicetype-worker + devicetype-backend file:${basedir}/target/p2-repo file:${basedir}/target/p2-repo From df6d28fe0f0d0f6770426965d10d4a69e92caf72 Mon Sep 17 00:00:00 2001 From: ayyoob Date: Tue, 17 Jan 2017 15:52:03 +0530 Subject: [PATCH 03/13] installed missing features for device backend --- modules/core/p2-profile-gen/pom.xml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/modules/core/p2-profile-gen/pom.xml b/modules/core/p2-profile-gen/pom.xml index 57e62a36..0c68c548 100644 --- a/modules/core/p2-profile-gen/pom.xml +++ b/modules/core/p2-profile-gen/pom.xml @@ -3204,6 +3204,7 @@ ${carbon.device.mgt.version} + org.wso2.carbon.device.mgt.adapter.feature.group ${carbon.device.mgt.plugin.version} @@ -3671,6 +3672,25 @@ ${identity.inbound.auth.saml.version.iotcore} + + + + org.wso2.carbon.dashboards.shindig.feature.group + ${carbon.dashboard.version} + + + org.wso2.carbon.dashboards.portal.feature.group + ${carbon.dashboard.version} + + + org.wso2.carbon.dashboard.deployment.feature.group + ${carbon.dashboard.version} + + + org.wso2.carbon.iot.device.statistics.dashboard.feature.group + ${carbon.device.mgt.plugin.version} + + From 2c500c4e4f85e4ff842373e9e47f49bff6edb0f2 Mon Sep 17 00:00:00 2001 From: ayyoob Date: Wed, 18 Jan 2017 01:50:46 +0530 Subject: [PATCH 04/13] added apim separation --- modules/core/distribution/src/repository/bin/wso2server.bat | 2 +- modules/core/distribution/src/repository/bin/wso2server.sh | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/modules/core/distribution/src/repository/bin/wso2server.bat b/modules/core/distribution/src/repository/bin/wso2server.bat index 1f88be5b..3aa5e60a 100644 --- a/modules/core/distribution/src/repository/bin/wso2server.bat +++ b/modules/core/distribution/src/repository/bin/wso2server.bat @@ -162,7 +162,7 @@ set CARBON_CLASSPATH=.\lib;%CARBON_CLASSPATH% set JAVA_ENDORSED=".\lib\endorsed";"%JAVA_HOME%\jre\lib\endorsed";"%JAVA_HOME%\lib\endorsed" -set CMD_LINE_ARGS=-Xbootclasspath/a:%CARBON_XBOOTCLASSPATH% -Xms256m -Xmx1024m -XX:MaxPermSize=512m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath="%CARBON_HOME%\repository\logs\heap-dump.hprof" -Dcom.sun.management.jmxremote -classpath %CARBON_CLASSPATH% %JAVA_OPTS% -Djava.endorsed.dirs=%JAVA_ENDORSED% -Dcarbon.registry.root=/ -Dcarbon.home="%CARBON_HOME%" -Dlogger.server.name="IoT-Core" -Dwso2.server.standalone=true -Djava.command="%JAVA_HOME%\bin\java" -Djava.opts="%JAVA_OPTS%" -Djava.io.tmpdir="%CARBON_HOME%\tmp" -Dcatalina.base="%CARBON_HOME%\lib\tomcat" -Dwso2.carbon.xml=%CARBON_HOME%\repository\conf\carbon.xml -Dwso2.registry.xml="%CARBON_HOME%\repository\conf\registry.xml" -Dwso2.user.mgt.xml="%CARBON_HOME%\repository\conf\user-mgt.xml" -Dwso2.transports.xml="%CARBON_HOME%\repository\conf\mgt-transports.xml" -Djava.util.logging.config.file="%CARBON_HOME%\repository\conf\etc\logging-bridge.properties" -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcarbon.config.dir.path="%CARBON_HOME%\repository\conf" -Dcomponents.repo="%CARBON_HOME%\repository\components" -Dconf.location="%CARBON_HOME%\repository\conf" -Dcom.atomikos.icatch.file="%CARBON_HOME%\lib\transactions.properties" -Dcom.atomikos.icatch.hide_init_file_path="true" -Dorg.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true -Dcom.sun.jndi.ldap.connect.pool.authentication=simple -Dcom.sun.jndi.ldap.connect.pool.timeout=3000 -Dorg.terracotta.quartz.skipUpdateCheck=true -Dcarbon.classpath=%CARBON_CLASSPATH% -Dfile.encoding=UTF8 -Dorg.wso2.ignoreHostnameVerification=true -Dorg.opensaml.httpclient.https.disableHostnameVerification=true -Dmqtt.broker.host="localhost" -Dmqtt.broker.port="1886" -Diot.core.host="localhost" -Diot.core.https.port="9443" -Diot.keymanager.host="localhost" -Diot.keymanager.https.port="9443" -Diot.gateway.host="localhost" -Diot.gateway.https.port="8243" -Diot.gateway.http.port="8280" +set CMD_LINE_ARGS=-Xbootclasspath/a:%CARBON_XBOOTCLASSPATH% -Xms256m -Xmx1024m -XX:MaxPermSize=512m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath="%CARBON_HOME%\repository\logs\heap-dump.hprof" -Dcom.sun.management.jmxremote -classpath %CARBON_CLASSPATH% %JAVA_OPTS% -Djava.endorsed.dirs=%JAVA_ENDORSED% -Dcarbon.registry.root=/ -Dcarbon.home="%CARBON_HOME%" -Dlogger.server.name="IoT-Core" -Dwso2.server.standalone=true -Djava.command="%JAVA_HOME%\bin\java" -Djava.opts="%JAVA_OPTS%" -Djava.io.tmpdir="%CARBON_HOME%\tmp" -Dcatalina.base="%CARBON_HOME%\lib\tomcat" -Dwso2.carbon.xml=%CARBON_HOME%\repository\conf\carbon.xml -Dwso2.registry.xml="%CARBON_HOME%\repository\conf\registry.xml" -Dwso2.user.mgt.xml="%CARBON_HOME%\repository\conf\user-mgt.xml" -Dwso2.transports.xml="%CARBON_HOME%\repository\conf\mgt-transports.xml" -Djava.util.logging.config.file="%CARBON_HOME%\repository\conf\etc\logging-bridge.properties" -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcarbon.config.dir.path="%CARBON_HOME%\repository\conf" -Dcomponents.repo="%CARBON_HOME%\repository\components" -Dconf.location="%CARBON_HOME%\repository\conf" -Dcom.atomikos.icatch.file="%CARBON_HOME%\lib\transactions.properties" -Dcom.atomikos.icatch.hide_init_file_path="true" -Dorg.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true -Dcom.sun.jndi.ldap.connect.pool.authentication=simple -Dcom.sun.jndi.ldap.connect.pool.timeout=3000 -Dorg.terracotta.quartz.skipUpdateCheck=true -Dcarbon.classpath=%CARBON_CLASSPATH% -Dfile.encoding=UTF8 -Dorg.wso2.ignoreHostnameVerification=true -Dorg.opensaml.httpclient.https.disableHostnameVerification=true -Dmqtt.broker.host="localhost" -Dmqtt.broker.port="1886" -Diot.core.host="localhost" -Diot.core.https.port="9443" -Diot.keymanager.host="localhost" -Diot.keymanager.https.port="9443" -Diot.gateway.host="localhost" -Diot.gateway.https.port="8243" -Diot.gateway.http.port="8280" -Diot.apimpublisher.host="localhost" -Diot.apimpublisher.https.port="9443" -Diot.apimstore.host="localhost" -Diot.apimstore.https.port="8243" :runJava echo JAVA_HOME environment variable is set to %JAVA_HOME% diff --git a/modules/core/distribution/src/repository/bin/wso2server.sh b/modules/core/distribution/src/repository/bin/wso2server.sh index 9357a282..44ab8c8f 100755 --- a/modules/core/distribution/src/repository/bin/wso2server.sh +++ b/modules/core/distribution/src/repository/bin/wso2server.sh @@ -316,6 +316,10 @@ do -Diot.gateway.host="localhost" \ -Diot.gateway.https.port="8243" \ -Diot.gateway.http.port="8280" \ + -Diot.apimpublisher.host="localhost" \ + -Diot.apimpublisher.https.port="9443" \ + -Diot.apimstore.host="localhost" \ + -Diot.apimstore.https.port="9443" \ org.wso2.carbon.bootstrap.Bootstrap $* status=$? done From 1ac1355eeebc01400c262e6cde6299b62ed24b3d Mon Sep 17 00:00:00 2001 From: ayyoob Date: Tue, 24 Jan 2017 19:33:36 +0530 Subject: [PATCH 05/13] removed cdmc dependency from core --- .../core/distribution/src/assembly/bin.xml | 8 ++ modules/core/p2-profile-gen/pom.xml | 73 +++++++++++++++++++ 2 files changed, 81 insertions(+) diff --git a/modules/core/distribution/src/assembly/bin.xml b/modules/core/distribution/src/assembly/bin.xml index 989a06b8..15b07524 100644 --- a/modules/core/distribution/src/assembly/bin.xml +++ b/modules/core/distribution/src/assembly/bin.xml @@ -937,6 +937,14 @@ ${pom.artifactId}-${pom.version}/repository/conf 644 + + + + ../p2-profile-gen/target/wso2carbon-core-${carbon.kernel.version}/repository/conf/apim-integration.xml + + ${pom.artifactId}-${pom.version}/repository/conf + 644 + src/repository/conf/api-manager.xml diff --git a/modules/core/p2-profile-gen/pom.xml b/modules/core/p2-profile-gen/pom.xml index 0c68c548..3782f20b 100644 --- a/modules/core/p2-profile-gen/pom.xml +++ b/modules/core/p2-profile-gen/pom.xml @@ -146,6 +146,9 @@ org.wso2.carbon.devicemgt:org.wso2.carbon.apimgt.application.extension.feature:${carbon.device.mgt.version} + + org.wso2.carbon.devicemgt:org.wso2.carbon.apimgt.integration.client.feature:${carbon.device.mgt.version} + org.wso2.carbon.devicemgt:org.wso2.carbon.apimgt.handler.server.feature:${carbon.device.mgt.version} @@ -618,6 +621,12 @@ org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.rest.api.dcr.feature:${carbon.api.mgt.version} + + org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.rest.api.publisher.feature:${carbon.api.mgt.version} + + + org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.rest.api.store.feature:${carbon.api.mgt.version} + @@ -890,6 +899,10 @@ org.wso2.carbon.apimgt.application.extension.feature.group ${carbon.device.mgt.version} + + org.wso2.carbon.apimgt.integration.client.feature.group + ${carbon.device.mgt.version} + org.wso2.carbon.email.sender.feature.group ${carbon.device.mgt.version} @@ -1050,6 +1063,14 @@ org.wso2.carbon.apimgt.rest.api.dcr.feature.group ${carbon.api.mgt.version} + + org.wso2.carbon.apimgt.rest.api.publisher.feature.group + ${carbon.api.mgt.version} + + + org.wso2.carbon.apimgt.rest.api.store.feature.group + ${carbon.api.mgt.version} + org.wso2.carbon.apimgt.gateway.feature.group @@ -1904,6 +1925,10 @@ org.wso2.carbon.apimgt.application.extension.feature.group ${carbon.device.mgt.version} + + org.wso2.carbon.apimgt.integration.client.feature.group + ${carbon.device.mgt.version} + org.wso2.carbon.certificate.mgt.server.feature.group ${carbon.device.mgt.version} @@ -2320,6 +2345,10 @@ org.wso2.carbon.apimgt.application.extension.feature.group ${carbon.device.mgt.version} + + org.wso2.carbon.apimgt.integration.client.feature.group + ${carbon.device.mgt.version} + org.wso2.carbon.dynamic.client.registration.server.feature.group ${carbon.device.mgt.version} @@ -2383,6 +2412,10 @@ org.wso2.carbon.apimgt.application.extension.feature.group ${carbon.device.mgt.version} + + org.wso2.carbon.apimgt.integration.client.feature.group + ${carbon.device.mgt.version} + org.wso2.carbon.certificate.mgt.api.feature.group ${carbon.device.mgt.version} @@ -2505,6 +2538,10 @@ org.wso2.carbon.apimgt.application.extension.feature.group ${carbon.device.mgt.version} + + org.wso2.carbon.apimgt.integration.client.feature.group + ${carbon.device.mgt.version} + org.wso2.carbon.email.sender.feature.group ${carbon.device.mgt.version} @@ -2856,6 +2893,18 @@ org.wso2.carbon.apimgt.gateway.feature.group ${carbon.api.mgt.version} + + org.wso2.carbon.apimgt.rest.api.dcr.feature.group + ${carbon.api.mgt.version} + + + org.wso2.carbon.apimgt.rest.api.publisher.feature.group + ${carbon.api.mgt.version} + + + org.wso2.carbon.apimgt.rest.api.store.feature.group + ${carbon.api.mgt.version} + org.wso2.carbon.apimgt.core.feature.group ${carbon.api.mgt.version} @@ -3014,6 +3063,10 @@ org.wso2.carbon.apimgt.application.extension.feature.group ${carbon.device.mgt.version} + + org.wso2.carbon.apimgt.integration.client.feature.group + ${carbon.device.mgt.version} + org.wso2.carbon.certificate.mgt.api.feature.group ${carbon.device.mgt.version} @@ -3139,6 +3192,10 @@ org.wso2.carbon.apimgt.application.extension.feature.group ${carbon.device.mgt.version} + + org.wso2.carbon.apimgt.integration.client.feature.group + ${carbon.device.mgt.version} + org.wso2.carbon.email.sender.feature.group ${carbon.device.mgt.version} @@ -3471,6 +3528,18 @@ org.wso2.carbon.apimgt.store.feature.group ${carbon.api.mgt.version} + + org.wso2.carbon.apimgt.rest.api.dcr.feature.group + ${carbon.api.mgt.version} + + + org.wso2.carbon.apimgt.rest.api.publisher.feature.group + ${carbon.api.mgt.version} + + + org.wso2.carbon.apimgt.rest.api.store.feature.group + ${carbon.api.mgt.version} + org.wso2.carbon.registry.extensions.feature.group ${carbon.governance.version} @@ -3621,6 +3690,10 @@ org.wso2.carbon.apimgt.application.extension.feature.group ${carbon.device.mgt.version} + + org.wso2.carbon.apimgt.integration.client.feature.group + ${carbon.device.mgt.version} + org.wso2.carbon.certificate.mgt.server.feature.group ${carbon.device.mgt.version} From d6695a90828cdeb080a3b2cbaa941fc586e04d11 Mon Sep 17 00:00:00 2001 From: ayyoob Date: Wed, 25 Jan 2017 09:24:38 +0530 Subject: [PATCH 06/13] renamed profile names --- modules/core/p2-profile-gen/pom.xml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/core/p2-profile-gen/pom.xml b/modules/core/p2-profile-gen/pom.xml index 63a6d491..72a450dc 100644 --- a/modules/core/p2-profile-gen/pom.xml +++ b/modules/core/p2-profile-gen/pom.xml @@ -779,7 +779,7 @@ - p2-profile-generation-devicetype-publisher-profile + p2-profile-generation-device-manager-profile package materialize-product @@ -791,11 +791,11 @@ file:${basedir}/target/wso2carbon-core-${carbon.kernel.version}/repository/components - devicetype-publisher + device-manager - p2-profile-generation-devicetype-backend-profile + p2-profile-generation-device-backend-profile package materialize-product @@ -807,7 +807,7 @@ file:${basedir}/target/wso2carbon-core-${carbon.kernel.version}/repository/components - devicetype-backend + device-backend @@ -2466,7 +2466,7 @@ p2-profile-gen - devicetype-publisher + device-manager file:${basedir}/target/p2-repo file:${basedir}/target/p2-repo @@ -3144,7 +3144,7 @@ p2-profile-gen - devicetype-backend + device-backend file:${basedir}/target/p2-repo file:${basedir}/target/p2-repo From 2ca23cce29b411180b2188b2a6e925ca0f41c469 Mon Sep 17 00:00:00 2001 From: ayyoob Date: Wed, 25 Jan 2017 14:25:28 +0530 Subject: [PATCH 07/13] changed configs to support custom grant type --- modules/analytics/distribution/src/ues/designer.json | 5 +++-- modules/core/distribution/identity_config_change.xml | 2 +- .../src/repository/jaggeryapps/portal/configs/designer.json | 5 +++-- pom.xml | 4 ++-- 4 files changed, 9 insertions(+), 7 deletions(-) diff --git a/modules/analytics/distribution/src/ues/designer.json b/modules/analytics/distribution/src/ues/designer.json index 35737370..16ea3cce 100644 --- a/modules/analytics/distribution/src/ues/designer.json +++ b/modules/analytics/distribution/src/ues/designer.json @@ -43,10 +43,11 @@ "password":"admin", "dynamicClientAppRegistrationServiceURL": "https://localhost:9443/dynamic-client-web/register", "apiManagerClientAppRegistrationServiceURL": "https://localhost:9443/api-application-registration/register/tenants", - "grantType": "password refresh_token urn:ietf:params:oauth:grant-type:saml2-carbon urn:ietf:params:oauth:grant-type:jwt-bearer", + "grantType": "password refresh_token urn:ietf:carbon:signed:grant-type:saml2-bearer urn:ietf:params:oauth:grant-type:jwt-bearer", "tokenScope": "admin", "callbackUrl": "https://localhost:9445/portal", - "saasApp":true + "saasApp":true, + "samlGrantTypeName": "urn:ietf:carbon:signed:grant-type:saml2-bearer" }, "tokenServiceURL": "https://localhost:9443/oauth2/token" }, diff --git a/modules/core/distribution/identity_config_change.xml b/modules/core/distribution/identity_config_change.xml index 27e2ded7..e24a54ef 100644 --- a/modules/core/distribution/identity_config_change.xml +++ b/modules/core/distribution/identity_config_change.xml @@ -33,7 +33,7 @@ //s:Server/s:OAuth/s:SupportedGrantTypes/s:SupportedGrantType[s:GrantTypeName='iwa:ntlm'] - urn:ietf:params:oauth:grant-type:saml2-carbon + urn:ietf:carbon:signed:grant-type:saml2-bearer org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant.ExtendedSAML2BearerGrantHandler org.wso2.carbon.identity.oauth.common.SAML2GrantValidator ]]> diff --git a/modules/core/distribution/src/repository/jaggeryapps/portal/configs/designer.json b/modules/core/distribution/src/repository/jaggeryapps/portal/configs/designer.json index 8c023521..c6b2a27b 100644 --- a/modules/core/distribution/src/repository/jaggeryapps/portal/configs/designer.json +++ b/modules/core/distribution/src/repository/jaggeryapps/portal/configs/designer.json @@ -43,10 +43,11 @@ "password":"admin", "dynamicClientAppRegistrationServiceURL": "https://localhost:9443/dynamic-client-web/register", "apiManagerClientAppRegistrationServiceURL": "%https.host%/api-application-registration/register/tenants", - "grantType": "password refresh_token urn:ietf:params:oauth:grant-type:saml2-carbon urn:ietf:params:oauth:grant-type:jwt-bearer", + "grantType": "password refresh_token urn:ietf:carbon:signed:grant-type:saml2-bearer urn:ietf:params:oauth:grant-type:jwt-bearer", "tokenScope": "admin", "callbackUrl": "%https.host%/portal", - "saasApp":true + "saasApp":true, + "samlGrantTypeName": "urn:ietf:carbon:signed:grant-type:saml2-bearer" }, "tokenServiceURL": "https://localhost:9443/oauth2/token" }, diff --git a/pom.xml b/pom.xml index 39d612f5..f4b25207 100644 --- a/pom.xml +++ b/pom.xml @@ -1529,7 +1529,7 @@ 4.7.0 - 2.0.11-SNAPSHOT + 2.0.12-SNAPSHOT [2.0.0, 3.0.0) @@ -1539,7 +1539,7 @@ 3.0.9-SNAPSHOT - 6.1.47 + 6.1.59 (6.0.0,7.0.0] From ca53efdab026e7cb250fb5f2532b42422c41de47 Mon Sep 17 00:00:00 2001 From: ayyoob Date: Thu, 26 Jan 2017 00:30:03 +0530 Subject: [PATCH 08/13] fixed sso login issue in portal in multi tenant --- .../distribution/src/ues/designer.json | 5 +- .../core/distribution/src/assembly/bin.xml | 10 + .../jaggeryapps/portal/configs/designer.json | 2 +- .../modules/oauth/token-handler-utils.js | 567 ++++++++++++++++++ pom.xml | 2 +- 5 files changed, 582 insertions(+), 4 deletions(-) create mode 100644 modules/core/distribution/src/repository/jaggeryapps/portal/modules/oauth/token-handler-utils.js diff --git a/modules/analytics/distribution/src/ues/designer.json b/modules/analytics/distribution/src/ues/designer.json index 16ea3cce..7b817a49 100644 --- a/modules/analytics/distribution/src/ues/designer.json +++ b/modules/analytics/distribution/src/ues/designer.json @@ -34,7 +34,7 @@ "methods": { "oauth": { "attributes": { - "apimgt-gateway": true, + "apimgt-gateway": false, "oauthProvider": { "appRegistration": { "appType": "webapp", @@ -47,7 +47,8 @@ "tokenScope": "admin", "callbackUrl": "https://localhost:9445/portal", "saasApp":true, - "samlGrantTypeName": "urn:ietf:carbon:signed:grant-type:saml2-bearer" + "samlGrantTypeName":"urn:ietf:carbon:signed:grant-type:saml2-bearer" + }, "tokenServiceURL": "https://localhost:9443/oauth2/token" }, diff --git a/modules/core/distribution/src/assembly/bin.xml b/modules/core/distribution/src/assembly/bin.xml index 5d9059af..4410406d 100644 --- a/modules/core/distribution/src/assembly/bin.xml +++ b/modules/core/distribution/src/assembly/bin.xml @@ -741,6 +741,7 @@ **/configs/designer.json + **/modules/oauth/token-handler-utils.js **/jaggery.conf @@ -797,6 +798,15 @@ 755 + + + + src/repository/jaggeryapps/portal/modules/oauth/token-handler-utils.js + + ${pom.artifactId}-${pom.version}/repository/deployment/server/jaggeryapps/portal/modules/oauth + + 755 + diff --git a/modules/core/distribution/src/repository/jaggeryapps/portal/configs/designer.json b/modules/core/distribution/src/repository/jaggeryapps/portal/configs/designer.json index c6b2a27b..440e21cc 100644 --- a/modules/core/distribution/src/repository/jaggeryapps/portal/configs/designer.json +++ b/modules/core/distribution/src/repository/jaggeryapps/portal/configs/designer.json @@ -47,7 +47,7 @@ "tokenScope": "admin", "callbackUrl": "%https.host%/portal", "saasApp":true, - "samlGrantTypeName": "urn:ietf:carbon:signed:grant-type:saml2-bearer" + "samlGrantTypeName":"urn:ietf:carbon:signed:grant-type:saml2-bearer" }, "tokenServiceURL": "https://localhost:9443/oauth2/token" }, diff --git a/modules/core/distribution/src/repository/jaggeryapps/portal/modules/oauth/token-handler-utils.js b/modules/core/distribution/src/repository/jaggeryapps/portal/modules/oauth/token-handler-utils.js new file mode 100644 index 00000000..8998a19b --- /dev/null +++ b/modules/core/distribution/src/repository/jaggeryapps/portal/modules/oauth/token-handler-utils.js @@ -0,0 +1,567 @@ +/* + * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +var utils = function () { + var log = new Log("/modules/oauth/token-handler-utils.js"); + + var configs = require('/configs/portal.js').config(); + var constants = require("/modules/constants.js"); + var carbon = require("carbon"); + + //noinspection JSUnresolvedVariable + var Base64 = Packages.org.apache.commons.codec.binary.Base64; + //noinspection JSUnresolvedVariable + var String = Packages.java.lang.String; + + var publicMethods = {}; + var privateMethods = {}; + + publicMethods["encode"] = function (payload) { + return String(Base64.encodeBase64(String(payload).getBytes())); + }; + + publicMethods["decode"] = function (payload) { + return String(Base64.decodeBase64(String(payload).getBytes())); + }; + + /** + * Check whether this application is oauth enable or not + * @returns boolean if oauth enable + */ + publicMethods["checkOAuthEnabled"] = function () { + if (constants.AUTHORIZATION_TYPE_OAUTH === configs["authorization"]["activeMethod"]) { + return true; + } + return false; + }; + + /** + * Set access token into xml http request header + * @param xhr xml http request + * @returns {*} xhr which has access token it's header + */ + publicMethods["setAccessToken"] = function (xhr, callback) { + var accessToken; + if (publicMethods.checkOAuthEnabled()) { + try { + accessToken = parse(session.get(constants.ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL))["accessToken"]; + xhr.setRequestHeader(constants.AUTHORIZATION_HEADER, constants.BEARER_PREFIX + accessToken); + } catch (exception) { + log.error("Access token hasn't been set yet, " + exception); + } finally { + callback(xhr); + } + } + callback(xhr); + }; + + /** + * Get access token of current logged user + * @param callBack response with access token + */ + publicMethods["getAccessToken"] = function (callBack) { + var accessToken = null; + if (publicMethods.checkOAuthEnabled()) { + try { + accessToken = parse(session.get(constants.ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL))["accessToken"]; + } catch (exception) { + log.error("Access token hasn't been set yet, " + exception); + } finally { + callBack(accessToken); + } + } + callBack(accessToken); + }; + + /** + * Create error message which adhere to xml http response object + * @param statusCode response status code + * @param status response status + * @param responseText response message + * @returns {{statusCode: *, status: *, responseText: *}} + */ + publicMethods["createXHRObject"] = function (statusCode, status, responseText) { + return {"statusCode": statusCode, "status": status, "responseText": responseText}; + }; + + /** + * check whether user already logged to system before invoking any apis + * @param callBack + */ + publicMethods["isUserAuthorized"] = function (callBack) { + if (session.get("Loged") !== constants.LOGIN_MESSAGE) { + callBack(false); + } else { + callBack(true); + } + }; + + /** + * Get identity provider uir + * @returns {*} + */ + publicMethods["getIdPServerURL"] = function () { + return configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["tokenServiceURL"]; + }; + + /** + * Get an Access token pair based on client secret + * @param encodedClientKeys {{clientId:"", clientSecret:""}} + * @param scope eg: PRODUCTION + * @param idPServer identity provider url + * @returns {{accessToken: *, refreshToken: *}} + */ + publicMethods["getTokenWithClientSecretType"] = function (encodedClientKeys, scope, idPServer) { + var xhr = new XMLHttpRequest(); + var tokenEndpoint = idPServer; + xhr.open(constants.HTTP_POST, tokenEndpoint, false); + xhr.setRequestHeader(constants.CONTENT_TYPE_IDENTIFIER, constants.APPLICATION_X_WWW_FOR_URLENCODED); + xhr.setRequestHeader(constants.AUTHORIZATION_HEADER, constants.BASIC_PREFIX + encodedClientKeys); + xhr.send("grant_type=client_credentials&scope=" + scope); + var tokenPair = {}; + if (xhr.status == constants.HTTP_ACCEPTED) { + var data = parse(xhr.responseText); + tokenPair.refreshToken = data.refresh_token; + tokenPair.accessToken = data.access_token; + } else if (xhr.status == constants.HTTP_USER_NOT_AUTHENTICATED) { + log.error("Error in obtaining token with client secret grant type, You are not authenticated yet"); + return null; + } else { + log.error("Error in obtaining token with client secret grant type, This might be a problem with client meta " + + "data which required for client secret grant type"); + return null; + } + return tokenPair; + }; + + + /** + * This will create client id and client secret for a given application + * @param properties "callbackUrl": "", + * "clientName": "", + * "owner": "", + * "applicationType": "", + * "grantType": "", + * "saasApp" :"", + * "dynamicClientRegistrationEndPoint" : "" + * + * @returns {{clientId:*, clientSecret:*}} + */ + publicMethods["getDynamicClientAppCredentials"] = function (username) { + // setting up dynamic client application properties + var dcAppProperties = { + "applicationType": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["appType"], + "clientName": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["clientName"], + "owner": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["owner"], + "tokenScope": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["tokenScope"], + "grantType": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["grantType"], + "callbackUrl": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["callbackUrl"], + "saasApp" : configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["saasApp"] + }; + + var tenantDomain = carbon.server.tenantDomain({username: username}); + if (!tenantDomain) { + log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving tenant " + + "based client application credentials. Unable to obtain a valid tenant domain for provided username "+ + username +"- getDynamicClientAppCredentials(x)"); + return null; + } else { + var cachedTenantBasedClientAppCredentials = privateMethods. + getCachedTenantBasedClientAppCredentials(tenantDomain); + if (cachedTenantBasedClientAppCredentials) { + return cachedTenantBasedClientAppCredentials; + } else { + // calling dynamic client app registration service endpoint + var requestURL = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"] + ["dynamicClientAppRegistrationServiceURL"]; + var requestPayload = dcAppProperties; + var token = publicMethods.encode(configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"] + ["appRegistration"]["owner"] + ":" + configs["authorization"]["methods"]["oauth"]["attributes"] + ["oauthProvider"]["appRegistration"]["password"]); + var xhr = new XMLHttpRequest(); + xhr.open("POST", requestURL, false); + xhr.setRequestHeader("Content-Type", "application/json"); + xhr.setRequestHeader("Authorization", "Basic "+ token); + xhr.send(stringify(requestPayload)); + var dynamicClientAppCredentials = {}; + if (xhr["status"] == 201 || xhr["status"] == 200 && xhr["responseText"]) { + var responsePayload = parse(xhr["responseText"]); + var clientId = responsePayload["client_id"]; + var clientSecret = responsePayload["client_secret"]; + if(typeof clientId == "undefined"){ + clientId = responsePayload["clientId"]; + } + if(typeof clientSecret == "undefined"){ + clientSecret = responsePayload["clientSecret"]; + } + dynamicClientAppCredentials["clientId"] = clientId; + dynamicClientAppCredentials["clientSecret"] = clientSecret; + privateMethods. + setCachedTenantBasedClientAppCredentials(tenantDomain, dynamicClientAppCredentials); + } else if (xhr["status"] == 400) { + log.error("{/modules/oauth/token-handler-utils.js - getDynamicClientAppCredentials()} " + + "Bad request. Invalid data provided as dynamic client application properties."); + dynamicClientAppCredentials = null; + } else { + log.error("{/modules/oauth/token-handler-utils.js - getDynamicClientAppCredentials()} " + + "Error in retrieving dynamic client credentials."); + dynamicClientAppCredentials = null; + } + // returning dynamic client credentials + return dynamicClientAppCredentials; + } + } + }; + + /** + * If gateway is enable, apiManagerClientAppRegistrationServiceURL is used to create oauth application + * @param username username of current logged user + * @returns {{clientId:*, clientSecret:*}} + */ + publicMethods["getTenantBasedClientAppCredentials"] = function (username) { + if (!username) { + log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving tenant " + + "based client app credentials. No username " + + "as input - getTenantBasedClientAppCredentials(x)"); + return null; + } else { + //noinspection JSUnresolvedFunction, JSUnresolvedVariable + var tenantDomain = carbon.server.tenantDomain({username: username}); + + if (!tenantDomain) { + log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving tenant " + + "based client application credentials. Unable to obtain a valid tenant domain for provided " + + "username - getTenantBasedClientAppCredentials(x, y)"); + return null; + } else { + var cachedTenantBasedClientAppCredentials = privateMethods. + getCachedTenantBasedClientAppCredentials(tenantDomain); + if (cachedTenantBasedClientAppCredentials) { + return cachedTenantBasedClientAppCredentials; + } else { + var adminUsername = configs["authorization"]["methods"]["oauth"]["attributes"]["adminUser"]; + var adminUserTenantId = configs["authorization"]["methods"]["oauth"]["attributes"] + ["adminUserTenantId"]; + //claims required for jwtAuthenticator. + var claims = {"http://wso2.org/claims/enduserTenantId": adminUserTenantId, + "http://wso2.org/claims/enduser": adminUsername}; + var jwtToken = publicMethods.getJwtToken(adminUsername, claims); + // register a tenant based client app at API Manager + var applicationName = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"] + ["appRegistration"]["clientName"] + "_" + tenantDomain; + var requestURL = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"] + ["appRegistration"]["apiManagerClientAppRegistrationServiceURL"] + + "?tenantDomain=" + tenantDomain + "&applicationName=" + applicationName; + var xhr = new XMLHttpRequest(); + xhr.open("POST", requestURL, false); + xhr.setRequestHeader("Content-Type", "application/json"); + xhr.setRequestHeader("X-JWT-Assertion", "" + jwtToken); + xhr.send(); + if ((xhr["status"] == 201 || xhr["status"] == 200) && xhr["responseText"]) { + var responsePayload = parse(xhr["responseText"]); + var tenantBasedClientAppCredentials = {}; + var clientId = responsePayload["client_id"]; + var clientSecret = responsePayload["client_secret"]; + if(typeof clientId == "undefined"){ + clientId = responsePayload["clientId"]; + } + if(typeof clientSecret == "undefined"){ + clientSecret = responsePayload["clientSecret"]; + } + tenantBasedClientAppCredentials["clientId"] = clientId; + tenantBasedClientAppCredentials["clientSecret"] = clientSecret; + privateMethods. + setCachedTenantBasedClientAppCredentials(tenantDomain, tenantBasedClientAppCredentials); + return tenantBasedClientAppCredentials; + } else { + log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving tenant " + + "based client application credentials from API " + + "Manager - getTenantBasedClientAppCredentials(x, y)"); + return null; + } + } + } + } + }; + + /** + * Caching oauth application credentials + * @param tenantDomain tenant domain where application is been created + * @param clientAppCredentials {{clientId:*, clientSecret:*}} + */ + privateMethods["setCachedTenantBasedClientAppCredentials"] = function (tenantDomain, clientAppCredentials) { + var cachedTenantBasedClientAppCredentialsMap = application.get(constants["CACHED_CREDENTIALS_PORTAL_APP"]); + if (!cachedTenantBasedClientAppCredentialsMap) { + cachedTenantBasedClientAppCredentialsMap = {}; + cachedTenantBasedClientAppCredentialsMap[tenantDomain] = clientAppCredentials; + application.put(constants["CACHED_CREDENTIALS_PORTAL_APP"], cachedTenantBasedClientAppCredentialsMap); + } else if (!cachedTenantBasedClientAppCredentialsMap[tenantDomain]) { + cachedTenantBasedClientAppCredentialsMap[tenantDomain] = clientAppCredentials; + } + }; + + /** + * Get oauth application credentials from cache + * @param tenantDomain tenant domain where application is been created + * @returns {{clientId:*, clientSecret:*}} + */ + privateMethods["getCachedTenantBasedClientAppCredentials"] = function (tenantDomain) { + var cachedTenantBasedClientAppCredentialsMap = application.get(constants["CACHED_CREDENTIALS_PORTAL_APP"]); + if (!cachedTenantBasedClientAppCredentialsMap || + !cachedTenantBasedClientAppCredentialsMap[tenantDomain]) { + return null; + } else { + return cachedTenantBasedClientAppCredentialsMap[tenantDomain]; + } + }; + + /** + * Get access token and refresh token using password grant type + * @param username username of the logged user + * @param password password of the logged user + * @param encodedClientAppCredentials {{clientId:*, clientSecret:*}} + * @param scopes scopes list + * @returns {{accessToken: *, refreshToken: *}} + */ + publicMethods["getTokenPairAndScopesByPasswordGrantType"] = function (username, password + , encodedClientAppCredentials, scopes) { + if (!username || !password || !encodedClientAppCredentials || !scopes) { + log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving access token by password " + + "grant type. No username, password, encoded client app credentials or scopes are " + + "found - getTokenPairAndScopesByPasswordGrantType(a, b, c, d)"); + return null; + } else { + // calling oauth provider token service endpoint + var requestURL = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"] + ["tokenServiceURL"]; + var requestPayload = "grant_type=password&username=" + + username + "&password=" + password + "&scope=" + scopes; + + var xhr = new XMLHttpRequest(); + xhr.open("POST", requestURL, false); + xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); + xhr.setRequestHeader("Authorization", "Basic " + encodedClientAppCredentials); + xhr.send(requestPayload); + + if (xhr["status"] == 200 && xhr["responseText"]) { + var responsePayload = parse(xhr["responseText"]); + var tokenData = {}; + tokenData["accessToken"] = responsePayload["access_token"]; + tokenData["refreshToken"] = responsePayload["refresh_token"]; + tokenData["scopes"] = responsePayload["scope"]; + return tokenData; + } else { + log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving access token " + + "by password grant type - getTokenPairAndScopesByPasswordGrantType(a, b, c, d)"); + return null; + } + } + }; + + /** + * Get access token and refresh token using SAML grant type + * @param assertion + * @param encodedClientAppCredentials + * @param scopes + * @returns {{accessToken: *, refreshToken: *}} + */ + publicMethods["getTokenPairAndScopesBySAMLGrantType"] = function (assertion, encodedClientAppCredentials, scopes) { + if (!assertion || !encodedClientAppCredentials || !scopes) { + log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving access token by saml " + + "grant type. No assertion, encoded client app credentials or scopes are " + + "found - getTokenPairAndScopesBySAMLGrantType(x, y, z)"); + return null; + } else { + + var assertionXML = publicMethods.decode(assertion); + /* + TODO: make assertion extraction with proper parsing. + Since Jaggery XML parser seem to add formatting which causes signature verification to fail. + */ + var assertionStartMarker = "3.0.9-SNAPSHOT - 6.1.59 + 6.1.57 (6.0.0,7.0.0] From ab70dbe38adcfb3695e87e2e9b3fafe38fe64570 Mon Sep 17 00:00:00 2001 From: ayyoob Date: Mon, 30 Jan 2017 22:33:18 +0530 Subject: [PATCH 09/13] few changes after testing multi tenancy --- modules/core/distribution/identity_config_change.xml | 2 +- .../src/repository/conf/etc/webapp-publisher-config.xml | 2 +- pom.xml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/core/distribution/identity_config_change.xml b/modules/core/distribution/identity_config_change.xml index e24a54ef..8e497d20 100644 --- a/modules/core/distribution/identity_config_change.xml +++ b/modules/core/distribution/identity_config_change.xml @@ -7,7 +7,7 @@ //s:Server/s:OAuth/s:OAuthCallbackHandlers - ]]> + ]]> diff --git a/modules/core/distribution/src/repository/conf/etc/webapp-publisher-config.xml b/modules/core/distribution/src/repository/conf/etc/webapp-publisher-config.xml index 0784d2a4..59a239ac 100644 --- a/modules/core/distribution/src/repository/conf/etc/webapp-publisher-config.xml +++ b/modules/core/distribution/src/repository/conf/etc/webapp-publisher-config.xml @@ -35,6 +35,6 @@ default - devicetype-publisher + device-manager \ No newline at end of file diff --git a/pom.xml b/pom.xml index 24b1cae3..1461699d 100644 --- a/pom.xml +++ b/pom.xml @@ -1539,7 +1539,7 @@ 3.0.9-SNAPSHOT - 6.1.57 + 6.1.64 (6.0.0,7.0.0] From 3610ed762d6fdae3696da58a389de2e126467aac Mon Sep 17 00:00:00 2001 From: ayyoob Date: Tue, 31 Jan 2017 14:19:02 +0530 Subject: [PATCH 10/13] enabled UseAuthenticatedUserDomainCrypto --- modules/core/distribution/pom.xml | 6 +++++- pom.xml | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/modules/core/distribution/pom.xml b/modules/core/distribution/pom.xml index ecb942e9..6b74d4c3 100644 --- a/modules/core/distribution/pom.xml +++ b/modules/core/distribution/pom.xml @@ -140,7 +140,11 @@ (org.wso2.carbon.identity.oauth.callback.DefaultCallbackHandler) org.wso2.carbon.apimgt.keymgt.util.APIManagerOAuthCallbackHandler - + + /Server/SSOService/UseAuthenticatedUserDomainCrypto + (false) + true + diff --git a/pom.xml b/pom.xml index 1461699d..e36f1e67 100644 --- a/pom.xml +++ b/pom.xml @@ -1543,7 +1543,7 @@ (6.0.0,7.0.0] - 4.6.9 + 4.6.10 5.1.5 From c61cd953b268943350c90f30a05be7c0a528b666 Mon Sep 17 00:00:00 2001 From: ayyoob Date: Wed, 1 Feb 2017 00:08:51 +0530 Subject: [PATCH 11/13] few fixes after testing sso --- .../distribution/src/ues/designer.json | 4 +- .../distribution/identity_config_change.xml | 9 - modules/core/distribution/pom.xml | 2 +- .../core/distribution/src/assembly/bin.xml | 11 +- .../identity/service-providers/publisher.xml | 2 +- .../conf/identity/service-providers/store.xml | 2 +- .../jaggeryapps/portal/configs/designer.json | 8 +- .../modules/oauth/token-handler-utils.js | 567 ------------------ 8 files changed, 10 insertions(+), 595 deletions(-) delete mode 100644 modules/core/distribution/src/repository/jaggeryapps/portal/modules/oauth/token-handler-utils.js diff --git a/modules/analytics/distribution/src/ues/designer.json b/modules/analytics/distribution/src/ues/designer.json index 7b817a49..f530bd67 100644 --- a/modules/analytics/distribution/src/ues/designer.json +++ b/modules/analytics/distribution/src/ues/designer.json @@ -43,11 +43,11 @@ "password":"admin", "dynamicClientAppRegistrationServiceURL": "https://localhost:9443/dynamic-client-web/register", "apiManagerClientAppRegistrationServiceURL": "https://localhost:9443/api-application-registration/register/tenants", - "grantType": "password refresh_token urn:ietf:carbon:signed:grant-type:saml2-bearer urn:ietf:params:oauth:grant-type:jwt-bearer", + "grantType": "password refresh_token urn:ietf:urn:ietf:params:oauth:grant-type:saml2-bearer urn:ietf:params:oauth:grant-type:jwt-bearer", "tokenScope": "admin", "callbackUrl": "https://localhost:9445/portal", "saasApp":true, - "samlGrantTypeName":"urn:ietf:carbon:signed:grant-type:saml2-bearer" + "samlGrantTypeName":"urn:ietf:params:oauth:grant-type:saml2-bearer" }, "tokenServiceURL": "https://localhost:9443/oauth2/token" diff --git a/modules/core/distribution/identity_config_change.xml b/modules/core/distribution/identity_config_change.xml index 8e497d20..7bfd9df4 100644 --- a/modules/core/distribution/identity_config_change.xml +++ b/modules/core/distribution/identity_config_change.xml @@ -29,13 +29,4 @@ org.wso2.carbon.identity.oauth2.grant.jwt.JWTGrantValidator ]]> - - //s:Server/s:OAuth/s:SupportedGrantTypes/s:SupportedGrantType[s:GrantTypeName='iwa:ntlm'] - - - urn:ietf:carbon:signed:grant-type:saml2-bearer - org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant.ExtendedSAML2BearerGrantHandler - org.wso2.carbon.identity.oauth.common.SAML2GrantValidator - ]]> - \ No newline at end of file diff --git a/modules/core/distribution/pom.xml b/modules/core/distribution/pom.xml index 6b74d4c3..910fa08b 100644 --- a/modules/core/distribution/pom.xml +++ b/modules/core/distribution/pom.xml @@ -128,7 +128,7 @@ /Server/OAuth/SupportedGrantTypes/SupportedGrantType (org.wso2.carbon.identity.oauth2.token.handlers.grant.saml.SAML2BearerGrantHandler) - org.wso2.carbon.apimgt.keymgt.handlers.ExtendedSAML2BearerGrantHandler + org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant.ExtendedSAML2BearerGrantHandler /Server/OAuth/SupportedGrantTypes/SupportedGrantType diff --git a/modules/core/distribution/src/assembly/bin.xml b/modules/core/distribution/src/assembly/bin.xml index 4410406d..0849ebbb 100644 --- a/modules/core/distribution/src/assembly/bin.xml +++ b/modules/core/distribution/src/assembly/bin.xml @@ -115,6 +115,7 @@ **/repository/conf/security/Owasp.CsrfGuard.Carbon.properties **/repository/components/plugins/httpclient_4.3.2.wso2v1.jar **/conf/tomcat/carbon/WEB-INF/web.xml + **/repository/components/plugins/org.wso2.carbon.hostobjects.sso_4.5.4.jar @@ -741,7 +742,6 @@ **/configs/designer.json - **/modules/oauth/token-handler-utils.js **/jaggery.conf @@ -798,15 +798,6 @@ 755 - - - - src/repository/jaggeryapps/portal/modules/oauth/token-handler-utils.js - - ${pom.artifactId}-${pom.version}/repository/deployment/server/jaggeryapps/portal/modules/oauth - - 755 - diff --git a/modules/core/distribution/src/repository/conf/identity/service-providers/publisher.xml b/modules/core/distribution/src/repository/conf/identity/service-providers/publisher.xml index 503833ce..33a4736d 100644 --- a/modules/core/distribution/src/repository/conf/identity/service-providers/publisher.xml +++ b/modules/core/distribution/src/repository/conf/identity/service-providers/publisher.xml @@ -44,7 +44,7 @@ true - false + true diff --git a/modules/core/distribution/src/repository/conf/identity/service-providers/store.xml b/modules/core/distribution/src/repository/conf/identity/service-providers/store.xml index 27bb258e..9503a87d 100644 --- a/modules/core/distribution/src/repository/conf/identity/service-providers/store.xml +++ b/modules/core/distribution/src/repository/conf/identity/service-providers/store.xml @@ -44,7 +44,7 @@ true - false + true diff --git a/modules/core/distribution/src/repository/jaggeryapps/portal/configs/designer.json b/modules/core/distribution/src/repository/jaggeryapps/portal/configs/designer.json index 440e21cc..2f049839 100644 --- a/modules/core/distribution/src/repository/jaggeryapps/portal/configs/designer.json +++ b/modules/core/distribution/src/repository/jaggeryapps/portal/configs/designer.json @@ -20,7 +20,7 @@ "acs": "%https.host%/portal/acs", "identityAlias": "wso2carbon", "defaultNameIDPolicy": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - "useTenantKey": false, + "useTenantKey": true, "isPassive": false } }, @@ -34,7 +34,7 @@ "methods": { "oauth": { "attributes": { - "apimgt-gateway": false, + "apimgt-gateway": true, "oauthProvider": { "appRegistration": { "appType": "webapp", @@ -43,11 +43,11 @@ "password":"admin", "dynamicClientAppRegistrationServiceURL": "https://localhost:9443/dynamic-client-web/register", "apiManagerClientAppRegistrationServiceURL": "%https.host%/api-application-registration/register/tenants", - "grantType": "password refresh_token urn:ietf:carbon:signed:grant-type:saml2-bearer urn:ietf:params:oauth:grant-type:jwt-bearer", + "grantType": "password refresh_token urn:ietf:params:oauth:grant-type:saml2-bearer urn:ietf:params:oauth:grant-type:jwt-bearer", "tokenScope": "admin", "callbackUrl": "%https.host%/portal", "saasApp":true, - "samlGrantTypeName":"urn:ietf:carbon:signed:grant-type:saml2-bearer" + "samlGrantTypeName":"urn:ietf:params:oauth:grant-type:saml2-bearer" }, "tokenServiceURL": "https://localhost:9443/oauth2/token" }, diff --git a/modules/core/distribution/src/repository/jaggeryapps/portal/modules/oauth/token-handler-utils.js b/modules/core/distribution/src/repository/jaggeryapps/portal/modules/oauth/token-handler-utils.js deleted file mode 100644 index 8998a19b..00000000 --- a/modules/core/distribution/src/repository/jaggeryapps/portal/modules/oauth/token-handler-utils.js +++ /dev/null @@ -1,567 +0,0 @@ -/* - * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. - * - * WSO2 Inc. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, - * either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -var utils = function () { - var log = new Log("/modules/oauth/token-handler-utils.js"); - - var configs = require('/configs/portal.js').config(); - var constants = require("/modules/constants.js"); - var carbon = require("carbon"); - - //noinspection JSUnresolvedVariable - var Base64 = Packages.org.apache.commons.codec.binary.Base64; - //noinspection JSUnresolvedVariable - var String = Packages.java.lang.String; - - var publicMethods = {}; - var privateMethods = {}; - - publicMethods["encode"] = function (payload) { - return String(Base64.encodeBase64(String(payload).getBytes())); - }; - - publicMethods["decode"] = function (payload) { - return String(Base64.decodeBase64(String(payload).getBytes())); - }; - - /** - * Check whether this application is oauth enable or not - * @returns boolean if oauth enable - */ - publicMethods["checkOAuthEnabled"] = function () { - if (constants.AUTHORIZATION_TYPE_OAUTH === configs["authorization"]["activeMethod"]) { - return true; - } - return false; - }; - - /** - * Set access token into xml http request header - * @param xhr xml http request - * @returns {*} xhr which has access token it's header - */ - publicMethods["setAccessToken"] = function (xhr, callback) { - var accessToken; - if (publicMethods.checkOAuthEnabled()) { - try { - accessToken = parse(session.get(constants.ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL))["accessToken"]; - xhr.setRequestHeader(constants.AUTHORIZATION_HEADER, constants.BEARER_PREFIX + accessToken); - } catch (exception) { - log.error("Access token hasn't been set yet, " + exception); - } finally { - callback(xhr); - } - } - callback(xhr); - }; - - /** - * Get access token of current logged user - * @param callBack response with access token - */ - publicMethods["getAccessToken"] = function (callBack) { - var accessToken = null; - if (publicMethods.checkOAuthEnabled()) { - try { - accessToken = parse(session.get(constants.ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL))["accessToken"]; - } catch (exception) { - log.error("Access token hasn't been set yet, " + exception); - } finally { - callBack(accessToken); - } - } - callBack(accessToken); - }; - - /** - * Create error message which adhere to xml http response object - * @param statusCode response status code - * @param status response status - * @param responseText response message - * @returns {{statusCode: *, status: *, responseText: *}} - */ - publicMethods["createXHRObject"] = function (statusCode, status, responseText) { - return {"statusCode": statusCode, "status": status, "responseText": responseText}; - }; - - /** - * check whether user already logged to system before invoking any apis - * @param callBack - */ - publicMethods["isUserAuthorized"] = function (callBack) { - if (session.get("Loged") !== constants.LOGIN_MESSAGE) { - callBack(false); - } else { - callBack(true); - } - }; - - /** - * Get identity provider uir - * @returns {*} - */ - publicMethods["getIdPServerURL"] = function () { - return configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["tokenServiceURL"]; - }; - - /** - * Get an Access token pair based on client secret - * @param encodedClientKeys {{clientId:"", clientSecret:""}} - * @param scope eg: PRODUCTION - * @param idPServer identity provider url - * @returns {{accessToken: *, refreshToken: *}} - */ - publicMethods["getTokenWithClientSecretType"] = function (encodedClientKeys, scope, idPServer) { - var xhr = new XMLHttpRequest(); - var tokenEndpoint = idPServer; - xhr.open(constants.HTTP_POST, tokenEndpoint, false); - xhr.setRequestHeader(constants.CONTENT_TYPE_IDENTIFIER, constants.APPLICATION_X_WWW_FOR_URLENCODED); - xhr.setRequestHeader(constants.AUTHORIZATION_HEADER, constants.BASIC_PREFIX + encodedClientKeys); - xhr.send("grant_type=client_credentials&scope=" + scope); - var tokenPair = {}; - if (xhr.status == constants.HTTP_ACCEPTED) { - var data = parse(xhr.responseText); - tokenPair.refreshToken = data.refresh_token; - tokenPair.accessToken = data.access_token; - } else if (xhr.status == constants.HTTP_USER_NOT_AUTHENTICATED) { - log.error("Error in obtaining token with client secret grant type, You are not authenticated yet"); - return null; - } else { - log.error("Error in obtaining token with client secret grant type, This might be a problem with client meta " + - "data which required for client secret grant type"); - return null; - } - return tokenPair; - }; - - - /** - * This will create client id and client secret for a given application - * @param properties "callbackUrl": "", - * "clientName": "", - * "owner": "", - * "applicationType": "", - * "grantType": "", - * "saasApp" :"", - * "dynamicClientRegistrationEndPoint" : "" - * - * @returns {{clientId:*, clientSecret:*}} - */ - publicMethods["getDynamicClientAppCredentials"] = function (username) { - // setting up dynamic client application properties - var dcAppProperties = { - "applicationType": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["appType"], - "clientName": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["clientName"], - "owner": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["owner"], - "tokenScope": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["tokenScope"], - "grantType": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["grantType"], - "callbackUrl": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["callbackUrl"], - "saasApp" : configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["saasApp"] - }; - - var tenantDomain = carbon.server.tenantDomain({username: username}); - if (!tenantDomain) { - log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving tenant " + - "based client application credentials. Unable to obtain a valid tenant domain for provided username "+ - username +"- getDynamicClientAppCredentials(x)"); - return null; - } else { - var cachedTenantBasedClientAppCredentials = privateMethods. - getCachedTenantBasedClientAppCredentials(tenantDomain); - if (cachedTenantBasedClientAppCredentials) { - return cachedTenantBasedClientAppCredentials; - } else { - // calling dynamic client app registration service endpoint - var requestURL = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"] - ["dynamicClientAppRegistrationServiceURL"]; - var requestPayload = dcAppProperties; - var token = publicMethods.encode(configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"] - ["appRegistration"]["owner"] + ":" + configs["authorization"]["methods"]["oauth"]["attributes"] - ["oauthProvider"]["appRegistration"]["password"]); - var xhr = new XMLHttpRequest(); - xhr.open("POST", requestURL, false); - xhr.setRequestHeader("Content-Type", "application/json"); - xhr.setRequestHeader("Authorization", "Basic "+ token); - xhr.send(stringify(requestPayload)); - var dynamicClientAppCredentials = {}; - if (xhr["status"] == 201 || xhr["status"] == 200 && xhr["responseText"]) { - var responsePayload = parse(xhr["responseText"]); - var clientId = responsePayload["client_id"]; - var clientSecret = responsePayload["client_secret"]; - if(typeof clientId == "undefined"){ - clientId = responsePayload["clientId"]; - } - if(typeof clientSecret == "undefined"){ - clientSecret = responsePayload["clientSecret"]; - } - dynamicClientAppCredentials["clientId"] = clientId; - dynamicClientAppCredentials["clientSecret"] = clientSecret; - privateMethods. - setCachedTenantBasedClientAppCredentials(tenantDomain, dynamicClientAppCredentials); - } else if (xhr["status"] == 400) { - log.error("{/modules/oauth/token-handler-utils.js - getDynamicClientAppCredentials()} " + - "Bad request. Invalid data provided as dynamic client application properties."); - dynamicClientAppCredentials = null; - } else { - log.error("{/modules/oauth/token-handler-utils.js - getDynamicClientAppCredentials()} " + - "Error in retrieving dynamic client credentials."); - dynamicClientAppCredentials = null; - } - // returning dynamic client credentials - return dynamicClientAppCredentials; - } - } - }; - - /** - * If gateway is enable, apiManagerClientAppRegistrationServiceURL is used to create oauth application - * @param username username of current logged user - * @returns {{clientId:*, clientSecret:*}} - */ - publicMethods["getTenantBasedClientAppCredentials"] = function (username) { - if (!username) { - log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving tenant " + - "based client app credentials. No username " + - "as input - getTenantBasedClientAppCredentials(x)"); - return null; - } else { - //noinspection JSUnresolvedFunction, JSUnresolvedVariable - var tenantDomain = carbon.server.tenantDomain({username: username}); - - if (!tenantDomain) { - log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving tenant " + - "based client application credentials. Unable to obtain a valid tenant domain for provided " + - "username - getTenantBasedClientAppCredentials(x, y)"); - return null; - } else { - var cachedTenantBasedClientAppCredentials = privateMethods. - getCachedTenantBasedClientAppCredentials(tenantDomain); - if (cachedTenantBasedClientAppCredentials) { - return cachedTenantBasedClientAppCredentials; - } else { - var adminUsername = configs["authorization"]["methods"]["oauth"]["attributes"]["adminUser"]; - var adminUserTenantId = configs["authorization"]["methods"]["oauth"]["attributes"] - ["adminUserTenantId"]; - //claims required for jwtAuthenticator. - var claims = {"http://wso2.org/claims/enduserTenantId": adminUserTenantId, - "http://wso2.org/claims/enduser": adminUsername}; - var jwtToken = publicMethods.getJwtToken(adminUsername, claims); - // register a tenant based client app at API Manager - var applicationName = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"] - ["appRegistration"]["clientName"] + "_" + tenantDomain; - var requestURL = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"] - ["appRegistration"]["apiManagerClientAppRegistrationServiceURL"] + - "?tenantDomain=" + tenantDomain + "&applicationName=" + applicationName; - var xhr = new XMLHttpRequest(); - xhr.open("POST", requestURL, false); - xhr.setRequestHeader("Content-Type", "application/json"); - xhr.setRequestHeader("X-JWT-Assertion", "" + jwtToken); - xhr.send(); - if ((xhr["status"] == 201 || xhr["status"] == 200) && xhr["responseText"]) { - var responsePayload = parse(xhr["responseText"]); - var tenantBasedClientAppCredentials = {}; - var clientId = responsePayload["client_id"]; - var clientSecret = responsePayload["client_secret"]; - if(typeof clientId == "undefined"){ - clientId = responsePayload["clientId"]; - } - if(typeof clientSecret == "undefined"){ - clientSecret = responsePayload["clientSecret"]; - } - tenantBasedClientAppCredentials["clientId"] = clientId; - tenantBasedClientAppCredentials["clientSecret"] = clientSecret; - privateMethods. - setCachedTenantBasedClientAppCredentials(tenantDomain, tenantBasedClientAppCredentials); - return tenantBasedClientAppCredentials; - } else { - log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving tenant " + - "based client application credentials from API " + - "Manager - getTenantBasedClientAppCredentials(x, y)"); - return null; - } - } - } - } - }; - - /** - * Caching oauth application credentials - * @param tenantDomain tenant domain where application is been created - * @param clientAppCredentials {{clientId:*, clientSecret:*}} - */ - privateMethods["setCachedTenantBasedClientAppCredentials"] = function (tenantDomain, clientAppCredentials) { - var cachedTenantBasedClientAppCredentialsMap = application.get(constants["CACHED_CREDENTIALS_PORTAL_APP"]); - if (!cachedTenantBasedClientAppCredentialsMap) { - cachedTenantBasedClientAppCredentialsMap = {}; - cachedTenantBasedClientAppCredentialsMap[tenantDomain] = clientAppCredentials; - application.put(constants["CACHED_CREDENTIALS_PORTAL_APP"], cachedTenantBasedClientAppCredentialsMap); - } else if (!cachedTenantBasedClientAppCredentialsMap[tenantDomain]) { - cachedTenantBasedClientAppCredentialsMap[tenantDomain] = clientAppCredentials; - } - }; - - /** - * Get oauth application credentials from cache - * @param tenantDomain tenant domain where application is been created - * @returns {{clientId:*, clientSecret:*}} - */ - privateMethods["getCachedTenantBasedClientAppCredentials"] = function (tenantDomain) { - var cachedTenantBasedClientAppCredentialsMap = application.get(constants["CACHED_CREDENTIALS_PORTAL_APP"]); - if (!cachedTenantBasedClientAppCredentialsMap || - !cachedTenantBasedClientAppCredentialsMap[tenantDomain]) { - return null; - } else { - return cachedTenantBasedClientAppCredentialsMap[tenantDomain]; - } - }; - - /** - * Get access token and refresh token using password grant type - * @param username username of the logged user - * @param password password of the logged user - * @param encodedClientAppCredentials {{clientId:*, clientSecret:*}} - * @param scopes scopes list - * @returns {{accessToken: *, refreshToken: *}} - */ - publicMethods["getTokenPairAndScopesByPasswordGrantType"] = function (username, password - , encodedClientAppCredentials, scopes) { - if (!username || !password || !encodedClientAppCredentials || !scopes) { - log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving access token by password " + - "grant type. No username, password, encoded client app credentials or scopes are " + - "found - getTokenPairAndScopesByPasswordGrantType(a, b, c, d)"); - return null; - } else { - // calling oauth provider token service endpoint - var requestURL = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"] - ["tokenServiceURL"]; - var requestPayload = "grant_type=password&username=" + - username + "&password=" + password + "&scope=" + scopes; - - var xhr = new XMLHttpRequest(); - xhr.open("POST", requestURL, false); - xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); - xhr.setRequestHeader("Authorization", "Basic " + encodedClientAppCredentials); - xhr.send(requestPayload); - - if (xhr["status"] == 200 && xhr["responseText"]) { - var responsePayload = parse(xhr["responseText"]); - var tokenData = {}; - tokenData["accessToken"] = responsePayload["access_token"]; - tokenData["refreshToken"] = responsePayload["refresh_token"]; - tokenData["scopes"] = responsePayload["scope"]; - return tokenData; - } else { - log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving access token " + - "by password grant type - getTokenPairAndScopesByPasswordGrantType(a, b, c, d)"); - return null; - } - } - }; - - /** - * Get access token and refresh token using SAML grant type - * @param assertion - * @param encodedClientAppCredentials - * @param scopes - * @returns {{accessToken: *, refreshToken: *}} - */ - publicMethods["getTokenPairAndScopesBySAMLGrantType"] = function (assertion, encodedClientAppCredentials, scopes) { - if (!assertion || !encodedClientAppCredentials || !scopes) { - log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving access token by saml " + - "grant type. No assertion, encoded client app credentials or scopes are " + - "found - getTokenPairAndScopesBySAMLGrantType(x, y, z)"); - return null; - } else { - - var assertionXML = publicMethods.decode(assertion); - /* - TODO: make assertion extraction with proper parsing. - Since Jaggery XML parser seem to add formatting which causes signature verification to fail. - */ - var assertionStartMarker = " Date: Wed, 1 Feb 2017 11:33:31 +0530 Subject: [PATCH 12/13] Added latest scope validator to identity.xml --- modules/core/distribution/identity_config_change.xml | 2 +- pom.xml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/core/distribution/identity_config_change.xml b/modules/core/distribution/identity_config_change.xml index e24a54ef..8e497d20 100644 --- a/modules/core/distribution/identity_config_change.xml +++ b/modules/core/distribution/identity_config_change.xml @@ -7,7 +7,7 @@ //s:Server/s:OAuth/s:OAuthCallbackHandlers - ]]> + ]]> diff --git a/pom.xml b/pom.xml index 24b1cae3..e36f1e67 100644 --- a/pom.xml +++ b/pom.xml @@ -1539,11 +1539,11 @@ 3.0.9-SNAPSHOT - 6.1.57 + 6.1.64 (6.0.0,7.0.0] - 4.6.9 + 4.6.10 5.1.5 From 9c8942cffc125d702fddbfb44975c04ba063458f Mon Sep 17 00:00:00 2001 From: Milan Perera Date: Wed, 1 Feb 2017 15:01:10 +0530 Subject: [PATCH 13/13] Upgraded device management versions --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index bcc631cd..6a901630 100644 --- a/pom.xml +++ b/pom.xml @@ -1534,14 +1534,14 @@ 4.7.0 - 2.0.13 + 2.0.14-SNAPSHOT [2.0.0, 3.0.0) 3.1.0-SNAPSHOT - 3.0.10 + 3.0.11-SNAPSHOT 6.1.64