From cb8b36dd1fe88ff783a8fc1484c879c66a9a4b31 Mon Sep 17 00:00:00 2001 From: sinthuja Date: Mon, 27 Mar 2017 13:33:57 +0530 Subject: [PATCH] Fixing https://github.com/wso2/carbon-device-mgt/issues/650. --- .../jaggeryapps/portal/configs/designer.json | 2 +- .../core/modules/sso/scripts/sso.client.js | 115 +++++++++++------- 2 files changed, 75 insertions(+), 42 deletions(-) diff --git a/modules/distribution/src/core/jaggeryapps/portal/configs/designer.json b/modules/distribution/src/core/jaggeryapps/portal/configs/designer.json index 86b79ac3..a123514e 100644 --- a/modules/distribution/src/core/jaggeryapps/portal/configs/designer.json +++ b/modules/distribution/src/core/jaggeryapps/portal/configs/designer.json @@ -21,7 +21,7 @@ "acs": "%https.host%/portal/acs", "identityAlias": "wso2carbon", "defaultNameIDPolicy": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - "useTenantKey": true, + "useTenantKey": false, "isPassive": false } }, diff --git a/modules/distribution/src/core/modules/sso/scripts/sso.client.js b/modules/distribution/src/core/modules/sso/scripts/sso.client.js index 73b551d7..510c054b 100644 --- a/modules/distribution/src/core/modules/sso/scripts/sso.client.js +++ b/modules/distribution/src/core/modules/sso/scripts/sso.client.js @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * * WSO2 Inc. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except @@ -16,7 +16,6 @@ * under the License. * */ - /** * Following module act as a client to create a saml request and also to * unwrap and return attributes of a returning saml response @@ -27,9 +26,10 @@ var client = {}; (function (client) { - var Util = Packages.org.wso2.store.sso.common.util.Util, + var Util = Packages.org.jaggeryjs.modules.sso.common.util.Util, carbon = require('carbon'), log = new Log(); + var SSOSessionManager = Packages.org.jaggeryjs.modules.sso.common.managers.SSOSessionManager; /** * obtains an encoded saml response and return a decoded/unmarshalled saml obj @@ -42,27 +42,28 @@ var client = {}; var decodedResp = Util.decode(samlResp); marshalledResponse = Util.unmarshall(decodedResp); } catch (e) { - log.error('Unable to unmarshall SAML response'); - log.error(e); + log.error('Unable to unmarshall SAML response',e); } return marshalledResponse; - }; /** * validating the signature of the response saml object */ client.validateSignature = function (samlObj, config) { - var tDomain = Util.getDomainName(samlObj); - var tId = carbon.server.tenantId({domain: tDomain}); - if (tId != carbon.server.superTenant.tenantId) { + var tDomain, tId; + if(config.USE_ST_KEY){ + tDomain = carbon.server.superTenant.domain; + tId = carbon.server.superTenant.tenantId; + }else{ + tDomain = Util.getDomainName(samlObj); + tId = carbon.server.tenantId({domain: tDomain}); var identityTenantUtil = Packages.org.wso2.carbon.identity.core.util.IdentityTenantUtil; identityTenantUtil.initializeRegistry(tId,tDomain); } return Util.validateSignature(samlObj, config.KEY_STORE_NAME, config.KEY_STORE_PASSWORD, config.IDP_ALIAS, tId, tDomain); }; - /** * Checking if the request is a logout call */ @@ -84,7 +85,18 @@ var client = {}; client.getEncodedSAMLAuthRequest = function (issuerId) { return Util.encode( Util.marshall( - new Packages.org.wso2.store.sso.common.builders.AuthReqBuilder().buildAuthenticationRequest(issuerId) + new Packages.org.jaggeryjs.modules.sso.common.builders.AuthReqBuilder().buildAuthenticationRequest(issuerId) + )); + }; + + /** + * getting url encoded signed saml authentication request + */ + client.getEncodedSignedSAMLAuthRequest = function (issuerId, destination, acsUrl, isPassive, tenantId, tenantDomain, nameIdPolicy) { + return Util.encode( + Util.marshall( + new Packages.org.jaggeryjs.modules.sso.common.builders.AuthReqBuilder().buildAuthenticationRequest(issuerId, destination, acsUrl, + isPassive, tenantId, tenantDomain, nameIdPolicy) )); }; @@ -94,11 +106,23 @@ var client = {}; client.getEncodedSAMLLogoutRequest = function (user, sessionIndex, issuerId) { return Util.encode( Util.marshall( - new Packages.org.wso2.store.sso.common.builders.LogoutRequestBuilder().buildLogoutRequest(user, sessionIndex, - Packages.org.wso2.store.sso.common.constants.SSOConstants.LOGOUT_USER, + new Packages.org.jaggeryjs.modules.sso.common.builders.LogoutRequestBuilder().buildLogoutRequest(user, sessionIndex, + Packages.org.jaggeryjs.modules.sso.common.constants.SSOConstants.LOGOUT_USER, issuerId))); }; + /** + * get url encoded signed saml logout request + */ + client.getEncodedSignedSAMLLogoutRequest = function (user, sessionIndex, issuerId, tenantId, tenantDomain, destination, nameIdFormat) { + return Util.encode( + Util.marshall( + new Packages.org.jaggeryjs.modules.sso.common.builders.LogoutRequestBuilder().buildLogoutRequest(user, sessionIndex, + Packages.org.jaggeryjs.modules.sso.common.constants.SSOConstants.LOGOUT_USER, + issuerId, tenantId, tenantDomain, destination, nameIdFormat))); + + }; + /** * Reads the returning SAML login response and populates a session info object */ @@ -157,13 +181,46 @@ var client = {}; }; + + /** + * Registers the provided Session HostObject against the IDP session index.This + * mapping is used to Single Logout all sessions when the logout method is called + * @param {String} idpSessionIndex The IDP session index provided in the SAML login response + * @param {String} serviceProvider + * @param {Object} session + */ + client.login = function(idpSessionIndex,serviceProvider,session){ + SSOSessionManager.getInstance().login(idpSessionIndex,serviceProvider,session); + }; + + /** + * Handles the Single Logout operation by invalidating the sessions mapped + * to the provided IDP session index. + * @param {Object} indicator Either a String representing the IDP session index or a session object + * @param {String} serviceProvider + */ + client.logout = function(indicator,serviceProvider) { + SSOSessionManager.getInstance().logout(indicator,serviceProvider); + }; + + /** + * Removes issuer, session and IDP index details.This method should be called from a session destroy + * listener.Please note that this method will not attempt to invalidate the session and will assume that + * the session invalidate method has been already called + * @param {Object} indicator Either a String representing the IDP session index or a session object + * @param {String} serviceProvider + */ + client.cleanUp = function(indicator,serviceProvider){ + SSOSessionManager.getInstance().cleanUp(indicator,serviceProvider); + } + /** * The method is used to encapsulate all of the validations that * should be performed on a SAML Response */ client.validateSamlResponse = function(samlObj, props, keyStoreProps) { props = props || {}; - var Util = Packages.org.wso2.store.sso.common.util.Util; + var Util = Packages.org.jaggeryjs.modules.sso.common.util.Util; var propList = createProperties(props); var DEFAULT_TO_TRUE = true; var DEFAULT_TO_FALSE = false; @@ -206,31 +263,7 @@ var client = {}; isValid = callValidateAssertionSignature(samlObj, keyStoreProps); } return isValid; - }; - - /** - * getting url encoded signed saml authentication request - */ - client.getEncodedSignedSAMLAuthRequest = function (issuerId, destination, acsUrl, isPassive, tenantId, tenantDomain, nameIdPolicy) { - return Util.encode( - Util.marshall( - new Packages.org.jaggeryjs.modules.sso.common.builders.AuthReqBuilder().buildAuthenticationRequest(issuerId, destination, acsUrl, - isPassive, tenantId, tenantDomain, nameIdPolicy) - )); - }; - - /** - * get url encoded signed saml logout request - */ - client.getEncodedSignedSAMLLogoutRequest = function (user, sessionIndex, issuerId, tenantId, tenantDomain, destination, nameIdFormat) { - return Util.encode( - Util.marshall( - new Packages.org.jaggeryjs.modules.sso.common.builders.LogoutRequestBuilder().buildLogoutRequest(user, sessionIndex, - Packages.org.wso2.store.sso.common.constants.SSOConstants.LOGOUT_USER, - issuerId))); - - }; - + } /** * A utility method used to convert a JSON object to * a properties object @@ -249,7 +282,7 @@ var client = {}; * resolving tenant details */ function callValidateAssertionSignature(samlObj, config) { - var Util = Packages.org.wso2.store.sso.common.util.Util; + var Util = Packages.org.jaggeryjs.modules.sso.common.util.Util; var tDomain, tId; var carbon = require('carbon'); if (config.USE_ST_KEY) { @@ -264,4 +297,4 @@ var client = {}; return Util.validateAssertionSignature(samlObj, config.KEY_STORE_NAME, config.KEY_STORE_PASSWORD, config.IDP_ALIAS, tId, tDomain); } -}(client)); \ No newline at end of file +}(client));