diff --git a/modules/analytics/distribution/src/ues/designer.json b/modules/analytics/distribution/src/ues/designer.json
index 7b817a49..f530bd67 100644
--- a/modules/analytics/distribution/src/ues/designer.json
+++ b/modules/analytics/distribution/src/ues/designer.json
@@ -43,11 +43,11 @@
"password":"admin",
"dynamicClientAppRegistrationServiceURL": "https://localhost:9443/dynamic-client-web/register",
"apiManagerClientAppRegistrationServiceURL": "https://localhost:9443/api-application-registration/register/tenants",
- "grantType": "password refresh_token urn:ietf:carbon:signed:grant-type:saml2-bearer urn:ietf:params:oauth:grant-type:jwt-bearer",
+ "grantType": "password refresh_token urn:ietf:urn:ietf:params:oauth:grant-type:saml2-bearer urn:ietf:params:oauth:grant-type:jwt-bearer",
"tokenScope": "admin",
"callbackUrl": "https://localhost:9445/portal",
"saasApp":true,
- "samlGrantTypeName":"urn:ietf:carbon:signed:grant-type:saml2-bearer"
+ "samlGrantTypeName":"urn:ietf:params:oauth:grant-type:saml2-bearer"
},
"tokenServiceURL": "https://localhost:9443/oauth2/token"
diff --git a/modules/core/distribution/identity_config_change.xml b/modules/core/distribution/identity_config_change.xml
index 8e497d20..7bfd9df4 100644
--- a/modules/core/distribution/identity_config_change.xml
+++ b/modules/core/distribution/identity_config_change.xml
@@ -29,13 +29,4 @@
org.wso2.carbon.identity.oauth2.grant.jwt.JWTGrantValidator
]]>
-
- //s:Server/s:OAuth/s:SupportedGrantTypes/s:SupportedGrantType[s:GrantTypeName='iwa:ntlm']
-
-
- urn:ietf:carbon:signed:grant-type:saml2-bearer
- org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant.ExtendedSAML2BearerGrantHandler
- org.wso2.carbon.identity.oauth.common.SAML2GrantValidator
- ]]>
-
\ No newline at end of file
diff --git a/modules/core/distribution/pom.xml b/modules/core/distribution/pom.xml
index ecb942e9..910fa08b 100644
--- a/modules/core/distribution/pom.xml
+++ b/modules/core/distribution/pom.xml
@@ -128,7 +128,7 @@
/Server/OAuth/SupportedGrantTypes/SupportedGrantType
(org.wso2.carbon.identity.oauth2.token.handlers.grant.saml.SAML2BearerGrantHandler)
- org.wso2.carbon.apimgt.keymgt.handlers.ExtendedSAML2BearerGrantHandler
+ org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant.ExtendedSAML2BearerGrantHandler
/Server/OAuth/SupportedGrantTypes/SupportedGrantType
@@ -140,7 +140,11 @@
(org.wso2.carbon.identity.oauth.callback.DefaultCallbackHandler)
org.wso2.carbon.apimgt.keymgt.util.APIManagerOAuthCallbackHandler
-
+
+ /Server/SSOService/UseAuthenticatedUserDomainCrypto
+ (false)
+ true
+
diff --git a/modules/core/distribution/src/assembly/bin.xml b/modules/core/distribution/src/assembly/bin.xml
index 4410406d..0849ebbb 100644
--- a/modules/core/distribution/src/assembly/bin.xml
+++ b/modules/core/distribution/src/assembly/bin.xml
@@ -115,6 +115,7 @@
**/repository/conf/security/Owasp.CsrfGuard.Carbon.properties
**/repository/components/plugins/httpclient_4.3.2.wso2v1.jar
**/conf/tomcat/carbon/WEB-INF/web.xml
+ **/repository/components/plugins/org.wso2.carbon.hostobjects.sso_4.5.4.jar
@@ -741,7 +742,6 @@
**/configs/designer.json
- **/modules/oauth/token-handler-utils.js
**/jaggery.conf
@@ -798,15 +798,6 @@
755
-
-
-
- src/repository/jaggeryapps/portal/modules/oauth/token-handler-utils.js
-
- ${pom.artifactId}-${pom.version}/repository/deployment/server/jaggeryapps/portal/modules/oauth
-
- 755
-
diff --git a/modules/core/distribution/src/repository/conf/etc/webapp-publisher-config.xml b/modules/core/distribution/src/repository/conf/etc/webapp-publisher-config.xml
index 0784d2a4..59a239ac 100644
--- a/modules/core/distribution/src/repository/conf/etc/webapp-publisher-config.xml
+++ b/modules/core/distribution/src/repository/conf/etc/webapp-publisher-config.xml
@@ -35,6 +35,6 @@
default
- devicetype-publisher
+ device-manager
\ No newline at end of file
diff --git a/modules/core/distribution/src/repository/conf/identity/service-providers/publisher.xml b/modules/core/distribution/src/repository/conf/identity/service-providers/publisher.xml
index 503833ce..33a4736d 100644
--- a/modules/core/distribution/src/repository/conf/identity/service-providers/publisher.xml
+++ b/modules/core/distribution/src/repository/conf/identity/service-providers/publisher.xml
@@ -44,7 +44,7 @@
true
- false
+ true
diff --git a/modules/core/distribution/src/repository/conf/identity/service-providers/store.xml b/modules/core/distribution/src/repository/conf/identity/service-providers/store.xml
index 27bb258e..9503a87d 100644
--- a/modules/core/distribution/src/repository/conf/identity/service-providers/store.xml
+++ b/modules/core/distribution/src/repository/conf/identity/service-providers/store.xml
@@ -44,7 +44,7 @@
true
- false
+ true
diff --git a/modules/core/distribution/src/repository/jaggeryapps/portal/configs/designer.json b/modules/core/distribution/src/repository/jaggeryapps/portal/configs/designer.json
index 440e21cc..2f049839 100644
--- a/modules/core/distribution/src/repository/jaggeryapps/portal/configs/designer.json
+++ b/modules/core/distribution/src/repository/jaggeryapps/portal/configs/designer.json
@@ -20,7 +20,7 @@
"acs": "%https.host%/portal/acs",
"identityAlias": "wso2carbon",
"defaultNameIDPolicy": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified",
- "useTenantKey": false,
+ "useTenantKey": true,
"isPassive": false
}
},
@@ -34,7 +34,7 @@
"methods": {
"oauth": {
"attributes": {
- "apimgt-gateway": false,
+ "apimgt-gateway": true,
"oauthProvider": {
"appRegistration": {
"appType": "webapp",
@@ -43,11 +43,11 @@
"password":"admin",
"dynamicClientAppRegistrationServiceURL": "https://localhost:9443/dynamic-client-web/register",
"apiManagerClientAppRegistrationServiceURL": "%https.host%/api-application-registration/register/tenants",
- "grantType": "password refresh_token urn:ietf:carbon:signed:grant-type:saml2-bearer urn:ietf:params:oauth:grant-type:jwt-bearer",
+ "grantType": "password refresh_token urn:ietf:params:oauth:grant-type:saml2-bearer urn:ietf:params:oauth:grant-type:jwt-bearer",
"tokenScope": "admin",
"callbackUrl": "%https.host%/portal",
"saasApp":true,
- "samlGrantTypeName":"urn:ietf:carbon:signed:grant-type:saml2-bearer"
+ "samlGrantTypeName":"urn:ietf:params:oauth:grant-type:saml2-bearer"
},
"tokenServiceURL": "https://localhost:9443/oauth2/token"
},
diff --git a/modules/core/distribution/src/repository/jaggeryapps/portal/modules/oauth/token-handler-utils.js b/modules/core/distribution/src/repository/jaggeryapps/portal/modules/oauth/token-handler-utils.js
deleted file mode 100644
index 8998a19b..00000000
--- a/modules/core/distribution/src/repository/jaggeryapps/portal/modules/oauth/token-handler-utils.js
+++ /dev/null
@@ -1,567 +0,0 @@
-/*
- * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
- *
- * WSO2 Inc. licenses this file to you under the Apache License,
- * Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
- * either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-var utils = function () {
- var log = new Log("/modules/oauth/token-handler-utils.js");
-
- var configs = require('/configs/portal.js').config();
- var constants = require("/modules/constants.js");
- var carbon = require("carbon");
-
- //noinspection JSUnresolvedVariable
- var Base64 = Packages.org.apache.commons.codec.binary.Base64;
- //noinspection JSUnresolvedVariable
- var String = Packages.java.lang.String;
-
- var publicMethods = {};
- var privateMethods = {};
-
- publicMethods["encode"] = function (payload) {
- return String(Base64.encodeBase64(String(payload).getBytes()));
- };
-
- publicMethods["decode"] = function (payload) {
- return String(Base64.decodeBase64(String(payload).getBytes()));
- };
-
- /**
- * Check whether this application is oauth enable or not
- * @returns boolean if oauth enable
- */
- publicMethods["checkOAuthEnabled"] = function () {
- if (constants.AUTHORIZATION_TYPE_OAUTH === configs["authorization"]["activeMethod"]) {
- return true;
- }
- return false;
- };
-
- /**
- * Set access token into xml http request header
- * @param xhr xml http request
- * @returns {*} xhr which has access token it's header
- */
- publicMethods["setAccessToken"] = function (xhr, callback) {
- var accessToken;
- if (publicMethods.checkOAuthEnabled()) {
- try {
- accessToken = parse(session.get(constants.ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL))["accessToken"];
- xhr.setRequestHeader(constants.AUTHORIZATION_HEADER, constants.BEARER_PREFIX + accessToken);
- } catch (exception) {
- log.error("Access token hasn't been set yet, " + exception);
- } finally {
- callback(xhr);
- }
- }
- callback(xhr);
- };
-
- /**
- * Get access token of current logged user
- * @param callBack response with access token
- */
- publicMethods["getAccessToken"] = function (callBack) {
- var accessToken = null;
- if (publicMethods.checkOAuthEnabled()) {
- try {
- accessToken = parse(session.get(constants.ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL))["accessToken"];
- } catch (exception) {
- log.error("Access token hasn't been set yet, " + exception);
- } finally {
- callBack(accessToken);
- }
- }
- callBack(accessToken);
- };
-
- /**
- * Create error message which adhere to xml http response object
- * @param statusCode response status code
- * @param status response status
- * @param responseText response message
- * @returns {{statusCode: *, status: *, responseText: *}}
- */
- publicMethods["createXHRObject"] = function (statusCode, status, responseText) {
- return {"statusCode": statusCode, "status": status, "responseText": responseText};
- };
-
- /**
- * check whether user already logged to system before invoking any apis
- * @param callBack
- */
- publicMethods["isUserAuthorized"] = function (callBack) {
- if (session.get("Loged") !== constants.LOGIN_MESSAGE) {
- callBack(false);
- } else {
- callBack(true);
- }
- };
-
- /**
- * Get identity provider uir
- * @returns {*}
- */
- publicMethods["getIdPServerURL"] = function () {
- return configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["tokenServiceURL"];
- };
-
- /**
- * Get an Access token pair based on client secret
- * @param encodedClientKeys {{clientId:"", clientSecret:""}}
- * @param scope eg: PRODUCTION
- * @param idPServer identity provider url
- * @returns {{accessToken: *, refreshToken: *}}
- */
- publicMethods["getTokenWithClientSecretType"] = function (encodedClientKeys, scope, idPServer) {
- var xhr = new XMLHttpRequest();
- var tokenEndpoint = idPServer;
- xhr.open(constants.HTTP_POST, tokenEndpoint, false);
- xhr.setRequestHeader(constants.CONTENT_TYPE_IDENTIFIER, constants.APPLICATION_X_WWW_FOR_URLENCODED);
- xhr.setRequestHeader(constants.AUTHORIZATION_HEADER, constants.BASIC_PREFIX + encodedClientKeys);
- xhr.send("grant_type=client_credentials&scope=" + scope);
- var tokenPair = {};
- if (xhr.status == constants.HTTP_ACCEPTED) {
- var data = parse(xhr.responseText);
- tokenPair.refreshToken = data.refresh_token;
- tokenPair.accessToken = data.access_token;
- } else if (xhr.status == constants.HTTP_USER_NOT_AUTHENTICATED) {
- log.error("Error in obtaining token with client secret grant type, You are not authenticated yet");
- return null;
- } else {
- log.error("Error in obtaining token with client secret grant type, This might be a problem with client meta " +
- "data which required for client secret grant type");
- return null;
- }
- return tokenPair;
- };
-
-
- /**
- * This will create client id and client secret for a given application
- * @param properties "callbackUrl": "",
- * "clientName": "",
- * "owner": "",
- * "applicationType": "",
- * "grantType": "",
- * "saasApp" :"",
- * "dynamicClientRegistrationEndPoint" : ""
- *
- * @returns {{clientId:*, clientSecret:*}}
- */
- publicMethods["getDynamicClientAppCredentials"] = function (username) {
- // setting up dynamic client application properties
- var dcAppProperties = {
- "applicationType": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["appType"],
- "clientName": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["clientName"],
- "owner": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["owner"],
- "tokenScope": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["tokenScope"],
- "grantType": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["grantType"],
- "callbackUrl": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["callbackUrl"],
- "saasApp" : configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["saasApp"]
- };
-
- var tenantDomain = carbon.server.tenantDomain({username: username});
- if (!tenantDomain) {
- log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving tenant " +
- "based client application credentials. Unable to obtain a valid tenant domain for provided username "+
- username +"- getDynamicClientAppCredentials(x)");
- return null;
- } else {
- var cachedTenantBasedClientAppCredentials = privateMethods.
- getCachedTenantBasedClientAppCredentials(tenantDomain);
- if (cachedTenantBasedClientAppCredentials) {
- return cachedTenantBasedClientAppCredentials;
- } else {
- // calling dynamic client app registration service endpoint
- var requestURL = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]
- ["dynamicClientAppRegistrationServiceURL"];
- var requestPayload = dcAppProperties;
- var token = publicMethods.encode(configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]
- ["appRegistration"]["owner"] + ":" + configs["authorization"]["methods"]["oauth"]["attributes"]
- ["oauthProvider"]["appRegistration"]["password"]);
- var xhr = new XMLHttpRequest();
- xhr.open("POST", requestURL, false);
- xhr.setRequestHeader("Content-Type", "application/json");
- xhr.setRequestHeader("Authorization", "Basic "+ token);
- xhr.send(stringify(requestPayload));
- var dynamicClientAppCredentials = {};
- if (xhr["status"] == 201 || xhr["status"] == 200 && xhr["responseText"]) {
- var responsePayload = parse(xhr["responseText"]);
- var clientId = responsePayload["client_id"];
- var clientSecret = responsePayload["client_secret"];
- if(typeof clientId == "undefined"){
- clientId = responsePayload["clientId"];
- }
- if(typeof clientSecret == "undefined"){
- clientSecret = responsePayload["clientSecret"];
- }
- dynamicClientAppCredentials["clientId"] = clientId;
- dynamicClientAppCredentials["clientSecret"] = clientSecret;
- privateMethods.
- setCachedTenantBasedClientAppCredentials(tenantDomain, dynamicClientAppCredentials);
- } else if (xhr["status"] == 400) {
- log.error("{/modules/oauth/token-handler-utils.js - getDynamicClientAppCredentials()} " +
- "Bad request. Invalid data provided as dynamic client application properties.");
- dynamicClientAppCredentials = null;
- } else {
- log.error("{/modules/oauth/token-handler-utils.js - getDynamicClientAppCredentials()} " +
- "Error in retrieving dynamic client credentials.");
- dynamicClientAppCredentials = null;
- }
- // returning dynamic client credentials
- return dynamicClientAppCredentials;
- }
- }
- };
-
- /**
- * If gateway is enable, apiManagerClientAppRegistrationServiceURL is used to create oauth application
- * @param username username of current logged user
- * @returns {{clientId:*, clientSecret:*}}
- */
- publicMethods["getTenantBasedClientAppCredentials"] = function (username) {
- if (!username) {
- log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving tenant " +
- "based client app credentials. No username " +
- "as input - getTenantBasedClientAppCredentials(x)");
- return null;
- } else {
- //noinspection JSUnresolvedFunction, JSUnresolvedVariable
- var tenantDomain = carbon.server.tenantDomain({username: username});
-
- if (!tenantDomain) {
- log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving tenant " +
- "based client application credentials. Unable to obtain a valid tenant domain for provided " +
- "username - getTenantBasedClientAppCredentials(x, y)");
- return null;
- } else {
- var cachedTenantBasedClientAppCredentials = privateMethods.
- getCachedTenantBasedClientAppCredentials(tenantDomain);
- if (cachedTenantBasedClientAppCredentials) {
- return cachedTenantBasedClientAppCredentials;
- } else {
- var adminUsername = configs["authorization"]["methods"]["oauth"]["attributes"]["adminUser"];
- var adminUserTenantId = configs["authorization"]["methods"]["oauth"]["attributes"]
- ["adminUserTenantId"];
- //claims required for jwtAuthenticator.
- var claims = {"http://wso2.org/claims/enduserTenantId": adminUserTenantId,
- "http://wso2.org/claims/enduser": adminUsername};
- var jwtToken = publicMethods.getJwtToken(adminUsername, claims);
- // register a tenant based client app at API Manager
- var applicationName = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]
- ["appRegistration"]["clientName"] + "_" + tenantDomain;
- var requestURL = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]
- ["appRegistration"]["apiManagerClientAppRegistrationServiceURL"] +
- "?tenantDomain=" + tenantDomain + "&applicationName=" + applicationName;
- var xhr = new XMLHttpRequest();
- xhr.open("POST", requestURL, false);
- xhr.setRequestHeader("Content-Type", "application/json");
- xhr.setRequestHeader("X-JWT-Assertion", "" + jwtToken);
- xhr.send();
- if ((xhr["status"] == 201 || xhr["status"] == 200) && xhr["responseText"]) {
- var responsePayload = parse(xhr["responseText"]);
- var tenantBasedClientAppCredentials = {};
- var clientId = responsePayload["client_id"];
- var clientSecret = responsePayload["client_secret"];
- if(typeof clientId == "undefined"){
- clientId = responsePayload["clientId"];
- }
- if(typeof clientSecret == "undefined"){
- clientSecret = responsePayload["clientSecret"];
- }
- tenantBasedClientAppCredentials["clientId"] = clientId;
- tenantBasedClientAppCredentials["clientSecret"] = clientSecret;
- privateMethods.
- setCachedTenantBasedClientAppCredentials(tenantDomain, tenantBasedClientAppCredentials);
- return tenantBasedClientAppCredentials;
- } else {
- log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving tenant " +
- "based client application credentials from API " +
- "Manager - getTenantBasedClientAppCredentials(x, y)");
- return null;
- }
- }
- }
- }
- };
-
- /**
- * Caching oauth application credentials
- * @param tenantDomain tenant domain where application is been created
- * @param clientAppCredentials {{clientId:*, clientSecret:*}}
- */
- privateMethods["setCachedTenantBasedClientAppCredentials"] = function (tenantDomain, clientAppCredentials) {
- var cachedTenantBasedClientAppCredentialsMap = application.get(constants["CACHED_CREDENTIALS_PORTAL_APP"]);
- if (!cachedTenantBasedClientAppCredentialsMap) {
- cachedTenantBasedClientAppCredentialsMap = {};
- cachedTenantBasedClientAppCredentialsMap[tenantDomain] = clientAppCredentials;
- application.put(constants["CACHED_CREDENTIALS_PORTAL_APP"], cachedTenantBasedClientAppCredentialsMap);
- } else if (!cachedTenantBasedClientAppCredentialsMap[tenantDomain]) {
- cachedTenantBasedClientAppCredentialsMap[tenantDomain] = clientAppCredentials;
- }
- };
-
- /**
- * Get oauth application credentials from cache
- * @param tenantDomain tenant domain where application is been created
- * @returns {{clientId:*, clientSecret:*}}
- */
- privateMethods["getCachedTenantBasedClientAppCredentials"] = function (tenantDomain) {
- var cachedTenantBasedClientAppCredentialsMap = application.get(constants["CACHED_CREDENTIALS_PORTAL_APP"]);
- if (!cachedTenantBasedClientAppCredentialsMap ||
- !cachedTenantBasedClientAppCredentialsMap[tenantDomain]) {
- return null;
- } else {
- return cachedTenantBasedClientAppCredentialsMap[tenantDomain];
- }
- };
-
- /**
- * Get access token and refresh token using password grant type
- * @param username username of the logged user
- * @param password password of the logged user
- * @param encodedClientAppCredentials {{clientId:*, clientSecret:*}}
- * @param scopes scopes list
- * @returns {{accessToken: *, refreshToken: *}}
- */
- publicMethods["getTokenPairAndScopesByPasswordGrantType"] = function (username, password
- , encodedClientAppCredentials, scopes) {
- if (!username || !password || !encodedClientAppCredentials || !scopes) {
- log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving access token by password " +
- "grant type. No username, password, encoded client app credentials or scopes are " +
- "found - getTokenPairAndScopesByPasswordGrantType(a, b, c, d)");
- return null;
- } else {
- // calling oauth provider token service endpoint
- var requestURL = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]
- ["tokenServiceURL"];
- var requestPayload = "grant_type=password&username=" +
- username + "&password=" + password + "&scope=" + scopes;
-
- var xhr = new XMLHttpRequest();
- xhr.open("POST", requestURL, false);
- xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
- xhr.setRequestHeader("Authorization", "Basic " + encodedClientAppCredentials);
- xhr.send(requestPayload);
-
- if (xhr["status"] == 200 && xhr["responseText"]) {
- var responsePayload = parse(xhr["responseText"]);
- var tokenData = {};
- tokenData["accessToken"] = responsePayload["access_token"];
- tokenData["refreshToken"] = responsePayload["refresh_token"];
- tokenData["scopes"] = responsePayload["scope"];
- return tokenData;
- } else {
- log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving access token " +
- "by password grant type - getTokenPairAndScopesByPasswordGrantType(a, b, c, d)");
- return null;
- }
- }
- };
-
- /**
- * Get access token and refresh token using SAML grant type
- * @param assertion
- * @param encodedClientAppCredentials
- * @param scopes
- * @returns {{accessToken: *, refreshToken: *}}
- */
- publicMethods["getTokenPairAndScopesBySAMLGrantType"] = function (assertion, encodedClientAppCredentials, scopes) {
- if (!assertion || !encodedClientAppCredentials || !scopes) {
- log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving access token by saml " +
- "grant type. No assertion, encoded client app credentials or scopes are " +
- "found - getTokenPairAndScopesBySAMLGrantType(x, y, z)");
- return null;
- } else {
-
- var assertionXML = publicMethods.decode(assertion);
- /*
- TODO: make assertion extraction with proper parsing.
- Since Jaggery XML parser seem to add formatting which causes signature verification to fail.
- */
- var assertionStartMarker = "