From 327f49cfd9766aaf251a2e596c520c5062b7b1fb Mon Sep 17 00:00:00 2001 From: Ace Date: Wed, 24 Jan 2018 10:52:33 +0530 Subject: [PATCH] Fix for https://github.com/wso2/product-iots/issues/1399 --- .../devicemgt/app/conf/app-conf.json | 2 ++ .../uuf-template-app/lib/constants.js | 3 +++ .../uuf-template-app/lib/modules/auth/auth.js | 18 ++++++++++++++++-- 3 files changed, 21 insertions(+), 2 deletions(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/app-conf.json b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/app-conf.json index a81f661c991..93c0fef2e1e 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/app-conf.json +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/app-conf.json @@ -33,6 +33,8 @@ "identityProviderUrl" : "https://%iot.keymanager.host%:%iot.keymanager.https.port%/samlsso", "acs": "https://%iot.manager.host%:%iot.manager.https.port%/devicemgt/uuf/sso/acs", "identityAlias": "wso2carbon", + "defaultNameIDPolicy": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "isPassive":false, "responseSigningEnabled" : true, "validateAssertionValidityPeriod": true, "validateAudienceRestriction": true, diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/constants.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/constants.js index 8a4e0677f1b..02ab4a66dd5 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/constants.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/constants.js @@ -63,6 +63,9 @@ var constants = { APP_CONF_AUTH_MODULE_SSO: "sso", APP_CONF_AUTH_MODULE_SSO_ENABLED: "enabled", APP_CONF_AUTH_MODULE_SSO_ISSUER: "issuer", + APP_CONF_AUTH_MODULE_SSO_ACS: "acs", + APP_CONF_AUTH_MODULE_SSO_IS_PASSIVE: "isPassive", + APP_CONF_AUTH_MODULE_SSO_DEFAULT_NAME_ID_POLICY: "defaultNameIDPolicy", APP_CONF_AUTH_MODULE_SSO_RESPONSE_SIGNING_ENABLED: "responseSigningEnabled", APP_CONF_AUTH_MODULE_SSO_KEY_STORE_NAME: "keyStoreName", APP_CONF_AUTH_MODULE_SSO_KEY_STORE_PASSWORD: "keyStorePassword", diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js index fad0b27b99e..838d2bd8fb4 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js @@ -271,7 +271,9 @@ var module = {}; } function getSsoLoginRequestParams() { + var ssoClient = require("sso").client; var ssoConfigs = getSsoConfigurations(); + var carbon = require('carbon'); // Identity Provider URL var identityProviderUrl = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_IDENTITY_PROVIDER_URL]; if (!identityProviderUrl || (identityProviderUrl.length == 0)) { @@ -284,6 +286,13 @@ var module = {}; } // Issuer var issuer = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_ISSUER]; + var nameIDPolicy = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_DEFAULT_NAME_ID_POLICY]; + var signingEnabled = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_RESPONSE_SIGNING_ENABLED]; + var identityProviderUrl = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_IDENTITY_PROVIDER_URL]; + var isPassive = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_IS_PASSIVE]; + var acs = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_ACS]; + var superTenant = carbon.server.superTenant; + if (!issuer || (issuer.length == 0)) { var msg = "Issuer is not given in SSO configurations in Auth module configurations in " + "application configuration file '" + constants.FILE_APP_CONF + "'."; @@ -294,7 +303,12 @@ var module = {}; // SAML authentication request var encodedSAMLAuthRequest; try { - encodedSAMLAuthRequest = (require("sso")).client.getEncodedSAMLAuthRequest(issuer); + if (signingEnabled) { + encodedSAMLAuthRequest = ssoClient.getEncodedSignedSAMLAuthRequest(issuer, + identityProviderUrl, acs, isPassive, superTenant.tenantId, superTenant.domain, nameIDPolicy); + } else { + encodedSAMLAuthRequest = ssoClient.getEncodedSAMLAuthRequest(issuer); + } } catch (e) { log.error("Cannot create SAML login authorization token with issuer '" + issuer + "'."); log.error(e.message, e); @@ -529,7 +543,7 @@ var module = {}; response.sendError(500, msg); return; } - + /** * @type {{sessionId: string, loggedInUser: string, sessionIndex: string, samlToken: * string}}