From e23044d59db3bfa810981104f4502a5b778d9091 Mon Sep 17 00:00:00 2001 From: GPrathap Date: Sun, 5 Jun 2016 23:15:54 +0530 Subject: [PATCH 1/2] fixing jira:IOTS-195 --- .../devicemgt/app/conf/app-conf.json | 9 +++- .../uuf-template-app/lib/constants.js | 2 + .../uuf-template-app/lib/modules/auth/auth.js | 43 +++++++++++++++---- 3 files changed, 44 insertions(+), 10 deletions(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/app-conf.json b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/app-conf.json index bdfd53568a7..de8d82f5b9d 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/app-conf.json +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/app-conf.json @@ -26,7 +26,14 @@ } }, "sso": { - "enabled": false + "enabled": true, + "issuer" : "devicemgt", + "appName" : "devicemgt", + "identityProviderUrl" : "https://localhost:9443/samlsso", + "acs": "https://localhost:9443/devicemgt/uuf/sso/acs", + "identityAlias": "wso2carbon", + "responseSigningEnabled" : "true", + "useTenantKey": false } }, "errorPages": { diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/constants.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/constants.js index 82b339f43bf..f7806238b68 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/constants.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/constants.js @@ -69,6 +69,8 @@ var constants = { APP_CONF_AUTH_MODULE_SSO_IDENTITY_PROVIDER_ALIAS: "identityProviderAlias", APP_CONF_AUTH_MODULE_SSO_IDENTITY_PROVIDER_URL: "identityProviderUrl", APP_CONF_AUTH_MODULE_SSO_INTERMEDIATE_PAGE: "intermediatePage", + APP_CONF_AUTH_MODULE_SSO_IDENTITY_ALIAS : "identityAlias", + APP_CONF_AUTH_MODULE_SSO_USE_ST_KEY : "useTenantKey", // Configurations - UUF UUF_CONF_DISPLAY_NAME: "displayName", UUF_CONF_LOG_LEVEL: "logLevel", diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js index 922563ed6bf..9809f0a9988 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js @@ -501,7 +501,6 @@ var module = {}; response.sendError(500, e.message); return; } - if (ssoClient.isLogoutResponse(samlResponseObj)) { // This is a logout response. module.logout(response); @@ -510,11 +509,15 @@ var module = {}; var ssoConfigs = getSsoConfigurations(); var rsEnabled = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_RESPONSE_SIGNING_ENABLED]; if (utils.parseBoolean(rsEnabled)) { - // Response signing is enabled. + var CarbonUtils = Packages.org.wso2.carbon.utils.CarbonUtils; + var keyStorePassword = CarbonUtils.getServerConfiguration().getFirstProperty("Security.TrustStore.Password"); + var keyStoreName = CarbonUtils.getServerConfiguration().getFirstProperty("Security.TrustStore.Location"); + var identityAlias = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_IDENTITY_ALIAS]; var keyStoreParams = { - KEY_STORE_NAME: ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_KEY_STORE_NAME], - KEY_STORE_PASSWORD: ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_KEY_STORE_PASSWORD], - IDP_ALIAS: ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_IDENTITY_PROVIDER_ALIAS] + KEY_STORE_NAME: keyStoreName, + KEY_STORE_PASSWORD: keyStorePassword, + IDP_ALIAS: identityAlias, + USE_ST_KEY: !ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_USE_ST_KEY] }; if (!ssoClient.validateSignature(samlResponseObj, keyStoreParams)) { var msg = "Invalid signature found in the SAML response."; @@ -532,10 +535,13 @@ var module = {}; if (ssoSession.sessionId) { var ssoSessions = getSsoSessions(); ssoSessions[ssoSession.sessionId] = ssoSession; - var carbonUser = (require("carbon")).server.tenantUser(ssoSession.loggedInUser); - utils.setCurrentUser(carbonUser.username, carbonUser.domain, carbonUser.tenantId); - var scriptArgument = {input: {samlToken: ssoSession.samlToken}, user: module.getCurrentUser()}; - handleEvent(OPERATION_LOGIN, EVENT_SUCCESS, scriptArgument); + if (ssoSessions.sessionIndex != null || ssoSessions.sessionIndex != 'undefined') { + module.loadTenant(ssoSessions.loggedInUser); + var carbonUser = (require("carbon")).server.tenantUser(ssoSession.loggedInUser); + utils.setCurrentUser(carbonUser.username, carbonUser.domain, carbonUser.tenantId); + var scriptArgument = {input: {samlToken: ssoSession.samlToken}, user: module.getCurrentUser()}; + handleEvent(OPERATION_LOGIN, EVENT_SUCCESS, scriptArgument); + } } else { var msg = "Cannot decode SAML login response."; log.error(msg); @@ -544,6 +550,25 @@ var module = {}; } }; + /** + * Load current user tenant + * @param username logged user name + */ + module.loadTenant = function (username) { + var carbon = require('carbon'); + var MultitenantUtils = Packages.org.wso2.carbon.utils.multitenancy.MultitenantUtils; + var MultitenantConstants = Packages.org.wso2.carbon.base.MultitenantConstants; + var TenantAxisUtils = Packages.org.wso2.carbon.core.multitenancy.utils.TenantAxisUtils; + var service; + var ctx; + var domain = MultitenantUtils.getTenantDomain(username); + if (domain != null && !MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(domain)) { + service = carbon.server.osgiService('org.wso2.carbon.utils.ConfigurationContextService'); + ctx = service.getServerConfigContext(); + TenantAxisUtils.setTenantAccessed(domain, ctx); + } + }; + /** * Basic login. * @param request {Object} HTTP request From efb71d472a4128c37c1f2b28f0dc5da7c4310ac2 Mon Sep 17 00:00:00 2001 From: GPrathap Date: Sun, 5 Jun 2016 23:21:39 +0530 Subject: [PATCH 2/2] changing sso default state --- .../main/resources/jaggeryapps/devicemgt/app/conf/app-conf.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/app-conf.json b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/app-conf.json index de8d82f5b9d..a64219b95dd 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/app-conf.json +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/app-conf.json @@ -26,7 +26,7 @@ } }, "sso": { - "enabled": true, + "enabled": false, "issuer" : "devicemgt", "appName" : "devicemgt", "identityProviderUrl" : "https://localhost:9443/samlsso",