From e23044d59db3bfa810981104f4502a5b778d9091 Mon Sep 17 00:00:00 2001
From: GPrathap <geesara@wso2.com>
Date: Sun, 5 Jun 2016 23:15:54 +0530
Subject: [PATCH 1/2] fixing  jira:IOTS-195

---
 .../devicemgt/app/conf/app-conf.json          |  9 +++-
 .../uuf-template-app/lib/constants.js         |  2 +
 .../uuf-template-app/lib/modules/auth/auth.js | 43 +++++++++++++++----
 3 files changed, 44 insertions(+), 10 deletions(-)

diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/app-conf.json b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/app-conf.json
index bdfd53568a..de8d82f5b9 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/app-conf.json
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/app-conf.json
@@ -26,7 +26,14 @@
             }
         },
         "sso": {
-            "enabled": false
+            "enabled": true,
+            "issuer" : "devicemgt",
+            "appName" : "devicemgt",
+            "identityProviderUrl" : "https://localhost:9443/samlsso",
+            "acs": "https://localhost:9443/devicemgt/uuf/sso/acs",
+            "identityAlias": "wso2carbon",
+            "responseSigningEnabled" : "true",
+            "useTenantKey": false
         }
     },
     "errorPages": {
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/constants.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/constants.js
index 82b339f43b..f7806238b6 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/constants.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/constants.js
@@ -69,6 +69,8 @@ var constants = {
     APP_CONF_AUTH_MODULE_SSO_IDENTITY_PROVIDER_ALIAS: "identityProviderAlias",
     APP_CONF_AUTH_MODULE_SSO_IDENTITY_PROVIDER_URL: "identityProviderUrl",
     APP_CONF_AUTH_MODULE_SSO_INTERMEDIATE_PAGE: "intermediatePage",
+    APP_CONF_AUTH_MODULE_SSO_IDENTITY_ALIAS : "identityAlias",
+    APP_CONF_AUTH_MODULE_SSO_USE_ST_KEY : "useTenantKey",
     // Configurations - UUF
     UUF_CONF_DISPLAY_NAME: "displayName",
     UUF_CONF_LOG_LEVEL: "logLevel",
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js
index 922563ed6b..9809f0a998 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js
@@ -501,7 +501,6 @@ var module = {};
             response.sendError(500, e.message);
             return;
         }
-
         if (ssoClient.isLogoutResponse(samlResponseObj)) {
             // This is a logout response.
             module.logout(response);
@@ -510,11 +509,15 @@ var module = {};
             var ssoConfigs = getSsoConfigurations();
             var rsEnabled = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_RESPONSE_SIGNING_ENABLED];
             if (utils.parseBoolean(rsEnabled)) {
-                // Response signing is enabled.
+                var CarbonUtils = Packages.org.wso2.carbon.utils.CarbonUtils;
+                var keyStorePassword = CarbonUtils.getServerConfiguration().getFirstProperty("Security.TrustStore.Password");
+                var keyStoreName = CarbonUtils.getServerConfiguration().getFirstProperty("Security.TrustStore.Location");
+                var identityAlias = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_IDENTITY_ALIAS];
                 var keyStoreParams = {
-                    KEY_STORE_NAME: ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_KEY_STORE_NAME],
-                    KEY_STORE_PASSWORD: ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_KEY_STORE_PASSWORD],
-                    IDP_ALIAS: ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_IDENTITY_PROVIDER_ALIAS]
+                    KEY_STORE_NAME: keyStoreName,
+                    KEY_STORE_PASSWORD: keyStorePassword,
+                    IDP_ALIAS: identityAlias,
+                    USE_ST_KEY: !ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_USE_ST_KEY]
                 };
                 if (!ssoClient.validateSignature(samlResponseObj, keyStoreParams)) {
                     var msg = "Invalid signature found in the SAML response.";
@@ -532,10 +535,13 @@ var module = {};
             if (ssoSession.sessionId) {
                 var ssoSessions = getSsoSessions();
                 ssoSessions[ssoSession.sessionId] = ssoSession;
-                var carbonUser = (require("carbon")).server.tenantUser(ssoSession.loggedInUser);
-                utils.setCurrentUser(carbonUser.username, carbonUser.domain, carbonUser.tenantId);
-                var scriptArgument = {input: {samlToken: ssoSession.samlToken}, user: module.getCurrentUser()};
-                handleEvent(OPERATION_LOGIN, EVENT_SUCCESS, scriptArgument);
+                if (ssoSessions.sessionIndex != null || ssoSessions.sessionIndex != 'undefined') {
+                    module.loadTenant(ssoSessions.loggedInUser);
+                    var carbonUser = (require("carbon")).server.tenantUser(ssoSession.loggedInUser);
+                    utils.setCurrentUser(carbonUser.username, carbonUser.domain, carbonUser.tenantId);
+                    var scriptArgument = {input: {samlToken: ssoSession.samlToken}, user: module.getCurrentUser()};
+                    handleEvent(OPERATION_LOGIN, EVENT_SUCCESS, scriptArgument);
+                }
             } else {
                 var msg = "Cannot decode SAML login response.";
                 log.error(msg);
@@ -544,6 +550,25 @@ var module = {};
         }
     };
 
+    /**
+     * Load current user tenant
+     * @param username logged user name
+     */
+    module.loadTenant = function (username) {
+        var carbon = require('carbon');
+        var MultitenantUtils = Packages.org.wso2.carbon.utils.multitenancy.MultitenantUtils;
+        var MultitenantConstants = Packages.org.wso2.carbon.base.MultitenantConstants;
+        var TenantAxisUtils = Packages.org.wso2.carbon.core.multitenancy.utils.TenantAxisUtils;
+        var service;
+        var ctx;
+        var domain = MultitenantUtils.getTenantDomain(username);
+        if (domain != null && !MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(domain)) {
+            service = carbon.server.osgiService('org.wso2.carbon.utils.ConfigurationContextService');
+            ctx = service.getServerConfigContext();
+            TenantAxisUtils.setTenantAccessed(domain, ctx);
+        }
+    };
+
     /**
      * Basic login.
      * @param request {Object} HTTP request

From efb71d472a4128c37c1f2b28f0dc5da7c4310ac2 Mon Sep 17 00:00:00 2001
From: GPrathap <geesara@wso2.com>
Date: Sun, 5 Jun 2016 23:21:39 +0530
Subject: [PATCH 2/2] changing sso default state

---
 .../main/resources/jaggeryapps/devicemgt/app/conf/app-conf.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/app-conf.json b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/app-conf.json
index de8d82f5b9..a64219b95d 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/app-conf.json
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/app-conf.json
@@ -26,7 +26,7 @@
             }
         },
         "sso": {
-            "enabled": true,
+            "enabled": false,
             "issuer" : "devicemgt",
             "appName" : "devicemgt",
             "identityProviderUrl" : "https://localhost:9443/samlsso",