4.x.x
mharindu 9 years ago
commit a80ca2d696

@ -26,7 +26,14 @@
} }
}, },
"sso": { "sso": {
"enabled": false "enabled": false,
"issuer" : "devicemgt",
"appName" : "devicemgt",
"identityProviderUrl" : "https://localhost:9443/samlsso",
"acs": "https://localhost:9443/devicemgt/uuf/sso/acs",
"identityAlias": "wso2carbon",
"responseSigningEnabled" : "true",
"useTenantKey": false
} }
}, },
"errorPages": { "errorPages": {

@ -69,6 +69,8 @@ var constants = {
APP_CONF_AUTH_MODULE_SSO_IDENTITY_PROVIDER_ALIAS: "identityProviderAlias", APP_CONF_AUTH_MODULE_SSO_IDENTITY_PROVIDER_ALIAS: "identityProviderAlias",
APP_CONF_AUTH_MODULE_SSO_IDENTITY_PROVIDER_URL: "identityProviderUrl", APP_CONF_AUTH_MODULE_SSO_IDENTITY_PROVIDER_URL: "identityProviderUrl",
APP_CONF_AUTH_MODULE_SSO_INTERMEDIATE_PAGE: "intermediatePage", APP_CONF_AUTH_MODULE_SSO_INTERMEDIATE_PAGE: "intermediatePage",
APP_CONF_AUTH_MODULE_SSO_IDENTITY_ALIAS : "identityAlias",
APP_CONF_AUTH_MODULE_SSO_USE_ST_KEY : "useTenantKey",
// Configurations - UUF // Configurations - UUF
UUF_CONF_DISPLAY_NAME: "displayName", UUF_CONF_DISPLAY_NAME: "displayName",
UUF_CONF_LOG_LEVEL: "logLevel", UUF_CONF_LOG_LEVEL: "logLevel",

@ -501,7 +501,6 @@ var module = {};
response.sendError(500, e.message); response.sendError(500, e.message);
return; return;
} }
if (ssoClient.isLogoutResponse(samlResponseObj)) { if (ssoClient.isLogoutResponse(samlResponseObj)) {
// This is a logout response. // This is a logout response.
module.logout(response); module.logout(response);
@ -510,11 +509,15 @@ var module = {};
var ssoConfigs = getSsoConfigurations(); var ssoConfigs = getSsoConfigurations();
var rsEnabled = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_RESPONSE_SIGNING_ENABLED]; var rsEnabled = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_RESPONSE_SIGNING_ENABLED];
if (utils.parseBoolean(rsEnabled)) { if (utils.parseBoolean(rsEnabled)) {
// Response signing is enabled. var CarbonUtils = Packages.org.wso2.carbon.utils.CarbonUtils;
var keyStorePassword = CarbonUtils.getServerConfiguration().getFirstProperty("Security.TrustStore.Password");
var keyStoreName = CarbonUtils.getServerConfiguration().getFirstProperty("Security.TrustStore.Location");
var identityAlias = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_IDENTITY_ALIAS];
var keyStoreParams = { var keyStoreParams = {
KEY_STORE_NAME: ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_KEY_STORE_NAME], KEY_STORE_NAME: keyStoreName,
KEY_STORE_PASSWORD: ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_KEY_STORE_PASSWORD], KEY_STORE_PASSWORD: keyStorePassword,
IDP_ALIAS: ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_IDENTITY_PROVIDER_ALIAS] IDP_ALIAS: identityAlias,
USE_ST_KEY: !ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_USE_ST_KEY]
}; };
if (!ssoClient.validateSignature(samlResponseObj, keyStoreParams)) { if (!ssoClient.validateSignature(samlResponseObj, keyStoreParams)) {
var msg = "Invalid signature found in the SAML response."; var msg = "Invalid signature found in the SAML response.";
@ -532,10 +535,13 @@ var module = {};
if (ssoSession.sessionId) { if (ssoSession.sessionId) {
var ssoSessions = getSsoSessions(); var ssoSessions = getSsoSessions();
ssoSessions[ssoSession.sessionId] = ssoSession; ssoSessions[ssoSession.sessionId] = ssoSession;
if (ssoSessions.sessionIndex != null || ssoSessions.sessionIndex != 'undefined') {
module.loadTenant(ssoSessions.loggedInUser);
var carbonUser = (require("carbon")).server.tenantUser(ssoSession.loggedInUser); var carbonUser = (require("carbon")).server.tenantUser(ssoSession.loggedInUser);
utils.setCurrentUser(carbonUser.username, carbonUser.domain, carbonUser.tenantId); utils.setCurrentUser(carbonUser.username, carbonUser.domain, carbonUser.tenantId);
var scriptArgument = {input: {samlToken: ssoSession.samlToken}, user: module.getCurrentUser()}; var scriptArgument = {input: {samlToken: ssoSession.samlToken}, user: module.getCurrentUser()};
handleEvent(OPERATION_LOGIN, EVENT_SUCCESS, scriptArgument); handleEvent(OPERATION_LOGIN, EVENT_SUCCESS, scriptArgument);
}
} else { } else {
var msg = "Cannot decode SAML login response."; var msg = "Cannot decode SAML login response.";
log.error(msg); log.error(msg);
@ -544,6 +550,25 @@ var module = {};
} }
}; };
/**
* Load current user tenant
* @param username logged user name
*/
module.loadTenant = function (username) {
var carbon = require('carbon');
var MultitenantUtils = Packages.org.wso2.carbon.utils.multitenancy.MultitenantUtils;
var MultitenantConstants = Packages.org.wso2.carbon.base.MultitenantConstants;
var TenantAxisUtils = Packages.org.wso2.carbon.core.multitenancy.utils.TenantAxisUtils;
var service;
var ctx;
var domain = MultitenantUtils.getTenantDomain(username);
if (domain != null && !MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(domain)) {
service = carbon.server.osgiService('org.wso2.carbon.utils.ConfigurationContextService');
ctx = service.getServerConfigContext();
TenantAxisUtils.setTenantAccessed(domain, ctx);
}
};
/** /**
* Basic login. * Basic login.
* @param request {Object} HTTP request * @param request {Object} HTTP request

Loading…
Cancel
Save