diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js index 87f840d3ce6..d36e7af0ab8 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js @@ -26,14 +26,16 @@ var onFail; var utility = require("/app/modules/utility.js").utility; var apiWrapperUtil = require("/app/modules/oauth/token-handlers.js")["handlers"]; if (context.input.samlToken) { - apiWrapperUtil.setupTokenPairBySamlGrantType(context.input.username, context.input.samlToken); + apiWrapperUtil.setupTokenPairBySamlGrantType(context.user.username + '@' + context.user.domain, context.input.samlToken); } else { apiWrapperUtil.setupTokenPairByPasswordGrantType(context.input.username, context.input.password); } var devicemgtProps = require("/app/modules/conf-reader/main.js")["conf"]; var carbonServer = require("carbon").server; - (new carbonServer.Server({url: devicemgtProps["adminService"]})) - .login(context.input.username, context.input.password); + if (!context.input.samlToken) { + (new carbonServer.Server({url: devicemgtProps["adminService"]})) + .login(context.input.username, context.input.password); + } }; onFail = function (error) { diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/constants.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/constants.js index f7806238b68..8a4e0677f1b 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/constants.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/constants.js @@ -105,7 +105,7 @@ var constants = { CACHE_KEY_APP_CONF_FILE_LMD: "_UUF_APP_CONF_FILE_LMD", CACHE_KEY_LOOKUP_TABLE: "_UUF_LOOKUP_TABLE", CACHE_KEY_USER: "_UUF_USER", - CACHE_KEY_SSO_SESSIONS: "_UUF_SSO_SESSIONS", + CACHE_KEY_SSO_SESSIONS: "sso_sessions", CACHE_KEY_HANDLEBARS_ROOT: "_UUF_HANDLEBARS_ROOT", // URL Query Params URL_PARAM_REFERER: "referer" diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js index fff0a77e508..07cd7dee720 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js @@ -364,10 +364,10 @@ var module = {}; * samlToken: string}>} SSO sessions */ function getSsoSessions() { - var ssoSessions = session.get(constants.CACHE_KEY_SSO_SESSIONS); + var ssoSessions = application.get(constants.CACHE_KEY_SSO_SESSIONS); if (!ssoSessions) { ssoSessions = {}; - session.put(constants.CACHE_KEY_SSO_SESSIONS, ssoSessions); + application.put(constants.CACHE_KEY_SSO_SESSIONS, ssoSessions); } return ssoSessions; } @@ -486,67 +486,75 @@ var module = {}; */ module.ssoAcs = function (request, response) { var samlResponse = request.getParameter("SAMLResponse"); - if (!samlResponse) { - var msg = "SAML response is not found in request parameters."; - log.error(msg); - response.sendError(400, msg); - return; - } + var samlRequest = request.getParameter('SAMLRequest'); var ssoClient = require("sso").client; var samlResponseObj; - try { - samlResponseObj = ssoClient.getSamlObject(samlResponse); - } catch (e) { - log.error(e.message, e); - response.sendError(500, e.message); - return; - } - if (ssoClient.isLogoutResponse(samlResponseObj)) { - // This is a logout response. - module.logout(response); - } else { - // This is a login response. - var ssoConfigs = getSsoConfigurations(); - var rsEnabled = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_RESPONSE_SIGNING_ENABLED]; - if (utils.parseBoolean(rsEnabled)) { - var CarbonUtils = Packages.org.wso2.carbon.utils.CarbonUtils; - var keyStorePassword = CarbonUtils.getServerConfiguration().getFirstProperty("Security.TrustStore.Password"); - var keyStoreName = CarbonUtils.getServerConfiguration().getFirstProperty("Security.TrustStore.Location"); - var identityAlias = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_IDENTITY_ALIAS]; - var keyStoreParams = { - KEY_STORE_NAME: keyStoreName, - KEY_STORE_PASSWORD: keyStorePassword, - IDP_ALIAS: identityAlias, - USE_ST_KEY: !ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_USE_ST_KEY] - }; - if (!ssoClient.validateSignature(samlResponseObj, keyStoreParams)) { - var msg = "Invalid signature found in the SAML response."; + + if (samlResponse) { + try { + samlResponseObj = ssoClient.getSamlObject(samlResponse); + } catch (e) { + log.error(e.message, e); + response.sendError(500, e.message); + return; + } + if (ssoClient.isLogoutResponse(samlResponseObj)) { + // This is a logout response. + module.logout(response); + } else { + // This is a login response. + var ssoConfigs = getSsoConfigurations(); + var rsEnabled = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_RESPONSE_SIGNING_ENABLED]; + if (utils.parseBoolean(rsEnabled)) { + var CarbonUtils = Packages.org.wso2.carbon.utils.CarbonUtils; + var keyStorePassword = CarbonUtils.getServerConfiguration().getFirstProperty("Security.TrustStore.Password"); + var keyStoreName = CarbonUtils.getServerConfiguration().getFirstProperty("Security.TrustStore.Location"); + var identityAlias = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_IDENTITY_ALIAS]; + var keyStoreParams = { + KEY_STORE_NAME: keyStoreName, + KEY_STORE_PASSWORD: keyStorePassword, + IDP_ALIAS: identityAlias, + USE_ST_KEY: !ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_USE_ST_KEY] + }; + if (!ssoClient.validateSignature(samlResponseObj, keyStoreParams)) { + var msg = "Invalid signature found in the SAML response."; + log.error(msg); + response.sendError(500, msg); + return; + } + } + /** + * @type {{sessionId: string, loggedInUser: string, sessionIndex: string, samlToken: + * string}} + */ + var ssoSession = ssoClient.decodeSAMLLoginResponse(samlResponseObj, samlResponse, + session.getId()); + if (ssoSession.sessionId) { + var ssoSessions = getSsoSessions(); + ssoSessions[ssoSession.sessionId] = ssoSession; + if (ssoSession.sessionIndex != null || ssoSession.sessionIndex != 'undefined') { + module.loadTenant(ssoSession.loggedInUser); + var carbonUser = (require("carbon")).server.tenantUser(ssoSession.loggedInUser); + utils.setCurrentUser(carbonUser.username, carbonUser.domain, carbonUser.tenantId); + var scriptArgument = {input: {samlToken: ssoSession.samlToken}, user: module.getCurrentUser()}; + handleEvent(OPERATION_LOGIN, EVENT_SUCCESS, scriptArgument); + } + } else { + var msg = "Cannot decode SAML login response."; log.error(msg); response.sendError(500, msg); - return; } } - /** - * @type {{sessionId: string, loggedInUser: string, sessionIndex: string, samlToken: - * string}} - */ - var ssoSession = ssoClient.decodeSAMLLoginResponse(samlResponseObj, samlResponse, - session.getId()); - if (ssoSession.sessionId) { - var ssoSessions = getSsoSessions(); - ssoSessions[ssoSession.sessionId] = ssoSession; - if (ssoSessions.sessionIndex != null || ssoSessions.sessionIndex != 'undefined') { - module.loadTenant(ssoSessions.loggedInUser); - var carbonUser = (require("carbon")).server.tenantUser(ssoSession.loggedInUser); - utils.setCurrentUser(carbonUser.username, carbonUser.domain, carbonUser.tenantId); - var scriptArgument = {input: {samlToken: ssoSession.samlToken}, user: module.getCurrentUser()}; - handleEvent(OPERATION_LOGIN, EVENT_SUCCESS, scriptArgument); - } - } else { - var msg = "Cannot decode SAML login response."; - log.error(msg); - response.sendError(500, msg); + } + // If it is a logout request + if (samlRequest) { + var index = ssoClient.decodeSAMLLogoutRequest(ssoClient.getSamlObject(samlRequest)); + if (log.isDebugEnabled()) { + log.debug("Back end log out request received for the session Id : " + index); } + var jSessionId = getSsoSessions()[index]; + delete getSsoSessions()[index]; + session.invalidate(); } };