diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js index e9bc8e8ca42..c3343731fd9 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js @@ -486,67 +486,74 @@ var module = {}; */ module.ssoAcs = function (request, response) { var samlResponse = request.getParameter("SAMLResponse"); - if (!samlResponse) { - var msg = "SAML response is not found in request parameters."; - log.error(msg); - response.sendError(400, msg); - return; - } + var samlRequest = request.getParameter('SAMLRequest'); var ssoClient = require("sso").client; var samlResponseObj; - try { - samlResponseObj = ssoClient.getSamlObject(samlResponse); - } catch (e) { - log.error(e.message, e); - response.sendError(500, e.message); - return; - } - if (ssoClient.isLogoutResponse(samlResponseObj)) { - // This is a logout response. - module.logout(response); - } else { - // This is a login response. - var ssoConfigs = getSsoConfigurations(); - var rsEnabled = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_RESPONSE_SIGNING_ENABLED]; - if (utils.parseBoolean(rsEnabled)) { - var CarbonUtils = Packages.org.wso2.carbon.utils.CarbonUtils; - var keyStorePassword = CarbonUtils.getServerConfiguration().getFirstProperty("Security.TrustStore.Password"); - var keyStoreName = CarbonUtils.getServerConfiguration().getFirstProperty("Security.TrustStore.Location"); - var identityAlias = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_IDENTITY_ALIAS]; - var keyStoreParams = { - KEY_STORE_NAME: keyStoreName, - KEY_STORE_PASSWORD: keyStorePassword, - IDP_ALIAS: identityAlias, - USE_ST_KEY: !ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_USE_ST_KEY] - }; - if (!ssoClient.validateSignature(samlResponseObj, keyStoreParams)) { - var msg = "Invalid signature found in the SAML response."; + + if (samlResponse) { + try { + samlResponseObj = ssoClient.getSamlObject(samlResponse); + } catch (e) { + log.error(e.message, e); + response.sendError(500, e.message); + return; + } + if (ssoClient.isLogoutResponse(samlResponseObj)) { + // This is a logout response. + module.logout(response); + } else { + // This is a login response. + var ssoConfigs = getSsoConfigurations(); + var rsEnabled = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_RESPONSE_SIGNING_ENABLED]; + if (utils.parseBoolean(rsEnabled)) { + var CarbonUtils = Packages.org.wso2.carbon.utils.CarbonUtils; + var keyStorePassword = CarbonUtils.getServerConfiguration().getFirstProperty("Security.TrustStore.Password"); + var keyStoreName = CarbonUtils.getServerConfiguration().getFirstProperty("Security.TrustStore.Location"); + var identityAlias = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_IDENTITY_ALIAS]; + var keyStoreParams = { + KEY_STORE_NAME: keyStoreName, + KEY_STORE_PASSWORD: keyStorePassword, + IDP_ALIAS: identityAlias, + USE_ST_KEY: !ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_USE_ST_KEY] + }; + if (!ssoClient.validateSignature(samlResponseObj, keyStoreParams)) { + var msg = "Invalid signature found in the SAML response."; + log.error(msg); + response.sendError(500, msg); + return; + } + } + /** + * @type {{sessionId: string, loggedInUser: string, sessionIndex: string, samlToken: + * string}} + */ + var ssoSession = ssoClient.decodeSAMLLoginResponse(samlResponseObj, samlResponse, + session.getId()); + if (ssoSession.sessionId) { + var ssoSessions = getSsoSessions(); + ssoSessions[ssoSession.sessionId] = ssoSession; + if (ssoSessions.sessionIndex != null || ssoSessions.sessionIndex != 'undefined') { + module.loadTenant(ssoSessions.loggedInUser); + var carbonUser = (require("carbon")).server.tenantUser(ssoSession.loggedInUser); + utils.setCurrentUser(carbonUser.username, carbonUser.domain, carbonUser.tenantId); + var scriptArgument = {input: {samlToken: ssoSession.samlToken}, user: module.getCurrentUser()}; + handleEvent(OPERATION_LOGIN, EVENT_SUCCESS, scriptArgument); + } + } else { + var msg = "Cannot decode SAML login response."; log.error(msg); response.sendError(500, msg); - return; } } - /** - * @type {{sessionId: string, loggedInUser: string, sessionIndex: string, samlToken: - * string}} - */ - var ssoSession = ssoClient.decodeSAMLLoginResponse(samlResponseObj, samlResponse, - session.getId()); - if (ssoSession.sessionId) { - var ssoSessions = getSsoSessions(); - ssoSessions[ssoSession.sessionId] = ssoSession; - if (ssoSessions.sessionIndex != null || ssoSessions.sessionIndex != 'undefined') { - module.loadTenant(ssoSessions.loggedInUser); - var carbonUser = (require("carbon")).server.tenantUser(ssoSession.loggedInUser); - utils.setCurrentUser(carbonUser.username, carbonUser.domain, carbonUser.tenantId); - var scriptArgument = {input: {samlToken: ssoSession.samlToken}, user: module.getCurrentUser()}; - handleEvent(OPERATION_LOGIN, EVENT_SUCCESS, scriptArgument); - } - } else { - var msg = "Cannot decode SAML login response."; - log.error(msg); - response.sendError(500, msg); + } + if (samlRequest) { + var index = ssoClient.decodeSAMLLogoutRequest(ssoClient.getSamlObject(samlRequest)); + if (log.isDebugEnabled()) { + log.debug("Back end log out request received for the session Id : " + index); } + var jSessionId = getSsoSessions()[index]; + delete getSsoSessions()[index]; + session.invalidate(); } };