diff --git a/modules/analytics/distribution/src/ues/designer.json b/modules/analytics/distribution/src/ues/designer.json
index 477b04eb..7b817a49 100644
--- a/modules/analytics/distribution/src/ues/designer.json
+++ b/modules/analytics/distribution/src/ues/designer.json
@@ -34,7 +34,7 @@
"methods": {
"oauth": {
"attributes": {
- "apimgt-gateway": true,
+ "apimgt-gateway": false,
"oauthProvider": {
"appRegistration": {
"appType": "webapp",
@@ -43,10 +43,12 @@
"password":"admin",
"dynamicClientAppRegistrationServiceURL": "https://localhost:9443/dynamic-client-web/register",
"apiManagerClientAppRegistrationServiceURL": "https://localhost:9443/api-application-registration/register/tenants",
- "grantType": "password refresh_token urn:ietf:params:oauth:grant-type:saml2-bearer urn:ietf:params:oauth:grant-type:jwt-bearer",
+ "grantType": "password refresh_token urn:ietf:carbon:signed:grant-type:saml2-bearer urn:ietf:params:oauth:grant-type:jwt-bearer",
"tokenScope": "admin",
"callbackUrl": "https://localhost:9445/portal",
- "saasApp":true
+ "saasApp":true,
+ "samlGrantTypeName":"urn:ietf:carbon:signed:grant-type:saml2-bearer"
+
},
"tokenServiceURL": "https://localhost:9443/oauth2/token"
},
diff --git a/modules/core/distribution/identity_config_change.xml b/modules/core/distribution/identity_config_change.xml
index 2b56094e..e24a54ef 100644
--- a/modules/core/distribution/identity_config_change.xml
+++ b/modules/core/distribution/identity_config_change.xml
@@ -29,4 +29,13 @@
org.wso2.carbon.identity.oauth2.grant.jwt.JWTGrantValidator
]]>
+
+ //s:Server/s:OAuth/s:SupportedGrantTypes/s:SupportedGrantType[s:GrantTypeName='iwa:ntlm']
+
+
+ urn:ietf:carbon:signed:grant-type:saml2-bearer
+ org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant.ExtendedSAML2BearerGrantHandler
+ org.wso2.carbon.identity.oauth.common.SAML2GrantValidator
+ ]]>
+
\ No newline at end of file
diff --git a/modules/core/distribution/src/assembly/bin.xml b/modules/core/distribution/src/assembly/bin.xml
index fb448067..4410406d 100644
--- a/modules/core/distribution/src/assembly/bin.xml
+++ b/modules/core/distribution/src/assembly/bin.xml
@@ -741,6 +741,7 @@
**/configs/designer.json
+ **/modules/oauth/token-handler-utils.js
**/jaggery.conf
@@ -797,6 +798,15 @@
755
+
+
+
+ src/repository/jaggeryapps/portal/modules/oauth/token-handler-utils.js
+
+ ${pom.artifactId}-${pom.version}/repository/deployment/server/jaggeryapps/portal/modules/oauth
+
+ 755
+
@@ -953,6 +963,14 @@
${pom.artifactId}-${pom.version}/repository/conf
644
+
+
+
+ ../p2-profile-gen/target/wso2carbon-core-${carbon.kernel.version}/repository/conf/apim-integration.xml
+
+ ${pom.artifactId}-${pom.version}/repository/conf
+ 644
+
src/repository/conf/api-manager.xml
diff --git a/modules/core/distribution/src/repository/bin/wso2server.bat b/modules/core/distribution/src/repository/bin/wso2server.bat
index 17b473c3..33cd68cf 100644
--- a/modules/core/distribution/src/repository/bin/wso2server.bat
+++ b/modules/core/distribution/src/repository/bin/wso2server.bat
@@ -162,7 +162,7 @@ set CARBON_CLASSPATH=.\lib;%CARBON_CLASSPATH%
set JAVA_ENDORSED=".\lib\endorsed";"%JAVA_HOME%\jre\lib\endorsed";"%JAVA_HOME%\lib\endorsed"
-set CMD_LINE_ARGS=-Xbootclasspath/a:%CARBON_XBOOTCLASSPATH% -Xms256m -Xmx1024m -XX:MaxPermSize=512m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath="%CARBON_HOME%\repository\logs\heap-dump.hprof" -Dcom.sun.management.jmxremote -classpath %CARBON_CLASSPATH% %JAVA_OPTS% -Djava.endorsed.dirs=%JAVA_ENDORSED% -Dcarbon.registry.root=/ -Dcarbon.home="%CARBON_HOME%" -Dlogger.server.name="IoT-Core" -Dwso2.server.standalone=true -Djava.command="%JAVA_HOME%\bin\java" -Djava.opts="%JAVA_OPTS%" -Djava.io.tmpdir="%CARBON_HOME%\tmp" -Dcatalina.base="%CARBON_HOME%\lib\tomcat" -Dwso2.carbon.xml=%CARBON_HOME%\repository\conf\carbon.xml -Dwso2.registry.xml="%CARBON_HOME%\repository\conf\registry.xml" -Dwso2.user.mgt.xml="%CARBON_HOME%\repository\conf\user-mgt.xml" -Dwso2.transports.xml="%CARBON_HOME%\repository\conf\mgt-transports.xml" -Djava.util.logging.config.file="%CARBON_HOME%\repository\conf\etc\logging-bridge.properties" -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcarbon.config.dir.path="%CARBON_HOME%\repository\conf" -Dcomponents.repo="%CARBON_HOME%\repository\components" -Dconf.location="%CARBON_HOME%\repository\conf" -Dcom.atomikos.icatch.file="%CARBON_HOME%\lib\transactions.properties" -Dcom.atomikos.icatch.hide_init_file_path="true" -Dorg.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true -Dcom.sun.jndi.ldap.connect.pool.authentication=simple -Dcom.sun.jndi.ldap.connect.pool.timeout=3000 -Dorg.terracotta.quartz.skipUpdateCheck=true -Dcarbon.classpath=%CARBON_CLASSPATH% -Dfile.encoding=UTF8 -Dorg.wso2.ignoreHostnameVerification=true -Dorg.opensaml.httpclient.https.disableHostnameVerification=true -Diot.analytics.host="localhost" -Diot.analytics.https.port="9445" -Dmqtt.broker.host="localhost" -Dmqtt.broker.port="1886" -Diot.core.host="localhost" -Diot.core.https.port="9443" -Diot.keymanager.host="localhost" -Diot.keymanager.https.port="9443" -Diot.gateway.host="localhost" -Diot.gateway.https.port="8243" -Diot.gateway.http.port="8280"
+set CMD_LINE_ARGS=-Xbootclasspath/a:%CARBON_XBOOTCLASSPATH% -Xms256m -Xmx1024m -XX:MaxPermSize=512m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath="%CARBON_HOME%\repository\logs\heap-dump.hprof" -Dcom.sun.management.jmxremote -classpath %CARBON_CLASSPATH% %JAVA_OPTS% -Djava.endorsed.dirs=%JAVA_ENDORSED% -Dcarbon.registry.root=/ -Dcarbon.home="%CARBON_HOME%" -Dlogger.server.name="IoT-Core" -Dwso2.server.standalone=true -Djava.command="%JAVA_HOME%\bin\java" -Djava.opts="%JAVA_OPTS%" -Djava.io.tmpdir="%CARBON_HOME%\tmp" -Dcatalina.base="%CARBON_HOME%\lib\tomcat" -Dwso2.carbon.xml=%CARBON_HOME%\repository\conf\carbon.xml -Dwso2.registry.xml="%CARBON_HOME%\repository\conf\registry.xml" -Dwso2.user.mgt.xml="%CARBON_HOME%\repository\conf\user-mgt.xml" -Dwso2.transports.xml="%CARBON_HOME%\repository\conf\mgt-transports.xml" -Djava.util.logging.config.file="%CARBON_HOME%\repository\conf\etc\logging-bridge.properties" -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcarbon.config.dir.path="%CARBON_HOME%\repository\conf" -Dcomponents.repo="%CARBON_HOME%\repository\components" -Dconf.location="%CARBON_HOME%\repository\conf" -Dcom.atomikos.icatch.file="%CARBON_HOME%\lib\transactions.properties" -Dcom.atomikos.icatch.hide_init_file_path="true" -Dorg.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true -Dcom.sun.jndi.ldap.connect.pool.authentication=simple -Dcom.sun.jndi.ldap.connect.pool.timeout=3000 -Dorg.terracotta.quartz.skipUpdateCheck=true -Dcarbon.classpath=%CARBON_CLASSPATH% -Dfile.encoding=UTF8 -Dorg.wso2.ignoreHostnameVerification=true -Dorg.opensaml.httpclient.https.disableHostnameVerification=true -Diot.analytics.host="localhost" -Diot.analytics.https.port="9445" -Dmqtt.broker.host="localhost" -Dmqtt.broker.port="1886" -Diot.core.host="localhost" -Diot.core.https.port="9443" -Diot.keymanager.host="localhost" -Diot.keymanager.https.port="9443" -Diot.gateway.host="localhost" -Diot.gateway.https.port="8243" -Diot.gateway.http.port="8280" -Diot.apimpublisher.host="localhost" -Diot.apimpublisher.https.port="9443" -Diot.apimstore.host="localhost" -Diot.apimstore.https.port="8243"
:runJava
echo JAVA_HOME environment variable is set to %JAVA_HOME%
diff --git a/modules/core/distribution/src/repository/bin/wso2server.sh b/modules/core/distribution/src/repository/bin/wso2server.sh
index 656b52a2..fc7c8894 100755
--- a/modules/core/distribution/src/repository/bin/wso2server.sh
+++ b/modules/core/distribution/src/repository/bin/wso2server.sh
@@ -318,6 +318,10 @@ do
-Diot.gateway.host="localhost" \
-Diot.gateway.https.port="8243" \
-Diot.gateway.http.port="8280" \
+ -Diot.apimpublisher.host="localhost" \
+ -Diot.apimpublisher.https.port="9443" \
+ -Diot.apimstore.host="localhost" \
+ -Diot.apimstore.https.port="9443" \
org.wso2.carbon.bootstrap.Bootstrap $*
status=$?
done
diff --git a/modules/core/distribution/src/repository/conf/identity/service-providers/API_STORE.xml b/modules/core/distribution/src/repository/conf/identity/service-providers/API_STORE.xml
index 4ae3fdaf..d77e49a3 100644
--- a/modules/core/distribution/src/repository/conf/identity/service-providers/API_STORE.xml
+++ b/modules/core/distribution/src/repository/conf/identity/service-providers/API_STORE.xml
@@ -44,7 +44,7 @@
true
- false
+ true
diff --git a/modules/core/distribution/src/repository/conf/identity/service-providers/devicemgt.xml b/modules/core/distribution/src/repository/conf/identity/service-providers/devicemgt.xml
index 156eb6e1..2c7c52d9 100644
--- a/modules/core/distribution/src/repository/conf/identity/service-providers/devicemgt.xml
+++ b/modules/core/distribution/src/repository/conf/identity/service-providers/devicemgt.xml
@@ -44,7 +44,7 @@
true
- false
+ true
diff --git a/modules/core/distribution/src/repository/conf/identity/service-providers/portal.xml b/modules/core/distribution/src/repository/conf/identity/service-providers/portal.xml
index 7f84e5ab..3cd65666 100644
--- a/modules/core/distribution/src/repository/conf/identity/service-providers/portal.xml
+++ b/modules/core/distribution/src/repository/conf/identity/service-providers/portal.xml
@@ -44,7 +44,7 @@
true
- false
+ true
diff --git a/modules/core/distribution/src/repository/jaggeryapps/portal/configs/designer.json b/modules/core/distribution/src/repository/jaggeryapps/portal/configs/designer.json
index 7e6bb450..440e21cc 100644
--- a/modules/core/distribution/src/repository/jaggeryapps/portal/configs/designer.json
+++ b/modules/core/distribution/src/repository/jaggeryapps/portal/configs/designer.json
@@ -43,10 +43,11 @@
"password":"admin",
"dynamicClientAppRegistrationServiceURL": "https://localhost:9443/dynamic-client-web/register",
"apiManagerClientAppRegistrationServiceURL": "%https.host%/api-application-registration/register/tenants",
- "grantType": "password refresh_token urn:ietf:params:oauth:grant-type:saml2-bearer urn:ietf:params:oauth:grant-type:jwt-bearer",
+ "grantType": "password refresh_token urn:ietf:carbon:signed:grant-type:saml2-bearer urn:ietf:params:oauth:grant-type:jwt-bearer",
"tokenScope": "admin",
"callbackUrl": "%https.host%/portal",
- "saasApp":true
+ "saasApp":true,
+ "samlGrantTypeName":"urn:ietf:carbon:signed:grant-type:saml2-bearer"
},
"tokenServiceURL": "https://localhost:9443/oauth2/token"
},
diff --git a/modules/core/distribution/src/repository/jaggeryapps/portal/modules/oauth/token-handler-utils.js b/modules/core/distribution/src/repository/jaggeryapps/portal/modules/oauth/token-handler-utils.js
new file mode 100644
index 00000000..8998a19b
--- /dev/null
+++ b/modules/core/distribution/src/repository/jaggeryapps/portal/modules/oauth/token-handler-utils.js
@@ -0,0 +1,567 @@
+/*
+ * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+var utils = function () {
+ var log = new Log("/modules/oauth/token-handler-utils.js");
+
+ var configs = require('/configs/portal.js').config();
+ var constants = require("/modules/constants.js");
+ var carbon = require("carbon");
+
+ //noinspection JSUnresolvedVariable
+ var Base64 = Packages.org.apache.commons.codec.binary.Base64;
+ //noinspection JSUnresolvedVariable
+ var String = Packages.java.lang.String;
+
+ var publicMethods = {};
+ var privateMethods = {};
+
+ publicMethods["encode"] = function (payload) {
+ return String(Base64.encodeBase64(String(payload).getBytes()));
+ };
+
+ publicMethods["decode"] = function (payload) {
+ return String(Base64.decodeBase64(String(payload).getBytes()));
+ };
+
+ /**
+ * Check whether this application is oauth enable or not
+ * @returns boolean if oauth enable
+ */
+ publicMethods["checkOAuthEnabled"] = function () {
+ if (constants.AUTHORIZATION_TYPE_OAUTH === configs["authorization"]["activeMethod"]) {
+ return true;
+ }
+ return false;
+ };
+
+ /**
+ * Set access token into xml http request header
+ * @param xhr xml http request
+ * @returns {*} xhr which has access token it's header
+ */
+ publicMethods["setAccessToken"] = function (xhr, callback) {
+ var accessToken;
+ if (publicMethods.checkOAuthEnabled()) {
+ try {
+ accessToken = parse(session.get(constants.ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL))["accessToken"];
+ xhr.setRequestHeader(constants.AUTHORIZATION_HEADER, constants.BEARER_PREFIX + accessToken);
+ } catch (exception) {
+ log.error("Access token hasn't been set yet, " + exception);
+ } finally {
+ callback(xhr);
+ }
+ }
+ callback(xhr);
+ };
+
+ /**
+ * Get access token of current logged user
+ * @param callBack response with access token
+ */
+ publicMethods["getAccessToken"] = function (callBack) {
+ var accessToken = null;
+ if (publicMethods.checkOAuthEnabled()) {
+ try {
+ accessToken = parse(session.get(constants.ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL))["accessToken"];
+ } catch (exception) {
+ log.error("Access token hasn't been set yet, " + exception);
+ } finally {
+ callBack(accessToken);
+ }
+ }
+ callBack(accessToken);
+ };
+
+ /**
+ * Create error message which adhere to xml http response object
+ * @param statusCode response status code
+ * @param status response status
+ * @param responseText response message
+ * @returns {{statusCode: *, status: *, responseText: *}}
+ */
+ publicMethods["createXHRObject"] = function (statusCode, status, responseText) {
+ return {"statusCode": statusCode, "status": status, "responseText": responseText};
+ };
+
+ /**
+ * check whether user already logged to system before invoking any apis
+ * @param callBack
+ */
+ publicMethods["isUserAuthorized"] = function (callBack) {
+ if (session.get("Loged") !== constants.LOGIN_MESSAGE) {
+ callBack(false);
+ } else {
+ callBack(true);
+ }
+ };
+
+ /**
+ * Get identity provider uir
+ * @returns {*}
+ */
+ publicMethods["getIdPServerURL"] = function () {
+ return configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["tokenServiceURL"];
+ };
+
+ /**
+ * Get an Access token pair based on client secret
+ * @param encodedClientKeys {{clientId:"", clientSecret:""}}
+ * @param scope eg: PRODUCTION
+ * @param idPServer identity provider url
+ * @returns {{accessToken: *, refreshToken: *}}
+ */
+ publicMethods["getTokenWithClientSecretType"] = function (encodedClientKeys, scope, idPServer) {
+ var xhr = new XMLHttpRequest();
+ var tokenEndpoint = idPServer;
+ xhr.open(constants.HTTP_POST, tokenEndpoint, false);
+ xhr.setRequestHeader(constants.CONTENT_TYPE_IDENTIFIER, constants.APPLICATION_X_WWW_FOR_URLENCODED);
+ xhr.setRequestHeader(constants.AUTHORIZATION_HEADER, constants.BASIC_PREFIX + encodedClientKeys);
+ xhr.send("grant_type=client_credentials&scope=" + scope);
+ var tokenPair = {};
+ if (xhr.status == constants.HTTP_ACCEPTED) {
+ var data = parse(xhr.responseText);
+ tokenPair.refreshToken = data.refresh_token;
+ tokenPair.accessToken = data.access_token;
+ } else if (xhr.status == constants.HTTP_USER_NOT_AUTHENTICATED) {
+ log.error("Error in obtaining token with client secret grant type, You are not authenticated yet");
+ return null;
+ } else {
+ log.error("Error in obtaining token with client secret grant type, This might be a problem with client meta " +
+ "data which required for client secret grant type");
+ return null;
+ }
+ return tokenPair;
+ };
+
+
+ /**
+ * This will create client id and client secret for a given application
+ * @param properties "callbackUrl": "",
+ * "clientName": "",
+ * "owner": "",
+ * "applicationType": "",
+ * "grantType": "",
+ * "saasApp" :"",
+ * "dynamicClientRegistrationEndPoint" : ""
+ *
+ * @returns {{clientId:*, clientSecret:*}}
+ */
+ publicMethods["getDynamicClientAppCredentials"] = function (username) {
+ // setting up dynamic client application properties
+ var dcAppProperties = {
+ "applicationType": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["appType"],
+ "clientName": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["clientName"],
+ "owner": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["owner"],
+ "tokenScope": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["tokenScope"],
+ "grantType": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["grantType"],
+ "callbackUrl": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["callbackUrl"],
+ "saasApp" : configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["saasApp"]
+ };
+
+ var tenantDomain = carbon.server.tenantDomain({username: username});
+ if (!tenantDomain) {
+ log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving tenant " +
+ "based client application credentials. Unable to obtain a valid tenant domain for provided username "+
+ username +"- getDynamicClientAppCredentials(x)");
+ return null;
+ } else {
+ var cachedTenantBasedClientAppCredentials = privateMethods.
+ getCachedTenantBasedClientAppCredentials(tenantDomain);
+ if (cachedTenantBasedClientAppCredentials) {
+ return cachedTenantBasedClientAppCredentials;
+ } else {
+ // calling dynamic client app registration service endpoint
+ var requestURL = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]
+ ["dynamicClientAppRegistrationServiceURL"];
+ var requestPayload = dcAppProperties;
+ var token = publicMethods.encode(configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]
+ ["appRegistration"]["owner"] + ":" + configs["authorization"]["methods"]["oauth"]["attributes"]
+ ["oauthProvider"]["appRegistration"]["password"]);
+ var xhr = new XMLHttpRequest();
+ xhr.open("POST", requestURL, false);
+ xhr.setRequestHeader("Content-Type", "application/json");
+ xhr.setRequestHeader("Authorization", "Basic "+ token);
+ xhr.send(stringify(requestPayload));
+ var dynamicClientAppCredentials = {};
+ if (xhr["status"] == 201 || xhr["status"] == 200 && xhr["responseText"]) {
+ var responsePayload = parse(xhr["responseText"]);
+ var clientId = responsePayload["client_id"];
+ var clientSecret = responsePayload["client_secret"];
+ if(typeof clientId == "undefined"){
+ clientId = responsePayload["clientId"];
+ }
+ if(typeof clientSecret == "undefined"){
+ clientSecret = responsePayload["clientSecret"];
+ }
+ dynamicClientAppCredentials["clientId"] = clientId;
+ dynamicClientAppCredentials["clientSecret"] = clientSecret;
+ privateMethods.
+ setCachedTenantBasedClientAppCredentials(tenantDomain, dynamicClientAppCredentials);
+ } else if (xhr["status"] == 400) {
+ log.error("{/modules/oauth/token-handler-utils.js - getDynamicClientAppCredentials()} " +
+ "Bad request. Invalid data provided as dynamic client application properties.");
+ dynamicClientAppCredentials = null;
+ } else {
+ log.error("{/modules/oauth/token-handler-utils.js - getDynamicClientAppCredentials()} " +
+ "Error in retrieving dynamic client credentials.");
+ dynamicClientAppCredentials = null;
+ }
+ // returning dynamic client credentials
+ return dynamicClientAppCredentials;
+ }
+ }
+ };
+
+ /**
+ * If gateway is enable, apiManagerClientAppRegistrationServiceURL is used to create oauth application
+ * @param username username of current logged user
+ * @returns {{clientId:*, clientSecret:*}}
+ */
+ publicMethods["getTenantBasedClientAppCredentials"] = function (username) {
+ if (!username) {
+ log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving tenant " +
+ "based client app credentials. No username " +
+ "as input - getTenantBasedClientAppCredentials(x)");
+ return null;
+ } else {
+ //noinspection JSUnresolvedFunction, JSUnresolvedVariable
+ var tenantDomain = carbon.server.tenantDomain({username: username});
+
+ if (!tenantDomain) {
+ log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving tenant " +
+ "based client application credentials. Unable to obtain a valid tenant domain for provided " +
+ "username - getTenantBasedClientAppCredentials(x, y)");
+ return null;
+ } else {
+ var cachedTenantBasedClientAppCredentials = privateMethods.
+ getCachedTenantBasedClientAppCredentials(tenantDomain);
+ if (cachedTenantBasedClientAppCredentials) {
+ return cachedTenantBasedClientAppCredentials;
+ } else {
+ var adminUsername = configs["authorization"]["methods"]["oauth"]["attributes"]["adminUser"];
+ var adminUserTenantId = configs["authorization"]["methods"]["oauth"]["attributes"]
+ ["adminUserTenantId"];
+ //claims required for jwtAuthenticator.
+ var claims = {"http://wso2.org/claims/enduserTenantId": adminUserTenantId,
+ "http://wso2.org/claims/enduser": adminUsername};
+ var jwtToken = publicMethods.getJwtToken(adminUsername, claims);
+ // register a tenant based client app at API Manager
+ var applicationName = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]
+ ["appRegistration"]["clientName"] + "_" + tenantDomain;
+ var requestURL = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]
+ ["appRegistration"]["apiManagerClientAppRegistrationServiceURL"] +
+ "?tenantDomain=" + tenantDomain + "&applicationName=" + applicationName;
+ var xhr = new XMLHttpRequest();
+ xhr.open("POST", requestURL, false);
+ xhr.setRequestHeader("Content-Type", "application/json");
+ xhr.setRequestHeader("X-JWT-Assertion", "" + jwtToken);
+ xhr.send();
+ if ((xhr["status"] == 201 || xhr["status"] == 200) && xhr["responseText"]) {
+ var responsePayload = parse(xhr["responseText"]);
+ var tenantBasedClientAppCredentials = {};
+ var clientId = responsePayload["client_id"];
+ var clientSecret = responsePayload["client_secret"];
+ if(typeof clientId == "undefined"){
+ clientId = responsePayload["clientId"];
+ }
+ if(typeof clientSecret == "undefined"){
+ clientSecret = responsePayload["clientSecret"];
+ }
+ tenantBasedClientAppCredentials["clientId"] = clientId;
+ tenantBasedClientAppCredentials["clientSecret"] = clientSecret;
+ privateMethods.
+ setCachedTenantBasedClientAppCredentials(tenantDomain, tenantBasedClientAppCredentials);
+ return tenantBasedClientAppCredentials;
+ } else {
+ log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving tenant " +
+ "based client application credentials from API " +
+ "Manager - getTenantBasedClientAppCredentials(x, y)");
+ return null;
+ }
+ }
+ }
+ }
+ };
+
+ /**
+ * Caching oauth application credentials
+ * @param tenantDomain tenant domain where application is been created
+ * @param clientAppCredentials {{clientId:*, clientSecret:*}}
+ */
+ privateMethods["setCachedTenantBasedClientAppCredentials"] = function (tenantDomain, clientAppCredentials) {
+ var cachedTenantBasedClientAppCredentialsMap = application.get(constants["CACHED_CREDENTIALS_PORTAL_APP"]);
+ if (!cachedTenantBasedClientAppCredentialsMap) {
+ cachedTenantBasedClientAppCredentialsMap = {};
+ cachedTenantBasedClientAppCredentialsMap[tenantDomain] = clientAppCredentials;
+ application.put(constants["CACHED_CREDENTIALS_PORTAL_APP"], cachedTenantBasedClientAppCredentialsMap);
+ } else if (!cachedTenantBasedClientAppCredentialsMap[tenantDomain]) {
+ cachedTenantBasedClientAppCredentialsMap[tenantDomain] = clientAppCredentials;
+ }
+ };
+
+ /**
+ * Get oauth application credentials from cache
+ * @param tenantDomain tenant domain where application is been created
+ * @returns {{clientId:*, clientSecret:*}}
+ */
+ privateMethods["getCachedTenantBasedClientAppCredentials"] = function (tenantDomain) {
+ var cachedTenantBasedClientAppCredentialsMap = application.get(constants["CACHED_CREDENTIALS_PORTAL_APP"]);
+ if (!cachedTenantBasedClientAppCredentialsMap ||
+ !cachedTenantBasedClientAppCredentialsMap[tenantDomain]) {
+ return null;
+ } else {
+ return cachedTenantBasedClientAppCredentialsMap[tenantDomain];
+ }
+ };
+
+ /**
+ * Get access token and refresh token using password grant type
+ * @param username username of the logged user
+ * @param password password of the logged user
+ * @param encodedClientAppCredentials {{clientId:*, clientSecret:*}}
+ * @param scopes scopes list
+ * @returns {{accessToken: *, refreshToken: *}}
+ */
+ publicMethods["getTokenPairAndScopesByPasswordGrantType"] = function (username, password
+ , encodedClientAppCredentials, scopes) {
+ if (!username || !password || !encodedClientAppCredentials || !scopes) {
+ log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving access token by password " +
+ "grant type. No username, password, encoded client app credentials or scopes are " +
+ "found - getTokenPairAndScopesByPasswordGrantType(a, b, c, d)");
+ return null;
+ } else {
+ // calling oauth provider token service endpoint
+ var requestURL = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]
+ ["tokenServiceURL"];
+ var requestPayload = "grant_type=password&username=" +
+ username + "&password=" + password + "&scope=" + scopes;
+
+ var xhr = new XMLHttpRequest();
+ xhr.open("POST", requestURL, false);
+ xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
+ xhr.setRequestHeader("Authorization", "Basic " + encodedClientAppCredentials);
+ xhr.send(requestPayload);
+
+ if (xhr["status"] == 200 && xhr["responseText"]) {
+ var responsePayload = parse(xhr["responseText"]);
+ var tokenData = {};
+ tokenData["accessToken"] = responsePayload["access_token"];
+ tokenData["refreshToken"] = responsePayload["refresh_token"];
+ tokenData["scopes"] = responsePayload["scope"];
+ return tokenData;
+ } else {
+ log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving access token " +
+ "by password grant type - getTokenPairAndScopesByPasswordGrantType(a, b, c, d)");
+ return null;
+ }
+ }
+ };
+
+ /**
+ * Get access token and refresh token using SAML grant type
+ * @param assertion
+ * @param encodedClientAppCredentials
+ * @param scopes
+ * @returns {{accessToken: *, refreshToken: *}}
+ */
+ publicMethods["getTokenPairAndScopesBySAMLGrantType"] = function (assertion, encodedClientAppCredentials, scopes) {
+ if (!assertion || !encodedClientAppCredentials || !scopes) {
+ log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving access token by saml " +
+ "grant type. No assertion, encoded client app credentials or scopes are " +
+ "found - getTokenPairAndScopesBySAMLGrantType(x, y, z)");
+ return null;
+ } else {
+
+ var assertionXML = publicMethods.decode(assertion);
+ /*
+ TODO: make assertion extraction with proper parsing.
+ Since Jaggery XML parser seem to add formatting which causes signature verification to fail.
+ */
+ var assertionStartMarker = "
org.wso2.carbon.devicemgt:org.wso2.carbon.apimgt.application.extension.feature:${carbon.device.mgt.version}
+
+ org.wso2.carbon.devicemgt:org.wso2.carbon.apimgt.integration.client.feature:${carbon.device.mgt.version}
+
org.wso2.carbon.devicemgt:org.wso2.carbon.apimgt.handler.server.feature:${carbon.device.mgt.version}
@@ -618,6 +621,12 @@
org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.rest.api.dcr.feature:${carbon.api.mgt.version}
+
+ org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.rest.api.publisher.feature:${carbon.api.mgt.version}
+
+
+ org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.rest.api.store.feature:${carbon.api.mgt.version}
+
@@ -770,7 +779,7 @@
- p2-profile-generation-devicetype-publisher-profile
+ p2-profile-generation-device-manager-profile
package
materialize-product
@@ -782,11 +791,11 @@
file:${basedir}/target/wso2carbon-core-${carbon.kernel.version}/repository/components
- devicetype-publisher
+ device-manager
- p2-profile-generation-devicetype-worker-profile
+ p2-profile-generation-device-backend-profile
package
materialize-product
@@ -798,7 +807,7 @@
file:${basedir}/target/wso2carbon-core-${carbon.kernel.version}/repository/components
- devicetype-worker
+ device-backend
@@ -893,6 +902,10 @@
org.wso2.carbon.apimgt.application.extension.feature.group
${carbon.device.mgt.version}
+
+ org.wso2.carbon.apimgt.integration.client.feature.group
+ ${carbon.device.mgt.version}
+
org.wso2.carbon.email.sender.feature.group
${carbon.device.mgt.version}
@@ -1053,6 +1066,14 @@
org.wso2.carbon.apimgt.rest.api.dcr.feature.group
${carbon.api.mgt.version}
+
+ org.wso2.carbon.apimgt.rest.api.publisher.feature.group
+ ${carbon.api.mgt.version}
+
+
+ org.wso2.carbon.apimgt.rest.api.store.feature.group
+ ${carbon.api.mgt.version}
+
org.wso2.carbon.apimgt.gateway.feature.group
@@ -1911,6 +1932,10 @@
org.wso2.carbon.apimgt.application.extension.feature.group
${carbon.device.mgt.version}
+
+ org.wso2.carbon.apimgt.integration.client.feature.group
+ ${carbon.device.mgt.version}
+
org.wso2.carbon.certificate.mgt.server.feature.group
${carbon.device.mgt.version}
@@ -2327,6 +2352,10 @@
org.wso2.carbon.apimgt.application.extension.feature.group
${carbon.device.mgt.version}
+
+ org.wso2.carbon.apimgt.integration.client.feature.group
+ ${carbon.device.mgt.version}
+
org.wso2.carbon.dynamic.client.registration.server.feature.group
${carbon.device.mgt.version}
@@ -2390,6 +2419,10 @@
org.wso2.carbon.apimgt.application.extension.feature.group
${carbon.device.mgt.version}
+
+ org.wso2.carbon.apimgt.integration.client.feature.group
+ ${carbon.device.mgt.version}
+
org.wso2.carbon.certificate.mgt.api.feature.group
${carbon.device.mgt.version}
@@ -2433,7 +2466,7 @@
p2-profile-gen
- devicetype-publisher
+ device-manager
file:${basedir}/target/p2-repo
file:${basedir}/target/p2-repo
@@ -2512,6 +2545,10 @@
org.wso2.carbon.apimgt.application.extension.feature.group
${carbon.device.mgt.version}
+
+ org.wso2.carbon.apimgt.integration.client.feature.group
+ ${carbon.device.mgt.version}
+
org.wso2.carbon.email.sender.feature.group
${carbon.device.mgt.version}
@@ -2863,6 +2900,18 @@
org.wso2.carbon.apimgt.gateway.feature.group
${carbon.api.mgt.version}
+
+ org.wso2.carbon.apimgt.rest.api.dcr.feature.group
+ ${carbon.api.mgt.version}
+
+
+ org.wso2.carbon.apimgt.rest.api.publisher.feature.group
+ ${carbon.api.mgt.version}
+
+
+ org.wso2.carbon.apimgt.rest.api.store.feature.group
+ ${carbon.api.mgt.version}
+
org.wso2.carbon.apimgt.core.feature.group
${carbon.api.mgt.version}
@@ -3021,6 +3070,10 @@
org.wso2.carbon.apimgt.application.extension.feature.group
${carbon.device.mgt.version}
+
+ org.wso2.carbon.apimgt.integration.client.feature.group
+ ${carbon.device.mgt.version}
+
org.wso2.carbon.certificate.mgt.api.feature.group
${carbon.device.mgt.version}
@@ -3091,7 +3144,7 @@
p2-profile-gen
- devicetype-worker
+ device-backend
file:${basedir}/target/p2-repo
file:${basedir}/target/p2-repo
@@ -3150,6 +3203,10 @@
org.wso2.carbon.apimgt.application.extension.feature.group
${carbon.device.mgt.version}
+
+ org.wso2.carbon.apimgt.integration.client.feature.group
+ ${carbon.device.mgt.version}
+
org.wso2.carbon.email.sender.feature.group
${carbon.device.mgt.version}
@@ -3215,6 +3272,7 @@
${carbon.device.mgt.version}
+
org.wso2.carbon.device.mgt.adapter.feature.group
${carbon.device.mgt.plugin.version}
@@ -3481,6 +3539,18 @@
org.wso2.carbon.apimgt.store.feature.group
${carbon.api.mgt.version}
+
+ org.wso2.carbon.apimgt.rest.api.dcr.feature.group
+ ${carbon.api.mgt.version}
+
+
+ org.wso2.carbon.apimgt.rest.api.publisher.feature.group
+ ${carbon.api.mgt.version}
+
+
+ org.wso2.carbon.apimgt.rest.api.store.feature.group
+ ${carbon.api.mgt.version}
+
org.wso2.carbon.registry.extensions.feature.group
${carbon.governance.version}
@@ -3631,6 +3701,10 @@
org.wso2.carbon.apimgt.application.extension.feature.group
${carbon.device.mgt.version}
+
+ org.wso2.carbon.apimgt.integration.client.feature.group
+ ${carbon.device.mgt.version}
+
org.wso2.carbon.certificate.mgt.server.feature.group
${carbon.device.mgt.version}
@@ -3686,6 +3760,25 @@
${identity.inbound.auth.saml.version.iotcore}
+
+
+
+ org.wso2.carbon.dashboards.shindig.feature.group
+ ${carbon.dashboard.version}
+
+
+ org.wso2.carbon.dashboards.portal.feature.group
+ ${carbon.dashboard.version}
+
+
+ org.wso2.carbon.dashboard.deployment.feature.group
+ ${carbon.dashboard.version}
+
+
+ org.wso2.carbon.iot.device.statistics.dashboard.feature.group
+ ${carbon.device.mgt.plugin.version}
+
+
diff --git a/pom.xml b/pom.xml
index a5683816..24b1cae3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1529,7 +1529,7 @@
4.7.0
- 2.0.11-SNAPSHOT
+ 2.0.12-SNAPSHOT
[2.0.0, 3.0.0)
@@ -1539,7 +1539,7 @@
3.0.9-SNAPSHOT
- 6.1.35
+ 6.1.57
(6.0.0,7.0.0]