From 1b8d52e5e278aec0f45868e4caf08ed4e88c41de Mon Sep 17 00:00:00 2001 From: ayyoob Date: Mon, 16 Jan 2017 16:08:23 +0530 Subject: [PATCH 1/8] fixed multi tenant login issue --- modules/analytics/distribution/src/ues/designer.json | 2 +- modules/core/distribution/identity_config_change.xml | 9 +++++++++ .../conf/identity/service-providers/API_STORE.xml | 2 +- .../conf/identity/service-providers/devicemgt.xml | 2 +- .../conf/identity/service-providers/portal.xml | 2 +- .../repository/jaggeryapps/portal/configs/designer.json | 2 +- pom.xml | 6 +++--- 7 files changed, 17 insertions(+), 8 deletions(-) diff --git a/modules/analytics/distribution/src/ues/designer.json b/modules/analytics/distribution/src/ues/designer.json index 477b04eb..35737370 100644 --- a/modules/analytics/distribution/src/ues/designer.json +++ b/modules/analytics/distribution/src/ues/designer.json @@ -43,7 +43,7 @@ "password":"admin", "dynamicClientAppRegistrationServiceURL": "https://localhost:9443/dynamic-client-web/register", "apiManagerClientAppRegistrationServiceURL": "https://localhost:9443/api-application-registration/register/tenants", - "grantType": "password refresh_token urn:ietf:params:oauth:grant-type:saml2-bearer urn:ietf:params:oauth:grant-type:jwt-bearer", + "grantType": "password refresh_token urn:ietf:params:oauth:grant-type:saml2-carbon urn:ietf:params:oauth:grant-type:jwt-bearer", "tokenScope": "admin", "callbackUrl": "https://localhost:9445/portal", "saasApp":true diff --git a/modules/core/distribution/identity_config_change.xml b/modules/core/distribution/identity_config_change.xml index 2b56094e..27e2ded7 100644 --- a/modules/core/distribution/identity_config_change.xml +++ b/modules/core/distribution/identity_config_change.xml @@ -29,4 +29,13 @@ org.wso2.carbon.identity.oauth2.grant.jwt.JWTGrantValidator ]]> + + //s:Server/s:OAuth/s:SupportedGrantTypes/s:SupportedGrantType[s:GrantTypeName='iwa:ntlm'] + + + urn:ietf:params:oauth:grant-type:saml2-carbon + org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant.ExtendedSAML2BearerGrantHandler + org.wso2.carbon.identity.oauth.common.SAML2GrantValidator + ]]> + \ No newline at end of file diff --git a/modules/core/distribution/src/repository/conf/identity/service-providers/API_STORE.xml b/modules/core/distribution/src/repository/conf/identity/service-providers/API_STORE.xml index 4ae3fdaf..d77e49a3 100644 --- a/modules/core/distribution/src/repository/conf/identity/service-providers/API_STORE.xml +++ b/modules/core/distribution/src/repository/conf/identity/service-providers/API_STORE.xml @@ -44,7 +44,7 @@ true - false + true diff --git a/modules/core/distribution/src/repository/conf/identity/service-providers/devicemgt.xml b/modules/core/distribution/src/repository/conf/identity/service-providers/devicemgt.xml index 156eb6e1..2c7c52d9 100644 --- a/modules/core/distribution/src/repository/conf/identity/service-providers/devicemgt.xml +++ b/modules/core/distribution/src/repository/conf/identity/service-providers/devicemgt.xml @@ -44,7 +44,7 @@ true - false + true diff --git a/modules/core/distribution/src/repository/conf/identity/service-providers/portal.xml b/modules/core/distribution/src/repository/conf/identity/service-providers/portal.xml index 7f84e5ab..3cd65666 100644 --- a/modules/core/distribution/src/repository/conf/identity/service-providers/portal.xml +++ b/modules/core/distribution/src/repository/conf/identity/service-providers/portal.xml @@ -44,7 +44,7 @@ true - false + true diff --git a/modules/core/distribution/src/repository/jaggeryapps/portal/configs/designer.json b/modules/core/distribution/src/repository/jaggeryapps/portal/configs/designer.json index f6c0c85a..a2461d88 100644 --- a/modules/core/distribution/src/repository/jaggeryapps/portal/configs/designer.json +++ b/modules/core/distribution/src/repository/jaggeryapps/portal/configs/designer.json @@ -43,7 +43,7 @@ "password":"admin", "dynamicClientAppRegistrationServiceURL": "https://localhost:9443/client-registration/v0.10/register", "apiManagerClientAppRegistrationServiceURL": "%https.host%/api-application-registration/register/tenants", - "grantType": "password refresh_token urn:ietf:params:oauth:grant-type:saml2-bearer urn:ietf:params:oauth:grant-type:jwt-bearer", + "grantType": "password refresh_token urn:ietf:params:oauth:grant-type:saml2-carbon urn:ietf:params:oauth:grant-type:jwt-bearer", "tokenScope": "admin", "callbackUrl": "%https.host%/portal", "saasApp":true diff --git a/pom.xml b/pom.xml index e4a61e2c..0ea2d15a 100644 --- a/pom.xml +++ b/pom.xml @@ -1529,17 +1529,17 @@ 4.7.0 - 2.0.7 + 2.0.8-SNAPSHOT [2.0.0, 3.0.0) 3.0.0-SNAPSHOT - 3.0.6 + 3.0.7-SNAPSHOT - 6.1.35 + 6.1.47 (6.0.0,7.0.0] From c7251e251aba5078d1948f8d90a3dd14cd953726 Mon Sep 17 00:00:00 2001 From: ayyoob Date: Mon, 16 Jan 2017 19:42:59 +0530 Subject: [PATCH 2/8] renaming worker to backend --- modules/core/p2-profile-gen/pom.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/core/p2-profile-gen/pom.xml b/modules/core/p2-profile-gen/pom.xml index 8856f6a6..57e62a36 100644 --- a/modules/core/p2-profile-gen/pom.xml +++ b/modules/core/p2-profile-gen/pom.xml @@ -783,7 +783,7 @@ - p2-profile-generation-devicetype-worker-profile + p2-profile-generation-devicetype-backend-profile package materialize-product @@ -795,7 +795,7 @@ file:${basedir}/target/wso2carbon-core-${carbon.kernel.version}/repository/components - devicetype-worker + devicetype-backend @@ -3080,7 +3080,7 @@ p2-profile-gen - devicetype-worker + devicetype-backend file:${basedir}/target/p2-repo file:${basedir}/target/p2-repo From df6d28fe0f0d0f6770426965d10d4a69e92caf72 Mon Sep 17 00:00:00 2001 From: ayyoob Date: Tue, 17 Jan 2017 15:52:03 +0530 Subject: [PATCH 3/8] installed missing features for device backend --- modules/core/p2-profile-gen/pom.xml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/modules/core/p2-profile-gen/pom.xml b/modules/core/p2-profile-gen/pom.xml index 57e62a36..0c68c548 100644 --- a/modules/core/p2-profile-gen/pom.xml +++ b/modules/core/p2-profile-gen/pom.xml @@ -3204,6 +3204,7 @@ ${carbon.device.mgt.version} + org.wso2.carbon.device.mgt.adapter.feature.group ${carbon.device.mgt.plugin.version} @@ -3671,6 +3672,25 @@ ${identity.inbound.auth.saml.version.iotcore} + + + + org.wso2.carbon.dashboards.shindig.feature.group + ${carbon.dashboard.version} + + + org.wso2.carbon.dashboards.portal.feature.group + ${carbon.dashboard.version} + + + org.wso2.carbon.dashboard.deployment.feature.group + ${carbon.dashboard.version} + + + org.wso2.carbon.iot.device.statistics.dashboard.feature.group + ${carbon.device.mgt.plugin.version} + + From 2c500c4e4f85e4ff842373e9e47f49bff6edb0f2 Mon Sep 17 00:00:00 2001 From: ayyoob Date: Wed, 18 Jan 2017 01:50:46 +0530 Subject: [PATCH 4/8] added apim separation --- modules/core/distribution/src/repository/bin/wso2server.bat | 2 +- modules/core/distribution/src/repository/bin/wso2server.sh | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/modules/core/distribution/src/repository/bin/wso2server.bat b/modules/core/distribution/src/repository/bin/wso2server.bat index 1f88be5b..3aa5e60a 100644 --- a/modules/core/distribution/src/repository/bin/wso2server.bat +++ b/modules/core/distribution/src/repository/bin/wso2server.bat @@ -162,7 +162,7 @@ set CARBON_CLASSPATH=.\lib;%CARBON_CLASSPATH% set JAVA_ENDORSED=".\lib\endorsed";"%JAVA_HOME%\jre\lib\endorsed";"%JAVA_HOME%\lib\endorsed" -set CMD_LINE_ARGS=-Xbootclasspath/a:%CARBON_XBOOTCLASSPATH% -Xms256m -Xmx1024m -XX:MaxPermSize=512m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath="%CARBON_HOME%\repository\logs\heap-dump.hprof" -Dcom.sun.management.jmxremote -classpath %CARBON_CLASSPATH% %JAVA_OPTS% -Djava.endorsed.dirs=%JAVA_ENDORSED% -Dcarbon.registry.root=/ -Dcarbon.home="%CARBON_HOME%" -Dlogger.server.name="IoT-Core" -Dwso2.server.standalone=true -Djava.command="%JAVA_HOME%\bin\java" -Djava.opts="%JAVA_OPTS%" -Djava.io.tmpdir="%CARBON_HOME%\tmp" -Dcatalina.base="%CARBON_HOME%\lib\tomcat" -Dwso2.carbon.xml=%CARBON_HOME%\repository\conf\carbon.xml -Dwso2.registry.xml="%CARBON_HOME%\repository\conf\registry.xml" -Dwso2.user.mgt.xml="%CARBON_HOME%\repository\conf\user-mgt.xml" -Dwso2.transports.xml="%CARBON_HOME%\repository\conf\mgt-transports.xml" -Djava.util.logging.config.file="%CARBON_HOME%\repository\conf\etc\logging-bridge.properties" -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcarbon.config.dir.path="%CARBON_HOME%\repository\conf" -Dcomponents.repo="%CARBON_HOME%\repository\components" -Dconf.location="%CARBON_HOME%\repository\conf" -Dcom.atomikos.icatch.file="%CARBON_HOME%\lib\transactions.properties" -Dcom.atomikos.icatch.hide_init_file_path="true" -Dorg.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true -Dcom.sun.jndi.ldap.connect.pool.authentication=simple -Dcom.sun.jndi.ldap.connect.pool.timeout=3000 -Dorg.terracotta.quartz.skipUpdateCheck=true -Dcarbon.classpath=%CARBON_CLASSPATH% -Dfile.encoding=UTF8 -Dorg.wso2.ignoreHostnameVerification=true -Dorg.opensaml.httpclient.https.disableHostnameVerification=true -Dmqtt.broker.host="localhost" -Dmqtt.broker.port="1886" -Diot.core.host="localhost" -Diot.core.https.port="9443" -Diot.keymanager.host="localhost" -Diot.keymanager.https.port="9443" -Diot.gateway.host="localhost" -Diot.gateway.https.port="8243" -Diot.gateway.http.port="8280" +set CMD_LINE_ARGS=-Xbootclasspath/a:%CARBON_XBOOTCLASSPATH% -Xms256m -Xmx1024m -XX:MaxPermSize=512m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath="%CARBON_HOME%\repository\logs\heap-dump.hprof" -Dcom.sun.management.jmxremote -classpath %CARBON_CLASSPATH% %JAVA_OPTS% -Djava.endorsed.dirs=%JAVA_ENDORSED% -Dcarbon.registry.root=/ -Dcarbon.home="%CARBON_HOME%" -Dlogger.server.name="IoT-Core" -Dwso2.server.standalone=true -Djava.command="%JAVA_HOME%\bin\java" -Djava.opts="%JAVA_OPTS%" -Djava.io.tmpdir="%CARBON_HOME%\tmp" -Dcatalina.base="%CARBON_HOME%\lib\tomcat" -Dwso2.carbon.xml=%CARBON_HOME%\repository\conf\carbon.xml -Dwso2.registry.xml="%CARBON_HOME%\repository\conf\registry.xml" -Dwso2.user.mgt.xml="%CARBON_HOME%\repository\conf\user-mgt.xml" -Dwso2.transports.xml="%CARBON_HOME%\repository\conf\mgt-transports.xml" -Djava.util.logging.config.file="%CARBON_HOME%\repository\conf\etc\logging-bridge.properties" -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcarbon.config.dir.path="%CARBON_HOME%\repository\conf" -Dcomponents.repo="%CARBON_HOME%\repository\components" -Dconf.location="%CARBON_HOME%\repository\conf" -Dcom.atomikos.icatch.file="%CARBON_HOME%\lib\transactions.properties" -Dcom.atomikos.icatch.hide_init_file_path="true" -Dorg.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true -Dcom.sun.jndi.ldap.connect.pool.authentication=simple -Dcom.sun.jndi.ldap.connect.pool.timeout=3000 -Dorg.terracotta.quartz.skipUpdateCheck=true -Dcarbon.classpath=%CARBON_CLASSPATH% -Dfile.encoding=UTF8 -Dorg.wso2.ignoreHostnameVerification=true -Dorg.opensaml.httpclient.https.disableHostnameVerification=true -Dmqtt.broker.host="localhost" -Dmqtt.broker.port="1886" -Diot.core.host="localhost" -Diot.core.https.port="9443" -Diot.keymanager.host="localhost" -Diot.keymanager.https.port="9443" -Diot.gateway.host="localhost" -Diot.gateway.https.port="8243" -Diot.gateway.http.port="8280" -Diot.apimpublisher.host="localhost" -Diot.apimpublisher.https.port="9443" -Diot.apimstore.host="localhost" -Diot.apimstore.https.port="8243" :runJava echo JAVA_HOME environment variable is set to %JAVA_HOME% diff --git a/modules/core/distribution/src/repository/bin/wso2server.sh b/modules/core/distribution/src/repository/bin/wso2server.sh index 9357a282..44ab8c8f 100755 --- a/modules/core/distribution/src/repository/bin/wso2server.sh +++ b/modules/core/distribution/src/repository/bin/wso2server.sh @@ -316,6 +316,10 @@ do -Diot.gateway.host="localhost" \ -Diot.gateway.https.port="8243" \ -Diot.gateway.http.port="8280" \ + -Diot.apimpublisher.host="localhost" \ + -Diot.apimpublisher.https.port="9443" \ + -Diot.apimstore.host="localhost" \ + -Diot.apimstore.https.port="9443" \ org.wso2.carbon.bootstrap.Bootstrap $* status=$? done From 1ac1355eeebc01400c262e6cde6299b62ed24b3d Mon Sep 17 00:00:00 2001 From: ayyoob Date: Tue, 24 Jan 2017 19:33:36 +0530 Subject: [PATCH 5/8] removed cdmc dependency from core --- .../core/distribution/src/assembly/bin.xml | 8 ++ modules/core/p2-profile-gen/pom.xml | 73 +++++++++++++++++++ 2 files changed, 81 insertions(+) diff --git a/modules/core/distribution/src/assembly/bin.xml b/modules/core/distribution/src/assembly/bin.xml index 989a06b8..15b07524 100644 --- a/modules/core/distribution/src/assembly/bin.xml +++ b/modules/core/distribution/src/assembly/bin.xml @@ -937,6 +937,14 @@ ${pom.artifactId}-${pom.version}/repository/conf 644 + + + + ../p2-profile-gen/target/wso2carbon-core-${carbon.kernel.version}/repository/conf/apim-integration.xml + + ${pom.artifactId}-${pom.version}/repository/conf + 644 + src/repository/conf/api-manager.xml diff --git a/modules/core/p2-profile-gen/pom.xml b/modules/core/p2-profile-gen/pom.xml index 0c68c548..3782f20b 100644 --- a/modules/core/p2-profile-gen/pom.xml +++ b/modules/core/p2-profile-gen/pom.xml @@ -146,6 +146,9 @@ org.wso2.carbon.devicemgt:org.wso2.carbon.apimgt.application.extension.feature:${carbon.device.mgt.version} + + org.wso2.carbon.devicemgt:org.wso2.carbon.apimgt.integration.client.feature:${carbon.device.mgt.version} + org.wso2.carbon.devicemgt:org.wso2.carbon.apimgt.handler.server.feature:${carbon.device.mgt.version} @@ -618,6 +621,12 @@ org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.rest.api.dcr.feature:${carbon.api.mgt.version} + + org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.rest.api.publisher.feature:${carbon.api.mgt.version} + + + org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.rest.api.store.feature:${carbon.api.mgt.version} + @@ -890,6 +899,10 @@ org.wso2.carbon.apimgt.application.extension.feature.group ${carbon.device.mgt.version} + + org.wso2.carbon.apimgt.integration.client.feature.group + ${carbon.device.mgt.version} + org.wso2.carbon.email.sender.feature.group ${carbon.device.mgt.version} @@ -1050,6 +1063,14 @@ org.wso2.carbon.apimgt.rest.api.dcr.feature.group ${carbon.api.mgt.version} + + org.wso2.carbon.apimgt.rest.api.publisher.feature.group + ${carbon.api.mgt.version} + + + org.wso2.carbon.apimgt.rest.api.store.feature.group + ${carbon.api.mgt.version} + org.wso2.carbon.apimgt.gateway.feature.group @@ -1904,6 +1925,10 @@ org.wso2.carbon.apimgt.application.extension.feature.group ${carbon.device.mgt.version} + + org.wso2.carbon.apimgt.integration.client.feature.group + ${carbon.device.mgt.version} + org.wso2.carbon.certificate.mgt.server.feature.group ${carbon.device.mgt.version} @@ -2320,6 +2345,10 @@ org.wso2.carbon.apimgt.application.extension.feature.group ${carbon.device.mgt.version} + + org.wso2.carbon.apimgt.integration.client.feature.group + ${carbon.device.mgt.version} + org.wso2.carbon.dynamic.client.registration.server.feature.group ${carbon.device.mgt.version} @@ -2383,6 +2412,10 @@ org.wso2.carbon.apimgt.application.extension.feature.group ${carbon.device.mgt.version} + + org.wso2.carbon.apimgt.integration.client.feature.group + ${carbon.device.mgt.version} + org.wso2.carbon.certificate.mgt.api.feature.group ${carbon.device.mgt.version} @@ -2505,6 +2538,10 @@ org.wso2.carbon.apimgt.application.extension.feature.group ${carbon.device.mgt.version} + + org.wso2.carbon.apimgt.integration.client.feature.group + ${carbon.device.mgt.version} + org.wso2.carbon.email.sender.feature.group ${carbon.device.mgt.version} @@ -2856,6 +2893,18 @@ org.wso2.carbon.apimgt.gateway.feature.group ${carbon.api.mgt.version} + + org.wso2.carbon.apimgt.rest.api.dcr.feature.group + ${carbon.api.mgt.version} + + + org.wso2.carbon.apimgt.rest.api.publisher.feature.group + ${carbon.api.mgt.version} + + + org.wso2.carbon.apimgt.rest.api.store.feature.group + ${carbon.api.mgt.version} + org.wso2.carbon.apimgt.core.feature.group ${carbon.api.mgt.version} @@ -3014,6 +3063,10 @@ org.wso2.carbon.apimgt.application.extension.feature.group ${carbon.device.mgt.version} + + org.wso2.carbon.apimgt.integration.client.feature.group + ${carbon.device.mgt.version} + org.wso2.carbon.certificate.mgt.api.feature.group ${carbon.device.mgt.version} @@ -3139,6 +3192,10 @@ org.wso2.carbon.apimgt.application.extension.feature.group ${carbon.device.mgt.version} + + org.wso2.carbon.apimgt.integration.client.feature.group + ${carbon.device.mgt.version} + org.wso2.carbon.email.sender.feature.group ${carbon.device.mgt.version} @@ -3471,6 +3528,18 @@ org.wso2.carbon.apimgt.store.feature.group ${carbon.api.mgt.version} + + org.wso2.carbon.apimgt.rest.api.dcr.feature.group + ${carbon.api.mgt.version} + + + org.wso2.carbon.apimgt.rest.api.publisher.feature.group + ${carbon.api.mgt.version} + + + org.wso2.carbon.apimgt.rest.api.store.feature.group + ${carbon.api.mgt.version} + org.wso2.carbon.registry.extensions.feature.group ${carbon.governance.version} @@ -3621,6 +3690,10 @@ org.wso2.carbon.apimgt.application.extension.feature.group ${carbon.device.mgt.version} + + org.wso2.carbon.apimgt.integration.client.feature.group + ${carbon.device.mgt.version} + org.wso2.carbon.certificate.mgt.server.feature.group ${carbon.device.mgt.version} From d6695a90828cdeb080a3b2cbaa941fc586e04d11 Mon Sep 17 00:00:00 2001 From: ayyoob Date: Wed, 25 Jan 2017 09:24:38 +0530 Subject: [PATCH 6/8] renamed profile names --- modules/core/p2-profile-gen/pom.xml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/core/p2-profile-gen/pom.xml b/modules/core/p2-profile-gen/pom.xml index 63a6d491..72a450dc 100644 --- a/modules/core/p2-profile-gen/pom.xml +++ b/modules/core/p2-profile-gen/pom.xml @@ -779,7 +779,7 @@ - p2-profile-generation-devicetype-publisher-profile + p2-profile-generation-device-manager-profile package materialize-product @@ -791,11 +791,11 @@ file:${basedir}/target/wso2carbon-core-${carbon.kernel.version}/repository/components - devicetype-publisher + device-manager - p2-profile-generation-devicetype-backend-profile + p2-profile-generation-device-backend-profile package materialize-product @@ -807,7 +807,7 @@ file:${basedir}/target/wso2carbon-core-${carbon.kernel.version}/repository/components - devicetype-backend + device-backend @@ -2466,7 +2466,7 @@ p2-profile-gen - devicetype-publisher + device-manager file:${basedir}/target/p2-repo file:${basedir}/target/p2-repo @@ -3144,7 +3144,7 @@ p2-profile-gen - devicetype-backend + device-backend file:${basedir}/target/p2-repo file:${basedir}/target/p2-repo From 2ca23cce29b411180b2188b2a6e925ca0f41c469 Mon Sep 17 00:00:00 2001 From: ayyoob Date: Wed, 25 Jan 2017 14:25:28 +0530 Subject: [PATCH 7/8] changed configs to support custom grant type --- modules/analytics/distribution/src/ues/designer.json | 5 +++-- modules/core/distribution/identity_config_change.xml | 2 +- .../src/repository/jaggeryapps/portal/configs/designer.json | 5 +++-- pom.xml | 4 ++-- 4 files changed, 9 insertions(+), 7 deletions(-) diff --git a/modules/analytics/distribution/src/ues/designer.json b/modules/analytics/distribution/src/ues/designer.json index 35737370..16ea3cce 100644 --- a/modules/analytics/distribution/src/ues/designer.json +++ b/modules/analytics/distribution/src/ues/designer.json @@ -43,10 +43,11 @@ "password":"admin", "dynamicClientAppRegistrationServiceURL": "https://localhost:9443/dynamic-client-web/register", "apiManagerClientAppRegistrationServiceURL": "https://localhost:9443/api-application-registration/register/tenants", - "grantType": "password refresh_token urn:ietf:params:oauth:grant-type:saml2-carbon urn:ietf:params:oauth:grant-type:jwt-bearer", + "grantType": "password refresh_token urn:ietf:carbon:signed:grant-type:saml2-bearer urn:ietf:params:oauth:grant-type:jwt-bearer", "tokenScope": "admin", "callbackUrl": "https://localhost:9445/portal", - "saasApp":true + "saasApp":true, + "samlGrantTypeName": "urn:ietf:carbon:signed:grant-type:saml2-bearer" }, "tokenServiceURL": "https://localhost:9443/oauth2/token" }, diff --git a/modules/core/distribution/identity_config_change.xml b/modules/core/distribution/identity_config_change.xml index 27e2ded7..e24a54ef 100644 --- a/modules/core/distribution/identity_config_change.xml +++ b/modules/core/distribution/identity_config_change.xml @@ -33,7 +33,7 @@ //s:Server/s:OAuth/s:SupportedGrantTypes/s:SupportedGrantType[s:GrantTypeName='iwa:ntlm'] - urn:ietf:params:oauth:grant-type:saml2-carbon + urn:ietf:carbon:signed:grant-type:saml2-bearer org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant.ExtendedSAML2BearerGrantHandler org.wso2.carbon.identity.oauth.common.SAML2GrantValidator ]]> diff --git a/modules/core/distribution/src/repository/jaggeryapps/portal/configs/designer.json b/modules/core/distribution/src/repository/jaggeryapps/portal/configs/designer.json index 8c023521..c6b2a27b 100644 --- a/modules/core/distribution/src/repository/jaggeryapps/portal/configs/designer.json +++ b/modules/core/distribution/src/repository/jaggeryapps/portal/configs/designer.json @@ -43,10 +43,11 @@ "password":"admin", "dynamicClientAppRegistrationServiceURL": "https://localhost:9443/dynamic-client-web/register", "apiManagerClientAppRegistrationServiceURL": "%https.host%/api-application-registration/register/tenants", - "grantType": "password refresh_token urn:ietf:params:oauth:grant-type:saml2-carbon urn:ietf:params:oauth:grant-type:jwt-bearer", + "grantType": "password refresh_token urn:ietf:carbon:signed:grant-type:saml2-bearer urn:ietf:params:oauth:grant-type:jwt-bearer", "tokenScope": "admin", "callbackUrl": "%https.host%/portal", - "saasApp":true + "saasApp":true, + "samlGrantTypeName": "urn:ietf:carbon:signed:grant-type:saml2-bearer" }, "tokenServiceURL": "https://localhost:9443/oauth2/token" }, diff --git a/pom.xml b/pom.xml index 39d612f5..f4b25207 100644 --- a/pom.xml +++ b/pom.xml @@ -1529,7 +1529,7 @@ 4.7.0 - 2.0.11-SNAPSHOT + 2.0.12-SNAPSHOT [2.0.0, 3.0.0) @@ -1539,7 +1539,7 @@ 3.0.9-SNAPSHOT - 6.1.47 + 6.1.59 (6.0.0,7.0.0] From ca53efdab026e7cb250fb5f2532b42422c41de47 Mon Sep 17 00:00:00 2001 From: ayyoob Date: Thu, 26 Jan 2017 00:30:03 +0530 Subject: [PATCH 8/8] fixed sso login issue in portal in multi tenant --- .../distribution/src/ues/designer.json | 5 +- .../core/distribution/src/assembly/bin.xml | 10 + .../jaggeryapps/portal/configs/designer.json | 2 +- .../modules/oauth/token-handler-utils.js | 567 ++++++++++++++++++ pom.xml | 2 +- 5 files changed, 582 insertions(+), 4 deletions(-) create mode 100644 modules/core/distribution/src/repository/jaggeryapps/portal/modules/oauth/token-handler-utils.js diff --git a/modules/analytics/distribution/src/ues/designer.json b/modules/analytics/distribution/src/ues/designer.json index 16ea3cce..7b817a49 100644 --- a/modules/analytics/distribution/src/ues/designer.json +++ b/modules/analytics/distribution/src/ues/designer.json @@ -34,7 +34,7 @@ "methods": { "oauth": { "attributes": { - "apimgt-gateway": true, + "apimgt-gateway": false, "oauthProvider": { "appRegistration": { "appType": "webapp", @@ -47,7 +47,8 @@ "tokenScope": "admin", "callbackUrl": "https://localhost:9445/portal", "saasApp":true, - "samlGrantTypeName": "urn:ietf:carbon:signed:grant-type:saml2-bearer" + "samlGrantTypeName":"urn:ietf:carbon:signed:grant-type:saml2-bearer" + }, "tokenServiceURL": "https://localhost:9443/oauth2/token" }, diff --git a/modules/core/distribution/src/assembly/bin.xml b/modules/core/distribution/src/assembly/bin.xml index 5d9059af..4410406d 100644 --- a/modules/core/distribution/src/assembly/bin.xml +++ b/modules/core/distribution/src/assembly/bin.xml @@ -741,6 +741,7 @@ **/configs/designer.json + **/modules/oauth/token-handler-utils.js **/jaggery.conf @@ -797,6 +798,15 @@ 755 + + + + src/repository/jaggeryapps/portal/modules/oauth/token-handler-utils.js + + ${pom.artifactId}-${pom.version}/repository/deployment/server/jaggeryapps/portal/modules/oauth + + 755 + diff --git a/modules/core/distribution/src/repository/jaggeryapps/portal/configs/designer.json b/modules/core/distribution/src/repository/jaggeryapps/portal/configs/designer.json index c6b2a27b..440e21cc 100644 --- a/modules/core/distribution/src/repository/jaggeryapps/portal/configs/designer.json +++ b/modules/core/distribution/src/repository/jaggeryapps/portal/configs/designer.json @@ -47,7 +47,7 @@ "tokenScope": "admin", "callbackUrl": "%https.host%/portal", "saasApp":true, - "samlGrantTypeName": "urn:ietf:carbon:signed:grant-type:saml2-bearer" + "samlGrantTypeName":"urn:ietf:carbon:signed:grant-type:saml2-bearer" }, "tokenServiceURL": "https://localhost:9443/oauth2/token" }, diff --git a/modules/core/distribution/src/repository/jaggeryapps/portal/modules/oauth/token-handler-utils.js b/modules/core/distribution/src/repository/jaggeryapps/portal/modules/oauth/token-handler-utils.js new file mode 100644 index 00000000..8998a19b --- /dev/null +++ b/modules/core/distribution/src/repository/jaggeryapps/portal/modules/oauth/token-handler-utils.js @@ -0,0 +1,567 @@ +/* + * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +var utils = function () { + var log = new Log("/modules/oauth/token-handler-utils.js"); + + var configs = require('/configs/portal.js').config(); + var constants = require("/modules/constants.js"); + var carbon = require("carbon"); + + //noinspection JSUnresolvedVariable + var Base64 = Packages.org.apache.commons.codec.binary.Base64; + //noinspection JSUnresolvedVariable + var String = Packages.java.lang.String; + + var publicMethods = {}; + var privateMethods = {}; + + publicMethods["encode"] = function (payload) { + return String(Base64.encodeBase64(String(payload).getBytes())); + }; + + publicMethods["decode"] = function (payload) { + return String(Base64.decodeBase64(String(payload).getBytes())); + }; + + /** + * Check whether this application is oauth enable or not + * @returns boolean if oauth enable + */ + publicMethods["checkOAuthEnabled"] = function () { + if (constants.AUTHORIZATION_TYPE_OAUTH === configs["authorization"]["activeMethod"]) { + return true; + } + return false; + }; + + /** + * Set access token into xml http request header + * @param xhr xml http request + * @returns {*} xhr which has access token it's header + */ + publicMethods["setAccessToken"] = function (xhr, callback) { + var accessToken; + if (publicMethods.checkOAuthEnabled()) { + try { + accessToken = parse(session.get(constants.ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL))["accessToken"]; + xhr.setRequestHeader(constants.AUTHORIZATION_HEADER, constants.BEARER_PREFIX + accessToken); + } catch (exception) { + log.error("Access token hasn't been set yet, " + exception); + } finally { + callback(xhr); + } + } + callback(xhr); + }; + + /** + * Get access token of current logged user + * @param callBack response with access token + */ + publicMethods["getAccessToken"] = function (callBack) { + var accessToken = null; + if (publicMethods.checkOAuthEnabled()) { + try { + accessToken = parse(session.get(constants.ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL))["accessToken"]; + } catch (exception) { + log.error("Access token hasn't been set yet, " + exception); + } finally { + callBack(accessToken); + } + } + callBack(accessToken); + }; + + /** + * Create error message which adhere to xml http response object + * @param statusCode response status code + * @param status response status + * @param responseText response message + * @returns {{statusCode: *, status: *, responseText: *}} + */ + publicMethods["createXHRObject"] = function (statusCode, status, responseText) { + return {"statusCode": statusCode, "status": status, "responseText": responseText}; + }; + + /** + * check whether user already logged to system before invoking any apis + * @param callBack + */ + publicMethods["isUserAuthorized"] = function (callBack) { + if (session.get("Loged") !== constants.LOGIN_MESSAGE) { + callBack(false); + } else { + callBack(true); + } + }; + + /** + * Get identity provider uir + * @returns {*} + */ + publicMethods["getIdPServerURL"] = function () { + return configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["tokenServiceURL"]; + }; + + /** + * Get an Access token pair based on client secret + * @param encodedClientKeys {{clientId:"", clientSecret:""}} + * @param scope eg: PRODUCTION + * @param idPServer identity provider url + * @returns {{accessToken: *, refreshToken: *}} + */ + publicMethods["getTokenWithClientSecretType"] = function (encodedClientKeys, scope, idPServer) { + var xhr = new XMLHttpRequest(); + var tokenEndpoint = idPServer; + xhr.open(constants.HTTP_POST, tokenEndpoint, false); + xhr.setRequestHeader(constants.CONTENT_TYPE_IDENTIFIER, constants.APPLICATION_X_WWW_FOR_URLENCODED); + xhr.setRequestHeader(constants.AUTHORIZATION_HEADER, constants.BASIC_PREFIX + encodedClientKeys); + xhr.send("grant_type=client_credentials&scope=" + scope); + var tokenPair = {}; + if (xhr.status == constants.HTTP_ACCEPTED) { + var data = parse(xhr.responseText); + tokenPair.refreshToken = data.refresh_token; + tokenPair.accessToken = data.access_token; + } else if (xhr.status == constants.HTTP_USER_NOT_AUTHENTICATED) { + log.error("Error in obtaining token with client secret grant type, You are not authenticated yet"); + return null; + } else { + log.error("Error in obtaining token with client secret grant type, This might be a problem with client meta " + + "data which required for client secret grant type"); + return null; + } + return tokenPair; + }; + + + /** + * This will create client id and client secret for a given application + * @param properties "callbackUrl": "", + * "clientName": "", + * "owner": "", + * "applicationType": "", + * "grantType": "", + * "saasApp" :"", + * "dynamicClientRegistrationEndPoint" : "" + * + * @returns {{clientId:*, clientSecret:*}} + */ + publicMethods["getDynamicClientAppCredentials"] = function (username) { + // setting up dynamic client application properties + var dcAppProperties = { + "applicationType": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["appType"], + "clientName": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["clientName"], + "owner": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["owner"], + "tokenScope": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["tokenScope"], + "grantType": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["grantType"], + "callbackUrl": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["callbackUrl"], + "saasApp" : configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["saasApp"] + }; + + var tenantDomain = carbon.server.tenantDomain({username: username}); + if (!tenantDomain) { + log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving tenant " + + "based client application credentials. Unable to obtain a valid tenant domain for provided username "+ + username +"- getDynamicClientAppCredentials(x)"); + return null; + } else { + var cachedTenantBasedClientAppCredentials = privateMethods. + getCachedTenantBasedClientAppCredentials(tenantDomain); + if (cachedTenantBasedClientAppCredentials) { + return cachedTenantBasedClientAppCredentials; + } else { + // calling dynamic client app registration service endpoint + var requestURL = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"] + ["dynamicClientAppRegistrationServiceURL"]; + var requestPayload = dcAppProperties; + var token = publicMethods.encode(configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"] + ["appRegistration"]["owner"] + ":" + configs["authorization"]["methods"]["oauth"]["attributes"] + ["oauthProvider"]["appRegistration"]["password"]); + var xhr = new XMLHttpRequest(); + xhr.open("POST", requestURL, false); + xhr.setRequestHeader("Content-Type", "application/json"); + xhr.setRequestHeader("Authorization", "Basic "+ token); + xhr.send(stringify(requestPayload)); + var dynamicClientAppCredentials = {}; + if (xhr["status"] == 201 || xhr["status"] == 200 && xhr["responseText"]) { + var responsePayload = parse(xhr["responseText"]); + var clientId = responsePayload["client_id"]; + var clientSecret = responsePayload["client_secret"]; + if(typeof clientId == "undefined"){ + clientId = responsePayload["clientId"]; + } + if(typeof clientSecret == "undefined"){ + clientSecret = responsePayload["clientSecret"]; + } + dynamicClientAppCredentials["clientId"] = clientId; + dynamicClientAppCredentials["clientSecret"] = clientSecret; + privateMethods. + setCachedTenantBasedClientAppCredentials(tenantDomain, dynamicClientAppCredentials); + } else if (xhr["status"] == 400) { + log.error("{/modules/oauth/token-handler-utils.js - getDynamicClientAppCredentials()} " + + "Bad request. Invalid data provided as dynamic client application properties."); + dynamicClientAppCredentials = null; + } else { + log.error("{/modules/oauth/token-handler-utils.js - getDynamicClientAppCredentials()} " + + "Error in retrieving dynamic client credentials."); + dynamicClientAppCredentials = null; + } + // returning dynamic client credentials + return dynamicClientAppCredentials; + } + } + }; + + /** + * If gateway is enable, apiManagerClientAppRegistrationServiceURL is used to create oauth application + * @param username username of current logged user + * @returns {{clientId:*, clientSecret:*}} + */ + publicMethods["getTenantBasedClientAppCredentials"] = function (username) { + if (!username) { + log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving tenant " + + "based client app credentials. No username " + + "as input - getTenantBasedClientAppCredentials(x)"); + return null; + } else { + //noinspection JSUnresolvedFunction, JSUnresolvedVariable + var tenantDomain = carbon.server.tenantDomain({username: username}); + + if (!tenantDomain) { + log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving tenant " + + "based client application credentials. Unable to obtain a valid tenant domain for provided " + + "username - getTenantBasedClientAppCredentials(x, y)"); + return null; + } else { + var cachedTenantBasedClientAppCredentials = privateMethods. + getCachedTenantBasedClientAppCredentials(tenantDomain); + if (cachedTenantBasedClientAppCredentials) { + return cachedTenantBasedClientAppCredentials; + } else { + var adminUsername = configs["authorization"]["methods"]["oauth"]["attributes"]["adminUser"]; + var adminUserTenantId = configs["authorization"]["methods"]["oauth"]["attributes"] + ["adminUserTenantId"]; + //claims required for jwtAuthenticator. + var claims = {"http://wso2.org/claims/enduserTenantId": adminUserTenantId, + "http://wso2.org/claims/enduser": adminUsername}; + var jwtToken = publicMethods.getJwtToken(adminUsername, claims); + // register a tenant based client app at API Manager + var applicationName = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"] + ["appRegistration"]["clientName"] + "_" + tenantDomain; + var requestURL = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"] + ["appRegistration"]["apiManagerClientAppRegistrationServiceURL"] + + "?tenantDomain=" + tenantDomain + "&applicationName=" + applicationName; + var xhr = new XMLHttpRequest(); + xhr.open("POST", requestURL, false); + xhr.setRequestHeader("Content-Type", "application/json"); + xhr.setRequestHeader("X-JWT-Assertion", "" + jwtToken); + xhr.send(); + if ((xhr["status"] == 201 || xhr["status"] == 200) && xhr["responseText"]) { + var responsePayload = parse(xhr["responseText"]); + var tenantBasedClientAppCredentials = {}; + var clientId = responsePayload["client_id"]; + var clientSecret = responsePayload["client_secret"]; + if(typeof clientId == "undefined"){ + clientId = responsePayload["clientId"]; + } + if(typeof clientSecret == "undefined"){ + clientSecret = responsePayload["clientSecret"]; + } + tenantBasedClientAppCredentials["clientId"] = clientId; + tenantBasedClientAppCredentials["clientSecret"] = clientSecret; + privateMethods. + setCachedTenantBasedClientAppCredentials(tenantDomain, tenantBasedClientAppCredentials); + return tenantBasedClientAppCredentials; + } else { + log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving tenant " + + "based client application credentials from API " + + "Manager - getTenantBasedClientAppCredentials(x, y)"); + return null; + } + } + } + } + }; + + /** + * Caching oauth application credentials + * @param tenantDomain tenant domain where application is been created + * @param clientAppCredentials {{clientId:*, clientSecret:*}} + */ + privateMethods["setCachedTenantBasedClientAppCredentials"] = function (tenantDomain, clientAppCredentials) { + var cachedTenantBasedClientAppCredentialsMap = application.get(constants["CACHED_CREDENTIALS_PORTAL_APP"]); + if (!cachedTenantBasedClientAppCredentialsMap) { + cachedTenantBasedClientAppCredentialsMap = {}; + cachedTenantBasedClientAppCredentialsMap[tenantDomain] = clientAppCredentials; + application.put(constants["CACHED_CREDENTIALS_PORTAL_APP"], cachedTenantBasedClientAppCredentialsMap); + } else if (!cachedTenantBasedClientAppCredentialsMap[tenantDomain]) { + cachedTenantBasedClientAppCredentialsMap[tenantDomain] = clientAppCredentials; + } + }; + + /** + * Get oauth application credentials from cache + * @param tenantDomain tenant domain where application is been created + * @returns {{clientId:*, clientSecret:*}} + */ + privateMethods["getCachedTenantBasedClientAppCredentials"] = function (tenantDomain) { + var cachedTenantBasedClientAppCredentialsMap = application.get(constants["CACHED_CREDENTIALS_PORTAL_APP"]); + if (!cachedTenantBasedClientAppCredentialsMap || + !cachedTenantBasedClientAppCredentialsMap[tenantDomain]) { + return null; + } else { + return cachedTenantBasedClientAppCredentialsMap[tenantDomain]; + } + }; + + /** + * Get access token and refresh token using password grant type + * @param username username of the logged user + * @param password password of the logged user + * @param encodedClientAppCredentials {{clientId:*, clientSecret:*}} + * @param scopes scopes list + * @returns {{accessToken: *, refreshToken: *}} + */ + publicMethods["getTokenPairAndScopesByPasswordGrantType"] = function (username, password + , encodedClientAppCredentials, scopes) { + if (!username || !password || !encodedClientAppCredentials || !scopes) { + log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving access token by password " + + "grant type. No username, password, encoded client app credentials or scopes are " + + "found - getTokenPairAndScopesByPasswordGrantType(a, b, c, d)"); + return null; + } else { + // calling oauth provider token service endpoint + var requestURL = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"] + ["tokenServiceURL"]; + var requestPayload = "grant_type=password&username=" + + username + "&password=" + password + "&scope=" + scopes; + + var xhr = new XMLHttpRequest(); + xhr.open("POST", requestURL, false); + xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); + xhr.setRequestHeader("Authorization", "Basic " + encodedClientAppCredentials); + xhr.send(requestPayload); + + if (xhr["status"] == 200 && xhr["responseText"]) { + var responsePayload = parse(xhr["responseText"]); + var tokenData = {}; + tokenData["accessToken"] = responsePayload["access_token"]; + tokenData["refreshToken"] = responsePayload["refresh_token"]; + tokenData["scopes"] = responsePayload["scope"]; + return tokenData; + } else { + log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving access token " + + "by password grant type - getTokenPairAndScopesByPasswordGrantType(a, b, c, d)"); + return null; + } + } + }; + + /** + * Get access token and refresh token using SAML grant type + * @param assertion + * @param encodedClientAppCredentials + * @param scopes + * @returns {{accessToken: *, refreshToken: *}} + */ + publicMethods["getTokenPairAndScopesBySAMLGrantType"] = function (assertion, encodedClientAppCredentials, scopes) { + if (!assertion || !encodedClientAppCredentials || !scopes) { + log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving access token by saml " + + "grant type. No assertion, encoded client app credentials or scopes are " + + "found - getTokenPairAndScopesBySAMLGrantType(x, y, z)"); + return null; + } else { + + var assertionXML = publicMethods.decode(assertion); + /* + TODO: make assertion extraction with proper parsing. + Since Jaggery XML parser seem to add formatting which causes signature verification to fail. + */ + var assertionStartMarker = "3.0.9-SNAPSHOT - 6.1.59 + 6.1.57 (6.0.0,7.0.0]