Adding /devicemgt/login as authentication url when sso enabled

modules/core/distribution/src/repository/conf/identity/application-authentication.xml

@@ -0,0 +1,162 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+~ Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+~
+~ Licensed under the Apache License, Version 2.0 (the "License");
+~ you may not use this file except in compliance with the License.
+~ You may obtain a copy of the License at
+~
+~ http://www.apache.org/licenses/LICENSE-2.0
+~
+~ Unless required by applicable law or agreed to in writing, software
+~ distributed under the License is distributed on an "AS IS" BASIS,
+~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+~ See the License for the specific language governing permissions and
+~ limitations under the License.
+ -->
+
+<ApplicationAuthentication xmlns="http://wso2.org/projects/carbon/application-authentication.xml">
+
+    <!--
+        ProxyMode allows framework to operate in either 'smart' mode
+        or 'dumb' mode.
+        smart = both local and federated authentication is supported
+        dumb = only federated authentication is supported
+    -->
+    <ProxyMode>smart</ProxyMode>
+
+    <!--
+        AuthenticationEndpointURL is location of the web app containing
+        the authentication related pages
+    -->
+    <AuthenticationEndpointURL>https://${carbon.host}:${carbon.management.port}/devicemgt/login</AuthenticationEndpointURL>
+    <AuthenticationEndpointRetryURL>https://${carbon.host}:${carbon.management.port}/devicemgt/login?retry=true</AuthenticationEndpointRetryURL>
+
+    <!--
+        Extensions allow extending the default behaviour of the authentication
+        process.
+    -->
+    <Extensions>
+        <RequestCoordinator>org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator</RequestCoordinator>
+        <AuthenticationRequestHandler>org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler</AuthenticationRequestHandler>
+        <LogoutRequestHandler>org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultLogoutRequestHandler</LogoutRequestHandler>
+        <StepBasedSequenceHandler>org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler</StepBasedSequenceHandler>
+        <RequestPathBasedSequenceHandler>org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultRequestPathBasedSequenceHandler</RequestPathBasedSequenceHandler>
+        <StepHandler>org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler</StepHandler>
+        <HomeRealmDiscoverer>org.wso2.carbon.identity.application.authentication.framework.handler.hrd.impl.DefaultHomeRealmDiscoverer</HomeRealmDiscoverer>
+        <ClaimHandler>org.wso2.carbon.identity.application.authentication.framework.handler.claims.impl.DefaultClaimHandler</ClaimHandler>
+        <ProvisioningHandler>org.wso2.carbon.identity.application.authentication.framework.handler.provisioning.impl.DefaultProvisioningHandler</ProvisioningHandler>
+    </Extensions>
+
+    <!--
+        AuthenticatorNameMappings allow specifying an authenticator
+        against a pre-defined alias (which will be used by other components.
+        E.g. Application Mgt component). This enables the usage of a custom
+        authenticator in place of an authenticator that gets packed with the
+        distribution.
+    -->
+    <AuthenticatorNameMappings>
+        <AuthenticatorNameMapping name="BasicAuthenticator" alias="basic" />
+        <AuthenticatorNameMapping name="OAuthRequestPathAuthenticator" alias="oauth-bearer" />
+        <AuthenticatorNameMapping name="BasicAuthRequestPathAuthenticator" alias="basic-auth" />
+        <AuthenticatorNameMapping name="IWAAuthenticator" alias="iwa" />
+        <AuthenticatorNameMapping name="SAMLSSOAuthenticator" alias="samlsso" />
+        <AuthenticatorNameMapping name="OpenIDConnectAuthenticator" alias="openidconnect" />
+        <AuthenticatorNameMapping name="OpenIDAuthenticator" alias="openid" />
+        <AuthenticatorNameMapping name="PassiveSTSAuthenticator" alias="passive-sts" />
+    </AuthenticatorNameMappings>
+
+    <!--
+		AuthenticatorConfigs allow specifying various configurations needed
+		by the authenticators by using any number of \'Parameter\' elements
+		E.g.
+		<AuthenticatorConfig name="CustomAuthenticator" enabled="true" />
+			<Parameter name="paramName1">paramValue</Parameter>
+			<Parameter name="paramName2">paramValue</Parameter>
+		</AuthenticatorConfig>
+    -->
+    <AuthenticatorConfigs>
+        <AuthenticatorConfig name="BasicAuthenticator" enabled="true">
+            <!--Parameter name="UserNameAttributeClaimUri">http://wso2.org/claims/emailaddress</Parameter-->
+            <!--Parameter name="showAuthFailureReason">true</Parameter-->
+        </AuthenticatorConfig>
+        <AuthenticatorConfig name="OAuthRequestPathAuthenticator" enabled="true" />
+        <AuthenticatorConfig name="BasicAuthRequestPathAuthenticator" enabled="true" />
+        <AuthenticatorConfig name="SAMLSSOAuthenticator" enabled="true">
+            <!--Parameter name="SignAuth2SAMLUsingSuperTenant">true</Parameter-->
+            <!--Parameter name="SAML2SSOManager">org.wso2.carbon.identity.application.authenticator.samlsso.manager.DefaultSAML2SSOManager</Parameter-->
+        </AuthenticatorConfig>
+        <AuthenticatorConfig name="OpenIDConnectAuthenticator" enabled="true">
+            <!--Parameter name="IDTokenHandler">org.wso2.carbon.identity.application.authenticator.oidc.DefaultIDTokenHandler</Parameter-->
+            <!--Parameter name="ClaimsRetriever">org.wso2.carbon.identity.application.authenticator.oidc.OIDCUserInfoClaimsRetriever</Parameter-->
+        </AuthenticatorConfig>
+        <AuthenticatorConfig name="OpenIDAuthenticator" enabled="true">
+            <Parameter name="LoginPage">/authenticationendpoint/login.do</Parameter>
+            <Parameter name="TrustStorePath">/repository/resources/security/client-truststore.jks</Parameter>
+            <Parameter name="TrustStorePassword">wso2carbon</Parameter>
+            <!--Parameter name="OpenIDManager">org.wso2.carbon.identity.application.authenticator.openid.manager.DefaultOpenIDManager</Parameter>
+            <Parameter name="AttributesRequestor">org.wso2.carbon.identity.application.authenticator.openid.manager.SampleAttributesRequestor</Parameter-->
+        </AuthenticatorConfig>
+        <AuthenticatorConfig name="GoogleOIDCAuthenticator" enabled="true">
+            <Parameter name="GoogleTokenEndpoint">https://accounts.google.com/o/oauth2/token</Parameter>
+            <Parameter name="GoogleAuthzEndpoint">https://accounts.google.com/o/oauth2/auth</Parameter>
+            <Parameter name="GoogleUserInfoEndpoint">https://www.googleapis.com/oauth2/v3/userinfo</Parameter>
+        </AuthenticatorConfig>
+        <AuthenticatorConfig name="MicrosoftWindowsLive" enabled="true">
+            <Parameter name="AuthTokenEndpoint">https://login.live.com/oauth20_token.srf</Parameter>
+            <Parameter name="AuthnEndpoint">https://login.live.com/oauth20_authorize.srf</Parameter>
+            <Parameter name="UserInfoEndpoint">https://apis.live.net/v5.0/me?access_token=</Parameter>
+        </AuthenticatorConfig>
+        <AuthenticatorConfig name="FacebookAuthenticator" enabled="true">
+            <Parameter name="AuthTokenEndpoint">https://graph.facebook.com/oauth/access_token</Parameter>
+            <Parameter name="AuthnEndpoint">http://www.facebook.com/dialog/oauth</Parameter>
+            <Parameter name="UserInfoEndpoint">https://graph.facebook.com/me</Parameter>
+        </AuthenticatorConfig>
+        <AuthenticatorConfig  name="FIDOAuthenticator" enabled="true">
+            <Parameter name="FidoAuth">/authenticationendpoint/fido-auth.jsp</Parameter>
+        </AuthenticatorConfig>
+        <AuthenticatorConfig name="YahooOAuth2Authenticator" enabled="true">
+            <Parameter name="YahooTokenEndpoint">https://api.login.yahoo.com/oauth2/get_token</Parameter>
+            <Parameter name="YahooOAuthzEndpoint">https://api.login.yahoo.com/oauth2/request_auth</Parameter>
+            <Parameter name="YahooUserInfoEndpoint">https://social.yahooapis.com/v1/user/</Parameter>
+        </AuthenticatorConfig>
+    </AuthenticatorConfigs>
+
+    <!--
+		Sequences allow specifying authentication flows for different
+		registered applications. \'default\' sequence is taken if an
+		application specific sequence doesn't exist in this file or
+		in the Application Mgt module.
+    -->
+    <Sequences>
+        <!-- Default Sequence. This is mandatory -->
+        <Sequence appId="default">
+            <Step order="1">
+                <Authenticator name="BasicAuthenticator"/>
+            </Step>
+        </Sequence>
+    </Sequences>
+
+    <!--
+            AuthenticationEndpointQueryParams are the request parameters
+            that would be sent to the AuthenticationEndpoint.
+            'action' defines the behaviour: if 'include', only the defined
+            parameters would be included in the request.
+            If 'exclude' specified, all the parameters received by the
+            Authentication Framework would be sent in the request except
+            the ones specified.
+            'sessionDataKey', 'type', 'relyingParty', 'sp' and 'authenticators'
+            parameters will be always sent. They should not be specified here.
+        -->
+    <AuthenticationEndpointQueryParams action="exclude">
+        <AuthenticationEndpointQueryParam name="username"/>
+        <AuthenticationEndpointQueryParam name="password"/>
+        <AuthenticationEndpointQueryParam name="SAMLRequest"/>
+    </AuthenticationEndpointQueryParams>
+
+    <!--TenantDomainDropDownEnabled>true</TenantDomainDropDownEnabled>
+    <TenantDataListenerURLs>
+      <TenantDataListenerURL>/authenticationendpoint/tenantlistrefresher.do</TenantDataListenerURL>
+    </TenantDataListenerURLs-->
+
+</ApplicationAuthentication>