|
|
@ -56,7 +56,7 @@ var module = {};
|
|
|
|
cachedAuthModuleConfigs = authModuleConfigs;
|
|
|
|
cachedAuthModuleConfigs = authModuleConfigs;
|
|
|
|
} else {
|
|
|
|
} else {
|
|
|
|
log.error("Cannot find User module configurations in application configuration file '"
|
|
|
|
log.error("Cannot find User module configurations in application configuration file '"
|
|
|
|
+ constants.FILE_APP_CONF + "'.");
|
|
|
|
+ constants.FILE_APP_CONF + "'.");
|
|
|
|
cachedAuthModuleConfigs = {};
|
|
|
|
cachedAuthModuleConfigs = {};
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return cachedAuthModuleConfigs;
|
|
|
|
return cachedAuthModuleConfigs;
|
|
|
@ -85,7 +85,7 @@ var module = {};
|
|
|
|
return (rv) ? rv : {};
|
|
|
|
return (rv) ? rv : {};
|
|
|
|
} else {
|
|
|
|
} else {
|
|
|
|
log.error("Cannot find login configurations in Auth module configurations in "
|
|
|
|
log.error("Cannot find login configurations in Auth module configurations in "
|
|
|
|
+ "application configuration file '" + constants.FILE_APP_CONF + "'.");
|
|
|
|
+ "application configuration file '" + constants.FILE_APP_CONF + "'.");
|
|
|
|
return {};
|
|
|
|
return {};
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
@ -113,7 +113,7 @@ var module = {};
|
|
|
|
return (rv) ? rv : {};
|
|
|
|
return (rv) ? rv : {};
|
|
|
|
} else {
|
|
|
|
} else {
|
|
|
|
log.error("Cannot find logout configurations in Auth module configurations in "
|
|
|
|
log.error("Cannot find logout configurations in Auth module configurations in "
|
|
|
|
+ "application configuration file '" + constants.FILE_APP_CONF + "'.");
|
|
|
|
+ "application configuration file '" + constants.FILE_APP_CONF + "'.");
|
|
|
|
return {};
|
|
|
|
return {};
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
@ -133,7 +133,7 @@ var module = {};
|
|
|
|
cachedSsoConfigs = ssoConfigs;
|
|
|
|
cachedSsoConfigs = ssoConfigs;
|
|
|
|
} else {
|
|
|
|
} else {
|
|
|
|
log.error("Cannot find SSO configurations in Auth module configurations in application "
|
|
|
|
log.error("Cannot find SSO configurations in Auth module configurations in application "
|
|
|
|
+ "configuration file '" + constants.FILE_APP_CONF + "'.");
|
|
|
|
+ "configuration file '" + constants.FILE_APP_CONF + "'.");
|
|
|
|
cachedSsoConfigs = {};
|
|
|
|
cachedSsoConfigs = {};
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return cachedSsoConfigs;
|
|
|
|
return cachedSsoConfigs;
|
|
|
@ -156,13 +156,13 @@ var module = {};
|
|
|
|
if (operation == OPERATION_LOGIN) {
|
|
|
|
if (operation == OPERATION_LOGIN) {
|
|
|
|
configs = getLoginConfigurations(event);
|
|
|
|
configs = getLoginConfigurations(event);
|
|
|
|
pageFullName = (event == EVENT_SUCCESS) ?
|
|
|
|
pageFullName = (event == EVENT_SUCCESS) ?
|
|
|
|
configs[constants.APP_CONF_AUTH_MODULE_LOGIN_ON_SUCCESS_PAGE] :
|
|
|
|
configs[constants.APP_CONF_AUTH_MODULE_LOGIN_ON_SUCCESS_PAGE] :
|
|
|
|
configs[constants.APP_CONF_AUTH_MODULE_LOGIN_ON_FAIL_PAGE];
|
|
|
|
configs[constants.APP_CONF_AUTH_MODULE_LOGIN_ON_FAIL_PAGE];
|
|
|
|
} else {
|
|
|
|
} else {
|
|
|
|
configs = getLogoutConfigurations(event);
|
|
|
|
configs = getLogoutConfigurations(event);
|
|
|
|
pageFullName = (event == EVENT_SUCCESS) ?
|
|
|
|
pageFullName = (event == EVENT_SUCCESS) ?
|
|
|
|
configs[constants.APP_CONF_AUTH_MODULE_LOGOUT_ON_SUCCESS_PAGE] :
|
|
|
|
configs[constants.APP_CONF_AUTH_MODULE_LOGOUT_ON_SUCCESS_PAGE] :
|
|
|
|
configs[constants.APP_CONF_AUTH_MODULE_LOGOUT_ON_FAIL_PAGE];
|
|
|
|
configs[constants.APP_CONF_AUTH_MODULE_LOGOUT_ON_FAIL_PAGE];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if (pageFullName) {
|
|
|
|
if (pageFullName) {
|
|
|
@ -173,13 +173,13 @@ var module = {};
|
|
|
|
return page.definition[constants.PAGE_DEFINITION_URI];
|
|
|
|
return page.definition[constants.PAGE_DEFINITION_URI];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
log.warn("Page '" + pageFullName + "' mentioned in Auth module configurations in "
|
|
|
|
log.warn("Page '" + pageFullName + "' mentioned in Auth module configurations in "
|
|
|
|
+ "application configuration file '" + constants.FILE_APP_CONF
|
|
|
|
+ "application configuration file '" + constants.FILE_APP_CONF
|
|
|
|
+ "' is disabled.");
|
|
|
|
+ "' is disabled.");
|
|
|
|
|
|
|
|
|
|
|
|
} else {
|
|
|
|
} else {
|
|
|
|
log.error("Page '" + pageFullName + "' mentioned in Auth module configurations in "
|
|
|
|
log.error("Page '" + pageFullName + "' mentioned in Auth module configurations in "
|
|
|
|
+ "application configuration file '" + constants.FILE_APP_CONF
|
|
|
|
+ "application configuration file '" + constants.FILE_APP_CONF
|
|
|
|
+ "' does not exists.");
|
|
|
|
+ "' does not exists.");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return "/";
|
|
|
|
return "/";
|
|
|
@ -207,13 +207,13 @@ var module = {};
|
|
|
|
if (operation == OPERATION_LOGIN) {
|
|
|
|
if (operation == OPERATION_LOGIN) {
|
|
|
|
configs = getLoginConfigurations(event);
|
|
|
|
configs = getLoginConfigurations(event);
|
|
|
|
scriptFilePath = (event == EVENT_SUCCESS) ?
|
|
|
|
scriptFilePath = (event == EVENT_SUCCESS) ?
|
|
|
|
configs[constants.APP_CONF_AUTH_MODULE_LOGIN_ON_SUCCESS_SCRIPT] :
|
|
|
|
configs[constants.APP_CONF_AUTH_MODULE_LOGIN_ON_SUCCESS_SCRIPT] :
|
|
|
|
configs[constants.APP_CONF_AUTH_MODULE_LOGIN_ON_FAIL_SCRIPT];
|
|
|
|
configs[constants.APP_CONF_AUTH_MODULE_LOGIN_ON_FAIL_SCRIPT];
|
|
|
|
} else {
|
|
|
|
} else {
|
|
|
|
configs = getLogoutConfigurations(event);
|
|
|
|
configs = getLogoutConfigurations(event);
|
|
|
|
scriptFilePath = (event == EVENT_SUCCESS) ?
|
|
|
|
scriptFilePath = (event == EVENT_SUCCESS) ?
|
|
|
|
configs[constants.APP_CONF_AUTH_MODULE_LOGOUT_ON_SUCCESS_SCRIPT] :
|
|
|
|
configs[constants.APP_CONF_AUTH_MODULE_LOGOUT_ON_SUCCESS_SCRIPT] :
|
|
|
|
configs[constants.APP_CONF_AUTH_MODULE_LOGOUT_ON_FAIL_SCRIPT];
|
|
|
|
configs[constants.APP_CONF_AUTH_MODULE_LOGOUT_ON_FAIL_SCRIPT];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if (!scriptFilePath || (scriptFilePath.length == 0)) {
|
|
|
|
if (!scriptFilePath || (scriptFilePath.length == 0)) {
|
|
|
@ -222,8 +222,8 @@ var module = {};
|
|
|
|
var scriptFile = new File(scriptFilePath);
|
|
|
|
var scriptFile = new File(scriptFilePath);
|
|
|
|
if (!scriptFile.isExists() || scriptFile.isDirectory()) {
|
|
|
|
if (!scriptFile.isExists() || scriptFile.isDirectory()) {
|
|
|
|
log.error("Script '" + scriptFilePath + "' mentioned in Auth module configurations in "
|
|
|
|
log.error("Script '" + scriptFilePath + "' mentioned in Auth module configurations in "
|
|
|
|
+ "application configuration file '" + constants.FILE_APP_CONF
|
|
|
|
+ "application configuration file '" + constants.FILE_APP_CONF
|
|
|
|
+ "' does not exists.");
|
|
|
|
+ "' does not exists.");
|
|
|
|
return true;
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
@ -265,7 +265,7 @@ var module = {};
|
|
|
|
} else {
|
|
|
|
} else {
|
|
|
|
// event == EVENT_FAIL
|
|
|
|
// event == EVENT_FAIL
|
|
|
|
redirectUri = getRedirectUri(operation, EVENT_FAIL) + "?error=" + scriptArgument.message
|
|
|
|
redirectUri = getRedirectUri(operation, EVENT_FAIL) + "?error=" + scriptArgument.message
|
|
|
|
+ "&" + constants.URL_PARAM_REFERER + "=" + getRelayState(operation);
|
|
|
|
+ "&" + constants.URL_PARAM_REFERER + "=" + getRelayState(operation);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
response.sendRedirect(encodeURI(module.getAppContext() + redirectUri));
|
|
|
|
response.sendRedirect(encodeURI(module.getAppContext() + redirectUri));
|
|
|
|
}
|
|
|
|
}
|
|
|
@ -276,8 +276,8 @@ var module = {};
|
|
|
|
var identityProviderUrl = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_IDENTITY_PROVIDER_URL];
|
|
|
|
var identityProviderUrl = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_IDENTITY_PROVIDER_URL];
|
|
|
|
if (!identityProviderUrl || (identityProviderUrl.length == 0)) {
|
|
|
|
if (!identityProviderUrl || (identityProviderUrl.length == 0)) {
|
|
|
|
var msg = "Identity Provider URL is not given in SSO configurations in Auth module "
|
|
|
|
var msg = "Identity Provider URL is not given in SSO configurations in Auth module "
|
|
|
|
+ "configurations in application configuration file '"
|
|
|
|
+ "configurations in application configuration file '"
|
|
|
|
+ constants.FILE_APP_CONF + "'.";
|
|
|
|
+ constants.FILE_APP_CONF + "'.";
|
|
|
|
log.error(msg);
|
|
|
|
log.error(msg);
|
|
|
|
response.sendError(500, msg);
|
|
|
|
response.sendError(500, msg);
|
|
|
|
return null;
|
|
|
|
return null;
|
|
|
@ -286,7 +286,7 @@ var module = {};
|
|
|
|
var issuer = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_ISSUER];
|
|
|
|
var issuer = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_ISSUER];
|
|
|
|
if (!issuer || (issuer.length == 0)) {
|
|
|
|
if (!issuer || (issuer.length == 0)) {
|
|
|
|
var msg = "Issuer is not given in SSO configurations in Auth module configurations in "
|
|
|
|
var msg = "Issuer is not given in SSO configurations in Auth module configurations in "
|
|
|
|
+ "application configuration file '" + constants.FILE_APP_CONF + "'.";
|
|
|
|
+ "application configuration file '" + constants.FILE_APP_CONF + "'.";
|
|
|
|
log.error(msg);
|
|
|
|
log.error(msg);
|
|
|
|
response.sendError(500, msg);
|
|
|
|
response.sendError(500, msg);
|
|
|
|
return null;
|
|
|
|
return null;
|
|
|
@ -316,8 +316,8 @@ var module = {};
|
|
|
|
var identityProviderUrl = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_IDENTITY_PROVIDER_URL];
|
|
|
|
var identityProviderUrl = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_IDENTITY_PROVIDER_URL];
|
|
|
|
if (!identityProviderUrl || (identityProviderUrl.length == 0)) {
|
|
|
|
if (!identityProviderUrl || (identityProviderUrl.length == 0)) {
|
|
|
|
var msg = "Identity Provider URL is not given in SSO configurations in Auth module "
|
|
|
|
var msg = "Identity Provider URL is not given in SSO configurations in Auth module "
|
|
|
|
+ "configurations in application configuration file '"
|
|
|
|
+ "configurations in application configuration file '"
|
|
|
|
+ constants.FILE_APP_CONF + "'.";
|
|
|
|
+ constants.FILE_APP_CONF + "'.";
|
|
|
|
log.error(msg);
|
|
|
|
log.error(msg);
|
|
|
|
response.sendError(500, msg);
|
|
|
|
response.sendError(500, msg);
|
|
|
|
return null;
|
|
|
|
return null;
|
|
|
@ -331,7 +331,7 @@ var module = {};
|
|
|
|
var issuer = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_ISSUER];
|
|
|
|
var issuer = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_ISSUER];
|
|
|
|
if (!issuer || (issuer.length == 0)) {
|
|
|
|
if (!issuer || (issuer.length == 0)) {
|
|
|
|
var msg = "Issuer is not given in SSO configurations in Auth module configurations in "
|
|
|
|
var msg = "Issuer is not given in SSO configurations in Auth module configurations in "
|
|
|
|
+ "application configuration file '" + constants.FILE_APP_CONF + "'.";
|
|
|
|
+ "application configuration file '" + constants.FILE_APP_CONF + "'.";
|
|
|
|
log.error(msg);
|
|
|
|
log.error(msg);
|
|
|
|
response.sendError(500, msg);
|
|
|
|
response.sendError(500, msg);
|
|
|
|
return null;
|
|
|
|
return null;
|
|
|
@ -341,10 +341,10 @@ var module = {};
|
|
|
|
try {
|
|
|
|
try {
|
|
|
|
var ssoClient = require("sso").client;
|
|
|
|
var ssoClient = require("sso").client;
|
|
|
|
encodedSAMLAuthRequest = ssoClient.getEncodedSAMLLogoutRequest(username,
|
|
|
|
encodedSAMLAuthRequest = ssoClient.getEncodedSAMLLogoutRequest(username,
|
|
|
|
ssoSessionIndex, issuer);
|
|
|
|
ssoSessionIndex, issuer);
|
|
|
|
} catch (e) {
|
|
|
|
} catch (e) {
|
|
|
|
log.error("Cannot create SAML logout authorization token for user '" + username
|
|
|
|
log.error("Cannot create SAML logout authorization token for user '" + username
|
|
|
|
+ "' with issuer '" + issuer + "'.");
|
|
|
|
+ "' with issuer '" + issuer + "'.");
|
|
|
|
log.error(e.message, e);
|
|
|
|
log.error(e.message, e);
|
|
|
|
response.sendError(500, e.message);
|
|
|
|
response.sendError(500, e.message);
|
|
|
|
return null;
|
|
|
|
return null;
|
|
|
@ -446,17 +446,17 @@ var module = {};
|
|
|
|
intermediatePage = utils.getFurthestChild(intermediatePage);
|
|
|
|
intermediatePage = utils.getFurthestChild(intermediatePage);
|
|
|
|
if (!intermediatePage.disabled) {
|
|
|
|
if (!intermediatePage.disabled) {
|
|
|
|
renderer.renderUiComponent(intermediatePage, requestParams, renderingContext,
|
|
|
|
renderer.renderUiComponent(intermediatePage, requestParams, renderingContext,
|
|
|
|
lookupTable, response);
|
|
|
|
lookupTable, response);
|
|
|
|
return;
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
log.warn("Intermediate page '" + intermediatePageName + " mentioned in Auth module "
|
|
|
|
log.warn("Intermediate page '" + intermediatePageName + " mentioned in Auth module "
|
|
|
|
+ "configurations in application configuration file '"
|
|
|
|
+ "configurations in application configuration file '"
|
|
|
|
+ constants.FILE_APP_CONF + "' is disabled.");
|
|
|
|
+ constants.FILE_APP_CONF + "' is disabled.");
|
|
|
|
} else {
|
|
|
|
} else {
|
|
|
|
log.error("Intermediate page '" + intermediatePageName
|
|
|
|
log.error("Intermediate page '" + intermediatePageName
|
|
|
|
+ " mentioned in Auth module "
|
|
|
|
+ " mentioned in Auth module "
|
|
|
|
+ "configurations in application configuration file '"
|
|
|
|
+ "configurations in application configuration file '"
|
|
|
|
+ constants.FILE_APP_CONF + "' does not exists.");
|
|
|
|
+ constants.FILE_APP_CONF + "' does not exists.");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
@ -528,13 +528,13 @@ var module = {};
|
|
|
|
* string}}
|
|
|
|
* string}}
|
|
|
|
*/
|
|
|
|
*/
|
|
|
|
var ssoSession = ssoClient.decodeSAMLLoginResponse(samlResponseObj, samlResponse,
|
|
|
|
var ssoSession = ssoClient.decodeSAMLLoginResponse(samlResponseObj, samlResponse,
|
|
|
|
session.getId());
|
|
|
|
session.getId());
|
|
|
|
if (ssoSession.sessionId) {
|
|
|
|
if (ssoSession.sessionId) {
|
|
|
|
var ssoSessions = getSsoSessions();
|
|
|
|
var ssoSessions = getSsoSessions();
|
|
|
|
ssoSessions[ssoSession.sessionId] = ssoSession;
|
|
|
|
ssoSessions[ssoSession.sessionId] = ssoSession;
|
|
|
|
var carbonUser = (require("carbon")).server.tenantUser(ssoSession.loggedInUser);
|
|
|
|
var carbonUser = (require("carbon")).server.tenantUser(ssoSession.loggedInUser);
|
|
|
|
utils.setCurrentUser(carbonUser.username, carbonUser.domain, carbonUser.tenantId);
|
|
|
|
utils.setCurrentUser(carbonUser.username, carbonUser.domain, carbonUser.tenantId);
|
|
|
|
var scriptArgument = {input: {}, user: module.getCurrentUser()};
|
|
|
|
var scriptArgument = {input: {samlToken: ssoSession.samlToken}, user: module.getCurrentUser()};
|
|
|
|
handleEvent(OPERATION_LOGIN, EVENT_SUCCESS, scriptArgument);
|
|
|
|
handleEvent(OPERATION_LOGIN, EVENT_SUCCESS, scriptArgument);
|
|
|
|
} else {
|
|
|
|
} else {
|
|
|
|
var msg = "Cannot decode SAML login response.";
|
|
|
|
var msg = "Cannot decode SAML login response.";
|
|
|
|