forked from community/device-mgt-plugins
commit
73e73e8f53
@ -0,0 +1,148 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2005-2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
/**
|
||||||
|
* Following module act as a client to create a saml request and also to
|
||||||
|
* unwrap and return attributes of a returning saml response
|
||||||
|
* @type {{}}
|
||||||
|
*/
|
||||||
|
|
||||||
|
var client = {};
|
||||||
|
|
||||||
|
(function (client) {
|
||||||
|
|
||||||
|
var Util = Packages.org.jaggeryjs.modules.sso.common.util.Util,
|
||||||
|
carbon = require('carbon'),
|
||||||
|
log = new Log();
|
||||||
|
|
||||||
|
/**
|
||||||
|
* obtains an encoded saml response and return a decoded/unmarshalled saml obj
|
||||||
|
* @param samlResp
|
||||||
|
* @return {*}
|
||||||
|
*/
|
||||||
|
client.getSamlObject = function (samlResp) {
|
||||||
|
var decodedResp = Util.decode(samlResp);
|
||||||
|
return Util.unmarshall(decodedResp);
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* validating the signature of the response saml object
|
||||||
|
*/
|
||||||
|
client.validateSignature = function (samlObj, config) {
|
||||||
|
var tDomain = Util.getDomainName(samlObj);
|
||||||
|
var tId = carbon.server.tenantId({domain: tDomain});
|
||||||
|
|
||||||
|
return Util.validateSignature(samlObj,
|
||||||
|
config.KEY_STORE_NAME, config.KEY_STORE_PASSWORD, config.IDP_ALIAS, tId, tDomain);
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Checking if the request is a logout call
|
||||||
|
*/
|
||||||
|
client.isLogoutRequest = function (samlObj) {
|
||||||
|
return samlObj instanceof Packages.org.opensaml.saml2.core.LogoutRequest;
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Checking if the request is a logout call
|
||||||
|
*/
|
||||||
|
client.isLogoutResponse = function (samlObj) {
|
||||||
|
return samlObj instanceof Packages.org.opensaml.saml2.core.LogoutResponse;
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* getting url encoded saml authentication request
|
||||||
|
* @param issuerId
|
||||||
|
*/
|
||||||
|
client.getEncodedSAMLAuthRequest = function (issuerId) {
|
||||||
|
return Util.encode(
|
||||||
|
Util.marshall(
|
||||||
|
new Packages.org.jaggeryjs.modules.sso.common.builders.AuthReqBuilder().buildAuthenticationRequest(issuerId)
|
||||||
|
));
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* get url encoded saml logout request
|
||||||
|
*/
|
||||||
|
client.getEncodedSAMLLogoutRequest = function (user, sessionIndex, issuerId) {
|
||||||
|
return Util.encode(
|
||||||
|
Util.marshall(
|
||||||
|
new Packages.org.jaggeryjs.modules.sso.common.builders.LogoutRequestBuilder().buildLogoutRequest(user, sessionIndex,
|
||||||
|
Packages.org.jaggeryjs.modules.sso.common.constants.SSOConstants.LOGOUT_USER,
|
||||||
|
issuerId)));
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Reads the returning SAML login response and populates a session info object
|
||||||
|
*/
|
||||||
|
client.decodeSAMLLoginResponse = function (samlObj, samlResp, sessionId) {
|
||||||
|
var samlSessionObj = {
|
||||||
|
// sessionId, loggedInUser, sessionIndex, samlToken
|
||||||
|
};
|
||||||
|
|
||||||
|
if (samlObj instanceof Packages.org.opensaml.saml2.core.Response) {
|
||||||
|
|
||||||
|
var assertions = samlObj.getAssertions();
|
||||||
|
|
||||||
|
// extract the session index
|
||||||
|
if (assertions != null && assertions.size() > 0) {
|
||||||
|
var authenticationStatements = assertions.get(0).getAuthnStatements();
|
||||||
|
var authnStatement = authenticationStatements.get(0);
|
||||||
|
if (authnStatement != null) {
|
||||||
|
if (authnStatement.getSessionIndex() != null) {
|
||||||
|
samlSessionObj.sessionIndex = authnStatement.getSessionIndex();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// extract the username
|
||||||
|
if (assertions != null && assertions.size() > 0) {
|
||||||
|
var subject = assertions.get(0).getSubject();
|
||||||
|
if (subject != null) {
|
||||||
|
if (subject.getNameID() != null) {
|
||||||
|
samlSessionObj.loggedInUser = subject.getNameID().getValue();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
samlSessionObj.sessionId = sessionId;
|
||||||
|
samlSessionObj.samlToken = samlResp;
|
||||||
|
}
|
||||||
|
|
||||||
|
return samlSessionObj;
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This method is to get the session index when a single logout happens
|
||||||
|
* The IDP sends a logout request to the ACS with the session index, so that
|
||||||
|
* the app can invalidate the associated HTTP Session
|
||||||
|
*/
|
||||||
|
client.decodeSAMLLogoutRequest = function (samlObj) {
|
||||||
|
var sessionIndex = null;
|
||||||
|
|
||||||
|
if (samlObj instanceof org.opensaml.saml2.core.LogoutRequest) {
|
||||||
|
var sessionIndexes = samlObj.getSessionIndexes();
|
||||||
|
if (sessionIndexes != null && sessionIndexes.size() > 0) {
|
||||||
|
sessionIndex = sessionIndexes.get(0).getSessionIndex();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return sessionIndex;
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
}(client));
|
Loading…
Reference in new issue