From 4af2a37d9d0757114e64a1ecc20b229876a1d96e Mon Sep 17 00:00:00 2001 From: Megala Date: Sat, 1 Oct 2016 22:00:59 +0530 Subject: [PATCH 1/6] Fixing SSO problem --- .../main/resources/jaggeryapps/devicemgt/app/modules/login.js | 2 +- .../jaggeryapps/uuf-template-app/lib/modules/auth/auth.js | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js index 87f840d3ce..001188f0e6 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js @@ -26,7 +26,7 @@ var onFail; var utility = require("/app/modules/utility.js").utility; var apiWrapperUtil = require("/app/modules/oauth/token-handlers.js")["handlers"]; if (context.input.samlToken) { - apiWrapperUtil.setupTokenPairBySamlGrantType(context.input.username, context.input.samlToken); + apiWrapperUtil.setupTokenPairBySamlGrantType(context.user.username, context.input.samlToken); } else { apiWrapperUtil.setupTokenPairByPasswordGrantType(context.input.username, context.input.password); } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js index fff0a77e50..9f009cb6cf 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js @@ -364,10 +364,10 @@ var module = {}; * samlToken: string}>} SSO sessions */ function getSsoSessions() { - var ssoSessions = session.get(constants.CACHE_KEY_SSO_SESSIONS); + var ssoSessions = application.get('sso_sessions'); if (!ssoSessions) { ssoSessions = {}; - session.put(constants.CACHE_KEY_SSO_SESSIONS, ssoSessions); + application.put('sso_sessions', ssoSessions); } return ssoSessions; } From b10c3235821162e56926aae0189292dbd8ebcc69 Mon Sep 17 00:00:00 2001 From: Megala Date: Sun, 2 Oct 2016 21:26:13 +0530 Subject: [PATCH 2/6] Fixing the problem in login --- .../resources/jaggeryapps/devicemgt/app/modules/login.js | 8 +++++--- .../jaggeryapps/uuf-template-app/lib/constants.js | 2 +- .../jaggeryapps/uuf-template-app/lib/modules/auth/auth.js | 4 ++-- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js index 001188f0e6..d36e7af0ab 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js @@ -26,14 +26,16 @@ var onFail; var utility = require("/app/modules/utility.js").utility; var apiWrapperUtil = require("/app/modules/oauth/token-handlers.js")["handlers"]; if (context.input.samlToken) { - apiWrapperUtil.setupTokenPairBySamlGrantType(context.user.username, context.input.samlToken); + apiWrapperUtil.setupTokenPairBySamlGrantType(context.user.username + '@' + context.user.domain, context.input.samlToken); } else { apiWrapperUtil.setupTokenPairByPasswordGrantType(context.input.username, context.input.password); } var devicemgtProps = require("/app/modules/conf-reader/main.js")["conf"]; var carbonServer = require("carbon").server; - (new carbonServer.Server({url: devicemgtProps["adminService"]})) - .login(context.input.username, context.input.password); + if (!context.input.samlToken) { + (new carbonServer.Server({url: devicemgtProps["adminService"]})) + .login(context.input.username, context.input.password); + } }; onFail = function (error) { diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/constants.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/constants.js index f7806238b6..8a4e0677f1 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/constants.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/constants.js @@ -105,7 +105,7 @@ var constants = { CACHE_KEY_APP_CONF_FILE_LMD: "_UUF_APP_CONF_FILE_LMD", CACHE_KEY_LOOKUP_TABLE: "_UUF_LOOKUP_TABLE", CACHE_KEY_USER: "_UUF_USER", - CACHE_KEY_SSO_SESSIONS: "_UUF_SSO_SESSIONS", + CACHE_KEY_SSO_SESSIONS: "sso_sessions", CACHE_KEY_HANDLEBARS_ROOT: "_UUF_HANDLEBARS_ROOT", // URL Query Params URL_PARAM_REFERER: "referer" diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js index 9f009cb6cf..e9bc8e8ca4 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js @@ -364,10 +364,10 @@ var module = {}; * samlToken: string}>} SSO sessions */ function getSsoSessions() { - var ssoSessions = application.get('sso_sessions'); + var ssoSessions = application.get(constants.CACHE_KEY_SSO_SESSIONS); if (!ssoSessions) { ssoSessions = {}; - application.put('sso_sessions', ssoSessions); + application.put(constants.CACHE_KEY_SSO_SESSIONS, ssoSessions); } return ssoSessions; } From e5870e13062b54763afda51b4fccc30ad5358a4c Mon Sep 17 00:00:00 2001 From: Megala Date: Sun, 2 Oct 2016 23:15:25 +0530 Subject: [PATCH 3/6] Fixing the problem of common log out --- .../uuf-template-app/lib/modules/auth/auth.js | 115 ++++++++++-------- 1 file changed, 61 insertions(+), 54 deletions(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js index e9bc8e8ca4..c3343731fd 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js @@ -486,67 +486,74 @@ var module = {}; */ module.ssoAcs = function (request, response) { var samlResponse = request.getParameter("SAMLResponse"); - if (!samlResponse) { - var msg = "SAML response is not found in request parameters."; - log.error(msg); - response.sendError(400, msg); - return; - } + var samlRequest = request.getParameter('SAMLRequest'); var ssoClient = require("sso").client; var samlResponseObj; - try { - samlResponseObj = ssoClient.getSamlObject(samlResponse); - } catch (e) { - log.error(e.message, e); - response.sendError(500, e.message); - return; - } - if (ssoClient.isLogoutResponse(samlResponseObj)) { - // This is a logout response. - module.logout(response); - } else { - // This is a login response. - var ssoConfigs = getSsoConfigurations(); - var rsEnabled = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_RESPONSE_SIGNING_ENABLED]; - if (utils.parseBoolean(rsEnabled)) { - var CarbonUtils = Packages.org.wso2.carbon.utils.CarbonUtils; - var keyStorePassword = CarbonUtils.getServerConfiguration().getFirstProperty("Security.TrustStore.Password"); - var keyStoreName = CarbonUtils.getServerConfiguration().getFirstProperty("Security.TrustStore.Location"); - var identityAlias = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_IDENTITY_ALIAS]; - var keyStoreParams = { - KEY_STORE_NAME: keyStoreName, - KEY_STORE_PASSWORD: keyStorePassword, - IDP_ALIAS: identityAlias, - USE_ST_KEY: !ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_USE_ST_KEY] - }; - if (!ssoClient.validateSignature(samlResponseObj, keyStoreParams)) { - var msg = "Invalid signature found in the SAML response."; + + if (samlResponse) { + try { + samlResponseObj = ssoClient.getSamlObject(samlResponse); + } catch (e) { + log.error(e.message, e); + response.sendError(500, e.message); + return; + } + if (ssoClient.isLogoutResponse(samlResponseObj)) { + // This is a logout response. + module.logout(response); + } else { + // This is a login response. + var ssoConfigs = getSsoConfigurations(); + var rsEnabled = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_RESPONSE_SIGNING_ENABLED]; + if (utils.parseBoolean(rsEnabled)) { + var CarbonUtils = Packages.org.wso2.carbon.utils.CarbonUtils; + var keyStorePassword = CarbonUtils.getServerConfiguration().getFirstProperty("Security.TrustStore.Password"); + var keyStoreName = CarbonUtils.getServerConfiguration().getFirstProperty("Security.TrustStore.Location"); + var identityAlias = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_IDENTITY_ALIAS]; + var keyStoreParams = { + KEY_STORE_NAME: keyStoreName, + KEY_STORE_PASSWORD: keyStorePassword, + IDP_ALIAS: identityAlias, + USE_ST_KEY: !ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_USE_ST_KEY] + }; + if (!ssoClient.validateSignature(samlResponseObj, keyStoreParams)) { + var msg = "Invalid signature found in the SAML response."; + log.error(msg); + response.sendError(500, msg); + return; + } + } + /** + * @type {{sessionId: string, loggedInUser: string, sessionIndex: string, samlToken: + * string}} + */ + var ssoSession = ssoClient.decodeSAMLLoginResponse(samlResponseObj, samlResponse, + session.getId()); + if (ssoSession.sessionId) { + var ssoSessions = getSsoSessions(); + ssoSessions[ssoSession.sessionId] = ssoSession; + if (ssoSessions.sessionIndex != null || ssoSessions.sessionIndex != 'undefined') { + module.loadTenant(ssoSessions.loggedInUser); + var carbonUser = (require("carbon")).server.tenantUser(ssoSession.loggedInUser); + utils.setCurrentUser(carbonUser.username, carbonUser.domain, carbonUser.tenantId); + var scriptArgument = {input: {samlToken: ssoSession.samlToken}, user: module.getCurrentUser()}; + handleEvent(OPERATION_LOGIN, EVENT_SUCCESS, scriptArgument); + } + } else { + var msg = "Cannot decode SAML login response."; log.error(msg); response.sendError(500, msg); - return; } } - /** - * @type {{sessionId: string, loggedInUser: string, sessionIndex: string, samlToken: - * string}} - */ - var ssoSession = ssoClient.decodeSAMLLoginResponse(samlResponseObj, samlResponse, - session.getId()); - if (ssoSession.sessionId) { - var ssoSessions = getSsoSessions(); - ssoSessions[ssoSession.sessionId] = ssoSession; - if (ssoSessions.sessionIndex != null || ssoSessions.sessionIndex != 'undefined') { - module.loadTenant(ssoSessions.loggedInUser); - var carbonUser = (require("carbon")).server.tenantUser(ssoSession.loggedInUser); - utils.setCurrentUser(carbonUser.username, carbonUser.domain, carbonUser.tenantId); - var scriptArgument = {input: {samlToken: ssoSession.samlToken}, user: module.getCurrentUser()}; - handleEvent(OPERATION_LOGIN, EVENT_SUCCESS, scriptArgument); - } - } else { - var msg = "Cannot decode SAML login response."; - log.error(msg); - response.sendError(500, msg); + } + if (samlRequest) { + var index = ssoClient.decodeSAMLLogoutRequest(ssoClient.getSamlObject(samlRequest)); + if (log.isDebugEnabled()) { + log.debug("Back end log out request received for the session Id : " + index); } + var jSessionId = getSsoSessions()[index]; + delete getSsoSessions()[index]; + session.invalidate(); } }; From a0586ca9771a941ef7aa592588528511a17b6c0c Mon Sep 17 00:00:00 2001 From: Megala Date: Mon, 3 Oct 2016 11:34:00 +0530 Subject: [PATCH 4/6] Adding comment --- .../jaggeryapps/uuf-template-app/lib/modules/auth/auth.js | 1 + 1 file changed, 1 insertion(+) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js index c3343731fd..34d3387284 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js @@ -546,6 +546,7 @@ var module = {}; } } } + // If it is a logout request if (samlRequest) { var index = ssoClient.decodeSAMLLogoutRequest(ssoClient.getSamlObject(samlRequest)); if (log.isDebugEnabled()) { From e8eb0123c7b44cad0f686d9ca772dceb1c6e910f Mon Sep 17 00:00:00 2001 From: Megala Date: Mon, 3 Oct 2016 14:18:43 +0530 Subject: [PATCH 5/6] Fixing the tenant loading problem when sso is enabled --- .../resources/jaggeryapps/devicemgt/app/modules/login.js | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js index d36e7af0ab..612d0d41dd 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js @@ -35,6 +35,11 @@ var onFail; if (!context.input.samlToken) { (new carbonServer.Server({url: devicemgtProps["adminService"]})) .login(context.input.username, context.input.password); + } else { + var PrivilegedCarbonContext = Packages.org.wso2.carbon.context.PrivilegedCarbonContext; + PrivilegedCarbonContext.startTenantFlow(); + var cxt = PrivilegedCarbonContext.getThreadLocalCarbonContext(); + cxt.setTenantDomain(context.user.domain, true); } }; From 359bd8f3177b652e0960ee7d24746c087445f92c Mon Sep 17 00:00:00 2001 From: Megala Date: Mon, 3 Oct 2016 15:15:27 +0530 Subject: [PATCH 6/6] Fixing tenant loading problem --- .../resources/jaggeryapps/devicemgt/app/modules/login.js | 5 ----- .../jaggeryapps/uuf-template-app/lib/modules/auth/auth.js | 6 +++--- 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js index 612d0d41dd..d36e7af0ab 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js @@ -35,11 +35,6 @@ var onFail; if (!context.input.samlToken) { (new carbonServer.Server({url: devicemgtProps["adminService"]})) .login(context.input.username, context.input.password); - } else { - var PrivilegedCarbonContext = Packages.org.wso2.carbon.context.PrivilegedCarbonContext; - PrivilegedCarbonContext.startTenantFlow(); - var cxt = PrivilegedCarbonContext.getThreadLocalCarbonContext(); - cxt.setTenantDomain(context.user.domain, true); } }; diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js index 34d3387284..07cd7dee72 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js @@ -525,15 +525,15 @@ var module = {}; } /** * @type {{sessionId: string, loggedInUser: string, sessionIndex: string, samlToken: - * string}} + * string}} */ var ssoSession = ssoClient.decodeSAMLLoginResponse(samlResponseObj, samlResponse, session.getId()); if (ssoSession.sessionId) { var ssoSessions = getSsoSessions(); ssoSessions[ssoSession.sessionId] = ssoSession; - if (ssoSessions.sessionIndex != null || ssoSessions.sessionIndex != 'undefined') { - module.loadTenant(ssoSessions.loggedInUser); + if (ssoSession.sessionIndex != null || ssoSession.sessionIndex != 'undefined') { + module.loadTenant(ssoSession.loggedInUser); var carbonUser = (require("carbon")).server.tenantUser(ssoSession.loggedInUser); utils.setCurrentUser(carbonUser.username, carbonUser.domain, carbonUser.tenantId); var scriptArgument = {input: {samlToken: ssoSession.samlToken}, user: module.getCurrentUser()};