From 4af2a37d9d0757114e64a1ecc20b229876a1d96e Mon Sep 17 00:00:00 2001
From: Megala <ktumegala@yahoo.com>
Date: Sat, 1 Oct 2016 22:00:59 +0530
Subject: [PATCH 1/6] Fixing SSO problem

---
 .../main/resources/jaggeryapps/devicemgt/app/modules/login.js | 2 +-
 .../jaggeryapps/uuf-template-app/lib/modules/auth/auth.js     | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js
index 87f840d3ce..001188f0e6 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js
@@ -26,7 +26,7 @@ var onFail;
         var utility = require("/app/modules/utility.js").utility;
         var apiWrapperUtil = require("/app/modules/oauth/token-handlers.js")["handlers"];
         if (context.input.samlToken) {
-            apiWrapperUtil.setupTokenPairBySamlGrantType(context.input.username, context.input.samlToken);
+            apiWrapperUtil.setupTokenPairBySamlGrantType(context.user.username, context.input.samlToken);
         } else {
             apiWrapperUtil.setupTokenPairByPasswordGrantType(context.input.username, context.input.password);
         }
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js
index fff0a77e50..9f009cb6cf 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js
@@ -364,10 +364,10 @@ var module = {};
      *     samlToken: string}>} SSO sessions
      */
     function getSsoSessions() {
-        var ssoSessions = session.get(constants.CACHE_KEY_SSO_SESSIONS);
+        var ssoSessions = application.get('sso_sessions');
         if (!ssoSessions) {
             ssoSessions = {};
-            session.put(constants.CACHE_KEY_SSO_SESSIONS, ssoSessions);
+            application.put('sso_sessions', ssoSessions);
         }
         return ssoSessions;
     }

From b10c3235821162e56926aae0189292dbd8ebcc69 Mon Sep 17 00:00:00 2001
From: Megala <ktumegala@yahoo.com>
Date: Sun, 2 Oct 2016 21:26:13 +0530
Subject: [PATCH 2/6] Fixing the problem in login

---
 .../resources/jaggeryapps/devicemgt/app/modules/login.js  | 8 +++++---
 .../jaggeryapps/uuf-template-app/lib/constants.js         | 2 +-
 .../jaggeryapps/uuf-template-app/lib/modules/auth/auth.js | 4 ++--
 3 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js
index 001188f0e6..d36e7af0ab 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js
@@ -26,14 +26,16 @@ var onFail;
         var utility = require("/app/modules/utility.js").utility;
         var apiWrapperUtil = require("/app/modules/oauth/token-handlers.js")["handlers"];
         if (context.input.samlToken) {
-            apiWrapperUtil.setupTokenPairBySamlGrantType(context.user.username, context.input.samlToken);
+            apiWrapperUtil.setupTokenPairBySamlGrantType(context.user.username + '@' + context.user.domain, context.input.samlToken);
         } else {
             apiWrapperUtil.setupTokenPairByPasswordGrantType(context.input.username, context.input.password);
         }
         var devicemgtProps = require("/app/modules/conf-reader/main.js")["conf"];
         var carbonServer = require("carbon").server;
-        (new carbonServer.Server({url: devicemgtProps["adminService"]}))
-            .login(context.input.username, context.input.password);
+        if (!context.input.samlToken) {
+            (new carbonServer.Server({url: devicemgtProps["adminService"]}))
+                .login(context.input.username, context.input.password);
+        }
     };
 
     onFail = function (error) {
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/constants.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/constants.js
index f7806238b6..8a4e0677f1 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/constants.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/constants.js
@@ -105,7 +105,7 @@ var constants = {
     CACHE_KEY_APP_CONF_FILE_LMD: "_UUF_APP_CONF_FILE_LMD",
     CACHE_KEY_LOOKUP_TABLE: "_UUF_LOOKUP_TABLE",
     CACHE_KEY_USER: "_UUF_USER",
-    CACHE_KEY_SSO_SESSIONS: "_UUF_SSO_SESSIONS",
+    CACHE_KEY_SSO_SESSIONS: "sso_sessions",
     CACHE_KEY_HANDLEBARS_ROOT: "_UUF_HANDLEBARS_ROOT",
     // URL Query Params
     URL_PARAM_REFERER: "referer"
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js
index 9f009cb6cf..e9bc8e8ca4 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js
@@ -364,10 +364,10 @@ var module = {};
      *     samlToken: string}>} SSO sessions
      */
     function getSsoSessions() {
-        var ssoSessions = application.get('sso_sessions');
+        var ssoSessions = application.get(constants.CACHE_KEY_SSO_SESSIONS);
         if (!ssoSessions) {
             ssoSessions = {};
-            application.put('sso_sessions', ssoSessions);
+            application.put(constants.CACHE_KEY_SSO_SESSIONS, ssoSessions);
         }
         return ssoSessions;
     }

From e5870e13062b54763afda51b4fccc30ad5358a4c Mon Sep 17 00:00:00 2001
From: Megala <ktumegala@yahoo.com>
Date: Sun, 2 Oct 2016 23:15:25 +0530
Subject: [PATCH 3/6] Fixing the problem of common log out

---
 .../uuf-template-app/lib/modules/auth/auth.js | 115 ++++++++++--------
 1 file changed, 61 insertions(+), 54 deletions(-)

diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js
index e9bc8e8ca4..c3343731fd 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js
@@ -486,67 +486,74 @@ var module = {};
      */
     module.ssoAcs = function (request, response) {
         var samlResponse = request.getParameter("SAMLResponse");
-        if (!samlResponse) {
-            var msg = "SAML response is not found in request parameters.";
-            log.error(msg);
-            response.sendError(400, msg);
-            return;
-        }
+        var samlRequest = request.getParameter('SAMLRequest');
         var ssoClient = require("sso").client;
         var samlResponseObj;
-        try {
-            samlResponseObj = ssoClient.getSamlObject(samlResponse);
-        } catch (e) {
-            log.error(e.message, e);
-            response.sendError(500, e.message);
-            return;
-        }
-        if (ssoClient.isLogoutResponse(samlResponseObj)) {
-            // This is a logout response.
-            module.logout(response);
-        } else {
-            // This is a login response.
-            var ssoConfigs = getSsoConfigurations();
-            var rsEnabled = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_RESPONSE_SIGNING_ENABLED];
-            if (utils.parseBoolean(rsEnabled)) {
-                var CarbonUtils = Packages.org.wso2.carbon.utils.CarbonUtils;
-                var keyStorePassword = CarbonUtils.getServerConfiguration().getFirstProperty("Security.TrustStore.Password");
-                var keyStoreName = CarbonUtils.getServerConfiguration().getFirstProperty("Security.TrustStore.Location");
-                var identityAlias = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_IDENTITY_ALIAS];
-                var keyStoreParams = {
-                    KEY_STORE_NAME: keyStoreName,
-                    KEY_STORE_PASSWORD: keyStorePassword,
-                    IDP_ALIAS: identityAlias,
-                    USE_ST_KEY: !ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_USE_ST_KEY]
-                };
-                if (!ssoClient.validateSignature(samlResponseObj, keyStoreParams)) {
-                    var msg = "Invalid signature found in the SAML response.";
+
+        if (samlResponse) {
+            try {
+                samlResponseObj = ssoClient.getSamlObject(samlResponse);
+            } catch (e) {
+                log.error(e.message, e);
+                response.sendError(500, e.message);
+                return;
+            }
+            if (ssoClient.isLogoutResponse(samlResponseObj)) {
+                // This is a logout response.
+                module.logout(response);
+            } else {
+                // This is a login response.
+                var ssoConfigs = getSsoConfigurations();
+                var rsEnabled = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_RESPONSE_SIGNING_ENABLED];
+                if (utils.parseBoolean(rsEnabled)) {
+                    var CarbonUtils = Packages.org.wso2.carbon.utils.CarbonUtils;
+                    var keyStorePassword = CarbonUtils.getServerConfiguration().getFirstProperty("Security.TrustStore.Password");
+                    var keyStoreName = CarbonUtils.getServerConfiguration().getFirstProperty("Security.TrustStore.Location");
+                    var identityAlias = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_IDENTITY_ALIAS];
+                    var keyStoreParams = {
+                        KEY_STORE_NAME: keyStoreName,
+                        KEY_STORE_PASSWORD: keyStorePassword,
+                        IDP_ALIAS: identityAlias,
+                        USE_ST_KEY: !ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_USE_ST_KEY]
+                    };
+                    if (!ssoClient.validateSignature(samlResponseObj, keyStoreParams)) {
+                        var msg = "Invalid signature found in the SAML response.";
+                        log.error(msg);
+                        response.sendError(500, msg);
+                        return;
+                    }
+                }
+                /**
+                 * @type {{sessionId: string, loggedInUser: string, sessionIndex: string, samlToken:
+             *     string}}
+                 */
+                var ssoSession = ssoClient.decodeSAMLLoginResponse(samlResponseObj, samlResponse,
+                    session.getId());
+                if (ssoSession.sessionId) {
+                    var ssoSessions = getSsoSessions();
+                    ssoSessions[ssoSession.sessionId] = ssoSession;
+                    if (ssoSessions.sessionIndex != null || ssoSessions.sessionIndex != 'undefined') {
+                        module.loadTenant(ssoSessions.loggedInUser);
+                        var carbonUser = (require("carbon")).server.tenantUser(ssoSession.loggedInUser);
+                        utils.setCurrentUser(carbonUser.username, carbonUser.domain, carbonUser.tenantId);
+                        var scriptArgument = {input: {samlToken: ssoSession.samlToken}, user: module.getCurrentUser()};
+                        handleEvent(OPERATION_LOGIN, EVENT_SUCCESS, scriptArgument);
+                    }
+                } else {
+                    var msg = "Cannot decode SAML login response.";
                     log.error(msg);
                     response.sendError(500, msg);
-                    return;
                 }
             }
-            /**
-             * @type {{sessionId: string, loggedInUser: string, sessionIndex: string, samlToken:
-             *     string}}
-             */
-            var ssoSession = ssoClient.decodeSAMLLoginResponse(samlResponseObj, samlResponse,
-                session.getId());
-            if (ssoSession.sessionId) {
-                var ssoSessions = getSsoSessions();
-                ssoSessions[ssoSession.sessionId] = ssoSession;
-                if (ssoSessions.sessionIndex != null || ssoSessions.sessionIndex != 'undefined') {
-                    module.loadTenant(ssoSessions.loggedInUser);
-                    var carbonUser = (require("carbon")).server.tenantUser(ssoSession.loggedInUser);
-                    utils.setCurrentUser(carbonUser.username, carbonUser.domain, carbonUser.tenantId);
-                    var scriptArgument = {input: {samlToken: ssoSession.samlToken}, user: module.getCurrentUser()};
-                    handleEvent(OPERATION_LOGIN, EVENT_SUCCESS, scriptArgument);
-                }
-            } else {
-                var msg = "Cannot decode SAML login response.";
-                log.error(msg);
-                response.sendError(500, msg);
+        }
+        if (samlRequest) {
+            var index = ssoClient.decodeSAMLLogoutRequest(ssoClient.getSamlObject(samlRequest));
+            if (log.isDebugEnabled()) {
+                log.debug("Back end log out request received for the session Id : " + index);
             }
+            var jSessionId = getSsoSessions()[index];
+            delete getSsoSessions()[index];
+            session.invalidate();
         }
     };
 

From a0586ca9771a941ef7aa592588528511a17b6c0c Mon Sep 17 00:00:00 2001
From: Megala <ktumegala@yahoo.com>
Date: Mon, 3 Oct 2016 11:34:00 +0530
Subject: [PATCH 4/6] Adding comment

---
 .../jaggeryapps/uuf-template-app/lib/modules/auth/auth.js        | 1 +
 1 file changed, 1 insertion(+)

diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js
index c3343731fd..34d3387284 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js
@@ -546,6 +546,7 @@ var module = {};
                 }
             }
         }
+        // If it is a logout request
         if (samlRequest) {
             var index = ssoClient.decodeSAMLLogoutRequest(ssoClient.getSamlObject(samlRequest));
             if (log.isDebugEnabled()) {

From e8eb0123c7b44cad0f686d9ca772dceb1c6e910f Mon Sep 17 00:00:00 2001
From: Megala <ktumegala@yahoo.com>
Date: Mon, 3 Oct 2016 14:18:43 +0530
Subject: [PATCH 5/6] Fixing the tenant loading problem when sso is enabled

---
 .../resources/jaggeryapps/devicemgt/app/modules/login.js     | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js
index d36e7af0ab..612d0d41dd 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js
@@ -35,6 +35,11 @@ var onFail;
         if (!context.input.samlToken) {
             (new carbonServer.Server({url: devicemgtProps["adminService"]}))
                 .login(context.input.username, context.input.password);
+        } else {
+            var PrivilegedCarbonContext = Packages.org.wso2.carbon.context.PrivilegedCarbonContext;
+            PrivilegedCarbonContext.startTenantFlow();
+            var cxt = PrivilegedCarbonContext.getThreadLocalCarbonContext();
+            cxt.setTenantDomain(context.user.domain, true);
         }
     };
 

From 359bd8f3177b652e0960ee7d24746c087445f92c Mon Sep 17 00:00:00 2001
From: Megala <ktumegala@yahoo.com>
Date: Mon, 3 Oct 2016 15:15:27 +0530
Subject: [PATCH 6/6] Fixing tenant loading problem

---
 .../resources/jaggeryapps/devicemgt/app/modules/login.js    | 5 -----
 .../jaggeryapps/uuf-template-app/lib/modules/auth/auth.js   | 6 +++---
 2 files changed, 3 insertions(+), 8 deletions(-)

diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js
index 612d0d41dd..d36e7af0ab 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/login.js
@@ -35,11 +35,6 @@ var onFail;
         if (!context.input.samlToken) {
             (new carbonServer.Server({url: devicemgtProps["adminService"]}))
                 .login(context.input.username, context.input.password);
-        } else {
-            var PrivilegedCarbonContext = Packages.org.wso2.carbon.context.PrivilegedCarbonContext;
-            PrivilegedCarbonContext.startTenantFlow();
-            var cxt = PrivilegedCarbonContext.getThreadLocalCarbonContext();
-            cxt.setTenantDomain(context.user.domain, true);
         }
     };
 
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js
index 34d3387284..07cd7dee72 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/uuf-template-app/lib/modules/auth/auth.js
@@ -525,15 +525,15 @@ var module = {};
                 }
                 /**
                  * @type {{sessionId: string, loggedInUser: string, sessionIndex: string, samlToken:
-             *     string}}
+                 *     string}}
                  */
                 var ssoSession = ssoClient.decodeSAMLLoginResponse(samlResponseObj, samlResponse,
                     session.getId());
                 if (ssoSession.sessionId) {
                     var ssoSessions = getSsoSessions();
                     ssoSessions[ssoSession.sessionId] = ssoSession;
-                    if (ssoSessions.sessionIndex != null || ssoSessions.sessionIndex != 'undefined') {
-                        module.loadTenant(ssoSessions.loggedInUser);
+                    if (ssoSession.sessionIndex != null || ssoSession.sessionIndex != 'undefined') {
+                        module.loadTenant(ssoSession.loggedInUser);
                         var carbonUser = (require("carbon")).server.tenantUser(ssoSession.loggedInUser);
                         utils.setCurrentUser(carbonUser.username, carbonUser.domain, carbonUser.tenantId);
                         var scriptArgument = {input: {samlToken: ssoSession.samlToken}, user: module.getCurrentUser()};