Merge pull request #367 from Megala21/master

[EMM-1129]Fixing SSO problem
revert-70aa11f8
Harshan Liyanage 8 years ago committed by GitHub
commit 13d9bdfb53

@ -26,14 +26,16 @@ var onFail;
var utility = require("/app/modules/utility.js").utility; var utility = require("/app/modules/utility.js").utility;
var apiWrapperUtil = require("/app/modules/oauth/token-handlers.js")["handlers"]; var apiWrapperUtil = require("/app/modules/oauth/token-handlers.js")["handlers"];
if (context.input.samlToken) { if (context.input.samlToken) {
apiWrapperUtil.setupTokenPairBySamlGrantType(context.input.username, context.input.samlToken); apiWrapperUtil.setupTokenPairBySamlGrantType(context.user.username + '@' + context.user.domain, context.input.samlToken);
} else { } else {
apiWrapperUtil.setupTokenPairByPasswordGrantType(context.input.username, context.input.password); apiWrapperUtil.setupTokenPairByPasswordGrantType(context.input.username, context.input.password);
} }
var devicemgtProps = require("/app/modules/conf-reader/main.js")["conf"]; var devicemgtProps = require("/app/modules/conf-reader/main.js")["conf"];
var carbonServer = require("carbon").server; var carbonServer = require("carbon").server;
(new carbonServer.Server({url: devicemgtProps["adminService"]})) if (!context.input.samlToken) {
.login(context.input.username, context.input.password); (new carbonServer.Server({url: devicemgtProps["adminService"]}))
.login(context.input.username, context.input.password);
}
}; };
onFail = function (error) { onFail = function (error) {

@ -105,7 +105,7 @@ var constants = {
CACHE_KEY_APP_CONF_FILE_LMD: "_UUF_APP_CONF_FILE_LMD", CACHE_KEY_APP_CONF_FILE_LMD: "_UUF_APP_CONF_FILE_LMD",
CACHE_KEY_LOOKUP_TABLE: "_UUF_LOOKUP_TABLE", CACHE_KEY_LOOKUP_TABLE: "_UUF_LOOKUP_TABLE",
CACHE_KEY_USER: "_UUF_USER", CACHE_KEY_USER: "_UUF_USER",
CACHE_KEY_SSO_SESSIONS: "_UUF_SSO_SESSIONS", CACHE_KEY_SSO_SESSIONS: "sso_sessions",
CACHE_KEY_HANDLEBARS_ROOT: "_UUF_HANDLEBARS_ROOT", CACHE_KEY_HANDLEBARS_ROOT: "_UUF_HANDLEBARS_ROOT",
// URL Query Params // URL Query Params
URL_PARAM_REFERER: "referer" URL_PARAM_REFERER: "referer"

@ -364,10 +364,10 @@ var module = {};
* samlToken: string}>} SSO sessions * samlToken: string}>} SSO sessions
*/ */
function getSsoSessions() { function getSsoSessions() {
var ssoSessions = session.get(constants.CACHE_KEY_SSO_SESSIONS); var ssoSessions = application.get(constants.CACHE_KEY_SSO_SESSIONS);
if (!ssoSessions) { if (!ssoSessions) {
ssoSessions = {}; ssoSessions = {};
session.put(constants.CACHE_KEY_SSO_SESSIONS, ssoSessions); application.put(constants.CACHE_KEY_SSO_SESSIONS, ssoSessions);
} }
return ssoSessions; return ssoSessions;
} }
@ -486,67 +486,75 @@ var module = {};
*/ */
module.ssoAcs = function (request, response) { module.ssoAcs = function (request, response) {
var samlResponse = request.getParameter("SAMLResponse"); var samlResponse = request.getParameter("SAMLResponse");
if (!samlResponse) { var samlRequest = request.getParameter('SAMLRequest');
var msg = "SAML response is not found in request parameters.";
log.error(msg);
response.sendError(400, msg);
return;
}
var ssoClient = require("sso").client; var ssoClient = require("sso").client;
var samlResponseObj; var samlResponseObj;
try {
samlResponseObj = ssoClient.getSamlObject(samlResponse); if (samlResponse) {
} catch (e) { try {
log.error(e.message, e); samlResponseObj = ssoClient.getSamlObject(samlResponse);
response.sendError(500, e.message); } catch (e) {
return; log.error(e.message, e);
} response.sendError(500, e.message);
if (ssoClient.isLogoutResponse(samlResponseObj)) { return;
// This is a logout response. }
module.logout(response); if (ssoClient.isLogoutResponse(samlResponseObj)) {
} else { // This is a logout response.
// This is a login response. module.logout(response);
var ssoConfigs = getSsoConfigurations(); } else {
var rsEnabled = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_RESPONSE_SIGNING_ENABLED]; // This is a login response.
if (utils.parseBoolean(rsEnabled)) { var ssoConfigs = getSsoConfigurations();
var CarbonUtils = Packages.org.wso2.carbon.utils.CarbonUtils; var rsEnabled = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_RESPONSE_SIGNING_ENABLED];
var keyStorePassword = CarbonUtils.getServerConfiguration().getFirstProperty("Security.TrustStore.Password"); if (utils.parseBoolean(rsEnabled)) {
var keyStoreName = CarbonUtils.getServerConfiguration().getFirstProperty("Security.TrustStore.Location"); var CarbonUtils = Packages.org.wso2.carbon.utils.CarbonUtils;
var identityAlias = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_IDENTITY_ALIAS]; var keyStorePassword = CarbonUtils.getServerConfiguration().getFirstProperty("Security.TrustStore.Password");
var keyStoreParams = { var keyStoreName = CarbonUtils.getServerConfiguration().getFirstProperty("Security.TrustStore.Location");
KEY_STORE_NAME: keyStoreName, var identityAlias = ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_IDENTITY_ALIAS];
KEY_STORE_PASSWORD: keyStorePassword, var keyStoreParams = {
IDP_ALIAS: identityAlias, KEY_STORE_NAME: keyStoreName,
USE_ST_KEY: !ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_USE_ST_KEY] KEY_STORE_PASSWORD: keyStorePassword,
}; IDP_ALIAS: identityAlias,
if (!ssoClient.validateSignature(samlResponseObj, keyStoreParams)) { USE_ST_KEY: !ssoConfigs[constants.APP_CONF_AUTH_MODULE_SSO_USE_ST_KEY]
var msg = "Invalid signature found in the SAML response."; };
if (!ssoClient.validateSignature(samlResponseObj, keyStoreParams)) {
var msg = "Invalid signature found in the SAML response.";
log.error(msg);
response.sendError(500, msg);
return;
}
}
/**
* @type {{sessionId: string, loggedInUser: string, sessionIndex: string, samlToken:
* string}}
*/
var ssoSession = ssoClient.decodeSAMLLoginResponse(samlResponseObj, samlResponse,
session.getId());
if (ssoSession.sessionId) {
var ssoSessions = getSsoSessions();
ssoSessions[ssoSession.sessionId] = ssoSession;
if (ssoSession.sessionIndex != null || ssoSession.sessionIndex != 'undefined') {
module.loadTenant(ssoSession.loggedInUser);
var carbonUser = (require("carbon")).server.tenantUser(ssoSession.loggedInUser);
utils.setCurrentUser(carbonUser.username, carbonUser.domain, carbonUser.tenantId);
var scriptArgument = {input: {samlToken: ssoSession.samlToken}, user: module.getCurrentUser()};
handleEvent(OPERATION_LOGIN, EVENT_SUCCESS, scriptArgument);
}
} else {
var msg = "Cannot decode SAML login response.";
log.error(msg); log.error(msg);
response.sendError(500, msg); response.sendError(500, msg);
return;
} }
} }
/** }
* @type {{sessionId: string, loggedInUser: string, sessionIndex: string, samlToken: // If it is a logout request
* string}} if (samlRequest) {
*/ var index = ssoClient.decodeSAMLLogoutRequest(ssoClient.getSamlObject(samlRequest));
var ssoSession = ssoClient.decodeSAMLLoginResponse(samlResponseObj, samlResponse, if (log.isDebugEnabled()) {
session.getId()); log.debug("Back end log out request received for the session Id : " + index);
if (ssoSession.sessionId) {
var ssoSessions = getSsoSessions();
ssoSessions[ssoSession.sessionId] = ssoSession;
if (ssoSessions.sessionIndex != null || ssoSessions.sessionIndex != 'undefined') {
module.loadTenant(ssoSessions.loggedInUser);
var carbonUser = (require("carbon")).server.tenantUser(ssoSession.loggedInUser);
utils.setCurrentUser(carbonUser.username, carbonUser.domain, carbonUser.tenantId);
var scriptArgument = {input: {samlToken: ssoSession.samlToken}, user: module.getCurrentUser()};
handleEvent(OPERATION_LOGIN, EVENT_SUCCESS, scriptArgument);
}
} else {
var msg = "Cannot decode SAML login response.";
log.error(msg);
response.sendError(500, msg);
} }
var jSessionId = getSsoSessions()[index];
delete getSsoSessions()[index];
session.invalidate();
} }
}; };

Loading…
Cancel
Save