You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@stratos.apache.org by pr...@apache.org on 2014/01/02 08:02:09 UTC
git commit: sso login/logout sevlets and config file
Updated Branches:
refs/heads/master b2fccb20a -> 23e8bb2e8
sso login/logout sevlets and config file
Project: http://git-wip-us.apache.org/repos/asf/incubator-stratos/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-stratos/commit/23e8bb2e
Tree: http://git-wip-us.apache.org/repos/asf/incubator-stratos/tree/23e8bb2e
Diff: http://git-wip-us.apache.org/repos/asf/incubator-stratos/diff/23e8bb2e
Branch: refs/heads/master
Commit: 23e8bb2e83caa711f44ced0bfac7767a4102028f
Parents: b2fccb2
Author: Pradeep Fernando <pr...@gmail.com>
Authored: Thu Jan 2 12:31:46 2014 +0530
Committer: Pradeep Fernando <pr...@gmail.com>
Committed: Thu Jan 2 12:31:46 2014 +0530
----------------------------------------------------------------------
.../config/console.js | 0
.../config/console.json | 22 ++++++
.../controllers/acs.jag | 81 ++++++++++++++++++++
.../controllers/login.jag | 37 +++++++++
.../controllers/logout.jag | 41 ++++++++++
5 files changed, 181 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-stratos/blob/23e8bb2e/components/org.apache.stratos.manager.console/config/console.js
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.manager.console/config/console.js b/components/org.apache.stratos.manager.console/config/console.js
new file mode 100644
index 0000000..e69de29
http://git-wip-us.apache.org/repos/asf/incubator-stratos/blob/23e8bb2e/components/org.apache.stratos.manager.console/config/console.json
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.manager.console/config/console.json b/components/org.apache.stratos.manager.console/config/console.json
new file mode 100644
index 0000000..271ddcc
--- /dev/null
+++ b/components/org.apache.stratos.manager.console/config/console.json
@@ -0,0 +1,22 @@
+{
+ "backendServerConfiguration":{
+ "url":"https://localhost:9443"
+ },
+
+ "oauthConfiguration":{
+ "clientId":"",
+ "clientSecret":"",
+ "tokenGrantEndpoint":""
+ },
+
+ "ssoConfiguration": {
+ "enabled": true,
+ "issuer": "console",
+ "identityProviderURL": "https://localhost:9446/sso/samlsso.jag",
+ "keyStorePassword": "wso2carbon",
+ "identityAlias": "wso2carbon",
+ "responseSigningEnabled": "true",
+ "storeAcs" : "https://localhost:9443/console/controllers/acs",
+ "keyStoreName": "/repository/resources/security/wso2carbon.jks"
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-stratos/blob/23e8bb2e/components/org.apache.stratos.manager.console/controllers/acs.jag
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.manager.console/controllers/acs.jag b/components/org.apache.stratos.manager.console/controllers/acs.jag
new file mode 100644
index 0000000..ea3b1bc
--- /dev/null
+++ b/components/org.apache.stratos.manager.console/controllers/acs.jag
@@ -0,0 +1,81 @@
+<%
+(function () {
+ var log = new Log(),
+ configs = require('/config/publisher.js').config(),
+ samlResponse = request.getParameter('SAMLResponse'),
+ sessionId = session.getId(),
+ samlRequest = request.getParameter('SAMLRequest'),
+ relayState = request.getParameter('RelayState'),
+ sso = require('sso'),
+ samlRespObj,
+ keyStoreProps = {
+ KEY_STORE_NAME: process.getProperty('carbon.home') + configs.ssoConfiguration.keyStoreName,
+ KEY_STORE_PASSWORD: configs.ssoConfiguration.keyStorePassword,
+ IDP_ALIAS: configs.ssoConfiguration.identityAlias
+ },
+ sso_sessions = application.get('sso_sessions');
+
+ if (!sso_sessions) {
+ application.put('sso_sessions', {});
+ sso_sessions = application.get('sso_sessions');
+ }
+
+ if (samlResponse != null) {
+ samlRespObj = sso.client.getSamlObject(samlResponse);
+ if (!sso.client.isLogoutResponse(samlRespObj)) {
+
+ // validating the signature
+ if (configs.ssoConfiguration.responseSigningEnabled) {
+
+ if (sso.client.validateSignature(samlRespObj, keyStoreProps)) {
+ var sessionObj = sso.client.decodeSAMLLoginResponse(samlRespObj, samlResponse, sessionId);
+
+ if (sessionObj.sessionIndex != null || sessionObj.sessionIndex != 'undefined') {
+ session.put("LOGGED_IN_USER", sessionObj.loggedInUser);
+ session.put("Loged", "true");
+
+ //sso_sessions[sessionObj.sessionIndex] = sessionObj.sessionId;
+
+ log.debug("session index :: " + sessionObj.sessionIndex);
+ log.debug("session :: " + sessionObj.sessionId);
+
+ log.debug("real session :: " + session.getId());
+
+
+ //sso_sessions[sso_sessions[sessionObj.sessionIndex] = sessionObj.sessionId] = sessionObj.sessionIndex;
+
+ sso_sessions[sessionObj.sessionId] = sessionObj.sessionIndex;
+
+ var user = require('store').user;
+
+ if (user.loginWithSAML(sessionObj.loggedInUser)) {
+ log.debug('user is set :::' + sessionObj.loggedInUser);
+ response.sendRedirect('/publisher');
+ }
+
+ }
+ }
+ }
+
+ } else {
+ session.invalidate();
+ response.sendRedirect('/publisher');
+ }
+ }
+
+ // if saml request is a log out request, then invalidate session.
+ if (samlRequest != null) {
+ var index = sso.client.decodeSAMLLogoutRequest(sso.client.getSamlObject(samlRequest));
+ log.debug('BACKEND LOGOUT RECIEVED FROM STORE THE INDEX IS ######' + index);
+
+ var jSessionId = application.get('sso_sessions')[index];
+
+ delete application.get('sso_sessions')[index];
+
+
+ log.debug('portal Session Id :::' + jSessionId);
+
+ session.invalidate();
+ }
+}());
+%>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-stratos/blob/23e8bb2e/components/org.apache.stratos.manager.console/controllers/login.jag
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.manager.console/controllers/login.jag b/components/org.apache.stratos.manager.console/controllers/login.jag
new file mode 100644
index 0000000..4c700c0
--- /dev/null
+++ b/components/org.apache.stratos.manager.console/controllers/login.jag
@@ -0,0 +1,37 @@
+<%
+(function(){
+ var dataConfig = require('/config/console.js').config(),
+ sso = require("sso"),
+ process = require("process"),
+ sessionId = session.getId(),
+ requestURI,
+ requestedPage = request.getParameter("requestedPage"),
+ relayState = '/publisher',
+ encodedSAMLAuthRequest = sso.client.getEncodedSAMLAuthRequest(dataConfig.ssoConfiguration.issuer),
+ log = new Log(),
+ postUrl = "https://" + process.getProperty('carbon.local.ip') + ":" + process.getProperty('https.port');
+
+
+ if (!session.get("Loged")) {
+ %>
+
+ <div>
+
+ <p>You are now being redirected to Identity Server. If the
+ redirection fails, please click on the button below.</p>
+ <form method="post" action="<%=postUrl%>/admin/samlsso">
+ <p>
+ <input type="hidden" name="SAMLRequest" value="<%= encodedSAMLAuthRequest %>"/>
+ <input type="hidden" name="RelayState" value="<%= relayState %>"/>
+ <input type="hidden" name="SSOAuthSessionID" value="<%= sessionId %>"/>
+ <button type="submit">Redirect manually</button>
+ </p>
+ </form>
+ </div>
+ <script type = "text/javascript" >
+ document.forms[0].submit();
+ </script>
+ <%
+ }
+}());
+%>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-stratos/blob/23e8bb2e/components/org.apache.stratos.manager.console/controllers/logout.jag
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.manager.console/controllers/logout.jag b/components/org.apache.stratos.manager.console/controllers/logout.jag
new file mode 100644
index 0000000..461f1b3
--- /dev/null
+++ b/components/org.apache.stratos.manager.console/controllers/logout.jag
@@ -0,0 +1,41 @@
+<%
+(function(){
+ var user = require('store').server.current(session).username;//session.get("LOGGED_IN_USER");
+ if(user === null) {
+ response.sendRedirect('/portal');
+ } else {
+ var config = require('/config/publisher.js').config(),
+ sso = require('sso'),
+ sso_sessions = application.get('sso_sessions'),
+ sessionId = session.getId(),
+ encodedSAMLLogoutRequest = sso.client.getEncodedSAMLLogoutRequest(user, sso_sessions[session.getId()], config.ssoConfiguration.issuer),
+ relayState = '/publisher',
+ postUrl = "https://" + process.getProperty('carbon.local.ip') + ":" + process.getProperty('https.port');
+
+ var log = new Log();
+
+ log.debug("portal session index : " + sso_sessions[session.getId()]);
+
+ %>
+ <div>
+ <p>You are now redirected to Stratos Identity. If the
+ redirection fails, please click the post button.</p>
+
+ <form id="logoutForm" method="post" action="<%=postUrl%>/admin/samlsso">
+ <p>
+ <input type="hidden" name="SAMLRequest"
+ value="<%= encodedSAMLLogoutRequest %>"/>
+ <input type="hidden" name="RelayState" value="<%= relayState %>"/>
+ <input type="hidden" name="SSOAuthSessionID" value="<%= sessionId %>"/>
+ <button type="submit">POST</button>
+ </p>
+ </form>
+ </div>
+ <script type = "text/javascript" >
+ document.forms[0].submit();
+ </script>
+
+ <%
+ }
+}());
+%>
\ No newline at end of file