Updated Branches: refs/heads/master b2fccb20a -> 23e8bb2e8
sso login/logout sevlets and config file Project: http://git-wip-us.apache.org/repos/asf/incubator-stratos/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-stratos/commit/23e8bb2e Tree: http://git-wip-us.apache.org/repos/asf/incubator-stratos/tree/23e8bb2e Diff: http://git-wip-us.apache.org/repos/asf/incubator-stratos/diff/23e8bb2e Branch: refs/heads/master Commit: 23e8bb2e83caa711f44ced0bfac7767a4102028f Parents: b2fccb2 Author: Pradeep Fernando <[email protected]> Authored: Thu Jan 2 12:31:46 2014 +0530 Committer: Pradeep Fernando <[email protected]> Committed: Thu Jan 2 12:31:46 2014 +0530 ---------------------------------------------------------------------- .../config/console.js | 0 .../config/console.json | 22 ++++++ .../controllers/acs.jag | 81 ++++++++++++++++++++ .../controllers/login.jag | 37 +++++++++ .../controllers/logout.jag | 41 ++++++++++ 5 files changed, 181 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-stratos/blob/23e8bb2e/components/org.apache.stratos.manager.console/config/console.js ---------------------------------------------------------------------- diff --git a/components/org.apache.stratos.manager.console/config/console.js b/components/org.apache.stratos.manager.console/config/console.js new file mode 100644 index 0000000..e69de29 http://git-wip-us.apache.org/repos/asf/incubator-stratos/blob/23e8bb2e/components/org.apache.stratos.manager.console/config/console.json ---------------------------------------------------------------------- diff --git a/components/org.apache.stratos.manager.console/config/console.json b/components/org.apache.stratos.manager.console/config/console.json new file mode 100644 index 0000000..271ddcc --- /dev/null +++ b/components/org.apache.stratos.manager.console/config/console.json @@ -0,0 +1,22 @@ +{ + "backendServerConfiguration":{ + "url":"https://localhost:9443"; + }, + + "oauthConfiguration":{ + "clientId":"", + "clientSecret":"", + "tokenGrantEndpoint":"" + }, + + "ssoConfiguration": { + "enabled": true, + "issuer": "console", + "identityProviderURL": "https://localhost:9446/sso/samlsso.jag";, + "keyStorePassword": "wso2carbon", + "identityAlias": "wso2carbon", + "responseSigningEnabled": "true", + "storeAcs" : "https://localhost:9443/console/controllers/acs";, + "keyStoreName": "/repository/resources/security/wso2carbon.jks" + } +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-stratos/blob/23e8bb2e/components/org.apache.stratos.manager.console/controllers/acs.jag ---------------------------------------------------------------------- diff --git a/components/org.apache.stratos.manager.console/controllers/acs.jag b/components/org.apache.stratos.manager.console/controllers/acs.jag new file mode 100644 index 0000000..ea3b1bc --- /dev/null +++ b/components/org.apache.stratos.manager.console/controllers/acs.jag @@ -0,0 +1,81 @@ +<% +(function () { + var log = new Log(), + configs = require('/config/publisher.js').config(), + samlResponse = request.getParameter('SAMLResponse'), + sessionId = session.getId(), + samlRequest = request.getParameter('SAMLRequest'), + relayState = request.getParameter('RelayState'), + sso = require('sso'), + samlRespObj, + keyStoreProps = { + KEY_STORE_NAME: process.getProperty('carbon.home') + configs.ssoConfiguration.keyStoreName, + KEY_STORE_PASSWORD: configs.ssoConfiguration.keyStorePassword, + IDP_ALIAS: configs.ssoConfiguration.identityAlias + }, + sso_sessions = application.get('sso_sessions'); + + if (!sso_sessions) { + application.put('sso_sessions', {}); + sso_sessions = application.get('sso_sessions'); + } + + if (samlResponse != null) { + samlRespObj = sso.client.getSamlObject(samlResponse); + if (!sso.client.isLogoutResponse(samlRespObj)) { + + // validating the signature + if (configs.ssoConfiguration.responseSigningEnabled) { + + if (sso.client.validateSignature(samlRespObj, keyStoreProps)) { + var sessionObj = sso.client.decodeSAMLLoginResponse(samlRespObj, samlResponse, sessionId); + + if (sessionObj.sessionIndex != null || sessionObj.sessionIndex != 'undefined') { + session.put("LOGGED_IN_USER", sessionObj.loggedInUser); + session.put("Loged", "true"); + + //sso_sessions[sessionObj.sessionIndex] = sessionObj.sessionId; + + log.debug("session index :: " + sessionObj.sessionIndex); + log.debug("session :: " + sessionObj.sessionId); + + log.debug("real session :: " + session.getId()); + + + //sso_sessions[sso_sessions[sessionObj.sessionIndex] = sessionObj.sessionId] = sessionObj.sessionIndex; + + sso_sessions[sessionObj.sessionId] = sessionObj.sessionIndex; + + var user = require('store').user; + + if (user.loginWithSAML(sessionObj.loggedInUser)) { + log.debug('user is set :::' + sessionObj.loggedInUser); + response.sendRedirect('/publisher'); + } + + } + } + } + + } else { + session.invalidate(); + response.sendRedirect('/publisher'); + } + } + + // if saml request is a log out request, then invalidate session. + if (samlRequest != null) { + var index = sso.client.decodeSAMLLogoutRequest(sso.client.getSamlObject(samlRequest)); + log.debug('BACKEND LOGOUT RECIEVED FROM STORE THE INDEX IS ######' + index); + + var jSessionId = application.get('sso_sessions')[index]; + + delete application.get('sso_sessions')[index]; + + + log.debug('portal Session Id :::' + jSessionId); + + session.invalidate(); + } +}()); +%> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-stratos/blob/23e8bb2e/components/org.apache.stratos.manager.console/controllers/login.jag ---------------------------------------------------------------------- diff --git a/components/org.apache.stratos.manager.console/controllers/login.jag b/components/org.apache.stratos.manager.console/controllers/login.jag new file mode 100644 index 0000000..4c700c0 --- /dev/null +++ b/components/org.apache.stratos.manager.console/controllers/login.jag @@ -0,0 +1,37 @@ +<% +(function(){ + var dataConfig = require('/config/console.js').config(), + sso = require("sso"), + process = require("process"), + sessionId = session.getId(), + requestURI, + requestedPage = request.getParameter("requestedPage"), + relayState = '/publisher', + encodedSAMLAuthRequest = sso.client.getEncodedSAMLAuthRequest(dataConfig.ssoConfiguration.issuer), + log = new Log(), + postUrl = "https://"; + process.getProperty('carbon.local.ip') + ":" + process.getProperty('https.port'); + + + if (!session.get("Loged")) { + %> + + <div> + + <p>You are now being redirected to Identity Server. If the + redirection fails, please click on the button below.</p> + <form method="post" action="<%=postUrl%>/admin/samlsso"> + <p> + <input type="hidden" name="SAMLRequest" value="<%= encodedSAMLAuthRequest %>"/> + <input type="hidden" name="RelayState" value="<%= relayState %>"/> + <input type="hidden" name="SSOAuthSessionID" value="<%= sessionId %>"/> + <button type="submit">Redirect manually</button> + </p> + </form> + </div> + <script type = "text/javascript" > + document.forms[0].submit(); + </script> + <% + } +}()); +%> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-stratos/blob/23e8bb2e/components/org.apache.stratos.manager.console/controllers/logout.jag ---------------------------------------------------------------------- diff --git a/components/org.apache.stratos.manager.console/controllers/logout.jag b/components/org.apache.stratos.manager.console/controllers/logout.jag new file mode 100644 index 0000000..461f1b3 --- /dev/null +++ b/components/org.apache.stratos.manager.console/controllers/logout.jag @@ -0,0 +1,41 @@ +<% +(function(){ + var user = require('store').server.current(session).username;//session.get("LOGGED_IN_USER"); + if(user === null) { + response.sendRedirect('/portal'); + } else { + var config = require('/config/publisher.js').config(), + sso = require('sso'), + sso_sessions = application.get('sso_sessions'), + sessionId = session.getId(), + encodedSAMLLogoutRequest = sso.client.getEncodedSAMLLogoutRequest(user, sso_sessions[session.getId()], config.ssoConfiguration.issuer), + relayState = '/publisher', + postUrl = "https://"; + process.getProperty('carbon.local.ip') + ":" + process.getProperty('https.port'); + + var log = new Log(); + + log.debug("portal session index : " + sso_sessions[session.getId()]); + + %> + <div> + <p>You are now redirected to Stratos Identity. If the + redirection fails, please click the post button.</p> + + <form id="logoutForm" method="post" action="<%=postUrl%>/admin/samlsso"> + <p> + <input type="hidden" name="SAMLRequest" + value="<%= encodedSAMLLogoutRequest %>"/> + <input type="hidden" name="RelayState" value="<%= relayState %>"/> + <input type="hidden" name="SSOAuthSessionID" value="<%= sessionId %>"/> + <button type="submit">POST</button> + </p> + </form> + </div> + <script type = "text/javascript" > + document.forms[0].submit(); + </script> + + <% + } +}()); +%> \ No newline at end of file
