Hi Biruntha, Good investigation on this matter. However we are not sure the impact of this change. Can you create a jira [1] and add the PR so that IS team can verify this in coming releases?
[1] https://wso2.org/jira/browse/IDENTITY On Mon, Aug 22, 2016 at 6:04 PM, Biruntha Gnaneswaran <birun...@wso2.com> wrote: > Hi All, > > While posting a form from Mepin Authenticator to Authentication endpoint, > [1] will be executed. So it goes to [2]. From that method, it only support > for url redirecting not support for form posting. So, I replace the logic > [3] by [4]. Now it is working fine .So, To support post request in > authentication endpoint, we need to modify sso-saml module. > > [1] - https://github.com/wso2/carbon-identity/blob/master/ > components/sso-saml/org.wso2.carbon.identity.sso.saml/src/ > main/java/org/wso2/carbon/identity/sso/saml/servlet/ > SAMLSSOProviderServlet.java#L157-#L161 > > [2] - https://github.com/wso2/carbon-identity/blob/master/ > components/sso-saml/org.wso2.carbon.identity.sso.saml/src/ > main/java/org/wso2/carbon/identity/sso/saml/servlet/ > SAMLSSOProviderServlet.java#L980 > > [3] - https://github.com/wso2/carbon-identity/blob/master/ > components/sso-saml/org.wso2.carbon.identity.sso.saml/src/ > main/java/org/wso2/carbon/identity/sso/saml/servlet/ > SAMLSSOProviderServlet.java#L992 > > [4] - https://github.com/wso2/carbon-identity/blob/master/ > components/sso-saml/org.wso2.carbon.identity.sso.saml/src/ > main/java/org/wso2/carbon/identity/sso/saml/servlet/ > SAMLSSOProviderServlet.java#L1031-#L1035 > > > Thanks, > > Biruntha > > Associate Software Engineer > WSO2 > Email : birun...@wso2.com > Linkedin : https://lk.linkedin.com/in/biruntha > Mobile : +94773718986 > > On Fri, Aug 12, 2016 at 10:18 PM, Biruntha Gnaneswaran <birun...@wso2.com> > wrote: > >> Hi All, >> >> >> To solve the issue in $subject, i tried to post a html form from >> Authenticator to mepin.jsp using [1]. But still i couldn't solve that >> issue. It's again redirected to [2]. >> Can anyone help me to solve this issue? >> >> [1] >> >> response.setContentType(*"text/html"*);java.io.PrintWriter out = >> response.getWriter(); >> out.println(*"<html><head>"*);out.println(*"</head><body>"*);out.println(*"<form >> name=**\"**loginform**\"* *method=**\"**post**\"* >> *action=**\"**/mepinauthenticationendpoint/mepin.jsp**\"**>"*);out.println(*"<input >> type=**\"**hidden**\"* *id=**\"**param1**\"* *name=**\"**param1**\"* >> *value=**\"**"*+param1+*"**\"**/>"*);out.println(*"<input >> type=**\"**hidden**\"* *id=**\"**param2**\"* *name=**\"**param2**\"* >> *value=**\"**"*+param2+*"**\"**/>"*);out.println(*"</form></body></html>"*); >> >> [2] https://localhost:9443/samlsso >> >> Thanks, >> >> Biruntha >> >> Associate Software Engineer >> WSO2 >> Email : birun...@wso2.com >> Linkedin : https://lk.linkedin.com/in/biruntha >> Mobile : +94773718986 >> >> On Fri, Jul 29, 2016 at 11:46 PM, Biruntha Gnaneswaran <birun...@wso2.com >> > wrote: >> >>> Hi Devs, >>> >>> In Mepin authenticator, some URL parameters are send to Mepin UI page >>> using GET method [1]. When I try to send these parameters via POST method >>> using HttpURLConnection class [2], it redirects to [3] not to the >>> actual Mepin UI page. While I try, I got the following Log . >>> >>> [2016-07-29 23:30:00,903] DEBUG {org.wso2.carbon.identity.appl >>> ication.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler} >>> - In authentication flow >>> >>> [2016-07-29 23:30:00,903] DEBUG {org.wso2.carbon.identity.appl >>> ication.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler} >>> - Executing the Step Based Authentication... >>> >>> [2016-07-29 23:30:00,903] DEBUG {org.wso2.carbon.identity.appl >>> ication.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler} >>> - Starting Step: 1 >>> >>> [2016-07-29 23:30:00,903] DEBUG {org.wso2.carbon.identity.appl >>> ication.authentication.framework.util.FrameworkUtils} - Finding already >>> authenticated IdPs of the Step >>> >>> [2016-07-29 23:30:00,903] DEBUG {org.wso2.carbon.identity.appl >>> ication.authentication.framework.handler.step.impl.DefaultStepHandler} >>> - Receive a response from the external party >>> >>> [2016-07-29 23:30:00,903] DEBUG {org.wso2.carbon.identity.appl >>> ication.authentication.framework.handler.step.impl.DefaultStepHandler} >>> - BasicAuthenticator can handle the request. >>> >>> [2016-07-29 23:30:00,929] DEBUG {org.wso2.carbon.identity.appl >>> ication.authentication.framework.handler.step.impl.DefaultStepHandler} >>> - BasicAuthenticator returned: SUCCESS_COMPLETED >>> >>> [2016-07-29 23:30:00,930] DEBUG {org.wso2.carbon.identity.appl >>> ication.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler} >>> - Step 1 is completed. Going to get the next one. >>> >>> [2016-07-29 23:30:00,930] DEBUG {org.wso2.carbon.identity.appl >>> ication.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler} >>> - Starting Step: 2 >>> >>> [2016-07-29 23:30:00,930] DEBUG {org.wso2.carbon.identity.appl >>> ication.authentication.framework.util.FrameworkUtils} - Finding already >>> authenticated IdPs of the Step >>> >>> [2016-07-29 23:30:00,930] DEBUG {org.wso2.carbon.identity.appl >>> ication.authentication.framework.handler.step.impl.DefaultStepHandler} >>> - Step contains only a single IdP. Going to call it directly >>> >>> [2016-07-29 23:30:00,930] DEBUG {org.wso2.carbon.identity.appl >>> ication.authentication.framework.config.ConfigurationFacade} - Trying >>> to find the IdP for name: mepin >>> >>> [2016-07-29 23:30:00,934] DEBUG {org.wso2.carbon.identity.appl >>> ication.authentication.framework.config.ConfigurationFacade} - A >>> registered IdP was found >>> >>> [2016-07-29 23:30:03,520] DEBUG {org.wso2.carbon.identity.appl >>> ication.authentication.framework.handler.step.impl.DefaultStepHandler} >>> - MePINAuthenticator returned: INCOMPLETE >>> >>> [2016-07-29 23:30:03,521] DEBUG {org.wso2.carbon.identity.appl >>> ication.authentication.framework.handler.step.impl.DefaultStepHandler} >>> - MePINAuthenticator is redirecting >>> >>> [2016-07-29 23:30:03,521] DEBUG {org.wso2.carbon.identity.appl >>> ication.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler} >>> - Step is not complete yet. Redirecting to outside. >>> >>> >>> So, I had offline chat with Dulanja. He said that it is not a direct >>> method when using POST method. POST method is not really needed. >>> Because, even facebook authenticator uses GET method to send URL >>> parameters. And also he give some suggestion, >>> >>> - >>> >>> For example, To send parameter called username, instead of using >>> username as a name we can use “a” or “A” so from outside it can’t be >>> guess. >>> - >>> >>> From java class , send as HTML body. While on submitting, need to >>> get url parameters. >>> >>> @ Dulanja, Please add If I miss anything. >>> >>> >>> Your comments and suggestions are highly appreciated. >>> >>> [1] >>> *https://github.com/wso2-extensions/identity-outbound-auth-mepin/blob/master/component/authenticator/src/main/java/org/wso2/carbon/identity/authenticator/mepin/MepinAuthenticator.java#L112-#L116* >>> <https://github.com/wso2-extensions/identity-outbound-auth-mepin/blob/master/component/authenticator/src/main/java/org/wso2/carbon/identity/authenticator/mepin/MepinAuthenticator.java#L112-%23L116> >>> >>> [2] http://stackoverflow.com/questions/4205980/java-sending-http >>> -parameters-via-post-method-easily >>> >>> [3] https://localhost:9443/samlsso >>> >>> >>> Thanks, >>> >>> >>> Biruntha >>> >>> Associate Software Engineer >>> WSO2 >>> Email : birun...@wso2.com >>> Linkedin : https://lk.linkedin.com/in/biruntha >>> Mobile : +94773718986 >>> >> >> > -- Best Regards, Malaka Silva Senior Technical Lead M: +94 777 219 791 Tel : 94 11 214 5345 Fax :94 11 2145300 Skype : malaka.sampath.silva LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77 Blog : http://mrmalakasilva.blogspot.com/ WSO2, Inc. lean . enterprise . middleware https://wso2.com/signature http://www.wso2.com/about/team/malaka-silva/ <http://wso2.com/about/team/malaka-silva/> https://store.wso2.com/store/ Don't make Trees rare, we should keep them with care
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
