Greeting,
Thanks for your answer.
Here is the fix i did based on your comment:
within the file *SSOLoginProcessor.java* i did this fix
String serviceUrlFromRequest = casMessageContext.getServiceURL();
URL url = null;
try {
url = new URL(serviceUrlFromRequest);
} catch (MalformedURLException e) {
e.printStackTrace();
}
String base = url.getProtocol() + "://" + url.getHost();
log.error(serviceUrlFromRequest);
log.error(base);
AuthenticationResult authnResult =
processResponseFromFrameworkLogin(casMessageContext, identityRequest);
String acsURL = CASSSOUtil.getAcsUrl(base,
casMessageContext.getRequest().getTenantDomain());
I deployed this and i did try with my application to login and i got the
correct url now but it's not able to process it, here is the log.
TID: [-1234] [] [2019-02-10 08:50:13,101] ERROR
{org.wso2.carbon.identity.sso.cas.processor.SSOLoginProcessor} -
https://test.kfupm.edu.sa/en/login/?next=/en/
TID: [-1234] [] [2019-02-10 08:50:13,103] ERROR
{org.wso2.carbon.identity.sso.cas.processor.SSOLoginProcessor} -
https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2ftest.kfupm.edu.sa&umid=1D3EF014-8183-E105-B82C-CEC3FC47E5C0&auth=ec34f7633709e8bd85e48c7fc0c92c09c079e558-a3cb3eea7c1e6afb757c20066ce8e75a24dc0ed3
<https://imsva91-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2ftest.kfupm.edu.sa&umid=1D3EF014-8183-E105-B82C-CEC3FC47E5C0&auth=ec34f7633709e8bd85e48c7fc0c92c09c079e558-a3cb3eea7c1e6afb757c20066ce8e75a24dc0ed3>
TID: [-1234] [] [2019-02-10 08:50:13,103] ERROR
{org.wso2.carbon.identity.sso.cas.util.CASSSOUtil} -
https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2ftest.kfupm.edu.sa&umid=1D3EF014-8183-E105-B82C-CEC3FC47E5C0&auth=ec34f7633709e8bd85e48c7fc0c92c09c079e558-a3cb3eea7c1e6afb757c20066ce8e75a24dc0ed3
<https://imsva91-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2ftest.kfupm.edu.sa&umid=1D3EF014-8183-E105-B82C-CEC3FC47E5C0&auth=ec34f7633709e8bd85e48c7fc0c92c09c079e558-a3cb3eea7c1e6afb757c20066ce8e75a24dc0ed3>
and the url of the site after login is this
*"**https://test.kfupm.edu.sa/en/?ticket=ST-4790bbcb218b4bf88e0a3b87dc824757-login-3.test.kfupm.edu.sa
<https://test.kfupm.edu.sa/en/?ticket=ST-4790bbcb218b4bf88e0a3b87dc824757-login-3.test.kfupm.edu.sa>*
*"*
Now i believe that all of this process should happen while building the
request not at the response. On that note when i click on "login" in my
application and i get the SSO login page i should see in the url
sp=test.kfupm.edu.sa not sp=default.
I am not sure if you see the limitation here but i will explain it once
more.
my application is accessible without login in but when you reach to some
pages within the application they require login so they get redirected with
a query parameter called *"next"*
which hold where to go back to after the authentication, which makes the
issue i can't rely on a static URL and it has to match it. it should be
more than enough to match the service url
that is defined in the SP which is the base of URL of this application aka "
https://test.kfupm.edu.sa";.
Kindly Let me know if there is any way you can guide me to fix this.
On Sun, Feb 10, 2019 at 8:58 AM Mohammed Yousef M. Alnajdi <
[email protected]> wrote:
> Greeting,
>
>
> Thanks for your answer.
>
>
> Here is the fix i did based on your comment:
>
> within the file *SSOLoginProcessor.java* i did this fix
>
> String serviceUrlFromRequest = casMessageContext.getServiceURL();
> URL url = null;
> try {
> url = new URL(serviceUrlFromRequest);
> } catch (MalformedURLException e) {
> e.printStackTrace();
> }
> String base = url.getProtocol() + "://" + url.getHost();
> log.error(serviceUrlFromRequest);
> log.error(base);
> AuthenticationResult authnResult =
> processResponseFromFrameworkLogin(casMessageContext, identityRequest);
> String acsURL = CASSSOUtil.getAcsUrl(base,
> casMessageContext.getRequest().getTenantDomain());
>
> I deployed this and i did try with my application to login and i got the
> correct url now but it's not able to process it, here is the log.
>
>
> TID: [-1234] [] [2019-02-10 08:50:13,101] ERROR
> {org.wso2.carbon.identity.sso.cas.processor.SSOLoginProcessor} -
> https://test.kfupm.edu.sa/en/login/?next=/en/
> TID: [-1234] [] [2019-02-10 08:50:13,103] ERROR
> {org.wso2.carbon.identity.sso.cas.processor.SSOLoginProcessor} -
> https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2ftest.kfupm.edu.sa&umid=1D3EF014-8183-E105-B82C-CEC3FC47E5C0&auth=ec34f7633709e8bd85e48c7fc0c92c09c079e558-a3cb3eea7c1e6afb757c20066ce8e75a24dc0ed3
> TID: [-1234] [] [2019-02-10 08:50:13,103] ERROR
> {org.wso2.carbon.identity.sso.cas.util.CASSSOUtil} -
> https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2ftest.kfupm.edu.sa&umid=1D3EF014-8183-E105-B82C-CEC3FC47E5C0&auth=ec34f7633709e8bd85e48c7fc0c92c09c079e558-a3cb3eea7c1e6afb757c20066ce8e75a24dc0ed3
>
>
> and the url of the site after login is this
> *"**https://test.kfupm.edu.sa/en/?ticket=ST-4790bbcb218b4bf88e0a3b87dc824757-login-3.test.kfupm.edu.sa
> <https://test.kfupm.edu.sa/en/?ticket=ST-4790bbcb218b4bf88e0a3b87dc824757-login-3.test.kfupm.edu.sa>*
> *"*
>
>
> Now i believe that all of this process should happen while building the
> request not at the response. On that note when i click on "login" in my
> application and i get the SSO login page i should see in the url
>
> sp=test.kfupm.edu.sa not sp=default.
>
>
> I am not sure if you see the limitation here but i will explain it once
> more.
>
> my application is accessible without login in but when you reach to some
> pages within the application they require login so they get redirected with
> a query parameter called *"next"*
>
> which hold where to go back to after the authentication, which makes the
> issue i can't rely on a static URL and it has to match it. it should be
> more than enough to match the service url
>
> that is defined in the SP which is the base of URL of this application aka
> "https://test.kfupm.edu.sa";.
>
>
> Kindly Let me know if there is any way you can guide me to fix this.
>
>
> *Best Regards.*
> *Mohammed Y. Alnajdi.*
> *Software Developer.*
> *ICTC - Solution Delivery Team.*
> ------------------------------
> *From:* Kanapriya Kuleswararajan <[email protected]>
> *Sent:* Friday, February 8, 2019 2:14 PM
> *To:* Shakila Sasikaran
> *Cc:* WSO2 Developers' List; Mohammed Yousef M. Alnajdi;
> [email protected]
> *Subject:* Re: [Dev] Fwd: Wso2 Identity Server: identity-inbound-auth-cas
>
>
> تحذير: هذه الرسالة مرسلة من خارج الجامعة. لا تفتح أي مرفق أو رابط ما لم تكن
> متأكداً من أنه آمن
> Warning: This mail has been sent from outside KFUPM. Do not open links or
> attachments unless you are sure they are safe.
> ____________________________________________________________
>
> Hi Mohammed Yousef,
>
> Actually, CAS service URL is the identifier of the application that the
> client is trying to access. In almost all cases, this will be the URL of
> the application (https://[server-address]/cas-client-webapp/) and the
> server-address should always point to the location where this sample
> application (cas-client-webapp) is deployed.
>
> If I understood you correctly, you are setting Service Url:
> https://test.kfupm.edu.sa
> <https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2ftest.kfupm.edu.sa&umid=1D3EF014-8183-E105-B82C-CEC3FC47E5C0&auth=ec34f7633709e8bd85e48c7fc0c92c09c079e558-a3cb3eea7c1e6afb757c20066ce8e75a24dc0ed3>
> in the service provider configuration and trying to access that service
> using some other URL say https://test.kfupm.edu.sa/en/?next=/details and
> you end up with 500 internal server error.
>
> If that so, the reason for this error is, When we processing the login
> response we are getting the serviceUrlFromRequest [1] (ie,
> https://test.kfupm.edu.sa/en/?next=/details) and with this URL, the
> service provider details get retrieved [2]. Since you are not registering
> the service provider with the service URL:
> https://test.kfupm.edu.sa/en/?next=/details it returns the default
> service provider configurations. That causes an issue here.
>
> As a workaround, you may extend the source code [3] and you may pass the
> exact base URL of the service instead of getting the service URL from the
> request then hopefully, it will give the exact service provider
> configurations.
>
> [1]
> https://github.com/wso2-extensions/identity-inbound-auth-cas/blob/master/components/cas-inbound-authenticator/src/main/java/org/wso2/carbon/identity/sso/cas/processor/SSOLoginProcessor.java#L77
> [2]
> https://github.com/wso2-extensions/identity-inbound-auth-cas/blob/master/components/cas-inbound-authenticator/src/main/java/org/wso2/carbon/identity/sso/cas/util/CASSSOUtil.java#L120
> [3] https://github.com/wso2-extensions/identity-inbound-auth-cas
>
> Thanks,
> Kanapriya Kuleswararajan
> Software Engineer
> Mobile : - 0774894438
> Mail: - [email protected]
> LinkedIn : - https://www.linkedin.com/in/kanapriya-kules-94712685/
> WSO2, Inc.
> lean. enterprise. middleware
>
>
>
> On Wed, Feb 6, 2019 at 3:47 PM Shakila Sasikaran <[email protected]> wrote:
>
>> [Forwarding to dev]
>>
>> ---------- Forwarded message ---------
>> From: Mohammed Yousef M. Alnajdi <[email protected]>
>> Date: Tue, Feb 5, 2019 at 3:31 PM
>> Subject: Wso2 Identity Server: identity-inbound-auth-cas
>> To: [email protected] <[email protected]>
>> Cc: [email protected] <[email protected]> <[email protected]
>> <[email protected]>>
>>
>>
>> Greeting Team,
>>
>> I would like to express that i am really grateful to the work you guys
>> put for the open source community.
>>
>> I have 1 small comment/issue regarding the "identity-inbound-auth-cas" i
>> will try to describe my issue and how i want to solve it.
>>
>>
>> - I configured a new service provider with the name test.kfupm.edu.sa
>>
>> <https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=http%3a%2f%2ftest.kfupm.edu.sa&umid=1D3EF014-8183-E105-B82C-CEC3FC47E5C0&auth=ec34f7633709e8bd85e48c7fc0c92c09c079e558-9a564a00a3b46eed0ceee94d53c16e486982cca5>
>> - I configured the CAS URL as https://test.kfupm.edu.sa
>>
>> <https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2ftest.kfupm.edu.sa&umid=1D3EF014-8183-E105-B82C-CEC3FC47E5C0&auth=ec34f7633709e8bd85e48c7fc0c92c09c079e558-a3cb3eea7c1e6afb757c20066ce8e75a24dc0ed3>
>> - If i go now to https://test.kfupm.edu.sa
>>
>> <https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2ftest.kfupm.edu.sa&umid=1D3EF014-8183-E105-B82C-CEC3FC47E5C0&auth=ec34f7633709e8bd85e48c7fc0c92c09c079e558-a3cb3eea7c1e6afb757c20066ce8e75a24dc0ed3>
>> everything
>> works fine and i can see in the url i am getting the sp=
>> test.kfupm.edu.sa
>>
>> <https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=http%3a%2f%2ftest.kfupm.edu.sa&umid=1D3EF014-8183-E105-B82C-CEC3FC47E5C0&auth=ec34f7633709e8bd85e48c7fc0c92c09c079e558-9a564a00a3b46eed0ceee94d53c16e486982cca5>
>> but when i try to have anything like this
>> https://test.kfupm.edu.sa/en/?next=/details the cas configuration
>> won't work and i would get the sp=default.
>> So the issue is i can only have 1 url for cas i want it accept and
>> check for the base url which is https://test.kfupm.edu.sa
>>
>> <https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2ftest.kfupm.edu.sa&umid=1D3EF014-8183-E105-B82C-CEC3FC47E5C0&auth=ec34f7633709e8bd85e48c7fc0c92c09c079e558-a3cb3eea7c1e6afb757c20066ce8e75a24dc0ed3>
>> which should be
>> enough for CAS to find out which SP it is.
>>
>>
>>
>> https://stackoverflow.com/questions/54396657/how-to-extend-wso2-identity-inbound-auth-cas-to-accept-a-wildcard-url
>>
>> Thanks a lot
>>
>> *Best Regards.*
>> *Mohammed Y. Alnajdi.*
>> *Software Developer.*
>> *ICTC - Solution Delivery Team.*
>>
>> _______________________________________________
>> Dev mailing list
>> [email protected]
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
