I really hope i get some faster feed back guys q.q.
https://stackoverflow.com/questions/54396657/how-to-extend-wso2-identity-inbound-auth-cas-to-accept-a-wildcard-url/54591439#54591439 Best Regards. Mohammed Y. Alnajdi. Software Developer. ICTC - Solution Delivery Team. ________________________________ From: Mohammed Al Nagdy <[email protected]> Sent: Monday, February 11, 2019 5:42 PM To: Mohammed Yousef M. Alnajdi Cc: Kanapriya Kuleswararajan; Shakila Sasikaran; WSO2 Developers' List Subject: Re: [Dev] Fwd: Wso2 Identity Server: identity-inbound-auth-cas تحذير: هذه الرسالة مرسلة من خارج الجامعة. لا تفتح أي مرفق أو رابط ما لم تكن متأكداً من أنه آمن Warning: This mail has been sent from outside KFUPM. Do not open links or attachments unless you are sure they are safe. ____________________________________________________________ Greeting, Thanks for your answer. Here is the fix i did based on your comment: within the file SSOLoginProcessor.java i did this fix String serviceUrlFromRequest = casMessageContext.getServiceURL(); URL url = null; try { url = new URL(serviceUrlFromRequest); } catch (MalformedURLException e) { e.printStackTrace(); } String base = url.getProtocol() + "://" + url.getHost(); log.error(serviceUrlFromRequest); log.error(base); AuthenticationResult authnResult = processResponseFromFrameworkLogin(casMessageContext, identityRequest); String acsURL = CASSSOUtil.getAcsUrl(base, casMessageContext.getRequest().getTenantDomain()); I deployed this and i did try with my application to login and i got the correct url now but it's not able to process it, here is the log. TID: [-1234] [] [2019-02-10 08:50:13,101] ERROR {org.wso2.carbon.identity.sso.cas.processor.SSOLoginProcessor} - https://test.kfupm.edu.sa/en/login/?next=/en/ TID: [-1234] [] [2019-02-10 08:50:13,103] ERROR {org.wso2.carbon.identity.sso.cas.processor.SSOLoginProcessor} - https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2ftest.kfupm.edu.sa&umid=1D3EF014-8183-E105-B82C-CEC3FC47E5C0&auth=ec34f7633709e8bd85e48c7fc0c92c09c079e558-a3cb3eea7c1e6afb757c20066ce8e75a24dc0ed3<https://imsva91-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2ftest.kfupm.edu.sa&umid=1D3EF014-8183-E105-B82C-CEC3FC47E5C0&auth=ec34f7633709e8bd85e48c7fc0c92c09c079e558-a3cb3eea7c1e6afb757c20066ce8e75a24dc0ed3> TID: [-1234] [] [2019-02-10 08:50:13,103] ERROR {org.wso2.carbon.identity.sso.cas.util.CASSSOUtil} - https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2ftest.kfupm.edu.sa&umid=1D3EF014-8183-E105-B82C-CEC3FC47E5C0&auth=ec34f7633709e8bd85e48c7fc0c92c09c079e558-a3cb3eea7c1e6afb757c20066ce8e75a24dc0ed3<https://imsva91-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2ftest.kfupm.edu.sa&umid=1D3EF014-8183-E105-B82C-CEC3FC47E5C0&auth=ec34f7633709e8bd85e48c7fc0c92c09c079e558-a3cb3eea7c1e6afb757c20066ce8e75a24dc0ed3> and the url of the site after login is this "https://test.kfupm.edu.sa/en/?ticket=ST-4790bbcb218b4bf88e0a3b87dc824757-login-3.test.kfupm.edu.sa"; Now i believe that all of this process should happen while building the request not at the response. On that note when i click on "login" in my application and i get the SSO login page i should see in the url sp=test.kfupm.edu.sa<http://test.kfupm.edu.sa/> not sp=default. I am not sure if you see the limitation here but i will explain it once more. my application is accessible without login in but when you reach to some pages within the application they require login so they get redirected with a query parameter called "next" which hold where to go back to after the authentication, which makes the issue i can't rely on a static URL and it has to match it. it should be more than enough to match the service url that is defined in the SP which is the base of URL of this application aka "https://test.kfupm.edu.sa<https://test.kfupm.edu.sa/>". Kindly Let me know if there is any way you can guide me to fix this. On Sun, Feb 10, 2019 at 8:58 AM Mohammed Yousef M. Alnajdi <[email protected]<mailto:[email protected]>> wrote: Greeting, Thanks for your answer. Here is the fix i did based on your comment: within the file SSOLoginProcessor.java i did this fix String serviceUrlFromRequest = casMessageContext.getServiceURL(); URL url = null; try { url = new URL(serviceUrlFromRequest); } catch (MalformedURLException e) { e.printStackTrace(); } String base = url.getProtocol() + "://" + url.getHost(); log.error(serviceUrlFromRequest); log.error(base); AuthenticationResult authnResult = processResponseFromFrameworkLogin(casMessageContext, identityRequest); String acsURL = CASSSOUtil.getAcsUrl(base, casMessageContext.getRequest().getTenantDomain()); I deployed this and i did try with my application to login and i got the correct url now but it's not able to process it, here is the log. TID: [-1234] [] [2019-02-10 08:50:13,101] ERROR {org.wso2.carbon.identity.sso.cas.processor.SSOLoginProcessor} - https://test.kfupm.edu.sa/en/login/?next=/en/ TID: [-1234] [] [2019-02-10 08:50:13,103] ERROR {org.wso2.carbon.identity.sso.cas.processor.SSOLoginProcessor} - https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2ftest.kfupm.edu.sa&umid=1D3EF014-8183-E105-B82C-CEC3FC47E5C0&auth=ec34f7633709e8bd85e48c7fc0c92c09c079e558-a3cb3eea7c1e6afb757c20066ce8e75a24dc0ed3 TID: [-1234] [] [2019-02-10 08:50:13,103] ERROR {org.wso2.carbon.identity.sso.cas.util.CASSSOUtil} - https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2ftest.kfupm.edu.sa&umid=1D3EF014-8183-E105-B82C-CEC3FC47E5C0&auth=ec34f7633709e8bd85e48c7fc0c92c09c079e558-a3cb3eea7c1e6afb757c20066ce8e75a24dc0ed3 and the url of the site after login is this "https://test.kfupm.edu.sa/en/?ticket=ST-4790bbcb218b4bf88e0a3b87dc824757-login-3.test.kfupm.edu.sa"; Now i believe that all of this process should happen while building the request not at the response. On that note when i click on "login" in my application and i get the SSO login page i should see in the url sp=test.kfupm.edu.sa<http://test.kfupm.edu.sa> not sp=default. I am not sure if you see the limitation here but i will explain it once more. my application is accessible without login in but when you reach to some pages within the application they require login so they get redirected with a query parameter called "next" which hold where to go back to after the authentication, which makes the issue i can't rely on a static URL and it has to match it. it should be more than enough to match the service url that is defined in the SP which is the base of URL of this application aka "https://test.kfupm.edu.sa";. Kindly Let me know if there is any way you can guide me to fix this. Best Regards. Mohammed Y. Alnajdi. Software Developer. ICTC - Solution Delivery Team. ________________________________ From: Kanapriya Kuleswararajan <[email protected]<mailto:[email protected]>> Sent: Friday, February 8, 2019 2:14 PM To: Shakila Sasikaran Cc: WSO2 Developers' List; Mohammed Yousef M. Alnajdi; [email protected]<mailto:[email protected]> Subject: Re: [Dev] Fwd: Wso2 Identity Server: identity-inbound-auth-cas تحذير: هذه الرسالة مرسلة من خارج الجامعة. لا تفتح أي مرفق أو رابط ما لم تكن متأكداً من أنه آمن Warning: This mail has been sent from outside KFUPM. Do not open links or attachments unless you are sure they are safe. ____________________________________________________________ Hi Mohammed Yousef, Actually, CAS service URL is the identifier of the application that the client is trying to access. In almost all cases, this will be the URL of the application (https://[server-address]/cas-client-webapp/) and the server-address should always point to the location where this sample application (cas-client-webapp) is deployed. If I understood you correctly, you are setting Service Url: https://test.kfupm.edu.sa<https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2ftest.kfupm.edu.sa&umid=1D3EF014-8183-E105-B82C-CEC3FC47E5C0&auth=ec34f7633709e8bd85e48c7fc0c92c09c079e558-a3cb3eea7c1e6afb757c20066ce8e75a24dc0ed3> in the service provider configuration and trying to access that service using some other URL say https://test.kfupm.edu.sa/en/?next=/details and you end up with 500 internal server error. If that so, the reason for this error is, When we processing the login response we are getting the serviceUrlFromRequest [1] (ie,https://test.kfupm.edu.sa/en/?next=/details) and with this URL, the service provider details get retrieved [2]. Since you are not registering the service provider with the service URL: https://test.kfupm.edu.sa/en/?next=/details it returns the default service provider configurations. That causes an issue here. As a workaround, you may extend the source code [3] and you may pass the exact base URL of the service instead of getting the service URL from the request then hopefully, it will give the exact service provider configurations. [1] https://github.com/wso2-extensions/identity-inbound-auth-cas/blob/master/components/cas-inbound-authenticator/src/main/java/org/wso2/carbon/identity/sso/cas/processor/SSOLoginProcessor.java#L77 [2] https://github.com/wso2-extensions/identity-inbound-auth-cas/blob/master/components/cas-inbound-authenticator/src/main/java/org/wso2/carbon/identity/sso/cas/util/CASSSOUtil.java#L120 [3] https://github.com/wso2-extensions/identity-inbound-auth-cas Thanks, Kanapriya Kuleswararajan Software Engineer Mobile : - 0774894438 Mail: - [email protected]<mailto:[email protected]> LinkedIn : - https://www.linkedin.com/in/kanapriya-kules-94712685/ WSO2, Inc. lean. enterprise. middleware On Wed, Feb 6, 2019 at 3:47 PM Shakila Sasikaran <[email protected]<mailto:[email protected]>> wrote: [Forwarding to dev] ---------- Forwarded message --------- From: Mohammed Yousef M. Alnajdi <[email protected]<mailto:[email protected]>> Date: Tue, Feb 5, 2019 at 3:31 PM Subject: Wso2 Identity Server: identity-inbound-auth-cas To: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> Cc: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> Greeting Team, I would like to express that i am really grateful to the work you guys put for the open source community. I have 1 small comment/issue regarding the "identity-inbound-auth-cas" i will try to describe my issue and how i want to solve it. * I configured a new service provider with the name test.kfupm.edu.sa<https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=http%3a%2f%2ftest.kfupm.edu.sa&umid=1D3EF014-8183-E105-B82C-CEC3FC47E5C0&auth=ec34f7633709e8bd85e48c7fc0c92c09c079e558-9a564a00a3b46eed0ceee94d53c16e486982cca5> * I configured the CAS URL as https://test.kfupm.edu.sa<https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2ftest.kfupm.edu.sa&umid=1D3EF014-8183-E105-B82C-CEC3FC47E5C0&auth=ec34f7633709e8bd85e48c7fc0c92c09c079e558-a3cb3eea7c1e6afb757c20066ce8e75a24dc0ed3> * If i go now to https://test.kfupm.edu.sa<https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2ftest.kfupm.edu.sa&umid=1D3EF014-8183-E105-B82C-CEC3FC47E5C0&auth=ec34f7633709e8bd85e48c7fc0c92c09c079e558-a3cb3eea7c1e6afb757c20066ce8e75a24dc0ed3> everything works fine and i can see in the url i am getting the sp=test.kfupm.edu.sa<https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=http%3a%2f%2ftest.kfupm.edu.sa&umid=1D3EF014-8183-E105-B82C-CEC3FC47E5C0&auth=ec34f7633709e8bd85e48c7fc0c92c09c079e558-9a564a00a3b46eed0ceee94d53c16e486982cca5> but when i try to have anything like this https://test.kfupm.edu.sa/en/?next=/details the cas configuration won't work and i would get the sp=default. So the issue is i can only have 1 url for cas i want it accept and check for the base url which is https://test.kfupm.edu.sa<https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2ftest.kfupm.edu.sa&umid=1D3EF014-8183-E105-B82C-CEC3FC47E5C0&auth=ec34f7633709e8bd85e48c7fc0c92c09c079e558-a3cb3eea7c1e6afb757c20066ce8e75a24dc0ed3> which should be enough for CAS to find out which SP it is. https://stackoverflow.com/questions/54396657/how-to-extend-wso2-identity-inbound-auth-cas-to-accept-a-wildcard-url Thanks a lot Best Regards. Mohammed Y. Alnajdi. Software Developer. ICTC - Solution Delivery Team. _______________________________________________ Dev mailing list [email protected]<mailto:[email protected]> http://wso2.org/cgi-bin/mailman/listinfo/dev
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
