Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DAS/MCX integration #23

Open
wants to merge 9 commits into
base: master
Choose a base branch
from
Open

DAS/MCX integration #23

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
7dd9f1e
add all features from mig india
dilan2771 Jan 17, 2017
33b3c90
Merge pull request #4 from dilannm/master
Jan 24, 2017
d136a81
Adding jaggery app - portal
lahiru823 Apr 20, 2017
cb49cd6
Mobile Conntect login facility to DAS
lahiru823 Mar 31, 2017
1210472
MC - DAS login set defult values
lahiru823 Mar 31, 2017
aa15a67
commenting test operator value
lahiru823 Mar 31, 2017
affc9f8
DAS/MCX integration changes
lahiru823 Apr 24, 2017
b5f95c8
DAS/MCX integration - handle invalid user excp
lahiru823 Apr 25, 2017
0f51dbd
DAS/MCX fasilitate test msisdn
lahiru823 Apr 27, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
The diff you're trying to view is too large. We only load the first 3000 changed files.
108 changes: 108 additions & 0 deletions components/jaggeryapps/portal/configs/designer.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,108 @@
{
"store": {
"types": ["fs"]
},
"gadgetGeneration" :{
"isCreateGadgetEnable": false,
"ignoreProviders": ["rt"]
},
"authentication": {
"activeMethod": "basic",
"methods": {
"sso": {
"attributes": {
"issuer": "portal",
"identityProviderURL": "https://localhost:9443/samlsso",
"responseSigningEnabled": true,
"validateAssertionValidityPeriod": true,
"validateAudienceRestriction": true,
"assertionSigningEnabled": true,
"acs": "https://localhost:9444/portal/acs",
"identityAlias": "wso2carbon",
"defaultNameIDPolicy": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified",
"useTenantKey": false,
"isPassive": false
}
},
"basic": {
"attributes": {}
},
"oidcConfiguration" : {
"enabled" : true,
"destination" :"https://analytics.preprod.wso2telco.com/portal",
"tokenEndpointURI" : "https://mconnect.preprod.wso2telco.com/oauth2/token",
"userInfoEndpointURI" : "http://mconnect.preprod.wso2telco.com/oauth2/userinfo?schema=openid",
"callbackurl" : "https://analytics.preprod.wso2telco.com/portal/oidc-login",
"idpLogOutUrl" : "https://mconnect.preprod.wso2telco.com/commonauth",
"requiredIdpSessionTermination" : true, //need to idp session termination once logour from DAS
"mappedClaimNameToPickUser" : "uid", //'uid' and 'msisdn' are supported, when needed create uid claim and map to username
"clientConfiguration" : {
"spName" : "DAS_PORTAL_MCX",
"clientId" : "zXxcrcdOpIKukWmmJY93AydNuc4a",
"clientSecret" : "qp2RxiOMkY_fjWOm8yvDnWfQCawa"
},
"authRequestConfiguration":{
"reponseType" : "code",
"scope" : "openid",
"nonce" : "nounce1222",
"state" : "state22",
"acrvalues" : "2"
},
"discoverApi": {
"discoveryURL": "https://india.discover.mobileconnect.io/gsma/v2/discovery/?Redirect_URL=https://www.goibibo.com/api/auth/v1.0/mobileconnect/callback",
"dscoveryAuthCode": "OTc3YjMyOGUtZTVlZi00NWY1LTgxYTktOTg5MDA5MWI2NDA3OmUzNTRjMzNjLTdjYTAtNDdjMy04MGUwLWZhZGMxMzIxNDY0Zg=="
},
"authRequestEndpoint": "https://mconnect.preprod.wso2telco.com/{operator}/oauth2/authorize",
"testMsisdn": "912222222222"
}
}
},
"authorization": {
"activeMethod": "",
"methods": {
"oauth": {
"attributes": {
"idPServer": "%https.ip%/oauth2/token",
"dynamicClientProperties": {
"callbackUrl": "%https.ip%/portal",
"clientName": "portal",
"owner": "admin",
"applicationType": "JaggeryApp",
"grantType": "password refresh_token urn:ietf:params:oauth:grant-type:saml2-bearer",
"saasApp": false,
"dynamicClientRegistrationEndPoint": "%https.ip%/dynamic-client-web/register/",
"tokenScope": "Production"
}
}
}
}
},
"designers": [
"Internal/everyone"
],
"tenantPrefix": "/t",
"shareStore": false,
"theme": "basic",
"cacheTimeoutSeconds": "5",
"cacheSizeBytes": "1073741824",
"defaultDashboardRedirect": false,
"isCreateGadgetEnable": true,
"isSecureVaultEnabled" : false,
"assets": {
"gadget": {
"fileSizeLimit": 5
},
"layout": {
"fileSizeLimit": 1
}
},
"oauth": {
"username": "admin",
"password": "Y4ap9v4#"
},
"host": {
"hostname": "india.analytics.wso2telco.com",
"port": "443",
"protocol": "https"
}
}
28 changes: 28 additions & 0 deletions components/jaggeryapps/portal/configs/portal.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
var config;
(function () {
config = function () {
var log = new Log(),
pinch = require('/modules/pinch.min.js').pinch,
config = require('/configs/designer.json'),
process = require('process'),
localIP = process.getProperty('server.host'),
httpPort = process.getProperty('http.port'),
httpsPort = process.getProperty('https.port');
var carbonLocalIP = process.getProperty('carbon.local.ip');

pinch(config, /^/, function (path, key, value) {
if ((typeof value === 'string') && value.indexOf('%https.host%') > -1) {
return value.replace('%https.host%', 'https://' + localIP + ':' + httpsPort);
} else if ((typeof value === 'string') && value.indexOf('%http.host%') > -1) {
return value.replace('%http.host%', 'http://' + localIP + ':' + httpPort);
} else if ((typeof value === 'string') && value.indexOf('%https.carbon.local.ip%') > -1) {
return value.replace('%https.carbon.local.ip%', 'https://' + carbonLocalIP + ':' + httpsPort);
}
else if ((typeof value === 'string') && value.indexOf('%http.carbon.local.ip%') > -1) {
return value.replace('%http.carbon.local.ip%', 'http://' + carbonLocalIP + ':' + httpPort);
}
return value;
});
return config;
};
})();
145 changes: 145 additions & 0 deletions components/jaggeryapps/portal/controllers/acs.jag
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,145 @@
<%
/**
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
(function () {
var log = new Log("/controllers/acs.jag");
var configs = require('/configs/portal.js').config();
var samlResponse = request.getParameter('SAMLResponse');
var sessionId = session.getId();
var samlRequest = request.getParameter('SAMLRequest');
var dashboards = require('/modules/dashboards.js');
//see https://wso2.org/jira/browse/IDENTITY-3454
var relayState = decodeURIComponent(request.getParameter('RelayState'));
var attr = configs.authentication.methods.sso.attributes;
var sso = require('sso');
var tokenUtil = require("/modules/tokenUtil.js").tokenUtil;
var constants = require("/modules/constants.js");
var samlRespObj;
var CarbonUtils = Packages.org.wso2.carbon.utils.CarbonUtils;
var keyStorePassword = CarbonUtils.getServerConfiguration().getFirstProperty("Security.TrustStore.Password");
var keyStoreName = CarbonUtils.getServerConfiguration().getFirstProperty("Security.TrustStore.Location");
var identityAlias = attr.identityAlias;
var permission = require("/modules/permission.js");
var DEFAULT_TO_FALSE = false;
var keyStoreProps = {
KEY_STORE_NAME: keyStoreName,
KEY_STORE_PASSWORD: keyStorePassword,
IDP_ALIAS: identityAlias,
USE_ST_KEY: !attr.useTenantKey
};
var sso_sessions = application.get('sso_sessions');

var loadTenant = function (username) {
var carbon = require('carbon');
var MultitenantUtils = Packages.org.wso2.carbon.utils.multitenancy.MultitenantUtils;
var MultitenantConstants = Packages.org.wso2.carbon.base.MultitenantConstants;
var TenantAxisUtils = Packages.org.wso2.carbon.core.multitenancy.utils.TenantAxisUtils;
var service;
var ctx;
var domain = MultitenantUtils.getTenantDomain(username);
if (domain != null && !MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(domain)) {
service = carbon.server.osgiService('org.wso2.carbon.utils.ConfigurationContextService');
ctx = service.getServerConfigContext();
TenantAxisUtils.setTenantAccessed(domain, ctx);
}
};

if (!sso_sessions) {
application.put('sso_sessions', {});
sso_sessions = application.get('sso_sessions');
}

if (samlResponse) {
samlRespObj = sso.client.getSamlObject(samlResponse);
//If response signing is enabled we to validate it before performing
//login or logout operations

if (!sso.client.isLogoutResponse(samlRespObj)) {
if ((!samlRespObj) || (!sso.client.validateSamlResponse(samlRespObj, attr, keyStoreProps))) {
log.error('SAML response object validation failure.');
response.sendError(401, 'You do not have permission to login to this application.Please contact your administrator and request permission.');
return;
}
var sessionObj = sso.client.decodeSAMLLoginResponse(samlRespObj, samlResponse, sessionId);

if (sessionObj.sessionIndex != null || sessionObj.sessionIndex != 'undefined') {
loadTenant(sessionObj.loggedInUser);
session.put("LOGGED_IN_USER", sessionObj.loggedInUser);
session.put("Loged", "true");

sso_sessions[sessionObj.sessionId] = sessionObj.sessionIndex;
if (log.isDebugEnabled()) {
log.debug("RELAYSTATE: " + relayState);
}
//var user = require('store').user;
var username = sessionObj.loggedInUser;
var carbon = require('carbon');
var user = carbon.server.tenantUser(username);
var utils = require('/modules/utils.js');
var server = new carbon.server.Server();
var um = new carbon.user.UserManager(server, user.tenantId);
user.roles = um.getRoleListOfUser(user.username);
if (!permission.isAllowedUser(user, constants.LOGIN)) {
log.error('You do not have permission to login to this application.Please contact your administrator and request permission');
response.addCookie(request.getAllCookies());
response.sendRedirect("/portal/controllers/error-pages/sso-error.jag");
return;
}
session.put('user', user);
session.put("samlResponse", samlResponse);
var idPServer = tokenUtil.getIdPServerURL();
if (tokenUtil.checkOAuthEnabled() && idPServer) {
var properties = {samlToken: sessionObj.samlToken, user: username};
tokenUtil.setupAccessTokenPair(constants.GRANT_TYPE_SAML, properties, idPServer,
function (status) {
if (!status) {
log.error("Error while setting up access token and refresh token");
}
});
response.sendRedirect(relayState);
return;
} else {
var saml2Cookie = require('/modules/saml-to-cookie.js');
var authToken = saml2Cookie.exchangeSAMLTokenForCookie(samlResponse);
session.put('authToken', authToken);
response.sendRedirect(relayState);
}
}

} else {
var isResponseSigningEnabled = attr.responseSigningEnabled ? attr.responseSigningEnabled : DEFAULT_TO_FALSE;
if (isResponseSigningEnabled) {
sso.client.validateSignature(samlRespObj, keyStoreProps)
}
session.invalidate();
response.sendRedirect(relayState);
}
}

// if saml request is a log out request, then invalidate session.
if (samlRequest) {
var index = sso.client.decodeSAMLLogoutRequest(sso.client.getSamlObject(samlRequest));
log.debug('BACKEND LOGOUT RECIEVED FROM STORE THE INDEX IS ######' + index);
var jSessionId = application.get('sso_sessions')[index];
delete application.get('sso_sessions')[index];
log.debug('store Session Id :::' + jSessionId);
session.invalidate();
}
}());
%>
Loading