Google Git
Sign in
apache / stratos / 4.0.0-grouping / . / components / org.apache.stratos.manager.console / console / controllers / acs.jag
blob: d4467da74238fd11f93aa4a60d2fa361637e8dbe [file] [log] [blame]
<%
/*
*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
(function () {
var log = new Log();
log.debug("console ACS page....");
var configs = require('/config/console.js').config(),
process = require("process"),
util = require('/util/utility.jag'),
samlResponse = request.getParameter('SAMLResponse'),
sessionId = session.getId(),
samlRequest = request.getParameter('SAMLRequest'),
relayState = request.getParameter('RelayState'),
sso = require('sso'),
samlRespObj,
keyStoreProps = {
KEY_STORE_NAME: process.getProperty('carbon.home') + configs.ssoConfiguration.keyStoreName,
KEY_STORE_PASSWORD: configs.ssoConfiguration.keyStorePassword,
IDP_ALIAS: configs.ssoConfiguration.identityAlias
},
sso_sessions = application.get('sso_sessions');
log.debug("SAML request :"+ samlRequest);
log.debug("SAML response : "+ samlResponse);
if (!sso_sessions) {
application.put('sso_sessions', {});
sso_sessions = application.get('sso_sessions');
}
if (samlResponse != null) {
samlRespObj = sso.client.getSamlObject(samlResponse);
log.info("SAML response object :" + samlRespObj);
if (!sso.client.isLogoutResponse(samlRespObj)) {
// validating the signature
if (configs.ssoConfiguration.responseSigningEnabled) {
if (sso.client.validateSignature(samlRespObj, keyStoreProps)) {
var sessionObj = sso.client.decodeSAMLLoginResponse(samlRespObj, samlResponse, sessionId);
var samlToken = sso.client.getB64EncodedtSAMLAssertion(samlRespObj);
var tenantDomain = sso.client.getTenantDomain(samlRespObj);
var roleArray = sso.client.getRoleList(samlRespObj);
log.info("B64 encoded SAML2Token : " + samlToken.b64Encoded);
log.info("Logged in user : " + sessionObj.loggedInUser);
log.info("Tenant domain : " + tenantDomain);
log.info("Role List of current tenant : "+ roleArray);
log.info("B64 encoded SAML2Token : " + samlToken.b64Encoded);
var encodedString = sso.client.b64encode("LATjzZ4FvQc2gFEfwcitay78lQQa:LeZD0oN0ZLTLjLmRqphX4Ulrr5wa");
log.info("encoded string : " + encodedString);
var accessToken = util.consoleAppUtil.getOauthAccessToken(samlToken.b64Encoded,encodedString);
log.info(accessToken.data.access_token);
session.put("access_token",accessToken.data.access_token);
if (sessionObj.sessionIndex != null || sessionObj.sessionIndex != 'undefined') {
require('console').server.current(session, sessionObj.loggedInUser);
session.put("IS_LOGGED_IN", true);
session.put("TENANT_DOMAIN",tenantDomain);
session.put("ROLE_ARRAY",roleArray);
sso_sessions[sessionObj.sessionId] = sessionObj.sessionIndex;
response.sendRedirect('/console');
}
}
}
} else {
session.invalidate();
response.sendRedirect('/console');
}
}
// if saml request is a log out request, then invalidate session.
if (samlRequest != null) {
var index = sso.client.decodeSAMLLogoutRequest(sso.client.getSamlObject(samlRequest));
log.debug('BACKEND LOGOUT RECIEVED FROM STORE THE INDEX IS ######' + index);
var jSessionId = application.get('sso_sessions')[index];
delete application.get('sso_sessions')[index];
log.debug('portal Session Id :::' + jSessionId);
session.invalidate();
}
}());
%>