Hi Thulasika, I could successfully load the iframe by getting rid of *HttpServletResponse* .*encodeRedirectURL() *method at [1]. Since the *DuoUrl *contain some data with special characters, you need to URL encode them in order to get this working. I have attached the patch file with the code changes I did to get it working.
However, I could not figure out why *HttpServletResponse*.*encodeRedirectURL() *causes issues only in 5.3.0. There's no javax.servlet api version change between 5.2.0 and 5.3.0 AFAIS. [1] https://github.com/wso2-extensions/identity-outbound-auth-duo/blob/org.wso2.carbon.extension.identity.authenticator.duo-1.0.1/component/authenticator/src/main/java/org/wso2/carbon/identity/authenticator/duo/DuoAuthenticator.java#L134 On Wed, Jan 18, 2017 at 10:09 PM, Thulasika Vijayanathan <thulas...@wso2.com > wrote: > Hi Nuwandi, > > Yes, I use the same values. > > Thanks. > > On Wed, Jan 18, 2017 at 9:59 PM, Nuwandi Wickramasinghe <nuwan...@wso2.com > > wrote: > >> Hi Thulasika, >> >> Are you using same duo API configuration values (i.e Secret Key, >> Integration Key, Admin Secret Key, Admin Integration key ) in both 5.2.0 >> and 5.3.0? >> >> thanks >> Nuwandi >> >> On Tue, Jan 17, 2017 at 2:24 PM, Thulasika Vijayanathan < >> thulas...@wso2.com> wrote: >> >>> Hi, >>> >>> I am verifying the authenticators with IS 5.3.0. When I test Duo >>> security authenticator with IS 5.3.0, I got the blank page, but it works >>> with IS 5.2.0. It seems redirect URL and signature are correct, because If >>> we give the wrong signature, the page will display as Access denied, Duo >>> Provisioning connector works fine with both IS 5.2.0 and 5.3.0. >>> >>> Redirect URL in IS 5.3.0 >>> https://localhost:9443/duoauthenticationendpoint/duoAuth.jsp >>> ?authenticator=DuoAuthenticator:LOCAL&type=duo&signreq=TX| >>> YWRtaW58REkySjlaVk40NEM4UlZRQzdTUkJ8MTQ4NDY0MDUwMg==|f4345a7 >>> f517828d259b235703310c09b594b736c:APP|YWRtaW58REkySjlaVk40NE >>> M4UlZRQzdTUkJ8MTQ4NDY0MzgwMg==|f65d989f837105e4a4d77167911f5 >>> abf09b7095c&sessionDataKey=bd19a4d8-f08e-4322-b0a8-cbbb31a14 >>> 4a7&duoHost=api-xxxxxxxx.duosecurity.com >>> >>> [image: Inline image 3] >>> >>> Redirect URL in IS 5.2.0 >>> https://localhost:9443/duoauthenticationendpoint/duoAuth.jsp >>> ?authenticator=DuoAuthenticator:LOCAL&type=duo&signreq=TX| >>> YWRtaW58REkySjlaVk40NEM4UlZRQzdTUkJ8MTQ4NDY0MDcxMQ==|969c487 >>> f980bfb10e7a45a4b43d06543a78b9500:APP|YWRtaW58REkySjlaVk40NE >>> M4UlZRQzdTUkJ8MTQ4NDY0NDAxMQ==|bb3be42f90aa3cfc38a5f42600fa4 >>> a9ed8776421&sessionDataKey=04c82f8e-ce66-454b-9cbf-a67140410 >>> 9d7&duoHost=api-xxxxxxxx.duosecurity.com >>> >>> [image: Inline image 2] >>> Can you please suggest what could be the reason? >>> >>> >>> Thanks, >>> Thulasika. >>> >>> -- >>> Thulasika >>> Associate Software Engineer >>> Mobile:0778014295 >>> email: thulas...@wso2.com <sanj...@wso2.com> >>> >> >> >> >> -- >> >> Best Regards, >> >> Nuwandi Wickramasinghe >> >> Software Engineer >> >> WSO2 Inc. >> >> Web : http://wso2.com >> >> Mobile : 0719214873 >> > > > > -- > Thulasika > Associate Software Engineer > Mobile:0778014295 > email: thulas...@wso2.com <sanj...@wso2.com> > -- Best Regards, Nuwandi Wickramasinghe Software Engineer WSO2 Inc. Web : http://wso2.com Mobile : 0719214873
Index: identity-outbound-auth-duo/component/authenticator/src/main/java/org/wso2/carbon/identity/authenticator/duo/DuoAuthenticator.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- identity-outbound-auth-duo/component/authenticator/src/main/java/org/wso2/carbon/identity/authenticator/duo/DuoAuthenticator.java (date 1471955900000) +++ identity-outbound-auth-duo/component/authenticator/src/main/java/org/wso2/carbon/identity/authenticator/duo/DuoAuthenticator.java (revision ) @@ -19,6 +19,7 @@ package org.wso2.carbon.identity.authenticator.duo; +import org.apache.catalina.util.URLEncoder; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -120,18 +121,20 @@ authenticatorProperties.get(DuoAuthenticatorConstants.SECRET_KEY), integrationSecretKey, username); String enrollmentPage = ConfigurationFacade.getInstance().getAuthenticationEndpointURL() .replace(loginPage, DuoAuthenticatorConstants.DUO_PAGE); + + URLEncoder encoder = new URLEncoder(); String DuoUrl = enrollmentPage + "?" + FrameworkConstants.RequestParams.AUTHENTICATOR + - "=" + getName() + ":" + FrameworkConstants.LOCAL_IDP_NAME + "&" + + "=" + encoder.encode(getName() + ":" + FrameworkConstants.LOCAL_IDP_NAME) + "&" + FrameworkConstants.RequestParams.TYPE + "=" + DuoAuthenticatorConstants.RequestParams.DUO + "&" + DuoAuthenticatorConstants.RequestParams.SIG_REQUEST + "=" + - sig_request + "&" + FrameworkConstants.SESSION_DATA_KEY + "=" + + encoder.encode(sig_request) + "&" + FrameworkConstants.SESSION_DATA_KEY + "=" + context.getContextIdentifier() + "&" + DuoAuthenticatorConstants.RequestParams.DUO_HOST + "=" + - authenticatorProperties.get(DuoAuthenticatorConstants.HOST); + encoder.encode(authenticatorProperties.get(DuoAuthenticatorConstants.HOST)); try { //Redirect to Duo Authentication page - response.sendRedirect(response.encodeRedirectURL(DuoUrl)); + response.sendRedirect(DuoUrl); } catch (IOException e) { throw new AuthenticationFailedException( DuoAuthenticatorConstants.DuoErrors.ERROR_REDIRECTING, e); \ No newline at end of file
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev