Hi Thulasika,
I could successfully load the iframe by getting rid of *HttpServletResponse*
.*encodeRedirectURL() *method at [1]. Since the *DuoUrl *contain some data
with special characters, you need to URL encode them in order to get this
working. I have attached the patch file with the code changes I did to get
it working.
However, I could not figure out why *HttpServletResponse*.*encodeRedirectURL()
*causes issues only in 5.3.0. There's no javax.servlet api version change
between 5.2.0 and 5.3.0 AFAIS.
[1]
https://github.com/wso2-extensions/identity-outbound-auth-duo/blob/org.wso2.carbon.extension.identity.authenticator.duo-1.0.1/component/authenticator/src/main/java/org/wso2/carbon/identity/authenticator/duo/DuoAuthenticator.java#L134
On Wed, Jan 18, 2017 at 10:09 PM, Thulasika Vijayanathan <thulas...@wso2.com
> wrote:
> Hi Nuwandi,
>
> Yes, I use the same values.
>
> Thanks.
>
> On Wed, Jan 18, 2017 at 9:59 PM, Nuwandi Wickramasinghe <nuwan...@wso2.com
> > wrote:
>
>> Hi Thulasika,
>>
>> Are you using same duo API configuration values (i.e Secret Key,
>> Integration Key, Admin Secret Key, Admin Integration key ) in both 5.2.0
>> and 5.3.0?
>>
>> thanks
>> Nuwandi
>>
>> On Tue, Jan 17, 2017 at 2:24 PM, Thulasika Vijayanathan <
>> thulas...@wso2.com> wrote:
>>
>>> Hi,
>>>
>>> I am verifying the authenticators with IS 5.3.0. When I test Duo
>>> security authenticator with IS 5.3.0, I got the blank page, but it works
>>> with IS 5.2.0. It seems redirect URL and signature are correct, because If
>>> we give the wrong signature, the page will display as Access denied, Duo
>>> Provisioning connector works fine with both IS 5.2.0 and 5.3.0.
>>>
>>> Redirect URL in IS 5.3.0
>>> https://localhost:9443/duoauthenticationendpoint/duoAuth.jsp
>>> ?authenticator=DuoAuthenticator:LOCAL&type=duo&signreq=TX|
>>> YWRtaW58REkySjlaVk40NEM4UlZRQzdTUkJ8MTQ4NDY0MDUwMg==|f4345a7
>>> f517828d259b235703310c09b594b736c:APP|YWRtaW58REkySjlaVk40NE
>>> M4UlZRQzdTUkJ8MTQ4NDY0MzgwMg==|f65d989f837105e4a4d77167911f5
>>> abf09b7095c&sessionDataKey=bd19a4d8-f08e-4322-b0a8-cbbb31a14
>>> 4a7&duoHost=api-xxxxxxxx.duosecurity.com
>>>
>>> [image: Inline image 3]
>>>
>>> Redirect URL in IS 5.2.0
>>> https://localhost:9443/duoauthenticationendpoint/duoAuth.jsp
>>> ?authenticator=DuoAuthenticator:LOCAL&type=duo&signreq=TX|
>>> YWRtaW58REkySjlaVk40NEM4UlZRQzdTUkJ8MTQ4NDY0MDcxMQ==|969c487
>>> f980bfb10e7a45a4b43d06543a78b9500:APP|YWRtaW58REkySjlaVk40NE
>>> M4UlZRQzdTUkJ8MTQ4NDY0NDAxMQ==|bb3be42f90aa3cfc38a5f42600fa4
>>> a9ed8776421&sessionDataKey=04c82f8e-ce66-454b-9cbf-a67140410
>>> 9d7&duoHost=api-xxxxxxxx.duosecurity.com
>>>
>>> [image: Inline image 2]
>>> Can you please suggest what could be the reason?
>>>
>>>
>>> Thanks,
>>> Thulasika.
>>>
>>> --
>>> Thulasika
>>> Associate Software Engineer
>>> Mobile:0778014295
>>> email: thulas...@wso2.com <sanj...@wso2.com>
>>>
>>
>>
>>
>> --
>>
>> Best Regards,
>>
>> Nuwandi Wickramasinghe
>>
>> Software Engineer
>>
>> WSO2 Inc.
>>
>> Web : http://wso2.com
>>
>> Mobile : 0719214873
>>
>
>
>
> --
> Thulasika
> Associate Software Engineer
> Mobile:0778014295
> email: thulas...@wso2.com <sanj...@wso2.com>
>
--
Best Regards,
Nuwandi Wickramasinghe
Software Engineer
WSO2 Inc.
Web : http://wso2.com
Mobile : 0719214873
Index: identity-outbound-auth-duo/component/authenticator/src/main/java/org/wso2/carbon/identity/authenticator/duo/DuoAuthenticator.java
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- identity-outbound-auth-duo/component/authenticator/src/main/java/org/wso2/carbon/identity/authenticator/duo/DuoAuthenticator.java (date 1471955900000)
+++ identity-outbound-auth-duo/component/authenticator/src/main/java/org/wso2/carbon/identity/authenticator/duo/DuoAuthenticator.java (revision )
@@ -19,6 +19,7 @@
package org.wso2.carbon.identity.authenticator.duo;
+import org.apache.catalina.util.URLEncoder;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -120,18 +121,20 @@
authenticatorProperties.get(DuoAuthenticatorConstants.SECRET_KEY), integrationSecretKey, username);
String enrollmentPage = ConfigurationFacade.getInstance().getAuthenticationEndpointURL()
.replace(loginPage, DuoAuthenticatorConstants.DUO_PAGE);
+
+ URLEncoder encoder = new URLEncoder();
String DuoUrl = enrollmentPage + "?" + FrameworkConstants.RequestParams.AUTHENTICATOR +
- "=" + getName() + ":" + FrameworkConstants.LOCAL_IDP_NAME + "&" +
+ "=" + encoder.encode(getName() + ":" + FrameworkConstants.LOCAL_IDP_NAME) + "&" +
FrameworkConstants.RequestParams.TYPE + "=" +
DuoAuthenticatorConstants.RequestParams.DUO + "&" +
DuoAuthenticatorConstants.RequestParams.SIG_REQUEST + "=" +
- sig_request + "&" + FrameworkConstants.SESSION_DATA_KEY + "=" +
+ encoder.encode(sig_request) + "&" + FrameworkConstants.SESSION_DATA_KEY + "=" +
context.getContextIdentifier() + "&" +
DuoAuthenticatorConstants.RequestParams.DUO_HOST + "=" +
- authenticatorProperties.get(DuoAuthenticatorConstants.HOST);
+ encoder.encode(authenticatorProperties.get(DuoAuthenticatorConstants.HOST));
try {
//Redirect to Duo Authentication page
- response.sendRedirect(response.encodeRedirectURL(DuoUrl));
+ response.sendRedirect(DuoUrl);
} catch (IOException e) {
throw new AuthenticationFailedException(
DuoAuthenticatorConstants.DuoErrors.ERROR_REDIRECTING, e);
\ No newline at end of file
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
