Greeting,
Thanks for your answer.
Here is the fix i did based on your comment:
within the file SSOLoginProcessor.java i did this fix
String serviceUrlFromRequest = casMessageContext.getServiceURL();
URL url = null;
try {
url = new URL(serviceUrlFromRequest);
} catch (MalformedURLException e) {
e.printStackTrace();
}
String base = url.getProtocol() + "://" + url.getHost();
log.error(serviceUrlFromRequest);
log.error(base);
AuthenticationResult authnResult =
processResponseFromFrameworkLogin(casMessageContext, identityRequest);
String acsURL = CASSSOUtil.getAcsUrl(base,
casMessageContext.getRequest().getTenantDomain());
I deployed this and i did try with my application to login and i got the
correct url now but it's not able to process it, here is the log.
TID: [-1234] [] [2019-02-10 08:50:13,101] ERROR
{org.wso2.carbon.identity.sso.cas.processor.SSOLoginProcessor} -
https://test.kfupm.edu.sa/en/login/?next=/en/
TID: [-1234] [] [2019-02-10 08:50:13,103] ERROR
{org.wso2.carbon.identity.sso.cas.processor.SSOLoginProcessor} -
https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2ftest.kfupm.edu.sa&umid=1D3EF014-8183-E105-B82C-CEC3FC47E5C0&auth=ec34f7633709e8bd85e48c7fc0c92c09c079e558-a3cb3eea7c1e6afb757c20066ce8e75a24dc0ed3
TID: [-1234] [] [2019-02-10 08:50:13,103] ERROR
{org.wso2.carbon.identity.sso.cas.util.CASSSOUtil} -
https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2ftest.kfupm.edu.sa&umid=1D3EF014-8183-E105-B82C-CEC3FC47E5C0&auth=ec34f7633709e8bd85e48c7fc0c92c09c079e558-a3cb3eea7c1e6afb757c20066ce8e75a24dc0ed3
and the url of the site after login is this
"https://test.kfupm.edu.sa/en/?ticket=ST-4790bbcb218b4bf88e0a3b87dc824757-login-3.test.kfupm.edu.sa";
Now i believe that all of this process should happen while building the request
not at the response. On that note when i click on "login" in my application and
i get the SSO login page i should see in the url
sp=test.kfupm.edu.sa not sp=default.
I am not sure if you see the limitation here but i will explain it once more.
my application is accessible without login in but when you reach to some pages
within the application they require login so they get redirected with a query
parameter called "next"
which hold where to go back to after the authentication, which makes the issue
i can't rely on a static URL and it has to match it. it should be more than
enough to match the service url
that is defined in the SP which is the base of URL of this application aka
"https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2ftest.kfupm.edu.sa&umid=1D3EF014-8183-E105-B82C-CEC3FC47E5C0&auth=ec34f7633709e8bd85e48c7fc0c92c09c079e558-a3cb3eea7c1e6afb757c20066ce8e75a24dc0ed3
Kindly Let me know if there is any way you can guide me to fix this.
Best Regards.
Mohammed Y. Alnajdi.
Software Developer.
ICTC - Solution Delivery Team.
________________________________
From: Kanapriya Kuleswararajan <[email protected]>
Sent: Friday, February 8, 2019 2:14 PM
To: Shakila Sasikaran
Cc: WSO2 Developers' List; Mohammed Yousef M. Alnajdi; [email protected]
Subject: Re: [Dev] Fwd: Wso2 Identity Server: identity-inbound-auth-cas
تحذير: هذه الرسالة مرسلة من خارج الجامعة. لا تفتح أي مرفق أو رابط ما لم تكن
متأكداً من أنه آمن
Warning: This mail has been sent from outside KFUPM. Do not open links or
attachments unless you are sure they are safe.
____________________________________________________________
Hi Mohammed Yousef,
Actually, CAS service URL is the identifier of the application that the client
is trying to access. In almost all cases, this will be the URL of the
application (https://[server-address]/cas-client-webapp/) and the
server-address should always point to the location where this sample
application (cas-client-webapp) is deployed.
If I understood you correctly, you are setting Service Url:
https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2ftest.kfupm.edu.sa&umid=1D3EF014-8183-E105-B82C-CEC3FC47E5C0&auth=ec34f7633709e8bd85e48c7fc0c92c09c079e558-a3cb3eea7c1e6afb757c20066ce8e75a24dc0ed3
in the service provider configuration and trying to access that service using
some other URL say https://test.kfupm.edu.sa/en/?next=/details and you end up
with 500 internal server error.
If that so, the reason for this error is, When we processing the login response
we are getting the serviceUrlFromRequest [1]
(ie,https://test.kfupm.edu.sa/en/?next=/details) and with this URL, the service
provider details get retrieved [2]. Since you are not registering the service
provider with the service URL: https://test.kfupm.edu.sa/en/?next=/details it
returns the default service provider configurations. That causes an issue here.
As a workaround, you may extend the source code [3] and you may pass the exact
base URL of the service instead of getting the service URL from the request
then hopefully, it will give the exact service provider configurations.
[1]
https://github.com/wso2-extensions/identity-inbound-auth-cas/blob/master/components/cas-inbound-authenticator/src/main/java/org/wso2/carbon/identity/sso/cas/processor/SSOLoginProcessor.java#L77
[2]
https://github.com/wso2-extensions/identity-inbound-auth-cas/blob/master/components/cas-inbound-authenticator/src/main/java/org/wso2/carbon/identity/sso/cas/util/CASSSOUtil.java#L120
[3] https://github.com/wso2-extensions/identity-inbound-auth-cas
Thanks,
Kanapriya Kuleswararajan
Software Engineer
Mobile : - 0774894438
Mail: - [email protected]<mailto:[email protected]>
LinkedIn : - https://www.linkedin.com/in/kanapriya-kules-94712685/
WSO2, Inc.
lean. enterprise. middleware
On Wed, Feb 6, 2019 at 3:47 PM Shakila Sasikaran
<[email protected]<mailto:[email protected]>> wrote:
[Forwarding to dev]
---------- Forwarded message ---------
From: Mohammed Yousef M. Alnajdi
<[email protected]<mailto:[email protected]>>
Date: Tue, Feb 5, 2019 at 3:31 PM
Subject: Wso2 Identity Server: identity-inbound-auth-cas
To: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>>
Cc: [email protected]<mailto:[email protected]>
<[email protected]<mailto:[email protected]>>
Greeting Team,
I would like to express that i am really grateful to the work you guys put for
the open source community.
I have 1 small comment/issue regarding the "identity-inbound-auth-cas" i will
try to describe my issue and how i want to solve it.
* I configured a new service provider with the name
test.kfupm.edu.sa<https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=http%3a%2f%2ftest.kfupm.edu.sa&umid=1D3EF014-8183-E105-B82C-CEC3FC47E5C0&auth=ec34f7633709e8bd85e48c7fc0c92c09c079e558-9a564a00a3b46eed0ceee94d53c16e486982cca5>
* I configured the CAS URL as
https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2ftest.kfupm.edu.sa&umid=1D3EF014-8183-E105-B82C-CEC3FC47E5C0&auth=ec34f7633709e8bd85e48c7fc0c92c09c079e558-a3cb3eea7c1e6afb757c20066ce8e75a24dc0ed3<https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2ftest.kfupm.edu.sa&umid=1D3EF014-8183-E105-B82C-CEC3FC47E5C0&auth=ec34f7633709e8bd85e48c7fc0c92c09c079e558-a3cb3eea7c1e6afb757c20066ce8e75a24dc0ed3>
* If i go now to
https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2ftest.kfupm.edu.sa&umid=1D3EF014-8183-E105-B82C-CEC3FC47E5C0&auth=ec34f7633709e8bd85e48c7fc0c92c09c079e558-a3cb3eea7c1e6afb757c20066ce8e75a24dc0ed3<https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2ftest.kfupm.edu.sa&umid=1D3EF014-8183-E105-B82C-CEC3FC47E5C0&auth=ec34f7633709e8bd85e48c7fc0c92c09c079e558-a3cb3eea7c1e6afb757c20066ce8e75a24dc0ed3>
everything works fine and i can see in the url i am getting the
sp=test.kfupm.edu.sa<https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=http%3a%2f%2ftest.kfupm.edu.sa&umid=1D3EF014-8183-E105-B82C-CEC3FC47E5C0&auth=ec34f7633709e8bd85e48c7fc0c92c09c079e558-9a564a00a3b46eed0ceee94d53c16e486982cca5>
but when i try to have anything like this
https://test.kfupm.edu.sa/en/?next=/details the cas configuration won't work
and i would get the sp=default.
So the issue is i can only have 1 url for cas i want it accept and check for
the base url which is
https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2ftest.kfupm.edu.sa&umid=1D3EF014-8183-E105-B82C-CEC3FC47E5C0&auth=ec34f7633709e8bd85e48c7fc0c92c09c079e558-a3cb3eea7c1e6afb757c20066ce8e75a24dc0ed3<https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2ftest.kfupm.edu.sa&umid=1D3EF014-8183-E105-B82C-CEC3FC47E5C0&auth=ec34f7633709e8bd85e48c7fc0c92c09c079e558-a3cb3eea7c1e6afb757c20066ce8e75a24dc0ed3>
which should be
enough for CAS to find out which SP it is.
https://stackoverflow.com/questions/54396657/how-to-extend-wso2-identity-inbound-auth-cas-to-accept-a-wildcard-url
Thanks a lot
Best Regards.
Mohammed Y. Alnajdi.
Software Developer.
ICTC - Solution Delivery Team.
_______________________________________________
Dev mailing list
[email protected]<mailto:[email protected]>
http://wso2.org/cgi-bin/mailman/listinfo/dev
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
