From ff6d068ddd9b5245be9243e500ec6d9750755519 Mon Sep 17 00:00:00 2001 From: Aldo Mihasi Date: Wed, 25 May 2022 10:30:59 +0300 Subject: [PATCH] sign artifact resolve-code + post binding --- .../eudat/controllers/Saml2PostBinding.java | 52 +++++++ .../saml2/Saml2ConfigurableProvider.java | 54 +++++++- .../saml2/Saml2ConfigurableProviderModel.java | 16 +-- .../ConfigurableProviderTokenValidator.java | 2 +- .../configurableProvider/Saml2SSOUtils.java | 129 +++++++++++++----- .../saml2ConfigurableProvider.ts | 1 + .../app/core/services/auth/auth.service.ts | 19 +++ .../app/core/services/saml-login.service.ts | 5 +- .../configurable-login.component.ts | 2 +- .../saml-login-response.component.ts | 7 +- 10 files changed, 233 insertions(+), 54 deletions(-) create mode 100644 dmp-backend/web/src/main/java/eu/eudat/controllers/Saml2PostBinding.java diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/Saml2PostBinding.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/Saml2PostBinding.java new file mode 100644 index 000000000..061617e0c --- /dev/null +++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/Saml2PostBinding.java @@ -0,0 +1,52 @@ +package eu.eudat.controllers; + +import eu.eudat.logic.security.CustomAuthenticationProvider; +import eu.eudat.logic.security.validators.TokenValidatorFactoryImpl; +import eu.eudat.logic.services.ApiContext; +import eu.eudat.models.data.login.LoginInfo; +import eu.eudat.models.data.principal.PrincipalModel; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.HttpHeaders; +import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; +import org.springframework.web.bind.annotation.*; + +import java.security.GeneralSecurityException; +import java.util.Arrays; +import java.util.HashMap; +import java.util.Map; +import java.util.stream.Collectors; + +@RestController +@CrossOrigin +@RequestMapping(value = {"/api/auth/saml2"}) +public class Saml2PostBinding extends BaseController { + + private CustomAuthenticationProvider customAuthenticationProvider; + + @Autowired + public Saml2PostBinding(ApiContext apiContext, CustomAuthenticationProvider customAuthenticationProvider) { + super(apiContext); + this.customAuthenticationProvider = customAuthenticationProvider; + } + + @RequestMapping(method = RequestMethod.POST, value = {"/postBinding"}, consumes = "application/x-www-form-urlencoded") + public @ResponseBody + ResponseEntity verify(@RequestParam(value = "SAMLResponse") String SAMLResponse, @RequestParam(value = "RelayState") String RelayState) throws GeneralSecurityException { + + Map map = Arrays.stream(RelayState.split("&")).map(s -> s.split("=")).collect(Collectors.toMap(e -> e[0], e -> e[1])); + + LoginInfo loginInfo = new LoginInfo(); + loginInfo.setTicket(SAMLResponse); + loginInfo.setProvider(TokenValidatorFactoryImpl.LoginProvider.CONFIGURABLE.getValue()); + Map providerId = new HashMap<>(); + providerId.put("configurableLoginId", map.get("configurableLoginId")); + loginInfo.setData(providerId); + + PrincipalModel principal = this.customAuthenticationProvider.authenticate(loginInfo); + + return ResponseEntity.status(HttpStatus.FOUND).header(HttpHeaders.LOCATION, "http://localhost:4200/login/external/saml?token=" + principal.getToken().toString()).build(); + + } + +} diff --git a/dmp-backend/web/src/main/java/eu/eudat/logic/security/customproviders/ConfigurableProvider/entities/saml2/Saml2ConfigurableProvider.java b/dmp-backend/web/src/main/java/eu/eudat/logic/security/customproviders/ConfigurableProvider/entities/saml2/Saml2ConfigurableProvider.java index 3a616b1c0..ed3ddfbf7 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/logic/security/customproviders/ConfigurableProvider/entities/saml2/Saml2ConfigurableProvider.java +++ b/dmp-backend/web/src/main/java/eu/eudat/logic/security/customproviders/ConfigurableProvider/entities/saml2/Saml2ConfigurableProvider.java @@ -80,11 +80,16 @@ public class Saml2ConfigurableProvider extends ConfigurableProvider { private String keyPassword; private boolean responseSigned; private boolean assertionSigned; + private boolean signatureRequired; + private String signatureKeyAlias; + private String signaturePath; + private String signatureKeyStorePassword; + private String signatureKeyPassword; private SAML2UsingFormat usingFormat; private Map attributeTypes; private Map configurableUserFromAttributes; private String binding; - //private String assertionConsumerServiceUrl; + private String assertionConsumerServiceUrl; public String getSpEntityId() { return spEntityId; @@ -177,6 +182,41 @@ public class Saml2ConfigurableProvider extends ConfigurableProvider { this.assertionSigned = assertionSigned; } + public boolean isSignatureRequired() { + return signatureRequired; + } + public void setSignatureRequired(boolean signatureRequired) { + this.signatureRequired = signatureRequired; + } + + public String getSignatureKeyAlias() { + return signatureKeyAlias; + } + public void setSignatureKeyAlias(String signatureKeyAlias) { + this.signatureKeyAlias = signatureKeyAlias; + } + + public String getSignaturePath() { + return signaturePath; + } + public void setSignaturePath(String signaturePath) { + this.signaturePath = signaturePath; + } + + public String getSignatureKeyStorePassword() { + return signatureKeyStorePassword; + } + public void setSignatureKeyStorePassword(String signatureKeyStorePassword) { + this.signatureKeyStorePassword = signatureKeyStorePassword; + } + + public String getSignatureKeyPassword() { + return signatureKeyPassword; + } + public void setSignatureKeyPassword(String signatureKeyPassword) { + this.signatureKeyPassword = signatureKeyPassword; + } + public SAML2UsingFormat getUsingFormat() { return usingFormat; } @@ -205,11 +245,11 @@ public class Saml2ConfigurableProvider extends ConfigurableProvider { this.binding = binding; } -// public String getAssertionConsumerServiceUrl() { -// return assertionConsumerServiceUrl; -// } -// public void setAssertionConsumerServiceUrl(String assertionConsumerServiceUrl) { -// this.assertionConsumerServiceUrl = assertionConsumerServiceUrl; -// } + public String getAssertionConsumerServiceUrl() { + return assertionConsumerServiceUrl; + } + public void setAssertionConsumerServiceUrl(String assertionConsumerServiceUrl) { + this.assertionConsumerServiceUrl = assertionConsumerServiceUrl; + } } diff --git a/dmp-backend/web/src/main/java/eu/eudat/logic/security/customproviders/ConfigurableProvider/models/saml2/Saml2ConfigurableProviderModel.java b/dmp-backend/web/src/main/java/eu/eudat/logic/security/customproviders/ConfigurableProvider/models/saml2/Saml2ConfigurableProviderModel.java index d4a1e606b..5ee488177 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/logic/security/customproviders/ConfigurableProvider/models/saml2/Saml2ConfigurableProviderModel.java +++ b/dmp-backend/web/src/main/java/eu/eudat/logic/security/customproviders/ConfigurableProvider/models/saml2/Saml2ConfigurableProviderModel.java @@ -9,7 +9,7 @@ public class Saml2ConfigurableProviderModel extends ConfigurableProviderModel { private String spEntityId; private String idpUrl; private String binding; - //private String assertionConsumerServiceUrl; + private String assertionConsumerServiceUrl; public String getSpEntityId() { return spEntityId; @@ -32,12 +32,12 @@ public class Saml2ConfigurableProviderModel extends ConfigurableProviderModel { this.binding = binding; } -// public String getAssertionConsumerServiceUrl() { -// return assertionConsumerServiceUrl; -// } -// public void setAssertionConsumerServiceUrl(String assertionConsumerServiceUrl) { -// this.assertionConsumerServiceUrl = assertionConsumerServiceUrl; -// } + public String getAssertionConsumerServiceUrl() { + return assertionConsumerServiceUrl; + } + public void setAssertionConsumerServiceUrl(String assertionConsumerServiceUrl) { + this.assertionConsumerServiceUrl = assertionConsumerServiceUrl; + } @Override public Saml2ConfigurableProviderModel fromDataModel(ConfigurableProvider entity) { @@ -49,7 +49,7 @@ public class Saml2ConfigurableProviderModel extends ConfigurableProviderModel { model.setSpEntityId(((Saml2ConfigurableProvider)entity).getSpEntityId()); model.setIdpUrl(((Saml2ConfigurableProvider)entity).getIdpUrl()); model.setBinding(((Saml2ConfigurableProvider)entity).getBinding()); - //model.setAssertionConsumerServiceUrl(((Saml2ConfigurableProvider)entity).getAssertionConsumerServiceUrl()); + model.setAssertionConsumerServiceUrl(((Saml2ConfigurableProvider)entity).getAssertionConsumerServiceUrl()); return model; } diff --git a/dmp-backend/web/src/main/java/eu/eudat/logic/security/validators/configurableProvider/ConfigurableProviderTokenValidator.java b/dmp-backend/web/src/main/java/eu/eudat/logic/security/validators/configurableProvider/ConfigurableProviderTokenValidator.java index 3b6ad2ae3..b951aeb31 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/logic/security/validators/configurableProvider/ConfigurableProviderTokenValidator.java +++ b/dmp-backend/web/src/main/java/eu/eudat/logic/security/validators/configurableProvider/ConfigurableProviderTokenValidator.java @@ -67,7 +67,7 @@ public class ConfigurableProviderTokenValidator implements TokenValidator { Assertion saml2Assertion = null; try { Saml2ConfigurableProvider saml2Provider = (Saml2ConfigurableProvider)configurableProvider; - if(saml2Provider.getBinding().equals("Redirect")) + if(saml2Provider.getBinding().equals("Redirect") || saml2Provider.getBinding().equals("Post")) saml2Assertion = Saml2SSOUtils.processResponse(credentials.getTicket(), saml2Provider); else if(saml2Provider.getBinding().equals("Artifact")) saml2Assertion = Saml2SSOUtils.processArtifactResponse(credentials.getTicket(), saml2Provider); diff --git a/dmp-backend/web/src/main/java/eu/eudat/logic/security/validators/configurableProvider/Saml2SSOUtils.java b/dmp-backend/web/src/main/java/eu/eudat/logic/security/validators/configurableProvider/Saml2SSOUtils.java index 3f95f4505..b6f413dc6 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/logic/security/validators/configurableProvider/Saml2SSOUtils.java +++ b/dmp-backend/web/src/main/java/eu/eudat/logic/security/validators/configurableProvider/Saml2SSOUtils.java @@ -20,17 +20,18 @@ import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClientBuilder; import org.apache.http.impl.client.HttpClients; import org.apache.http.ssl.SSLContextBuilder; +import org.apache.xml.security.c14n.Canonicalizer; +import org.apache.xml.security.signature.XMLSignature; import org.opensaml.core.config.ConfigurationService; import org.opensaml.core.config.InitializationException; import org.opensaml.core.config.InitializationService; import org.opensaml.core.criterion.EntityIdCriterion; import org.opensaml.core.xml.XMLObject; -import org.opensaml.core.xml.XMLObjectBuilderFactory; +import org.opensaml.core.xml.XMLObjectBuilder; import org.opensaml.core.xml.config.XMLObjectProviderRegistry; import org.opensaml.core.xml.io.*; import org.opensaml.core.xml.schema.*; import org.opensaml.saml.common.SAMLObject; -import org.opensaml.saml.common.SAMLObjectBuilder; import org.opensaml.saml.common.SAMLVersion; import org.opensaml.saml.common.xml.SAMLConstants; import org.opensaml.saml.criterion.EntityRoleCriterion; @@ -47,7 +48,7 @@ import org.opensaml.security.credential.UsageType; import org.opensaml.security.criteria.UsageCriterion; import org.opensaml.security.x509.BasicX509Credential; import org.opensaml.security.x509.X509Credential; -import org.opensaml.soap.common.SOAPObjectBuilder; +import org.opensaml.security.x509.impl.KeyStoreX509CredentialAdapter; import org.opensaml.soap.soap11.Body; import org.opensaml.soap.soap11.Envelope; import org.opensaml.xml.util.Base64; @@ -55,7 +56,11 @@ import org.opensaml.xmlsec.config.impl.DefaultSecurityConfigurationBootstrap; import org.opensaml.xmlsec.encryption.EncryptedKey; import org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver; import org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver; +import org.opensaml.xmlsec.signature.KeyInfo; +import org.opensaml.xmlsec.signature.Signature; +import org.opensaml.xmlsec.signature.X509Data; import org.opensaml.xmlsec.signature.support.SignatureValidator; +import org.opensaml.xmlsec.signature.support.Signer; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.w3c.dom.Document; @@ -67,6 +72,7 @@ import org.w3c.dom.ls.LSSerializer; import org.xml.sax.SAXException; import javax.crypto.SecretKey; +import javax.xml.namespace.QName; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; @@ -78,6 +84,7 @@ import java.io.*; import java.net.UnknownHostException; import java.nio.charset.StandardCharsets; import java.security.*; +import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import java.time.Instant; import java.util.*; @@ -144,6 +151,17 @@ public class Saml2SSOUtils { } } + private static XMLObject buildXMLObject(QName objectQName) throws Exception { + + doBootstrap(); + XMLObjectBuilder builder = registry.getBuilderFactory().getBuilder(objectQName); + if (builder == null) { + throw new Exception("Unable to retrieve builder for object QName " + objectQName); + } + return builder.buildObject(objectQName.getNamespaceURI(), objectQName.getLocalPart(), objectQName.getPrefix()); + + } + public static String getAttributeName(Attribute attribute, Saml2ConfigurableProvider.SAML2UsingFormat usingFormat){ String friendlyName = attribute.getFriendlyName(); String name = attribute.getName(); @@ -231,7 +249,7 @@ public class Saml2SSOUtils { doBootstrap(); if (artifactString != null){ - ArtifactResolve artifactResolve = generateArtifactResolveReq(artifactString, saml2Provider.getSpEntityId()); + ArtifactResolve artifactResolve = generateArtifactResolveReq(artifactString, saml2Provider); ArtifactResponse artifactResponse = sendArtifactResolveRequest(artifactResolve, saml2Provider.getIdpArtifactUrl()); Response saml2Response = (Response)artifactResponse.getMessage(); return processSSOResponse(saml2Response, saml2Provider); @@ -242,34 +260,27 @@ public class Saml2SSOUtils { } - private static ArtifactResolve generateArtifactResolveReq(String samlArtReceived, String spEntityId) { + private static ArtifactResolve generateArtifactResolveReq(String samlArtReceived, Saml2ConfigurableProvider saml2Provider) throws Exception { - ArtifactResolve artifactResolve = createArtifactResolveObject(samlArtReceived, spEntityId); -// if (config.isEnableArtifactResolveSigning()) { -// artifactResolve = signArtifactResolveReq(artifactResolve); -// } + ArtifactResolve artifactResolve = createArtifactResolveObject(samlArtReceived, saml2Provider.getSpEntityId()); + if (saml2Provider.isSignatureRequired()) { + signArtifactResolveReq(artifactResolve, saml2Provider); + } return artifactResolve; } - private static ArtifactResolve createArtifactResolveObject(String samlArtReceived, String spEntityId) { + private static ArtifactResolve createArtifactResolveObject(String samlArtReceived, String spEntityId) throws Exception { - XMLObjectBuilderFactory builderFactory = registry.getBuilderFactory(); - - SAMLObjectBuilder artifactResolveBuilder = - (SAMLObjectBuilder) builderFactory.getBuilder(ArtifactResolve.DEFAULT_ELEMENT_NAME); - ArtifactResolve artifactResolve = artifactResolveBuilder.buildObject(); + ArtifactResolve artifactResolve = (ArtifactResolve)buildXMLObject(ArtifactResolve.DEFAULT_ELEMENT_NAME); artifactResolve.setVersion(SAMLVersion.VERSION_20); artifactResolve.setID(UUID.randomUUID().toString()); artifactResolve.setIssueInstant(Instant.now()); - SAMLObjectBuilder artifactBuilder = - (SAMLObjectBuilder) builderFactory.getBuilder(Artifact.DEFAULT_ELEMENT_NAME); - Artifact artifact = artifactBuilder.buildObject(); + Artifact artifact = (Artifact)buildXMLObject(Artifact.DEFAULT_ELEMENT_NAME); artifact.setValue(samlArtReceived); - SAMLObjectBuilder issuerBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(Issuer.DEFAULT_ELEMENT_NAME); - Issuer issuer = issuerBuilder.buildObject(); + Issuer issuer = (Issuer)buildXMLObject(Issuer.DEFAULT_ELEMENT_NAME); issuer.setValue(spEntityId); artifactResolve.setIssuer(issuer); @@ -279,6 +290,57 @@ public class Saml2SSOUtils { } + private static void signArtifactResolveReq(ArtifactResolve artifactResolve, Saml2ConfigurableProvider saml2Provider) throws Exception { + + try { + KeyStore ks = KeyStore.getInstance("JKS"); + String archivePassword = saml2Provider.getSignatureKeyStorePassword(); + char[] pwdArray = (archivePassword != null) ? archivePassword.toCharArray() : "changeit".toCharArray(); + ks.load(new FileInputStream(saml2Provider.getSignaturePath()), pwdArray); + X509Credential cred = new KeyStoreX509CredentialAdapter(ks, saml2Provider.getSignatureKeyAlias(), saml2Provider.getSignatureKeyPassword().toCharArray()); + Signature signature = setSignatureRaw(XMLSignature.ALGO_ID_SIGNATURE_RSA, cred); + artifactResolve.setSignature(signature); + + List signatureList = new ArrayList<>(); + signatureList.add(signature); + + MarshallerFactory marshallerFactory = registry.getMarshallerFactory(); + Marshaller marshaller = marshallerFactory.getMarshaller(artifactResolve); + + marshaller.marshall(artifactResolve); + + org.apache.xml.security.Init.init(); + Signer.signObjects(signatureList); + } catch (Exception e) { + throw new Exception("Error while signing the SAML Request message", e); + } + } + + private static Signature setSignatureRaw(String signatureAlgorithm, X509Credential cred) throws Exception { + + Signature signature = (Signature)buildXMLObject(Signature.DEFAULT_ELEMENT_NAME); + signature.setSigningCredential(cred); + signature.setSignatureAlgorithm(signatureAlgorithm); + signature.setCanonicalizationAlgorithm(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); + + try { + KeyInfo keyInfo = (KeyInfo)buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME); + X509Data data = (X509Data)buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME); + org.opensaml.xmlsec.signature.X509Certificate cert = + (org.opensaml.xmlsec.signature.X509Certificate) buildXMLObject( + org.opensaml.xmlsec.signature.X509Certificate.DEFAULT_ELEMENT_NAME); + String value = org.apache.commons.codec.binary.Base64.encodeBase64String(cred.getEntityCertificate().getEncoded()); + cert.setValue(value); + data.getX509Certificates().add(cert); + keyInfo.getX509Datas().add(data); + signature.setKeyInfo(keyInfo); + return signature; + + } catch (CertificateEncodingException e) { + throw new Exception("Error getting certificate", e); + } + } + private static ArtifactResponse sendArtifactResolveRequest(ArtifactResolve artifactResolve, String idpArtifactUrl) throws Exception { Envelope envelope = buildSOAPMessage(artifactResolve); @@ -297,17 +359,10 @@ public class Saml2SSOUtils { } - private static Envelope buildSOAPMessage(SAMLObject samlMessage) { + private static Envelope buildSOAPMessage(SAMLObject samlMessage) throws Exception { - XMLObjectBuilderFactory builderFactory = registry.getBuilderFactory(); - - SOAPObjectBuilder envBuilder = (SOAPObjectBuilder) builderFactory.getBuilder( - Envelope.DEFAULT_ELEMENT_NAME); - Envelope envelope = envBuilder.buildObject(); - - SOAPObjectBuilder bodyBuilder = (SOAPObjectBuilder) builderFactory.getBuilder( - Body.DEFAULT_ELEMENT_NAME); - Body body = bodyBuilder.buildObject(); + Envelope envelope = (Envelope)buildXMLObject(Envelope.DEFAULT_ELEMENT_NAME); + Body body = (Body)buildXMLObject(Body.DEFAULT_ELEMENT_NAME); body.getUnknownXMLObjects().add(samlMessage); envelope.setBody(body); return envelope; @@ -459,10 +514,16 @@ public class Saml2SSOUtils { doBootstrap(); if (saml2SSOResponse != null) { byte[] decodedResponse = Base64.decode(saml2SSOResponse); - ByteArrayInputStream bytesIn = new ByteArrayInputStream(decodedResponse); - InflaterInputStream inflater = new InflaterInputStream(bytesIn, new Inflater(true)); - String response = new BufferedReader(new InputStreamReader(inflater, StandardCharsets.UTF_8)) - .lines().collect(Collectors.joining("\n")); + String response; + if(!saml2Provider.getBinding().equals("Post")){ + ByteArrayInputStream bytesIn = new ByteArrayInputStream(decodedResponse); + InflaterInputStream inflater = new InflaterInputStream(bytesIn, new Inflater(true)); + response = new BufferedReader(new InputStreamReader(inflater, StandardCharsets.UTF_8)) + .lines().collect(Collectors.joining("\n")); + } + else{ + response = new String(decodedResponse); + } Response saml2Response = (Response) Saml2SSOUtils.unmarshall(response); return processSSOResponse(saml2Response, saml2Provider); diff --git a/dmp-frontend/src/app/core/model/configurable-provider/saml2ConfigurableProvider.ts b/dmp-frontend/src/app/core/model/configurable-provider/saml2ConfigurableProvider.ts index 72d7e5f1c..997e62466 100644 --- a/dmp-frontend/src/app/core/model/configurable-provider/saml2ConfigurableProvider.ts +++ b/dmp-frontend/src/app/core/model/configurable-provider/saml2ConfigurableProvider.ts @@ -4,4 +4,5 @@ export class Saml2ConfigurableProvider extends ConfigurableProvider{ spEntityId: string; idpUrl: string; binding: string; + assertionConsumerServiceUrl: string; } \ No newline at end of file diff --git a/dmp-frontend/src/app/core/services/auth/auth.service.ts b/dmp-frontend/src/app/core/services/auth/auth.service.ts index e3fb7875e..b921df883 100644 --- a/dmp-frontend/src/app/core/services/auth/auth.service.ts +++ b/dmp-frontend/src/app/core/services/auth/auth.service.ts @@ -181,4 +181,23 @@ export class AuthService extends BaseService { }) ); } + + public getUserFromToken(token: string): Observable { + this.actionUrl = this.configurationService.server + 'auth/'; + const url = this.actionUrl + 'me'; + let headers = this.headers; + headers = headers.set('AuthToken', token); + return this.http.post(url, null, { headers: headers }).pipe( + map((res: any) => { + const princ = this.current(res.payload); + princ.expiresAt = new Date(princ.expiresAt); + return princ; + }), + catchError((error: any) => { + this.clear(); + const princ = this.current(); + this.router.navigate(['/login']); + return observableOf(princ); + })); + } } diff --git a/dmp-frontend/src/app/core/services/saml-login.service.ts b/dmp-frontend/src/app/core/services/saml-login.service.ts index 0664780fc..b0802de76 100644 --- a/dmp-frontend/src/app/core/services/saml-login.service.ts +++ b/dmp-frontend/src/app/core/services/saml-login.service.ts @@ -24,17 +24,18 @@ export class SamlLoginService { return routeParams.has('spId') ? routeParams.get('spId') : ''; } - getSamlLoginUrl(spEntityID: string, idpUrl: string, binding: string, configurableLoginId: string) { + getSamlLoginUrl(spEntityID: string, idpUrl: string, binding: string, assertionConsumerServiceUrl: string, configurableLoginId: string) { const now = new Date(); let protocolBinding = ''; switch (binding) { case "Redirect": protocolBinding = 'ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" '; break; case "Artifact": protocolBinding = 'ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" '; break; - case "Post": protocolBinding = 'ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post" '; break; + case "Post": protocolBinding = 'ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" '; break; } const authenticationRequest = '' + '' + spEntityID + '' + ''; diff --git a/dmp-frontend/src/app/ui/auth/login/configurable-login/configurable-login.component.ts b/dmp-frontend/src/app/ui/auth/login/configurable-login/configurable-login.component.ts index 649a2a40f..e0ed91f84 100644 --- a/dmp-frontend/src/app/ui/auth/login/configurable-login/configurable-login.component.ts +++ b/dmp-frontend/src/app/ui/auth/login/configurable-login/configurable-login.component.ts @@ -86,7 +86,7 @@ export class ConfigurableLoginComponent extends BaseComponent implements OnInit } else if(this.provider.type === ConfigurableProviderType.Saml2){ let provider = this.provider as Saml2ConfigurableProvider; - window.location.href = this.samlLoginService.getSamlLoginUrl(provider.spEntityId, provider.idpUrl, provider.binding, provider.configurableLoginId); + window.location.href = this.samlLoginService.getSamlLoginUrl(provider.spEntityId, provider.idpUrl, provider.binding, provider.assertionConsumerServiceUrl, provider.configurableLoginId); } } diff --git a/dmp-frontend/src/app/ui/auth/login/saml/saml-login-response/saml-login-response.component.ts b/dmp-frontend/src/app/ui/auth/login/saml/saml-login-response/saml-login-response.component.ts index 0c2b4c0e7..83d5f29f5 100644 --- a/dmp-frontend/src/app/ui/auth/login/saml/saml-login-response/saml-login-response.component.ts +++ b/dmp-frontend/src/app/ui/auth/login/saml/saml-login-response/saml-login-response.component.ts @@ -36,8 +36,13 @@ export class SamlResponseLoginComponent extends BaseComponent implements OnInit } else if (routeParams.SAMLResponse) { samlResponse = routeParams.SAMLResponse; } + else if(routeParams.token){ + this.authService.getUserFromToken(routeParams.token).pipe(takeUntil(this._destroyed)) + .subscribe((result) => this.onAuthenticateSuccess(), (error) => this.onAuthenticateError(error)); + return; + } - if (samlResponse == null) return; + if (samlResponse == null) this.router.navigate(['/login']); const spId = this.samlLoginService.resolveSpId(routeParams.RelayState); const configurableLoginId = this.samlLoginService.resolveConfigurableLoginId(routeParams.RelayState);