Scribd Logo
Upload

Welcome to Scribd!

  • 43 views

    SSOLogin

    Uploaded by

    sreeharivaleti
    The document describes the single sign-on authentication process for a portal application. It involves several steps: 1. The client makes an authentication request with username and password to the portal authentication service endpoint. 2. The service validates the request by checking the timestamp, username, password, and other credentials. 3. If validation is successful, the service returns an authentication token to the client containing claims like the user ID, name, and roles. 4. The client can then access protected resources in the portal by passing the authentication token.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    SSOLogin

    Uploaded by

    sreeharivaleti
    43 views5 pages
    The document describes the single sign-on authentication process for a portal application. It involves several steps: 1. The client makes an authentication request with username and password to the portal authentication service endpoint. 2. The service validates the request by checking the timestamp, username, password, and other credentials. 3. If validation is successful, the service returns an authentication token to the client containing claims like the user ID, name, and roles. 4. The client can then access protected resources in the portal by passing the authentication token.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document describes the single sign-on authentication process for a portal application. It involves several steps: 1. The client makes an authentication request with username and password to the portal authentication service endpoint. 2. The service validates the request by checking the timestamp, username, password, and other credentials. 3. If validation is successful, the service returns an authentication token to the client containing claims like the user ID, name, and roles. 4. The client can then access protected resources in the portal by passing the authentication token.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    43 views5 pages

    SSOLogin

    Uploaded by

    sreeharivaleti
    The document describes the single sign-on authentication process for a portal application. It involves several steps: 1. The client makes an authentication request with username and password to the portal authentication service endpoint. 2. The service validates the request by checking the timestamp, username, password, and other credentials. 3. If validation is successful, the service returns an authentication token to the client containing claims like the user ID, name, and roles. 4. The client can then access protected resources in the portal by passing the authentication token.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    of 5

    http://expwin16wl-vmh/FirstSSO/token/Saml20.ashx?wa=wsignin1.

    0&wtrealm=http://
    sivaleti3in:7001/expense&wreply=http%3A%2F%2Fsivaleti3in%3A7001%2Fexpense
    %2Findex.jsp - SSO login page

    UsernamePasswordValidatorImpl.validate(PortalAuthContext, PortalAuthResult) line:


    126

    when Clicked on Sign In Button in Sso

    PortalAuthenticationServiceEndpoint :

    @PayloadRoot(localPart = "ProcessAuthRequest", namespace =


    "http://schemas.sumtotalsystems.com/"
    + "services/contracts/authentication")
    @ResponsePayload
    public final ProcessAuthRequestResponse process(@RequestPayload final
    ProcessAuthRequest request) {

    // get transport context


    TransportContext ctx = TransportContextHolder.getTransportContext();
    // for i18n
    ((HttpServletConnection)
    ctx.getConnection()).getHttpServletResponse().setContentType("text/xml;charset=UTF-
    8");

    logger.debug("Got authentication request, start to process...");


    JAXBElement<AuthResponseDTO> response =

    objectFactory.createProcessAuthRequestResponseProcessAuthRequestResult(portalAuthen
    ticationController
    .authenticate(request.getRequest().getValue()));

    logger.debug("Authentication request processed, creating the result.");


    ProcessAuthRequestResponse result =
    objectFactory.createProcessAuthRequestResponse();
    result.setProcessAuthRequestResult(response);
    logger.debug("The response was created, ready to return.");

    return result;
    }

    PortalAuthenticationControllerImpl :

    public AuthResponseDTO authenticate(AuthRequestDTO authRequestDTO) {


    // build the authentication context
    PortalAuthContext context =
    PortalAuthenticationHelper.buildAuthContext(authRequestDTO);

    PortalAuthResult result =
    portalAuthenticationService.authenticate(context);
    AuthResponseDTO authResponseDTO = objectFactory.createAuthResponseDTO();
    if (Boolean.TRUE.equals(result.isAuthed())) {
    // create returning dto based on a successful authentication
    authResponseDTO = objectFactory.createAuthResponseDTO();
    authResponseDTO.setIsValid(Boolean.TRUE);

    authResponseDTO.setUserName(objectFactory.createAuthResponseDTOUserName(result.getU
    serAccountName()));

    authResponseDTO.setResponseCode(result.getChangePassword().booleanValue() ?
    Integer.valueOf(1) : Integer.valueOf(0));
    Locale locale = LocaleUtils.getValidLocale(result.getUserLocale());

    authResponseDTO.setCulture(objectFactory.createAuthResponseDTOCulture(locale.getLan
    guage() + "-" + locale.getCountry()));

    authResponseDTO.setUserId(objectFactory.createAuthResponseDTOUserId(result.getUserI
    d()));

    authResponseDTO.setName(objectFactory.createAuthResponseDTOName(result.getName()));

    logger.debug("The authentication succeed. The corresponding


    AuthResponseDTO was created. [" + authResponseDTO);
    } else {
    // log the authentication failure
    logger.debug("The authentication failed. reason: [" +
    result.getErrMessage() + "]");

    // setup the returnning dto


    authResponseDTO.setIsValid(Boolean.FALSE);
    authResponseDTO.setUserName(authRequestDTO.getUserName());
    }

    return authResponseDTO;
    }

    AuthTimestampValidatorImpl:
    public final void validate(final PortalAuthContext context, final
    PortalAuthResult result) {
    assertArguments(context, result);

    XMLGregorianCalendar timestamp = context.getTimestamp();


    if (timestamp != null) {
    Calendar gcTimestamp = timestamp.toGregorianCalendar();
    Calendar twoMinutesAgo = new GregorianCalendar();
    twoMinutesAgo.add(Calendar.SECOND, -TIMESTAMP_ALLOWANCE);
    if (gcTimestamp.before(twoMinutesAgo)) {
    // the request is expired
    result.setAuthed(Boolean.FALSE);
    result.setErrMessage("The request is expired.");
    } else {
    result.setAuthed(Boolean.TRUE);
    }
    } else {
    logger.error("The timestamp got from request is null. " + context);
    result.setAuthed(Boolean.FALSE);
    result.setErrMessage("The timestamp got from request is null.");
    }
    }

    DigestValidatorImpl:

    UsernamePasswordValidatorImpl:

    UsernamePasswordValidatorImpl.validate(PortalAuthContext, PortalAuthResult) line:


    126

    NechoLoginModule:

    public boolean login() throws LoginAggregateException();

    correct userName password

    http://sivaleti3in:7001/expense/index.js?
    wresult='<trust:RequestSecurityTokenResponseCollection
    xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512"><trust:RequestSecuri
    tyTokenResponse><trust:Lifetime><wsu:Created xmlns:wsu="http://docs.oasis-
    open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2021-04-
    29T13:51:49.807Z</wsu:Created><wsu:Expires
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-
    utility-1.0.xsd">2021-04-29T19:48:27.270Z</wsu:Expires></
    trust:Lifetime><wsp:AppliesTo
    xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"><EndpointReference
    xmlns="http://www.w3.org/2005/08/addressing"><Address>http://sivaleti3in:7001/
    expense</Address></EndpointReference></
    wsp:AppliesTo><trust:RequestedSecurityToken><Assertion ID="_5fb2c034-22e7-4597-
    86fd-bbce86d07d18" IssueInstant="2021-04-29T08:23:27.274Z" Version="2.0"
    xmlns="urn:oasis:names:tc:SAML:2.0:assertion"><Issuer>SumTotalSTS</
    Issuer><ds:Signature
    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMe
    thod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ds:SignatureMethod
    Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ds:Reference
    URI="#_5fb2c034-22e7-4597-86fd-bbce86d07d18"><ds:Transforms><ds:Transform
    Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ds:Transform
    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
    /></ds:Transforms><ds:DigestMethod
    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
    /><ds:DigestValue>UVMWGUKadYfGPRnSdTdJIODqNV4=</ds:DigestValue></ds:Reference></
    ds:SignedInfo><ds:SignatureValue>Im0S15bhinuBzyjX2X8Yn3hVcjm0xYHGm3Y3+kKT/7R/
    zZZdGTfVcLmIP7VdkdzYal+leYqvDFuc+UYhqFRPPZpyKK0Wy9nYhM7Sn/NrqY4qUkNuiiTjkcjZj/
    R8jBPCYRwiHPfrbljCCIWXt7qT8ncESYsfjA7nK66LS64s0kg=</ds:SignatureValue><KeyInfo
    xmlns="http://www.w3.org/2000/09/xmldsig#"><X509Data><X509Certificate>MIIC7TCCAlagA
    wIBAgIBATANBgkqhkiG9w0BAQ0FADAgMR4wHAYDVQQDDBUqLnN1bXRvdGFsc3lzdGVtcy5jb20wIBcNMTMx
    MDI0MDAwMDAwWhgPOTk5OTEyMzEyMzU5NTlaMCAxHjAcBgNVBAMMFSouc3VtdG90YWxzeXN0ZW1zLmNvbTC
    BnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6aBnozUMlTWPOhfGSDVxwBAQ+3+HXyvKUesAhdT5bwjYR+
    XA8x9j6SrBmrMDfaPh1DNs7XdpZGfJZhlqYOTjOG2S1ibOLqXs3v7l02WF7heXJOoq5i8ZHRncO4Vd6j3y/
    vI4/8gE5uFxL31AxtlacEifopVmAXAW81HntKG/hssCAwEAAaOCATMwggEvMAwGA1UdDwQFAwMH/
    4AwgeMGA1UdJQSB2zCB2AYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDAwYIKwYBBQUHAwQGCCsGAQUF
    BwMIBgorBgEEAYI3AgEVBgorBgEEAYI3AgEWBgorBgEEAYI3CgMBBgorBgEEAYI3CgMDBgorBgEEAYI3CgM
    EBglghkgBhvhCBAEGCysGAQQBgjcKAwQBBggrBgEFBQcDBQYIKwYBBQUHAwYGCCsGAQUFBwMHBggrBgEFBQ
    gCAgYKKwYBBAGCNxQCAgYIKwYBBQUHAwkGCCsGAQUFBwMNBggrBgEFBQcDDjARBglghkgBhvhCAQEEBAMCA
    PcwJgYJYIZIAYb4QgENBBkWF0NyZWF0ZWQgYnkgTWlrZSBHYXJkbmVyMA0GCSqGSIb3DQEBDQUAA4GBAIMO
    1T1SJm+32r2/MIpXkhU6ApRhy+VSX2zwSdJaNYlWkGcp3U7A1EkTRQfQTg/
    0UWsKqwPMjaMFIWq1XNqtEHJ0rlKF523twii8AuyFcxUTVS18kAR8LU12v0AyMKeKkfsrn6iTicSOnS1/
    WPtGI9q0TF8ER2zoepbRPrLpjVsK</X509Certificate></X509Data></KeyInfo></
    ds:Signature><Subject><SubjectConfirmation
    Method="urn:oasis:names:tc:SAML:2.0:cm:bearer" /></Subject><Conditions
    NotBefore="2021-04-29T08:21:49.807Z" NotOnOrAfter="2021-04-
    29T14:18:27.270Z"><AudienceRestriction><Audience>http://sivaleti3in:7001/expense</
    Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute
    Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"><AttributeValue>p
    aris</AttributeValue></Attribute><Attribute
    Name="http://schemas.sumtotalsystems.com/claims/username"><AttributeValue>paris</
    AttributeValue></Attribute><Attribute
    Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/role"><AttributeValue
    >Portal User</AttributeValue></Attribute><Attribute
    Name="http://schemas.sumtotalsystems.com/claims/tenant"><AttributeValue>1000</
    AttributeValue></Attribute><Attribute
    Name="http://schemas.sumtotalsystems.com/claims/brokersession"><AttributeValue>9f9e
    1494f61f4bf5a0df9280fe7559e7</AttributeValue></Attribute><Attribute
    Name="http://schemas.sumtotalsystems.com/claims/culture"><AttributeValue>en-US</
    AttributeValue></Attribute><Attribute
    Name="http://schemas.sumtotalsystems.com/claims/userid"><AttributeValue>101C3E77AFD
    F7E81E4A5CEF56B8112BD</AttributeValue></Attribute><Attribute
    Name="http://schemas.sumtotalsystems.com/dynamicclaims/propername"><AttributeValue>
    James Paris</AttributeValue></Attribute></AttributeStatement></Assertion></
    trust:RequestedSecurityToken><trust:RequestedAttachedReference><SecurityTokenRefere
    nce d4p1:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-
    1.1#SAMLV2.0" xmlns:d4p1="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-
    secext-1.1.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-
    wssecurity-secext-1.0.xsd"><KeyIdentifier
    ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-
    1.1#SAMLID">_5fb2c034-22e7-4597-86fd-bbce86d07d18</KeyIdentifier></
    SecurityTokenReference></
    trust:RequestedAttachedReference><trust:RequestedUnattachedReference><SecurityToken
    Reference d4p1:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-
    profile-1.1#SAMLV2.0" xmlns:d4p1="http://docs.oasis-open.org/wss/oasis-wss-
    wssecurity-secext-1.1.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-
    200401-wss-wssecurity-secext-1.0.xsd"><KeyIdentifier ValueType="http://docs.oasis-
    open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">_5fb2c034-22e7-4597-86fd-
    bbce86d07d18</KeyIdentifier></SecurityTokenReference></
    trust:RequestedUnattachedReference><trust:TokenType>urn:oasis:names:tc:SAML:2.0:ass
    ertion</trust:TokenType><trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-
    trust/200512/Issue</trust:RequestType><trust:KeyType>http://docs.oasis-open.org/ws-
    sx/ws-trust/200512/Bearer</trust:KeyType></trust:RequestSecurityTokenResponse></
    trust:RequestSecurityTokenResponseCollection>'

    isSSOAuthReqest - system settings

    Session Not Null


    UserSession Null

    SAMLAssertionHelper.validateSAMLToken(samlAssertionToken,
    samlAuthenticationService);

    creating validationContext with assertion (converting the received trust xml inti
    opensaml assertion object), SAMLAuthConfigure object using systemsetting values of
    expense (portal.sso.SAMLAuthTimestampAllowance
    portal.sso.SAMLAuthPublicKeyDigest
    portal.sso.SAMLAuthAudienceURI
    portal.sso.SAMLAuthIssuerName),

    creating validationContext (assertion , tokenstr,SAMLAuthConfigure )

    samlAuthResult = samlAuthenticationService.validateSAMLToken(validationContext);

    NechoIgnorePasswordLoginModule.initialize(Subject, CallbackHandler, Map, Map) line:


    175
    LoginContext.invokePriv(String) line: 680
    LoginContext.login() line: 587
    AuthenticationHandler.doAuthenticate(SignonContainer, CredentialContainer) line: 97

    SignonManager.login(String, SignonContainer, CredentialContainer, String, String)


    line: 122
    PortalAuthHelper.doSignon(String, CredentialContainer, SignonContainer,
    HttpServletRequest, String, String) line: 263
    PortalAuthHelper.buildUserSession(SAMLAuthResult, HttpSession, HttpServletRequest,
    String) line: 221
    PortalSSOAuthFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line:
    265

    You might also like