amy
/
venice-dynamo-rewrite
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

completed support for SourceID IDP, not tested yet

This commit is contained in:
Eric J. Bowersox 2003-06-18 04:23:20 +00:00
parent e62375e6ee
commit e33daac2d2
20 changed files with 1041 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
conf-sso/idp/idp-descriptor.xml Normal file
View File

@ -0,0 +1,39 @@
<?xml version="1.0"?>
<ProviderDirectory xmlns:lib="http://projectliberty.org/schemas/core/2002/12"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns="http://www.sourceid.org/schemas/sso/providers/2002/11">
<lib:IDPDescriptor xmlns:lib="http://projectliberty.org/schemas/core/2002/12"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<lib:ProviderID>Venice-SSO-IDP</lib:ProviderID>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Certificate xmlns:ds="http://www.w3.org/2000/09/xmldsig#">MIIDMDCCAu4CBD7vnjgwCwYHKoZIzjgEAwUAMH4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMSMwIQYDVQQKExpTaWx2ZXJ3cmlzdCBEZXNpZ24gU3R1ZGlvczEUMBIGA1UECxMLRGV2ZWxvcG1lbnQxFjAUBgNVBAMTDUVyaWMgQm93ZXJzb3gwHhcNMDMwNjE3MjMwMzIwWhcNMDMwOTE1MjMwMzIwWjB+MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ08xDzANBgNVBAcTBkRlbnZlcjEjMCEGA1UEChMaU2lsdmVyd3Jpc3QgRGVzaWduIFN0dWRpb3MxFDASBgNVBAsTC0RldmVsb3BtZW50MRYwFAYDVQQDEw1FcmljIEJvd2Vyc294MIIBtzCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUCgYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoDgYQAAoGAPY0omT9Qes0rZe0C21MetHeTwen3Er5lFgAPWMUgHkLBhdViPfnRtjtCXiiVZ/n85/Hc6yGNDkNvYVsD5CX8mo72vsXXHg5wdyMiFlHZuZFE57bE/4YDg1dtqQ3BE9NHUlxuinbdgJd8mY5uNpy69/9jrbvr5oo1p6ZMdLU3iiowCwYHKoZIzjgEAwUAAy8AMCwCFF5opeaoKbAijQc87yHBHHlONllfAhRqDQFmDitlQJ61lecv/2/tuaxIPw==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<lib:SoapEndpoint>http://localhost:8080/venice-idp/sso/soap/endpoint</lib:SoapEndpoint>
<lib:SingleLogoutServiceURL>http://localhost:8080/venice-idp/sso/logout</lib:SingleLogoutServiceURL>
<lib:SingleLogoutServiceReturnURL>http://localhost:8080/venice-idp/sso/logout</lib:SingleLogoutServiceReturnURL>
<lib:FederationTerminationServiceURL>http://localhost:8080/venice-idp/sso/fedterm</lib:FederationTerminationServiceURL>
<lib:FederationTerminationServiceReturnURL>http://localhost:8080/venice-idp/sso/fedterm</lib:FederationTerminationServiceReturnURL>
<lib:SingleSignOnServiceURL>http://localhost:8080/venice-idp/sso/authn</lib:SingleSignOnServiceURL>
<!--
The following profile declarations indicate the variants of the Liberty Protocol which
this provider can speak.
-->
<lib:RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-sp-soap</lib:RegisterNameIdentifierProtocolProfile>
<lib:FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-sp-soap</lib:FederationTerminationNotificationProtocolProfile>
<lib:FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-sp-http</lib:FederationTerminationNotificationProtocolProfile>
<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-sp-soap</lib:SingleLogoutProtocolProfile>
<lib:SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-sp-http</lib:SingleLogoutProtocolProfile>
<lib:SingleSignOnProtocolProfile>http://projectliberty.org/profiles/brws-art</lib:SingleSignOnProtocolProfile>
<lib:SingleSignOnProtocolProfile>http://projectliberty.org/profiles/brws-post</lib:SingleSignOnProtocolProfile>
<lib:SingleSignOnProtocolProfile>http://projectliberty.org/profiles/wml-post</lib:SingleSignOnProtocolProfile>
<lib:SingleSignOnProtocolProfile>http://projectliberty.org/profiles/lecp</lib:SingleSignOnProtocolProfile>
</lib:IDPDescriptor>
</ProviderDirectory>

12
conf-sso/idp/sourceid-sso.xml
View File

@ -17,7 +17,7 @@
<provider-directory>/WEB-INF/sourceid-sso-providers.xml</provider-directory>
<exception-handlers>
<default>/defaultExceptionHandler.jsp</default>
<default>/sourceid/errorHandler.js.vs</default>
</exception-handlers>
<signing-key>
@ -27,11 +27,11 @@
<key-password>strongbad</key-password>
</signing-key>
<idp-authentication-uri>TODO</idp-authentication-uri>
<idp-authn-lifespan>1800</idp-authn-lifespan>
<idp-logout-render-page>TODO</idp-logout-render-page>
<idp-logout-done-image>TODO</idp-logout-done-image>
<idp-post-assertion-render-page>TODO</idp-post-assertion-render-page>
<idp-authentication-uri>/sourceid/idp_login.js.vs</idp-authentication-uri>
<idp-authn-lifespan>3599</idp-authn-lifespan>
<idp-logout-render-page>/sourceid/logout_render.js.vs</idp-logout-render-page>
<idp-logout-done-image>/images/check32x32.gif</idp-logout-done-image>
<idp-post-assertion-render-page>/sourceid/post_assertion.js.vs</idp-post-assertion-render-page>
<!--
Here, you may optionally specify a Session-context attribute which SourceID-SSO should remove whenever

8
src/dynamo-framework/com/silverwrist/dynamo/script/LibraryCast.java
View File

@ -306,6 +306,14 @@ public class LibraryCast
} // end toMap
public final Map.Entry toMapEntry(Object o)
{
if (o instanceof Map.Entry)
return (Map.Entry)o;
throw new ClassCastException("LibraryCast.toMapEntry: invalid cast");
} // end toMapEntry
public final OptionSet toOptionSet(Object o)
{
if (o instanceof OptionSet)

10
src/dynamo-framework/com/silverwrist/dynamo/servlet/ServletBase.java
View File

@ -166,7 +166,15 @@ public abstract class ServletBase extends HttpServlet implements WebConstants
} // end if
return appcon.wrapServices(base);
ServiceProvider svc = appcon.wrapServices(base);
// Hook around the ObjectProvider implementation to support the __internal__ namespace.
ObjectProvider base_objp = (ObjectProvider)(svc.queryService(ObjectProvider.class));
SingleNamespaceObjectProvider objp = new SingleNamespaceObjectProvider("__internal__","RequestServices",base_objp);
objp.setObject("application",getServletContext());
objp.setObject("request",req);
objp.setObject("response",resp);
return new SingletonServiceProvider("RequestServices",svc,ObjectProvider.class,objp);
} // end createRequestServices

28
src/dynamo-framework/com/silverwrist/dynamo/util/RequestHelper.java
View File

@ -439,4 +439,32 @@ public class RequestHelper
} // end getChainParameter
public Object getExternalAppAttribute(String name)
{
ExternalAppAttributes eaa = (ExternalAppAttributes)(m_req.queryService(ExternalAppAttributes.class));
return eaa.getAttribute(name);
} // end getExternalAppAttribute
public Object getExternalSessionAttribute(String name)
{
ExternalSessionAttributes esa = (ExternalSessionAttributes)(m_req.queryService(ExternalSessionAttributes.class));
return esa.getAttribute(name);
} // end getExternalSessionAttribute
public void removeExternalSessionAttribute(String name)
{
ExternalSessionAttributes esa = (ExternalSessionAttributes)(m_req.queryService(ExternalSessionAttributes.class));
esa.removeAttribute(name);
} // end removeExternalSessionAttribute
public void setExternalSessionAttribute(String name, Object val)
{
ExternalSessionAttributes esa = (ExternalSessionAttributes)(m_req.queryService(ExternalSessionAttributes.class));
esa.setAttribute(name,val);
} // end setExternalSessionAttribute
} // end class RequestHelper

134
src/dynamo-framework/com/silverwrist/dynamo/velocity/VelocityPage.java Normal file
View File

@ -0,0 +1,134 @@
/*
* The contents of this file are subject to the Mozilla Public License Version 1.1
* (the "License"); you may not use this file except in compliance with the License.
* You may obtain a copy of the License at <http://www.mozilla.org/MPL/>.
*
* Software distributed under the License is distributed on an "AS IS" basis, WITHOUT
* WARRANTY OF ANY KIND, either express or implied. See the License for the specific
* language governing rights and limitations under the License.
*
* The Original Code is the Venice Web Communities System.
*
* The Initial Developer of the Original Code is Eric J. Bowersox <erbo@silcom.com>,
* for Silverwrist Design Studios. Portions created by Eric J. Bowersox are
* Copyright (C) 2002-03 Eric J. Bowersox/Silverwrist Design Studios. All Rights Reserved.
*
* Contributor(s):
*/
package com.silverwrist.dynamo.velocity;
import java.util.*;
public class VelocityPage implements VelocityRenderable
{
/*--------------------------------------------------------------------------------
* Attributes
*--------------------------------------------------------------------------------
*/
private String m_templ;
private String m_mime;
private Hashtable m_params = new Hashtable();
/*--------------------------------------------------------------------------------
* Constructors
*--------------------------------------------------------------------------------
*/
public VelocityPage(String templ)
{
m_templ = templ;
m_mime = "text/html";
} // end constructor
public VelocityPage(String templ, String mime)
{
m_templ = templ;
m_mime = mime;
} // end constructor
/*--------------------------------------------------------------------------------
* Implementations from interface VelocityParamSupplier
*--------------------------------------------------------------------------------
*/
/**
* Returns the value of a parameter set on the object.
*
* @param key The name of the parameter to look up.
* @return The parameter's value, or <CODE>null</CODE> if the parameter was not set.
*/
public Object getParameter(String key)
{
return m_params.get(key);
} // end getParameter
/**
* Returns a <CODE>java.util.Collection</CODE> of all parameter names currently defined on this object.
*
* @return A collection of all parameter names currently defined.
*/
public Collection getParameterNames()
{
return Collections.unmodifiableSet(m_params.keySet());
} // end getParameterNames
/*--------------------------------------------------------------------------------
* Implementations from interface VelocityRenderable
*--------------------------------------------------------------------------------
*/
/**
* Returns the MIME type of the output to be rendered. Usually, this will be "text/html".
*
* @return The MIME type of the output.
*/
public String getMimeType()
{
return m_mime;
} // end getMimeType
/**
* Returns the resource name of the Velocity template to be used in rendering this object. This pathname
* is interpreted relative to the "resource root path" specified in the Velocity renderer's configuration.
* The template engine loads it via the standard
* {@link com.silverwrist.dynamo.iface.ResourceProvider ResourceProvider}, and then applies the parameters
* contained in this object to it.
*
* @return The resource pathname of the Velocity template to use.
*/
public String getTemplateName()
{
return m_templ;
} // end getTemplateName
/*--------------------------------------------------------------------------------
* External operations
*--------------------------------------------------------------------------------
*/
public void setMimeType(String s)
{
m_mime = s;
} // end setMimeType
public void setTemplateName(String s)
{
m_templ = s;
} // end setTemplateName
public void setParameter(String key, Object val)
{
m_params.put(key,val);
} // end setParameter
} // end class VelocityPage

62
src/venice-sso-helper/com/silverwrist/venice/sourceid/LibrarySourceID.java
View File

@ -17,12 +17,15 @@
*/
package com.silverwrist.venice.sourceid;
import java.util.*;
import javax.servlet.ServletContext;
import org.sourceid.sso.handlers.AccountHandler;
import org.sourceid.sso.util.*;
import org.sourceid.sso.xml.*;
import org.sourceid.sso.xml.lib.*;
import com.silverwrist.dynamo.except.*;
import com.silverwrist.dynamo.iface.*;
import com.silverwrist.venice.session.SessionInfoParams;
public abstract class LibrarySourceID
{
@ -48,6 +51,30 @@ public abstract class LibrarySourceID
} // end castIDPDescriptorType
public SPDescriptorType castSPDescriptorType(Object o)
{
if (o instanceof SPDescriptorType)
return (SPDescriptorType)o;
throw new ClassCastException("LibrarySourceID.castSPDescriptorType: invalid cast");
} // end castSPDescriptorType
public AuthnContext castAuthnContext(Object o)
{
if (o instanceof AuthnContext)
return (AuthnContext)o;
throw new ClassCastException("LibrarySourceID.castAuthnContext: invalid cast");
} // end castAuthnRequestType
public AuthnRequestType castAuthnRequestType(Object o)
{
if (o instanceof AuthnRequestType)
return (AuthnRequestType)o;
throw new ClassCastException("LibrarySourceID.castAuthnRequestType: invalid cast");
} // end castAuthnRequestType
public ProviderDirectory getProviderDirectory(Request r)
{
ExternalAppAttributes eaa = (ExternalAppAttributes)(r.queryService(ExternalAppAttributes.class));
@ -69,6 +96,41 @@ public abstract class LibrarySourceID
} // end getAccountHandler
public IDPSession getIDPSession(Request r, boolean create)
{
ExternalSessionAttributes esa = (ExternalSessionAttributes)(r.queryService(ExternalSessionAttributes.class));
IDPSession rc = (IDPSession)(esa.getAttribute(ServletUtils.SES_KEY_SSO_SESSION));
if ((rc==null) && create)
{ // create a new IDP session
ObjectProvider op = (ObjectProvider)(r.queryService(ObjectProvider.class));
ServletContext ctxt = (ServletContext)(op.getObject("__internal__","application"));
SessionInfoProvider sip = (SessionInfoProvider)(r.queryService(SessionInfoProvider.class));
DynamoUser user = (DynamoUser)(sip.getSessionInfo().getObject(SessionInfoParams.NAMESPACE,
SessionInfoParams.ATTR_USER));
rc = new IDPSession(ctxt,user);
esa.setAttribute(ServletUtils.SES_KEY_SSO_SESSION,rc);
} // end if
return rc;
} // end getIDPSession
public IDPSession.Entry getEntryForProvider(IDPSession sess, String provider_id)
{
Iterator it = sess.getRemoteSessions().iterator();
while (it.hasNext())
{ // look for an entry whose provider ID matches
IDPSession.Entry ntry = (IDPSession.Entry)(it.next());
if (ntry.getProviderID().equals(provider_id))
return ntry;
} // end while
return null;
} // end getEntryForProvider
/*--------------------------------------------------------------------------------
* Abstract operations which must be overridden
*--------------------------------------------------------------------------------

244
venice-data-sso/idp/scripts/login.js Normal file
View File

@ -0,0 +1,244 @@
// The contents of this file are subject to the Mozilla Public License Version 1.1
// (the "License"); you may not use this file except in compliance with the License.
// You may obtain a copy of the License at <http://www.mozilla.org/MPL/>.
//
// Software distributed under the License is distributed on an "AS IS" basis, WITHOUT
// WARRANTY OF ANY KIND, either express or implied. See the License for the specific
// language governing rights and limitations under the License.
//
// The Original Code is the Venice Web Communities System.
//
// The Initial Developer of the Original Code is Eric J. Bowersox <erbo@silcom.com>,
// for Silverwrist Design Studios. Portions created by Eric J. Bowersox are
// Copyright (C) 2002 Eric J. Bowersox/Silverwrist Design Studios. All Rights Reserved.
//
// Contributor(s):
importClass(Packages.org.sourceid.sso.util.ServletUtils);
importPackage(Packages.org.sourceid.sso.xml.lib)
importClass(Packages.com.silverwrist.dynamo.Namespaces);
importClass(Packages.com.silverwrist.dynamo.UserInfoNamespace);
importPackage(Packages.com.silverwrist.dynamo.iface);
importPackage(Packages.com.silverwrist.dynamo.mail);
importPackage(Packages.com.silverwrist.dynamo.util);
importClass(Packages.com.silverwrist.dynamo.velocity.VelocityPage);
importClass(Packages.com.silverwrist.venice.VeniceNamespaces);
importPackage(Packages.com.silverwrist.venice.frame);
importPackage(Packages.com.silverwrist.venice.session);
req = bsf.lookupBean("request"); // get request
rhelp = bsf.lookupBean("request_help"); // get request helper
target = rhelp.getParameterString("tgt"); // get the target for this operation
if (target==null)
target = "top.js.vs";
vlib.setOnError(req,target);
session = rhelp.getSession(); // get the session
user = vlib.getUser(session);
if (!(user.isAnonymous())) // user already logged in, just bounce back to where we came from
dynamo.scriptReturn(new Redirect("SERVLET",target));
// Load the login dialog.
loader = cast.queryDialogLoader(req);
dlg = loader.loadDialogResource("login.dlg.xml");
// See if we're coming in as a result of an external authentication request.
ar = sourceid.castAuthnRequestType(rhelp.getExternalSessionAttribute("org.sourceid.sso.authnRequest"));
if (ar!=null)
{ // prepare heading block
heading = new VelocityPage("sourceid/login_heading.vm");
heading.setParameter("provider",ar.getProviderID());
if (ar.getFederate())
heading.setParameter("federate",Boolean.TRUE);
dlg.setUpperContentObject(heading);
} // end if
if (rhelp.isVerb("GET"))
{ // just display the dialog and return
dlg.setValue("tgt",target);
vlib.setLocation(req,target);
dynamo.scriptReturn(new FrameDialog(dlg));
} // end if
// everything that follows is for a POST operation
op = dlg.getClickedButton(req) + "";
if (op=="cancel") // user cancelled login - bounce back to the target
dynamo.scriptReturn(new Redirect("SERVLET",target));
dlg.load(req); // load dialog contents
if (op=="reminder")
{ // generate a password reminder
errmsg = null;
user = vlib.lookupUser(req,dlg.getValue("user"));
if (user!=null)
{ // user found...
if (user.isAnonymous()) // can't do this for the Anonymous_Honyak account
errmsg = "This account cannot be explicitly logged into. Please try again.";
else
{ // get the user's password reminder
reminder_msg = PropertyUtils.getPropertyNoErr(user,VeniceNamespaces.USER_SETTINGS_NAMESPACE,
"password.reminder");
if (reminder_msg==null)
reminder_msg = "";
// generate and set authentication for the password recovery system
auth = vlib.randomRecoveryAuth() + "." + dynamo.currentTimeMillis();
user.setAuthenticationData(user,VeniceNamespaces.SESSION_CONTROL_NAMESPACE,"password.recovery","",auth);
// create and send the reminder E-mail message
mailprov = cast.queryMailMessageProvider(req);
msg = mailprov.createSystemMessage(req);
msg.addRecipient(MailMessage.RECIP_TO,user.getEMailAddress());
globals = vcast.getGlobalPropertiesStore(req);
msg.setSubject(globals.getObject(VeniceNamespaces.MAIL_MESSAGES_NAMESPACE,
"reminder.message.title").toString());
blocks = vcast.getGlobalBlocksStore(req);
msg.setText(blocks.getObject(VeniceNamespaces.MAIL_MESSAGES_NAMESPACE,"reminder.message").toString());
msg.setVariable("username",user.getName());
msg.setVariable("reminder",reminder_msg);
msg.setVariable("uid",cast.toIntegerObject(user.getUID()));
msg.setVariable("auth",auth);
msg.send();
// set the error message and prepare the dialog for reset
errmsg = "Password reminder has been sent to the E-mail address for user '" + user.getName() + "'.";
dlg.setValue("pass",null);
} // end else
} // end if
else // user not found - bounce back with an error message
errmsg = "The user account you have specified does not exist. Please try again.";
if (errmsg!=null)
{ // set the error message and bounce back the dialog
dlg.setErrorMessage(errmsg);
dlg.setValue("user",null);
dlg.setValue("pass",null);
vlib.setLocation(req,target);
dynamo.scriptOutput(new FrameDialog(dlg));
} // end if
else // this ain't right
dynamo.scriptOutput(new ErrorBox("Internal Error","Unknown outcome from password reminder",
"SERVLET",target));
} // end if
else if (op=="login")
{ // attempt to log the user in!
errmsg = null;
new_user = vlib.lookupUser(req,dlg.getValue("user"));
if (new_user!=null)
{ // the user is present - we can do this
if (new_user.isAnonymous())
{ // can't log in as Anonymous_Honyak, foo!
errmsg = "This account cannot be explicitly logged into. Please try again.";
audit.write(req,new_user,VeniceNamespaces.USER_EVENT_NAMESPACE,"login.fail","Anonymous user");
dlg.setValue("user",null);
dlg.setValue("pass",null);
} // end if
else if (new_user.isLocked())
{ // account locked out - sorry!
errmsg = "This account has been locked out. Please contact the system administrator for assistance.";
audit.write(req,new_user,VeniceNamespaces.USER_EVENT_NAMESPACE,"login.fail","Locked Account");
dlg.setValue("pass",null);
} // end else if
else
{ // OK, we can try to authenticate with this account!
if (new_user.authenticate(UserInfoNamespace.NAMESPACE,UserInfoNamespace.AUTH_DEFAULT,"",
dlg.getValue("pass")))
{ // authenticated OK - set user into session
logger.debug("User \"" + new_user.getName() + "\" logged in successfully");
session.setObject(SessionInfoParams.NAMESPACE,SessionInfoParams.ATTR_USER,new_user);
audit.write(req,new_user,VeniceNamespaces.USER_EVENT_NAMESPACE,"login.ok");
new_user.setLastAccessDate(new_user,new java.util.Date());
// Now set up this user's default objects.
dynamo.exec("/util/setup_user.js");
if (cast.toBoolean(dlg.getValue("saveme")))
{ // user wants a cookie - generate one
source = vlib.randomString(32);
auth = vlib.randomString(32);
try
{ // set the user authentication data
new_user.setAuthenticationData(new_user,VeniceNamespaces.SESSION_CONTROL_NAMESPACE,"cookie",
source,auth);
// save the persistent cookie value
cval = "VQAT2:" + new_user.getUID() + ":" + source + ":" + auth;
cctrl = cast.queryCookieControl(req);
cctrl.putPersistentCookie(venice_session.loginCookieName,cval,venice_session.loginCookieAge);
// set the cookie authentication source so we can delete the auth info later at logout
session.setObject(SessionInfoParams.NAMESPACE,SessionInfoParams.ATTR_COOKIE_AUTH_SOURCE,source);
} // end try
catch (e)
{ // ignore exception here
logger.warn("cookie setup process threw exception",e);
} // end catch
} // end if
if (ar==null)
{ // We logged in via a direct request, not via a Liberty SP asking us to. Set up the SourceID
// session information.
idpsess = sourceid.getIDPSession(req,true);
rhelp.setExternalSessionAttribute(ServletUtils.SES_KEY_USER_ID,new_user);
rhelp.setExternalSessionAttribute(ServletUtils.SES_KEY_AUTHN_METHOD,
"urn:oasis:names:tc:SAML:1.0:am:password");
} // end if
// Has the user verified their E-mail address yet? If not, bounce them there.
if (PropertyUtils.hasProperty(new_user,VeniceNamespaces.USER_SETTINGS_NAMESPACE,"confirmation.number"))
dynamo.scriptReturn(new Redirect("SERVLET","verify_email.js.vs?tgt="
+ stringutils.encodeURL(target)));
else
dynamo.scriptReturn(new Redirect("SERVLET",target));
} // end if
else
{ // the password is wrong - please try again
errmsg = "The password specified for this user account is incorrect. Please try again.";
audit.write(req,new_user,VeniceNamespaces.USER_EVENT_NAMESPACE,"login.fail","Bad password");
dlg.setValue("pass",null);
} // end else
} // end else
} // end if
else
{ // user not found - bounce back with an error message
errmsg = "The user account you have specified does not exist. Please try again.";
audit.write(req,null,VeniceNamespaces.USER_EVENT_NAMESPACE,"login.fail","Bad username",
dlg.getValue("user"));
dlg.setValue("user",null);
dlg.setValue("pass",null);
} // end else
if (errmsg!=null)
{ // set the error message and bounce back the dialog
dlg.setErrorMessage(errmsg);
vlib.setLocation(req,target);
dynamo.scriptOutput(new FrameDialog(dlg));
} // end if
else
dynamo.scriptOutput(new ErrorBox("Internal Error","Unknown outcome from login","SERVLET",target));
} // end else if
else
{ // unknown command button pressed!
logger.error("no known button click on POST to login.js");
dynamo.scriptOutput(new ErrorBox("Internal Error","Unknown command button pressed","SERVLET",target));
} // end else

52
venice-data-sso/idp/scripts/logout.js Normal file
View File

@ -0,0 +1,52 @@
// The contents of this file are subject to the Mozilla Public License Version 1.1
// (the "License"); you may not use this file except in compliance with the License.
// You may obtain a copy of the License at <http://www.mozilla.org/MPL/>.
//
// Software distributed under the License is distributed on an "AS IS" basis, WITHOUT
// WARRANTY OF ANY KIND, either express or implied. See the License for the specific
// language governing rights and limitations under the License.
//
// The Original Code is the Venice Web Communities System.
//
// The Initial Developer of the Original Code is Eric J. Bowersox <erbo@silcom.com>,
// for Silverwrist Design Studios. Portions created by Eric J. Bowersox are
// Copyright (C) 2002 Eric J. Bowersox/Silverwrist Design Studios. All Rights Reserved.
//
// Contributor(s):
importPackage(Packages.com.silverwrist.dynamo.iface);
importPackage(Packages.com.silverwrist.dynamo.util);
importPackage(Packages.com.silverwrist.venice.session);
importClass(Packages.com.silverwrist.venice.VeniceNamespaces);
req = bsf.lookupBean("request"); // get request
rhelp = bsf.lookupBean("request_help"); // get request helper
target = rhelp.getParameterString("tgt"); // get the target for this operation
if (target==null)
target = "top.js.vs";
vlib.setOnError(req,target);
session = rhelp.getSession(); // get the session
user = vlib.getUser(session);
if (!(user.isAnonymous()))
{ // dump the login cookie, if we have it set
cctrl = cast.queryCookieControl(req);
if (cctrl.isCookiePresent(venice_session.loginCookieName))
{ // get rid of the cookie and its associated cookie authentication, lest it clutter the database
source = session.getObject(SessionInfoParams.NAMESPACE,SessionInfoParams.ATTR_COOKIE_AUTH_SOURCE);
user.clearAuthenticationData(user,VeniceNamespaces.SESSION_CONTROL_NAMESPACE,"cookie",source);
cctrl.deleteCookie(venice_session.loginCookieName);
} // end if
session.invalidate(); // this dumps the entire session
// Now tell SourceID to log us out as well.
rc = new ForwardToPath("/sso/logout");
rc.setParameter("Return.Success","/top.js.vs");
rc.setParameter("Return.Failure","/top.js.vs");
dynamo.scriptReturn(rc);
} // end if
dynamo.scriptOutput(new Redirect("SERVLET",target)); // bounce back to the target

54
venice-data-sso/idp/scripts/sourceid/defederate.js Normal file
View File

@ -0,0 +1,54 @@
// The contents of this file are subject to the Mozilla Public License Version 1.1
// (the "License"); you may not use this file except in compliance with the License.
// You may obtain a copy of the License at <http://www.mozilla.org/MPL/>.
//
// Software distributed under the License is distributed on an "AS IS" basis, WITHOUT
// WARRANTY OF ANY KIND, either express or implied. See the License for the specific
// language governing rights and limitations under the License.
//
// The Original Code is the Venice Web Communities System.
//
// The Initial Developer of the Original Code is Eric J. Bowersox <erbo@silcom.com>,
// for Silverwrist Design Studios. Portions created by Eric J. Bowersox are
// Copyright (C) 2003 Eric J. Bowersox/Silverwrist Design Studios. All Rights Reserved.
//
// Contributor(s):
importPackage(java.lang);
importPackage(java.util);
importPackage(Packages.org.sourceid.sso.util);
importPackage(Packages.org.sourceid.sso.xml);
importPackage(Packages.org.sourceid.sso.xml.lib);
importClass(Packages.com.silverwrist.dynamo.Namespaces);
importPackage(Packages.com.silverwrist.dynamo.iface);
importPackage(Packages.com.silverwrist.dynamo.util);
importClass(Packages.com.silverwrist.venice.VeniceNamespaces);
importPackage(Packages.com.silverwrist.venice.content);
importPackage(Packages.com.silverwrist.venice.frame);
req = bsf.lookupBean("request");
req_help = bsf.lookupBean("request_help");
target = req_help.getParameterString("tgt");
if (target==null)
target = "top.js.vs";
vlib.setOnError(req,target);
// Make sure we're logged in.
user = vlib.getUser(req);
if (user.isAnonymous())
dynamo.scriptReturn(new Redirect("SERVLET","top.js.vs"));
return_URL = "sourceid/federations.js.vs?tgt=" + stringutils.encodeURL(target);
// Make sure a provider ID is provided.
provider = req_help.getParameterString("p");
if (provider==null)
dynamo.scriptReturn(new Redirect("SERVLET",return_URL));
// Create a defederation request.
rc = new ForwardToPath("/sso/fedterm");
rc.setParameter("ProviderID",provider);
rc.setParameter("UserID",user); // pass our user object to SourceID
rc.setParameter("Return.Success","/" + return_URL);
rc.setParameter("Return.Failure","/" + return_URL);
dynamo.scriptReturn(rc);

89
venice-data-sso/idp/scripts/sourceid/federations.js Normal file
View File

@ -0,0 +1,89 @@
// The contents of this file are subject to the Mozilla Public License Version 1.1
// (the "License"); you may not use this file except in compliance with the License.
// You may obtain a copy of the License at <http://www.mozilla.org/MPL/>.
//
// Software distributed under the License is distributed on an "AS IS" basis, WITHOUT
// WARRANTY OF ANY KIND, either express or implied. See the License for the specific
// language governing rights and limitations under the License.
//
// The Original Code is the Venice Web Communities System.
//
// The Initial Developer of the Original Code is Eric J. Bowersox <erbo@silcom.com>,
// for Silverwrist Design Studios. Portions created by Eric J. Bowersox are
// Copyright (C) 2003 Eric J. Bowersox/Silverwrist Design Studios. All Rights Reserved.
//
// Contributor(s):
importPackage(java.lang);
importPackage(java.util);
importPackage(Packages.org.sourceid.sso.util);
importPackage(Packages.org.sourceid.sso.xml);
importPackage(Packages.org.sourceid.sso.xml.lib);
importClass(Packages.com.silverwrist.dynamo.Namespaces);
importPackage(Packages.com.silverwrist.dynamo.iface);
importPackage(Packages.com.silverwrist.dynamo.util);
importClass(Packages.com.silverwrist.venice.VeniceNamespaces);
importPackage(Packages.com.silverwrist.venice.content);
importPackage(Packages.com.silverwrist.venice.frame);
req = bsf.lookupBean("request");
req_help = bsf.lookupBean("request_help");
target = req_help.getParameterString("tgt");
if (target==null)
target = "top.js.vs";
vlib.setOnError(req,target);
user = vlib.getUser(req);
// Check the user account.
user = vlib.getUser(req);
if (user.isAnonymous())
{ // user not logged in, must log in first - so bounce us to the login dialog
new_target = "sourceid/federations.js.vs?tgt=" + stringutils.encodeURL(target);
dynamo.scriptReturn(new Redirect("SERVLET","login.js.vs?tgt=" + stringutils.encodeURL(new_target)));
} // end if
// Get the IDP session.
idpsess = sourceid.getIDPSession(req,false);
if (idpsess==null) // auto-logout if there's no IDP session
dynamo.scriptReturn(new Redirect("SERVLET","logout.js.vs"));
// Load the profile menu.
mprov = vcast.queryMenuProvider(req_help.getRequestObject(Namespaces.DYNAMO_OBJECT_NAMESPACE,"venice-menus"));
menu = mprov.getInlineMenu(user,VeniceNamespaces.USER_PROFILE_NAMESPACE,"user.profile.menu",cast.newIntArray(0));
if (menu.getItemCount()>1)
{ // set up the menu properly
menu.setVariable("target",stringutils.encodeURL(target));
ndx = menu.getItemContainingLinkText("sourceid/federations.js.vs");
menu.setSelectedIndex(ndx);
} // end if
else // don't display the menu
menu = null;
// Create the return value.
rc = new VelocityView("Identity Federations","sourceid/federations.vm");
rc.setParameter("target",target);
if (menu!=null)
rc.setParameter("menu",menu);
// Get the list of identity providers and a bunch of information about them.
pdir = sourceid.getProviderDirectory(req);
it = pdir.getSPList().iterator();
plist = new ArrayList();
while (it.hasNext())
{ // get each service provider in turn
map = new HashMap();
sp = sourceid.castSPDescriptorType(it.next());
map.put("provider",sp.providerID);
sentry = sourceid.getEntryForProvider(idpsess,sp.providerID);
if (sentry!=null)
map.put("auth",Boolean.TRUE);
map.put("federated",cast.booleanObject(sourceid.isUserFederatedWith(req,sp.providerID)));
plist.add(map);
} // end while
rc.setParameter("provider_data",plist);
dynamo.scriptOutput(rc); // all done

20
venice-data-sso/idp/scripts/sourceid/idp_login.js Normal file
View File

@ -0,0 +1,20 @@
// The contents of this file are subject to the Mozilla Public License Version 1.1
// (the "License"); you may not use this file except in compliance with the License.
// You may obtain a copy of the License at <http://www.mozilla.org/MPL/>.
//
// Software distributed under the License is distributed on an "AS IS" basis, WITHOUT
// WARRANTY OF ANY KIND, either express or implied. See the License for the specific
// language governing rights and limitations under the License.
//
// The Original Code is the Venice Web Communities System.
//
// The Initial Developer of the Original Code is Eric J. Bowersox <erbo@silcom.com>,
// for Silverwrist Design Studios. Portions created by Eric J. Bowersox are
// Copyright (C) 2003 Eric J. Bowersox/Silverwrist Design Studios. All Rights Reserved.
//
// Contributor(s):
importPackage(Packages.com.silverwrist.dynamo.iface);
importPackage(Packages.com.silverwrist.dynamo.util);
dynamo.scriptOutput(new Redirect("SERVLET","login.js.vs?tgt=sourceid/idp_return_login.js.vs"));

69
venice-data-sso/idp/scripts/sourceid/idp_return_login.js Normal file
View File

@ -0,0 +1,69 @@
// The contents of this file are subject to the Mozilla Public License Version 1.1
// (the "License"); you may not use this file except in compliance with the License.
// You may obtain a copy of the License at <http://www.mozilla.org/MPL/>.
//
// Software distributed under the License is distributed on an "AS IS" basis, WITHOUT
// WARRANTY OF ANY KIND, either express or implied. See the License for the specific
// language governing rights and limitations under the License.
//
// The Original Code is the Venice Web Communities System.
//
// The Initial Developer of the Original Code is Eric J. Bowersox <erbo@silcom.com>,
// for Silverwrist Design Studios. Portions created by Eric J. Bowersox are
// Copyright (C) 2003 Eric J. Bowersox/Silverwrist Design Studios. All Rights Reserved.
//
// Contributor(s):
importPackage(Packages.org.sourceid.sso.xml.lib)
importPackage(Packages.com.silverwrist.dynamo.iface);
importPackage(Packages.com.silverwrist.dynamo.util);
req = bsf.lookupBean("request"); // get request
rhelp = bsf.lookupBean("request_help"); // get request helper
session = rhelp.getSession(); // get the session
user = vlib.getUser(session);
if (user.isAnonymous())
{ // we did not authenticate - bail out
ar = sourceid.castAuthnRequestType(rhelp.getExternalSessionAttribute("org.sourceid.sso.authnRequest"));
if (ar==null)
dynamo.scriptReturn(new Redirect("SERVLET","top.js.vs"));
else
dynamo.scriptReturn(new ForwardToServlet("SourceID-SSO-Authenticator"));
} // end if
// Perform the Identity Provider Introduction Protocol, if it's configured. This involves forwarding to another
// servlet, which will bounce to a common domain, set a cookie, and bounce back here.
if (rhelp.getExternalAppAttribute("org.sourceid.sso.commonDomain")!=null)
{ // only do this once...
if (rhelp.getExternalSessionAttribute("org.sourceid.sso.IDPIntroductionDone")==null)
{ // We need to construct the return path as an ABSOLUTE URL...
rewriter = cast.queryURLRewriter(req);
tmp = rewriter.rewriteURL("SERVLET","sourceid/idp_return_login.js.vs");
url = "http://" + req.getServerName();
if ((req.getServerPort()>0) && (req.getServerPort()!=80))
url += (":" + req.getServerPort() + tmp);
else
url += tmp;
rc = new ForwardToPath("/sso/idpiWriter");
rc.setParameter("ReturnURL",url);
dynamo.scriptReturn(rc);
} // end if
rhelp.removeExternalSessionAttribute("org.sourceid.sso.IDPIntroductionDone");
} // end if
// If this wasn't the result of an external authentication request, leave.
ar = sourceid.castAuthnRequestType(rhelp.getExternalSessionAttribute("org.sourceid.sso.authnRequest"));
if (ar==null)
dynamo.scriptReturn(new Redirect("SERVLET","top.js.vs"));
// Tell SourceID that we authenticated with this provider. Venice uses default password authentication, so
// tell it that as well.
rc = new ForwardToServlet("SourceID-SSO-Authenticator");
rc.setParameter("UserID",user);
rc.setParameter("AuthnMethod","urn:oasis:names:tc:SAML:1.0:am:password");
dynamo.scriptOutput(rc);

42
venice-data-sso/idp/scripts/sourceid/logout_render.js Normal file
View File

@ -0,0 +1,42 @@
// The contents of this file are subject to the Mozilla Public License Version 1.1
// (the "License"); you may not use this file except in compliance with the License.
// You may obtain a copy of the License at <http://www.mozilla.org/MPL/>.
//
// Software distributed under the License is distributed on an "AS IS" basis, WITHOUT
// WARRANTY OF ANY KIND, either express or implied. See the License for the specific
// language governing rights and limitations under the License.
//
// The Original Code is the Venice Web Communities System.
//
// The Initial Developer of the Original Code is Eric J. Bowersox <erbo@silcom.com>,
// for Silverwrist Design Studios. Portions created by Eric J. Bowersox are
// Copyright (C) 2003 Eric J. Bowersox/Silverwrist Design Studios. All Rights Reserved.
//
// Contributor(s):
importPackage(java.util);
importPackage(Packages.com.silverwrist.dynamo.iface);
importPackage(Packages.com.silverwrist.dynamo.util);
req = bsf.lookupBean("request"); // get request
rhelp = bsf.lookupBean("request_help"); // get request helper
// Resequence the Logout URL Map so it's more usable by Velocity.
input_map = cast.toMap(rhelp.getChainParameter("Logout.URL.Map"));
logout_list = new ArrayList(input_map.size());
it = input_map.entrySet().iterator();
while (it.hasNext())
{ // take each Map.Entry and make a new Map out of it
ntry = cast.toMapEntry(it.next());
tmp = new HashMap();
tmp.put("id",ntry.getKey());
tmp.put("url",ntry.getValue());
logout_list.add(tmp);
} // end while
// Create the resulting view.
rc = new VelocityView("Service Provider Logout","sourceid/logout_render.vm");
rc.setParameter("logout",logout_list);
rc.setParameter("nextURL",rhelp.getChainParameter("Return.Success"));
dynamo.scriptOutput(rc);

28
venice-data-sso/idp/scripts/sourceid/post_assertion.js Normal file
View File

@ -0,0 +1,28 @@
// The contents of this file are subject to the Mozilla Public License Version 1.1
// (the "License"); you may not use this file except in compliance with the License.
// You may obtain a copy of the License at <http://www.mozilla.org/MPL/>.
//
// Software distributed under the License is distributed on an "AS IS" basis, WITHOUT
// WARRANTY OF ANY KIND, either express or implied. See the License for the specific
// language governing rights and limitations under the License.
//
// The Original Code is the Venice Web Communities System.
//
// The Initial Developer of the Original Code is Eric J. Bowersox <erbo@silcom.com>,
// for Silverwrist Design Studios. Portions created by Eric J. Bowersox are
// Copyright (C) 2003 Eric J. Bowersox/Silverwrist Design Studios. All Rights Reserved.
//
// Contributor(s):
importPackage(Packages.com.silverwrist.dynamo.iface);
importPackage(Packages.com.silverwrist.dynamo.util);
importClass(Packages.com.silverwrist.dynamo.velocity.VelocityPage);
req = bsf.lookupBean("request"); // get request
rhelp = bsf.lookupBean("request_help"); // get request helper
// Create a simple template return value.
rc = new VelocityPage("sourceid/post_assertion.vm");
rc.setParameter("url",rhelp.getChainParameter("URL"));
rc.setParameter("lares",rhelp.getChainParameter("LARES"));
dynamo.scriptOutput(rc);

64
venice-data-sso/idp/velocity/sourceid/federations.vm Normal file
View File

@ -0,0 +1,64 @@
#*
The contents of this file are subject to the Mozilla Public License Version 1.1
(the "License"); you may not use this file except in compliance with the License.
You may obtain a copy of the License at <http://www.mozilla.org/MPL/>.
Software distributed under the License is distributed on an "AS IS" basis, WITHOUT
WARRANTY OF ANY KIND, either express or implied. See the License for the specific
language governing rights and limitations under the License.
The Original Code is the Venice Web Communities System.
The Initial Developer of the Original Code is Eric J. Bowersox <erbo@silcom.com>,
for Silverwrist Design Studios. Portions created by Eric J. Bowersox are
Copyright (C) 2003 Eric J. Bowersox/Silverwrist Design Studios. All Rights Reserved.
Contributor(s):
*#
#*
Parameters:
menu = Menu to display along the top (may be null)
target = Target page attribute.
provider_data = List of information about individual providers.
*#
#set( $et = "#encodeURL( $target )" )
#if( $menu )
#render( $menu )
#end
#header1( "Identity Federations" )
<p><b>This site can federate its identity to any of the following Service Providers:</b></p>
<div align="center"><table border="1">
<tr>
<th class="content"><b>Provider ID</b></th>
<th class="content"><b>Authenticated?</b></th>
<th class="content"><b>Federated?</b></th>
<th class="content">&nbsp;</th>
</tr>
#foreach( $p in $provider_data )
#set( $ep = "#encodeURL( $p.provider )" )
<tr>
<td>#encodeHTML( $p.provider )</td>
<td>
#if( $p.auth )
<b>Yes</b>
#else
No
#end
</td>
<td>
#if( $p.federated )
<b>Yes</b>
#else
No
#end
</td>
<td>
#if( $p.federated )
<a href="#formatURL( "SERVLET" "sourceid/defederate.js.vs?p=$ep&tgt=$et" )">#button( "IMAGE" "terminate" )</a>
#else
(Visit the service provider's site to federate)
#end
</td>
</tr>
#end
</table></div>

29
venice-data-sso/idp/velocity/sourceid/login_heading.vm Normal file
View File

@ -0,0 +1,29 @@
#*
The contents of this file are subject to the Mozilla Public License Version 1.1
(the "License"); you may not use this file except in compliance with the License.
You may obtain a copy of the License at <http://www.mozilla.org/MPL/>.
Software distributed under the License is distributed on an "AS IS" basis, WITHOUT
WARRANTY OF ANY KIND, either express or implied. See the License for the specific
language governing rights and limitations under the License.
The Original Code is the Venice Web Communities System.
The Initial Developer of the Original Code is Eric J. Bowersox <erbo@silcom.com>,
for Silverwrist Design Studios. Portions created by Eric J. Bowersox are
Copyright (C) 2003 Eric J. Bowersox/Silverwrist Design Studios. All Rights Reserved.
Contributor(s):
*#
#*
Parameters:
provider = Name of provider that's asking us to log in.
federate = True (set) if the IDP is federating with us.
*#
<p>You are being asked to log on to Venice as a Liberty Identity Provider (IDP) by the following Liberty Service
Provider (SP): <b>#encodeHTML( $provider )</b>. After successfully logging on here, you will be redirected back to
the Service Provider.</p>
#if( $federate )
<p>In addition, the Service Provider has asked this IDP to federate this account after the user is authenticated.
This will happen automatically.</p>
#end

38
venice-data-sso/idp/velocity/sourceid/logout_render.vm Normal file
View File

@ -0,0 +1,38 @@
#*
The contents of this file are subject to the Mozilla Public License Version 1.1
(the "License"); you may not use this file except in compliance with the License.
You may obtain a copy of the License at <http://www.mozilla.org/MPL/>.
Software distributed under the License is distributed on an "AS IS" basis, WITHOUT
WARRANTY OF ANY KIND, either express or implied. See the License for the specific
language governing rights and limitations under the License.
The Original Code is the Venice Web Communities System.
The Initial Developer of the Original Code is Eric J. Bowersox <erbo@silcom.com>,
for Silverwrist Design Studios. Portions created by Eric J. Bowersox are
Copyright (C) 2003 Eric J. Bowersox/Silverwrist Design Studios. All Rights Reserved.
Contributor(s):
*#
#*
Parameters:
logout = List of ServiceProviders to log out, with IDs and URLs.
nextURL = The next URL to move to.
*#
#header1( "Single Logout" )
<p>When all the checkmark images below have finished loading, you will have been logged out of Venice, and also
logged out of all the Service Providers listed below with whom you've recently authenticated.</p>
<div align="center"><table border="1">
<tr>
<th><b>Provider ID</b></th>
<th><b>Logged Out</b></th>
</tr>
#foreach( $p in $logout )
<tr>
<td>#encodeHTML( $p.id )</td>
<td align="center"><img src="$p.url" width="32" height="32" border="0"></td>
</tr>
#end
</table></div>
<p>When all logouts are finished, <a href="$nextURL">click here</a>.</p>

25
venice-data-sso/idp/velocity/sourceid/post_assertion.vm Normal file
View File

@ -0,0 +1,25 @@
#*
The contents of this file are subject to the Mozilla Public License Version 1.1
(the "License"); you may not use this file except in compliance with the License.
You may obtain a copy of the License at <http://www.mozilla.org/MPL/>.
Software distributed under the License is distributed on an "AS IS" basis, WITHOUT
WARRANTY OF ANY KIND, either express or implied. See the License for the specific
language governing rights and limitations under the License.
The Original Code is the Venice Web Communities System.
The Initial Developer of the Original Code is Eric J. Bowersox <erbo@silcom.com>,
for Silverwrist Design Studios. Portions created by Eric J. Bowersox are
Copyright (C) 2003 Eric J. Bowersox/Silverwrist Design Studios. All Rights Reserved.
Contributor(s):
*#
#*
Parameters:
lares = LARES parameter to be posted bact to the URL
url = URL parameter to be posted back
*#
<html><body onload="javascript:document.theForm.submit()">
<form method="post" action="$url" name="theForm"><input type="hidden" name="LARES" value="$lares"></form>
</body></html>

2
venice-data-sso/sp/scripts/sourceid/federations.js
View File

@ -10,7 +10,7 @@
//
// The Initial Developer of the Original Code is Eric J. Bowersox <erbo@silcom.com>,
// for Silverwrist Design Studios. Portions created by Eric J. Bowersox are
// Copyright (C) 2002 Eric J. Bowersox/Silverwrist Design Studios. All Rights Reserved.
// Copyright (C) 2003 Eric J. Bowersox/Silverwrist Design Studios. All Rights Reserved.
//
// Contributor(s):