Skip to main content

How commonauth service work with SSO in WSO2 Identity Server

Considering two SAML service providers configured under the same tenant, they are by default in single sing on, so after I login in Service provider A I can use the same browser to access Service provider B without inserting my credentials again. This blog explains in details how this happened with commonauth service during the second login

What happens here is:

On the first login to service provider A, it stores a cookie with a name "commonAuthId"
When the first request comes; DefaultRequestCoordinator.handle() [1] method invokes DefaultAuthenticationRequestHandler.handle() method, see [2]
within the DefaultAuthenticationRequestHandler.handle() it invokes concludeFlow() private method [3], that sets the 'commonAuthId' cookie via setAuthCookie() method [4]

 
private void setAuthCookie(HttpServletRequest request, HttpServletResponse response, AuthenticationContext context,
                               String sessionKey, String tenantDomain) throws FrameworkException {
        Integer authCookieAge = null;

        if (context.isRememberMe()) {
            authCookieAge = IdPManagementUtil.getRememberMeTimeout(tenantDomain);
        }

        FrameworkUtils.storeAuthCookie(request, response, sessionKey, authCookieAge);
    }






FrameworkUtils.storeAuthCookie() method








public static void storeAuthCookie(HttpServletRequest req, HttpServletResponse resp, String id, Integer age) {

        Cookie authCookie = new Cookie(FrameworkConstants.COMMONAUTH_COOKIE, id);
        authCookie.setSecure(true);
        authCookie.setHttpOnly(true);
        authCookie.setPath("/");

        if (age != null) {
            authCookie.setMaxAge(age.intValue() * 60);
        }

        resp.addCookie(authCookie);
    }










[1] https://github.com/wso2/carbon-identity/blob/v5.0.7/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/DefaultRequestCoordinator.java#L80



[2] https://github.com/wso2/carbon-identity/blob/v5.0.7/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/DefaultRequestCoordinator.java#L135



[3]  https://github.com/wso2/carbon-identity/blob/v5.0.7/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/DefaultAuthenticationRequestHandler.java#L120

















[4] https://github.com/wso2/carbon-identity/blob/v5.0.7/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/DefaultAuthenticationRequestHandler.java#L284



Then, when we access the service provider B, it checks whether the "commonAuthId" is available in cookie list, if yes, then it gets the authentication details from SessionContext and by pass the authentication step.

see [5] findPreviousAuthenticatedSession() method



[5]https://github.com/wso2/carbon-identity/blob/v5.0.7/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/DefaultRequestCoordinator.java















Labels:






























Comments








Post a Comment
























Popular posts from this blog



















How to generate random unique number in SOAP UI request




























  eg 1:   ${=System.currentTimeMillis() + ((int)(Math.random()*10000))}   eg 2:   ${=java.util.UUID.randomUUID()}   ${=java.util.UUID.randomUUID()}   ${=System.currentTimeMillis()  + ((int)(Math.random()*10000))} - See more at:  http://tryitnw.blogspot.com/2014/03/generating-random-unique-number-in-soap.html#sthash.m2S4tUFu.dpuf   ${=System.currentTimeMillis()  + ((int)(Math.random()*10000))} - See more at:  http://tryitnw.blogspot.com/2014/03/generating-random-unique-number-in-soap.html#sthash.m2S4tUFu.dpuf   ${=System.currentTimeMillis()  + ((int)(Math.random()*10000))} - See more at:  http://tryitnw.blogspot.com/2014/03/generating-random-unique-number-in-soap.html#sthash.m2S4tUFu.dpuf  




















Post a Comment









Read more






























Tips on using environment variables in WSO2 Integration Cloud




























  Environment variables  allow you to change an application's internal configuration without changing its source code. Let’s say you want to deploy the same application in development, testing  and production environments. Then database related configs and some other internal configurations may change from one environment to another. If we can define these configurations as an environment variables we can easily set those without changing the source code of that application.     When you deploy your application in WSO2 Integration Cloud, it lets you define environment variables via the UI. Whenever you change the values of environment variables, you just need to redeploy the application for the changes to take effect.      Predefined environment variables   Key Concepts - Environment Variables   provides you some predefined set of environment variables which will be useful when deploying applications in WSO2 Integration Cloud.      Sample on how to use environment variables   ...




















Post a Comment









Read more




























VFS access SFTP with special character password




























 Learn WSO2 ESB VFS Transport  https://docs.wso2.com/display/ESB481/VFS+Transport   When we need to access the FTP server using SFTP, VFS connection-specific URL need to be given as :   <parameter name="transport.vfs.FileURI">vfs:sftp://username:p@ssword@ftp.server.com/filePath?vfs.passive=true</parameter>   When the password contains a special characters (eg: p@ssword), it gives the following error.   2015-03-27 13:06:03,766  [-]   [PassThroughMessageProcessor-5]  ERROR VFSTransportSender cannot resolve replyFile  org.apache.commons.vfs2.FileSystemException: Invalid absolute URI "sftp://username:***@ftp.server.com/filePath?vfs.passive=true".     Solution 1:     Replace the special characters with the respective hex representation.     <parameter name="transport.vfs.FileURI">vfs:sftp://username:p%40ssword@ftp.server.com/filePath?vfs.passive=true</parameter>          Char     Hex Code     -------  --------     [space]    %20        ...




















Post a Comment









Read more