Question

I have been trying this OpenIG Identity Gateway from the ForgeRock guys to integrate some legacy systems in this case in particular I'm using it with OpenACS+.LRN a project, from Ars Digita and different institutions.

Here's the problem: Using the recipes found in the OpenIG documentation to extract hidden values and reply the cookies of the requests to avoid security issues, I got a successful POST request to get logged into the system but after the request, the OpenACS log tells me thet the initial petition requested something like http://10.10.10.10/register rather than the real client petition http://openacs-domain.com/register and breaks to a 302 redirect to the IP direction to make a new login.

I have modified the /etc/hosts to check if it performs the name resolution with no success.

The curious thing is that if I back to the domain when the initial request was made, I have a valid initiated session and everything is cool.

I hope I have been descriptive enough and somebody has a solution for this. I will attach my config.json

    {
  "heap": {
    "objects": [
    {
        "name": "HandlerServlet",
        "comment": "Entry point that transforms Servlet request to handler request.",
        "type": "HandlerServlet",
        "config": {
            "handler": "DispatchHandler",
            "baseURI":"http://10.10.10.10"
        }
    },
    {      
        "name": "DispatchHandler",
        "type": "DispatchHandler",
        "config": {
            "bindings": [  
                {                      
                    "condition": "${exchange.request.uri.path == '/register/'}",
                    "handler": "LoginChain"
                },
                {                      
                    "handler": "OutgoingChain",
                },
            ]  
        }  
    },
    {
        "name": "LoginChain",
        "type": "Chain",
        "config": {
            "filters": ["SwitchFilter", "HiddenValueExtract"],
            "handler": "OutgoingChain"
        }  
    },
    {
        "name": "HiddenValueExtract",
        "type": "EntityExtractFilter",
        "config": {
            "messageType": "response",
            "target": "${exchange.hiddenValue}",
            "bindings": [
                {
                    "key": "time",
                    "pattern": "time\"\s.*value=\"(.{10})\"",
                    "template": "$1"
                },
                {
                    "key": "tokenId",
                    "pattern": "token_id\"\s.*value=\"(.{3})\"",
                    "template": "$1"
                },
                {
                    "key": "hash",
                    "pattern": "hash\"\s.*value=\"(.*)\"",
                    "template": "$1"
                }
            ]
        }       
    },
    {
        "name": "SwitchFilter",
        "type": "SwitchFilter",
        "config": {
            "onResponse": [
                {
                    "condition": "${exchange.response.status == 200}",
                    "handler": "LoginRequestHandler"
                }
            ]
        }
    },
    {
        "name": "LoginRequestHandler",
        "type": "Chain",
        "config": {
            "filters": ["LoginRequest"],
            "handler": "OutgoingChain"
        }  
    },
    {  
        "name": "LoginRequest",
        "type": "StaticRequestFilter",
        "config": {
            "method": "POST",
            "uri": "http://10.10.10.10/register/",
            "form": {
                "form:mode": ["edit"],
                "form:id": ["login"],
                "__confirmed_p": ["0"],
                "__refreshing_p": ["0"],
                "return_url": ["/dotlrn/control-panel"],
                "time": ["${exchange.hiddenValue.time}"],
                "token_id": ["${exchange.hiddenValue.tokenId}"],
                "hash": ["${exchange.hiddenValue.hash}"]
                "email": ["user.example@gmail.com"],
                "password": ["password"]
            }
            "headers": {
                "cookie": ["${exchange.response.headers['Set-Cookie'][0]}"],
            }  
        }  
    },
    {
        "name": "OutgoingChain",
        "type": "Chain",
        "config": {
            "filters": ["CaptureFilter"],
            "handler": "ClientHandler"
        }  
    },
    {  
        "name": "CaptureFilter",
        "type": "CaptureFilter",
        "config": {
            "captureEntity": false,
            "file": "/tmp/gateway.log",
        }      
    },
    {
        "name": "ClientHandler",
        "comment": "Responsible for sending all requests to remote servers.",
        "type": "ClientHandler",
        "config": {
            }
        }
    ]
  },
  "servletObject": "HandlerServlet",
}
Was it helpful?

Solution

This is the final version:

{


"heap": {
    "objects": [
    {
        "name": "LogSink",
        "comment": "Default sink for logging information.",
        "type": "ConsoleLogSink",
        "config": {
            "level": "DEBUG",
        }
    },
    {
        "name": "DispatchServlet",
        "type": "DispatchServlet",
        "config": {
            "bindings": [
                {
                    "pattern":"^/saml",
                    "object":"FederationServlet"
                },
                {
                    "pattern":"",
                    "object":"HandlerServlet"
                }
            ]
        }
    },
    {
        "name": "FederationServlet",
        "type": "org.forgerock.openig.saml.FederationServlet",
        "config": {
            "assertionMapping": {
                "userName":"mail",
                "password":"employeenumber"
            },
            "subjectMapping":"subjectName",
            "redirectURI":"/register",
            "logoutURI":"/register/logout"
         }
    },
    {
        "name": "HandlerServlet",
        "comment": "Entry point that transforms Servlet request to handler request.",
        "type": "HandlerServlet",
        "config": {
            "handler": "DispatchHandler",
            "baseURI":"http://www.plataformaciapem.org.mx"
        }
    },
    {      
        "name": "DispatchHandler",
        "type": "DispatchHandler",
        "config": {
            "bindings": [  
                {                      
                    "condition": "${exchange.request.uri.path != '/register/'}",
                    "handler": "ClientHandler"
                },
                {
                    "condition": "${empty exchange.session.userName}",
                    "handler": "SPInitiatedSSORedirectHandler",
                },
                {                      
                    "handler": "LoginChain",
                },
            ]  
        }  
    },
     {
        "name": "SPInitiatedSSORedirectHandler",
           "type": "StaticResponseHandler",
           "config": {
               "status": 302,
               "reason": "Found",
               "headers": {
                   "Location": ["http://www.plataformaciapem.org.mx/saml/SPInitiatedSSO"]
               }
           }
    },
    {
        "name": "LoginChain",
        "type": "Chain",
        "config": {
            "filters": ["SwitchFilter", "HiddenValueExtract"],
            "handler": "OutgoingChain"
        }  
    },
    {
        "name": "HiddenValueExtract",
        "type": "EntityExtractFilter",
        "config": {
            "messageType": "response",
            "target": "${exchange.hiddenValue}",
            "bindings": [
                {
                    "key": "time",
                    "pattern": "time\"\s.*value=\"(.{10})\"",
                    "template": "$1"
                },
                {
                    "key": "tokenId",
                    "pattern": "token_id\"\s.*value=\"(.{3})\"",
                    "template": "$1"
                },
                {
                    "key": "hash",
                    "pattern": "hash\"\s.*value=\"(.*)\"",
                    "template": "$1"
                }
            ]
        }       
    },
    {
        "name": "SwitchFilter",
        "type": "SwitchFilter",
        "config": {
            "onResponse": [
                {
                    "condition": "${exchange.response.status == 200}",
                    "handler": "LoginRequestHandler"
                }
            ]
        }
    },
    {
        "name": "LoginRequestHandler",
        "type": "Chain",
        "config": {
            "filters": ["LoginRequest"],
            "handler": "OutgoingChain"
        }  
    },
    {  
        "name": "LoginRequest",
        "type": "StaticRequestFilter",
        "config": {
            "method": "POST",
            "uri": "http://www.plataformaciapem.org.mx/register/",
            "form": {
                "form:mode": ["edit"],
                "form:id": ["login"],
                "__confirmed_p": ["0"],
                "__refreshing_p": ["0"],
                "return_url": ["/dotlrn/control-panel"],
                "time": ["${exchange.hiddenValue.time}"],
                "token_id": ["${exchange.hiddenValue.tokenId}"],
                "hash": ["${exchange.hiddenValue.hash}"]
                "email": ["${exchange.session.userName}"],
                "password": ["${exchange.session.password}"],
            }
            "headers": {
                "cookie": ["${exchange.response.headers['Set-Cookie'][0]}"],
            }  
        }  
    },
    {
        "name": "OutgoingChain",
        "type": "Chain",
        "config": {
            "filters": ["CaptureFilter"],
            "handler": "ClientHandler"
        }  
    },
    {  
        "name": "CaptureFilter",
        "type": "CaptureFilter",
        "config": {
            "captureEntity": false,
            "file": "/tmp/gateway.log",
        }      
    },
    {
        "name": "ClientHandler",
        "comment": "Responsible for sending all requests to remote servers.",
        "type": "ClientHandler",
        "config": {
            }
        }
    ]
  },
  "servletObject": "DispatchServlet",
}
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top