asgardeo / asgardeo-tomcat-saml-agent Goto Github PK
View Code? Open in Web Editor NEWSAML Agent for Tomcat using Java SAML SDK for Asgardio
License: Apache License 2.0
SAML Agent for Tomcat using Java SAML SDK for Asgardio
License: Apache License 2.0
Describe the issue:
Currently, upon successful authentication, the SSO agent redirects the user to the page registered in the ACS URL (eg: app/home).
However, if a user tries to access another secured page (eg: app/myAccount) without having an authenticated session with the IdP, the user is first prompted for authentication. Then upon successful authentication, the user is redirected to the app/home where the user should have been redirected to the original page he tried to access; app/myAccount.
Expected behaviour
The Agent should keep track of the original page the user tried to access (target page), and redirect the user to the target page upon successful authentication.
The sample app needs to be dockerized in order to facilitate convenient deployments.
Description:
After initiating an SLO request from a secondary application and then, refreshing the logged-in secured page (eg: home.jsp in the sample-app in tomcat-saml-agent) of the primary app does not redirect the user to a login page nor does it prompt the user for authentication. Instead a new logged in session would be created and the secured page would be accessible.
Steps to reproduce:
Description:
Currently there is no developer catalog for describing, and for explaining the functionalities of the configurations in app.properties file.
A catalog with a description of each property, along with an example use case would be sufficient to give the idea of how each property can be used.
We need to provide the capability to configure the properties of sample-app.properties
file dynamically.
Describe the issue:
SSOAgentConfig is singleton, so changing this object with requests should be synchronized or use copy of object. Concrete example of code is here:
https://github.com/asgardio/asgardio-tomcat-saml-agent/blob/master/io.asgardio.tomcat.saml.agent/src/main/java/io/asgardio/tomcat/saml/agent/SAML2SSOAgentFilter.java#L148-L151
After incorrect case variable ssoAgentConfig.getSAML2().isPassiveAuthn ends with value true a then all next logins will be passive.
I made pull request for this bug, that includes changes after code review.
How to reproduce:
I wrote test for this case https://github.com/boulik/tomcat-saml-agent-stressTest
Expected behavior:
--
Environment information (Please complete the following information; remove any unnecessary fields) :
Related issues:
Suggested labels:
Describe the issue:
Cross protocol SLO is not working properly for SAML tomact agent sample applictaion
When logout from the OIDC application which is SSO and SLO enabled, below behavior found
Logout from the SAML application is not functioning properly in both cases.
How to reproduce:
1.Setup the sample SAML agent application
2. Setup OIDC Application in order to work the SSO
( SSO & SLO enabled, IDP initialed SSO & SLO enabled with back channel logout enabled both applications)
3. Logout from the OIDC application
4. behavior
Refresh the SAML application when SSO initiated by IDP, it will stay in same page without knowing back channel is logout.
Refresh the SAML application when SSO initaied by SP itself, then it will prompt Login page because of SAML2RequestID is null in [1] and send SSO request again to IS. This is always gives null even without logout is performed every refresh it calls the SSO request to IS.
Here, InResponseTo value not there in the IDP initialed SAML response while SAML response in SP initialed scenario has some value. Both case it doesn't fire /logout flow in the SAML2SSOAgentFilter instead always fire [2] condition
[1] https://github.com/asgardio/asgardio-java-saml-sdk/blob/master/io.asgardio.java.saml.sdk/src/main/java/io/asgardio/java/saml/sdk/SAML2SSOManager.java#L376
[2] https://github.com/asgardio/asgardio-tomcat-saml-agent/blob/master/io.asgardio.tomcat.saml.agent/src/main/java/io/asgardio/tomcat/saml/agent/SAML2SSOAgentFilter.java#L94
Expected behavior:
Environment information (Please complete the following information; remove any unnecessary fields) :
Related issues:
Suggested labels:
Describe the issue:
The following error prevents the web app from deploying if the keyStore related properties are not included in the .properties file.
org.apache.catalina.core.StandardContext.listenerStart Exception sending context initialized event to listener instance of class [io.asgardeo.tomcat.saml.agent.SSOAgentContextEventListener]
java.lang.NullPointerException
at io.asgardeo.tomcat.saml.agent.SSOAgentContextEventListener.contextInitialized(SSOAgentContextEventListener.java:80)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4716)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5172)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:717)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:690)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:706)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:1023)
at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1903)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75)
...
How to reproduce:
Remove the Keystore-related configurations from the properties file and deploy the web app.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.