completed support for SourceID IDP, not tested yet

venice-data-sso/idp/scripts/sourceid/defederate.js

@@ -0,0 +1,54 @@
+// The contents of this file are subject to the Mozilla Public License Version 1.1
+// (the "License"); you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at <http://www.mozilla.org/MPL/>.
+// 
+// Software distributed under the License is distributed on an "AS IS" basis, WITHOUT
+// WARRANTY OF ANY KIND, either express or implied. See the License for the specific
+// language governing rights and limitations under the License.
+// 
+// The Original Code is the Venice Web Communities System.
+// 
+// The Initial Developer of the Original Code is Eric J. Bowersox <erbo@silcom.com>,
+// for Silverwrist Design Studios.  Portions created by Eric J. Bowersox are
+// Copyright (C) 2003 Eric J. Bowersox/Silverwrist Design Studios.  All Rights Reserved.
+// 
+// Contributor(s): 
+
+importPackage(java.lang);
+importPackage(java.util);
+importPackage(Packages.org.sourceid.sso.util);
+importPackage(Packages.org.sourceid.sso.xml);
+importPackage(Packages.org.sourceid.sso.xml.lib);
+importClass(Packages.com.silverwrist.dynamo.Namespaces);
+importPackage(Packages.com.silverwrist.dynamo.iface);
+importPackage(Packages.com.silverwrist.dynamo.util);
+importClass(Packages.com.silverwrist.venice.VeniceNamespaces);
+importPackage(Packages.com.silverwrist.venice.content);
+importPackage(Packages.com.silverwrist.venice.frame);
+
+req = bsf.lookupBean("request");
+req_help = bsf.lookupBean("request_help");
+target = req_help.getParameterString("tgt");
+if (target==null)
+  target = "top.js.vs";
+vlib.setOnError(req,target);
+
+// Make sure we're logged in.
+user = vlib.getUser(req);
+if (user.isAnonymous())
+  dynamo.scriptReturn(new Redirect("SERVLET","top.js.vs"));
+
+return_URL = "sourceid/federations.js.vs?tgt=" + stringutils.encodeURL(target);
+
+// Make sure a provider ID is provided.
+provider = req_help.getParameterString("p");
+if (provider==null)
+  dynamo.scriptReturn(new Redirect("SERVLET",return_URL));
+
+// Create a defederation request.
+rc = new ForwardToPath("/sso/fedterm");
+rc.setParameter("ProviderID",provider);
+rc.setParameter("UserID",user);  // pass our user object to SourceID
+rc.setParameter("Return.Success","/" + return_URL);
+rc.setParameter("Return.Failure","/" + return_URL);
+dynamo.scriptReturn(rc);

venice-data-sso/idp/scripts/sourceid/federations.js

@@ -0,0 +1,89 @@
+// The contents of this file are subject to the Mozilla Public License Version 1.1
+// (the "License"); you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at <http://www.mozilla.org/MPL/>.
+// 
+// Software distributed under the License is distributed on an "AS IS" basis, WITHOUT
+// WARRANTY OF ANY KIND, either express or implied. See the License for the specific
+// language governing rights and limitations under the License.
+// 
+// The Original Code is the Venice Web Communities System.
+// 
+// The Initial Developer of the Original Code is Eric J. Bowersox <erbo@silcom.com>,
+// for Silverwrist Design Studios.  Portions created by Eric J. Bowersox are
+// Copyright (C) 2003 Eric J. Bowersox/Silverwrist Design Studios.  All Rights Reserved.
+// 
+// Contributor(s): 
+
+importPackage(java.lang);
+importPackage(java.util);
+importPackage(Packages.org.sourceid.sso.util);
+importPackage(Packages.org.sourceid.sso.xml);
+importPackage(Packages.org.sourceid.sso.xml.lib);
+importClass(Packages.com.silverwrist.dynamo.Namespaces);
+importPackage(Packages.com.silverwrist.dynamo.iface);
+importPackage(Packages.com.silverwrist.dynamo.util);
+importClass(Packages.com.silverwrist.venice.VeniceNamespaces);
+importPackage(Packages.com.silverwrist.venice.content);
+importPackage(Packages.com.silverwrist.venice.frame);
+
+req = bsf.lookupBean("request");
+req_help = bsf.lookupBean("request_help");
+target = req_help.getParameterString("tgt");
+if (target==null)
+  target = "top.js.vs";
+vlib.setOnError(req,target);
+user = vlib.getUser(req);
+
+// Check the user account.
+user = vlib.getUser(req);
+if (user.isAnonymous())
+{ // user not logged in, must log in first - so bounce us to the login dialog
+  new_target = "sourceid/federations.js.vs?tgt=" + stringutils.encodeURL(target);
+  dynamo.scriptReturn(new Redirect("SERVLET","login.js.vs?tgt=" + stringutils.encodeURL(new_target)));
+
+} // end if
+
+// Get the IDP session.
+idpsess = sourceid.getIDPSession(req,false);
+if (idpsess==null)  // auto-logout if there's no IDP session
+  dynamo.scriptReturn(new Redirect("SERVLET","logout.js.vs"));
+
+// Load the profile menu.
+mprov = vcast.queryMenuProvider(req_help.getRequestObject(Namespaces.DYNAMO_OBJECT_NAMESPACE,"venice-menus"));
+menu = mprov.getInlineMenu(user,VeniceNamespaces.USER_PROFILE_NAMESPACE,"user.profile.menu",cast.newIntArray(0));
+if (menu.getItemCount()>1)
+{ // set up the menu properly
+  menu.setVariable("target",stringutils.encodeURL(target));
+  ndx = menu.getItemContainingLinkText("sourceid/federations.js.vs");
+  menu.setSelectedIndex(ndx);
+
+} // end if
+else  // don't display the menu
+  menu = null;
+
+// Create the return value.
+rc = new VelocityView("Identity Federations","sourceid/federations.vm");
+rc.setParameter("target",target);
+if (menu!=null)
+  rc.setParameter("menu",menu);
+
+// Get the list of identity providers and a bunch of information about them.
+pdir = sourceid.getProviderDirectory(req);
+it = pdir.getSPList().iterator();
+plist = new ArrayList();
+while (it.hasNext())
+{ // get each service provider in turn
+  map = new HashMap();
+  sp = sourceid.castSPDescriptorType(it.next());
+  map.put("provider",sp.providerID);
+  sentry = sourceid.getEntryForProvider(idpsess,sp.providerID);
+  if (sentry!=null)
+    map.put("auth",Boolean.TRUE);
+  map.put("federated",cast.booleanObject(sourceid.isUserFederatedWith(req,sp.providerID)));
+  plist.add(map);
+
+} // end while
+
+rc.setParameter("provider_data",plist);
+
+dynamo.scriptOutput(rc);  // all done

venice-data-sso/idp/scripts/sourceid/idp_login.js

@@ -0,0 +1,20 @@
+// The contents of this file are subject to the Mozilla Public License Version 1.1
+// (the "License"); you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at <http://www.mozilla.org/MPL/>.
+// 
+// Software distributed under the License is distributed on an "AS IS" basis, WITHOUT
+// WARRANTY OF ANY KIND, either express or implied. See the License for the specific
+// language governing rights and limitations under the License.
+// 
+// The Original Code is the Venice Web Communities System.
+// 
+// The Initial Developer of the Original Code is Eric J. Bowersox <erbo@silcom.com>,
+// for Silverwrist Design Studios.  Portions created by Eric J. Bowersox are
+// Copyright (C) 2003 Eric J. Bowersox/Silverwrist Design Studios.  All Rights Reserved.
+// 
+// Contributor(s): 
+
+importPackage(Packages.com.silverwrist.dynamo.iface);
+importPackage(Packages.com.silverwrist.dynamo.util);
+
+dynamo.scriptOutput(new Redirect("SERVLET","login.js.vs?tgt=sourceid/idp_return_login.js.vs"));

venice-data-sso/idp/scripts/sourceid/idp_return_login.js

@@ -0,0 +1,69 @@
+// The contents of this file are subject to the Mozilla Public License Version 1.1
+// (the "License"); you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at <http://www.mozilla.org/MPL/>.
+// 
+// Software distributed under the License is distributed on an "AS IS" basis, WITHOUT
+// WARRANTY OF ANY KIND, either express or implied. See the License for the specific
+// language governing rights and limitations under the License.
+// 
+// The Original Code is the Venice Web Communities System.
+// 
+// The Initial Developer of the Original Code is Eric J. Bowersox <erbo@silcom.com>,
+// for Silverwrist Design Studios.  Portions created by Eric J. Bowersox are
+// Copyright (C) 2003 Eric J. Bowersox/Silverwrist Design Studios.  All Rights Reserved.
+// 
+// Contributor(s): 
+
+importPackage(Packages.org.sourceid.sso.xml.lib)
+importPackage(Packages.com.silverwrist.dynamo.iface);
+importPackage(Packages.com.silverwrist.dynamo.util);
+
+req = bsf.lookupBean("request");           // get request
+rhelp = bsf.lookupBean("request_help");    // get request helper
+session = rhelp.getSession();              // get the session
+user = vlib.getUser(session);
+
+if (user.isAnonymous())
+{ // we did not authenticate - bail out
+  ar = sourceid.castAuthnRequestType(rhelp.getExternalSessionAttribute("org.sourceid.sso.authnRequest"));
+  if (ar==null)
+    dynamo.scriptReturn(new Redirect("SERVLET","top.js.vs"));
+  else
+    dynamo.scriptReturn(new ForwardToServlet("SourceID-SSO-Authenticator"));
+
+} // end if
+
+// Perform the Identity Provider Introduction Protocol, if it's configured.  This involves forwarding to another
+// servlet, which will bounce to a common domain, set a cookie, and bounce back here.
+if (rhelp.getExternalAppAttribute("org.sourceid.sso.commonDomain")!=null)
+{ // only do this once...
+  if (rhelp.getExternalSessionAttribute("org.sourceid.sso.IDPIntroductionDone")==null)
+  { // We need to construct the return path as an ABSOLUTE URL...
+    rewriter = cast.queryURLRewriter(req);
+    tmp = rewriter.rewriteURL("SERVLET","sourceid/idp_return_login.js.vs");
+    url = "http://" + req.getServerName();
+    if ((req.getServerPort()>0) && (req.getServerPort()!=80))
+      url += (":" + req.getServerPort() + tmp);
+    else
+      url += tmp;
+    rc = new ForwardToPath("/sso/idpiWriter");
+    rc.setParameter("ReturnURL",url);
+    dynamo.scriptReturn(rc);
+
+  } // end if
+
+  rhelp.removeExternalSessionAttribute("org.sourceid.sso.IDPIntroductionDone");
+
+} // end if
+
+// If this wasn't the result of an external authentication request, leave.
+ar = sourceid.castAuthnRequestType(rhelp.getExternalSessionAttribute("org.sourceid.sso.authnRequest"));
+if (ar==null)
+  dynamo.scriptReturn(new Redirect("SERVLET","top.js.vs"));
+
+// Tell SourceID that we authenticated with this provider.  Venice uses default password authentication, so
+// tell it that as well.
+rc = new ForwardToServlet("SourceID-SSO-Authenticator");
+rc.setParameter("UserID",user);
+rc.setParameter("AuthnMethod","urn:oasis:names:tc:SAML:1.0:am:password");
+dynamo.scriptOutput(rc);

venice-data-sso/idp/scripts/sourceid/logout_render.js

@@ -0,0 +1,42 @@
+// The contents of this file are subject to the Mozilla Public License Version 1.1
+// (the "License"); you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at <http://www.mozilla.org/MPL/>.
+// 
+// Software distributed under the License is distributed on an "AS IS" basis, WITHOUT
+// WARRANTY OF ANY KIND, either express or implied. See the License for the specific
+// language governing rights and limitations under the License.
+// 
+// The Original Code is the Venice Web Communities System.
+// 
+// The Initial Developer of the Original Code is Eric J. Bowersox <erbo@silcom.com>,
+// for Silverwrist Design Studios.  Portions created by Eric J. Bowersox are
+// Copyright (C) 2003 Eric J. Bowersox/Silverwrist Design Studios.  All Rights Reserved.
+// 
+// Contributor(s): 
+
+importPackage(java.util);
+importPackage(Packages.com.silverwrist.dynamo.iface);
+importPackage(Packages.com.silverwrist.dynamo.util);
+
+req = bsf.lookupBean("request");           // get request
+rhelp = bsf.lookupBean("request_help");    // get request helper
+
+// Resequence the Logout URL Map so it's more usable by Velocity.
+input_map = cast.toMap(rhelp.getChainParameter("Logout.URL.Map"));
+logout_list = new ArrayList(input_map.size());
+it = input_map.entrySet().iterator();
+while (it.hasNext())
+{ // take each Map.Entry and make a new Map out of it
+  ntry = cast.toMapEntry(it.next());
+  tmp = new HashMap();
+  tmp.put("id",ntry.getKey());
+  tmp.put("url",ntry.getValue());
+  logout_list.add(tmp);
+
+} // end while
+
+// Create the resulting view.
+rc = new VelocityView("Service Provider Logout","sourceid/logout_render.vm");
+rc.setParameter("logout",logout_list);
+rc.setParameter("nextURL",rhelp.getChainParameter("Return.Success"));
+dynamo.scriptOutput(rc);

venice-data-sso/idp/scripts/sourceid/post_assertion.js

@@ -0,0 +1,28 @@
+// The contents of this file are subject to the Mozilla Public License Version 1.1
+// (the "License"); you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at <http://www.mozilla.org/MPL/>.
+// 
+// Software distributed under the License is distributed on an "AS IS" basis, WITHOUT
+// WARRANTY OF ANY KIND, either express or implied. See the License for the specific
+// language governing rights and limitations under the License.
+// 
+// The Original Code is the Venice Web Communities System.
+// 
+// The Initial Developer of the Original Code is Eric J. Bowersox <erbo@silcom.com>,
+// for Silverwrist Design Studios.  Portions created by Eric J. Bowersox are
+// Copyright (C) 2003 Eric J. Bowersox/Silverwrist Design Studios.  All Rights Reserved.
+// 
+// Contributor(s): 
+
+importPackage(Packages.com.silverwrist.dynamo.iface);
+importPackage(Packages.com.silverwrist.dynamo.util);
+importClass(Packages.com.silverwrist.dynamo.velocity.VelocityPage);
+
+req = bsf.lookupBean("request");           // get request
+rhelp = bsf.lookupBean("request_help");    // get request helper
+
+// Create a simple template return value.
+rc = new VelocityPage("sourceid/post_assertion.vm");
+rc.setParameter("url",rhelp.getChainParameter("URL"));
+rc.setParameter("lares",rhelp.getChainParameter("LARES"));
+dynamo.scriptOutput(rc);