Issues generating Authorization Code for Oauth2 SAML Authorize using HTTPClient java

六月ゝ 毕业季﹏ 提交于 2019-12-13 03:47:00

问题


I am trying to automate the Token Generation (Authorization code followed by Access/JWT Token) process which is then will be used to hit the APIc's/API's.

NOTE: I have used dumy domains/scope/redirect URI/parameters below for security reasons.

How to Generate the Tokens Manually: I was provided with the below URL to generate the Authorization code

Code Generation URL: https://sample.domain.com/affwebservices/public/saml2sso?SPID=testqaapi2p3&RelayState=response_type%3Dcode%26client_id%3DClient_ID_Value%26redirect_uri%3Dhttps://testqa3members.domain.com/ApiHandler/home%26scope%3DScope%20Value%26path%3Dtestqainternalpath3

When i hit this manually in a browser, popup appears and I provided the UserID (Ldap) and Password. After that it was redirected to different URLs and finally got the below URL which has the Authorization code.

https://testqa3members.domain.com/ApiHandler/home?code=AAIUVJbr29CUjCcWDvKWKBZDDcCtx5CQZsq9XpCpSd0FvAzLeLBJlAtG5C9ff6fr3m11Fp1Kez8E4dalL10GVg_kyjnsxYzRKEWQiraSIGo6bwVTd4zffqkLjXLsF5CRXqI

Steps I tried to Generate the Tokens using 'Apache httpclient':

  • Step-1: Submit the "Code Generation URL" as a GET request by setting the "setCredentials"
  • Step-2: Retrieve the list of Redirection URLs
  • Step-3: Retrieve the Last Redirection URL
  • Step-4: Submit a Post request with Last Redirection URL to get the Authorization Code

GET Code:

DefaultHttpClient httpclient = new DefaultHttpClient();

System.out.println("Adding Paramters to a Array List as NameValuePair");
List<NameValuePair> params = new ArrayList<NameValuePair>();
params.add(new BasicNameValuePair("SPID", "testqaapi2p3"));
//params.add(new BasicNameValuePair("RelayState", "response_type=code"));
params.add(new BasicNameValuePair("RelayState", "response_type=code&client_id=" + clientId + "&redirect_uri=" + redirectUrl + "&scope=" + scope + "&path=testqainternalpath3"));

System.out.println("Parameters List:" + params);

System.out.println("Building the URI with Authorization Endpoint by adding the Parameters create in Array List");
URI uri = new URIBuilder(authUrl)
        .addParameters(params)
        .build();
System.out.println("Built URI:" + uri);

httpclient.getCredentialsProvider().setCredentials(new AuthScope(null, AuthScope.ANY_PORT), new UsernamePasswordCredentials(userName, password));

System.out.println("Creating HTTPGET with the Created URI");
HttpGet get = new HttpGet(uri);
System.out.println("HttpGet:" + get);

System.out.println("Creating Client Context");
HttpClientContext context = HttpClientContext.create();
System.out.println("Created Client Context:" + context);

System.out.println("Executing the GET Method with the created Client Context");
HttpResponse response = httpclient.execute(get, context);
System.out.println("HttpResponse:" + response);

System.out.println("Getting the Final URI from the Submitted Get Method");
URI finalUrl = get.getURI();
System.out.println("Final URL:" + finalUrl);

System.out.println("Creating a List of URI from the Redirection Locations using Client Context");
List<URI> locations = context.getRedirectLocations();
System.out.println("List of URI:" + locations);

if (locations != null) {
    finalUrl = locations.get(locations.size() - 1);
}
System.out.println("Taking the last URL as Final:" + finalUrl);

This is the last URL that i recived from the get requestReferer, Last Redirection URL: https://sample.domain.com/affwebservices/public/saml2sso?SMASSERTIONREF=QUERY&SPID=testqaapi2p3&RelayState=response_type%3Dcode%26client_id%3DClient_ID_Value%26redirect_uri%3Dhttps://testqa3members.domain.com/ApiHandler/home%26scope%3DScope%20Value%26path%3Dtestqainternalpath3&SAMLTRANSACTIONID=863d56e5-e9bd9485-85561bb7-a209c491-476bc279-298

POST Code:

HttpPost postReq = new HttpPost(finalUrl);

        postReq.addHeader("Content-Type", "text/html"); 
        postReq.addHeader("Content-Type", "application/x-www-form-urlencoded"); 
        postReq.addHeader("User-Agent", "Mozilla/5.0 (Windows NT 6.1; rv:57.0)");

        HttpResponse responsePost = httpclient.execute(postReq,context);
        System.out.println("Post Response:" + responsePost);

OutPut: But I am getting a 500 - Internal Server Error for the Post Request HTTP/1.1 500 Internal Server Error [Date: Mon, 19 Feb 2018 08:05:12 GMT, Server: Apache/2.4.23 (Win32) OpenSSL/1.0.2h-fips mod_jk/1.2.41, Content-Language: en, Content-Length: 1259, Connection: close, Content-Type: text/html; charset=utf-8] org.apache.http.conn.BasicManagedEntity@1147d0

My Analysis so Far: I tried seeing the requests being submitted using "Firefox" Browser and the Network Option in the Developers tool. What I saw is a Post Request is being submited with the "Last Redirection URL" to a Authorization Endpoint with the below Parameters. And a 302 status code is retrieved for the same with the code available in the Location Header (https://testqa3members.domain.com/ApiHandler/home?code=AAIUVJbr29CUjCcWDvKWKBZDDcCtx5CQZsq9XpCpSd0FvAzLeLBJlAtG5C9ff6fr3m11Fp1Kez8E4dalL10GVg_kyjnsxYzRKEWQiraSIGo6bwVTd4zffqkLjXLsF5CRXqI) with the Header X-Backside-Transport: FAIL FAIL as fail fail

Authorization Endpoint URL: https://testqaapi2.domain.com/testcare/testqainternalpath3/v3/auth/oauth2/samlauthorize

Headers: Referer: https://sample.domain.com/affwebservices/public/saml2sso?SMASSERTIONREF=QUERY&SPID=testqaapi2p3&RelayState=response_type%3Dcode%26client_id%3DClient_ID_Value%26redirect_uri%3Dhttps://testqa3members.domain.com/ApiHandler/home%26scope%3DScope%20Value%26path%3Dtestqainternalpath3&SAMLTRANSACTIONID=863d56e5-e9bd9485-85561bb7-a209c491-476bc279-298

Parameters: RelayState:response_type=code&client_id=Client_ID_Value&redirect_uri=https://testqa3members.domain.com/ApiHandler/home&scope=Scope+Value&path=testqainternalpath3

SAMLResponse:PFJlc3BvbnNlIHhtbG5zPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIERl c3RpbmF0aW9uPSJodHRwczovL3FhYXBpMi5hZXRuYS5jb20vaGVhbHRoY2FyZS9xYWludHBhdGgz L3YzL2F1dGgvb2F1dGgyL3NhbWxhdXRob3JpemUiIElEPSJfODQ1NzEzYjc1MDQ1N2YzN2YyZjAw ZmFkZWRmMDk2NTQ3ZGMzIiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDItMTlUMDg6MDQ6NTdaIiBWZXJz aW9uPSIyLjAiPg0KICAgIDxuczE6SXNzdWVyIHhtbG5zOm5zMT0idXJuOm9hc2lzOm5hbWVzOnRj OlNBTUw6Mi4wOmFzc2VydGlvbiIgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6 bmFtZWlkLWZvcm1hdDplbnRpdHkiPkFldEhlYWx0aENh…zdGFudD0iMjAxOC0wMi0xOVQwODowNDo1N1oi IFNlc3Npb25JbmRleD0iWkVNcERvYndNK3M0OVU5S1lIdnY1ZGJNc0JBPXByRXo5dz09IiBTZXNz aW9uTm90T25PckFmdGVyPSIyMDE4LTAyLTE5VDA4OjA2OjI3WiI+DQogICAgICAgICAgICA8bnMy OkF1dGhuQ29udGV4dD4NCiAgICAgICAgICAgICAgICA8bnMyOkF1dGhuQ29udGV4dENsYXNzUmVm PnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkPC9uczI6QXV0 aG5Db250ZXh0Q2xhc3NSZWY+DQogICAgICAgICAgICA8L25zMjpBdXRobkNvbnRleHQ+DQogICAg ICAgIDwvbnMyOkF1dGhuU3RhdGVtZW50Pg0KICAgIDwvbnMyOkFzc2VydGlvbj4NCjwvUmVzcG9u c2U+

My Enhancement to replicate the above:

List<NameValuePair> postParams = new ArrayList<NameValuePair>();
    postParams.add(new BasicNameValuePair("RelayState", "response_type=code&client_id=" + clientId + "&redirect_uri=" + redirectUrl + "&scope=" + scope + "&path=qaintpath3"));

    URI postURL = new URIBuilder("https://testqaapi2.domain.com/testcare/testqainternalpath3/v3/auth/oauth2/samlauthorize")
            .addParameters(postParams)
            .build();

    HttpPost postReq = new HttpPost(postURL);
    postReq.addHeader("Content-Type", "text/html"); 
    //postReq.addHeader("Connection", "close"); 
    postReq.addHeader("Referer", finalUrl.toString());
    postReq.addHeader("Content-Type", "application/x-www-form-urlencoded"); 
    postReq.addHeader("Connection", "keep-alive");
    postReq.addHeader("User-Agent", "Mozilla/5.0 (Windows NT 6.1; rv:57.0)");

    HttpResponse responsePost = httpclient.execute(postReq,context);
    System.out.println("Post Response:" + responsePost);

OutPut: However, I am getting a 200 status code Insead of a 302 status. HTTP/1.1 200 OK [X-Backside-Transport: OK OK, ...]

Questions: 1. what is the SAMResponse that is being passed as a parameter above ? 2. why am i getting a 200 status with X-Backside-Transport: OK OK instead of a 300 status code with X-Backside-Transport: FAIL FAIL 3. am i missing something ?

Could anyone please help me with this ?

NOTE: Once i get the Authorization code i will use the Solution from this link (Issues with Generating Authorization code and User Token using Apache OAuth client 2.0 library in Java) to generate the Access/JWT Token to be use to hit the APIc's/API's

来源:https://stackoverflow.com/questions/48862357/issues-generating-authorization-code-for-oauth2-saml-authorize-using-httpclient

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!