问题
Again I need the wise advise of the Community!!!
I have to integrate several Web Applications in my SSO system. The IdP is Active Directory Federation Sevices (ADFS2) and the SP's are Weblogic Managed Servers. I am using HTTP-POST binding for the SP-initiated Use Case in the Web SSO profile.
This setup is working and even I have implemented the SLO for WLS, great! but, there is always a but... I have an application that can be accessed for unauthenticated users, guest users. When the user is authenticated he/she will see different information.
What do you think that would be the best approach for implementing this?
I am trying to perform a JavaScript call to the IdP, through XMLHttpRequest, but it is not working as I was expecting... My idea is not to build the SAMLRequest by myself. This is, instead of invoking directly the IdP, I am requesting a secure resource of my app. In this way is Weblogic the one that make the request to the IdP (302 redirect). Basically mi idea is the next:
Declare a security-constraint in my web.xml:
<security-constraint> <web-resource-collection> <web-resource-name>secure</web-resource-name> <url-pattern>/secure/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>FederatedUsers</role-name> </auth-constraint>Invoke a secure resource (thanks w3schools!):
<script type="text/javascript"> if (window.XMLHttpRequest) {// code for IE7+, Firefox, Chrome, Opera, Safari xmlhttp = new XMLHttpRequest(); } else {// code for IE6, IE5 xmlhttp = new ActiveXObject("Microsoft.XMLHTTP"); } xmlhttp.open("GET", "secure/login?action=sample/hello.jsp", false); xmlhttp.send(); xmlDoc = xmlhttp.responseXML;The implementation of the secure resource is just a servlet that redirects to the original resource:
// Get the parameter "action" and redirect resp.sendRedirect(req.getParameter("action"));
More or less it does the trick, if we take a look at the request flow:
- http://spHost/sample/helloXmlHttpRequest.jsp
- http://spHost/sample/secure/login?action=sample/hello.jsp
- HTTP/1.1 302 Moved Temporarily --> https://idpHost/adfs/ls/?SAMLRequest=...
But at the end I get an error in the xmlhttp.send(): Component returned failure code: 0x80004005 (NS_ERROR_FAILURE)
Also I am trying to do nasty tricks like get the content of an iframe, element, or just call the secure resource in a script tag:
<script type="text/javascript" src="secure/login">
The problem of this last "solution" is that I am not able to get the HTML code.
Any ideas? Maybe ADFS2 provides any REST service or something like that...
Thanks in advance,
Luis
来源:https://stackoverflow.com/questions/9080161/invoke-saml-idp-from-javascript