I have been trying this OpenIG Identity Gateway from the ForgeRock guys to integrate some legacy systems in this case in particular I'm using it with OpenACS+.LRN a project, from Ars Digita and different institutions.
Here's the problem: Using the recipes found in the OpenIG documentation to extract hidden values and reply the cookies of the requests to avoid security issues, I got a successful POST request to get logged into the system but after the request, the OpenACS log tells me thet the initial petition requested something like http://10.10.10.10/register rather than the real client petition http://openacs-domain.com/register and breaks to a 302 redirect to the IP direction to make a new login.
I have modified the /etc/hosts to check if it performs the name resolution with no success.
The curious thing is that if I back to the domain when the initial request was made, I have a valid initiated session and everything is cool.
I hope I have been descriptive enough and somebody has a solution for this. I will attach my config.json
{
"heap": {
"objects": [
{
"name": "HandlerServlet",
"comment": "Entry point that transforms Servlet request to handler request.",
"type": "HandlerServlet",
"config": {
"handler": "DispatchHandler",
"baseURI":"http://10.10.10.10"
}
},
{
"name": "DispatchHandler",
"type": "DispatchHandler",
"config": {
"bindings": [
{
"condition": "${exchange.request.uri.path == '/register/'}",
"handler": "LoginChain"
},
{
"handler": "OutgoingChain",
},
]
}
},
{
"name": "LoginChain",
"type": "Chain",
"config": {
"filters": ["SwitchFilter", "HiddenValueExtract"],
"handler": "OutgoingChain"
}
},
{
"name": "HiddenValueExtract",
"type": "EntityExtractFilter",
"config": {
"messageType": "response",
"target": "${exchange.hiddenValue}",
"bindings": [
{
"key": "time",
"pattern": "time\"\s.*value=\"(.{10})\"",
"template": "$1"
},
{
"key": "tokenId",
"pattern": "token_id\"\s.*value=\"(.{3})\"",
"template": "$1"
},
{
"key": "hash",
"pattern": "hash\"\s.*value=\"(.*)\"",
"template": "$1"
}
]
}
},
{
"name": "SwitchFilter",
"type": "SwitchFilter",
"config": {
"onResponse": [
{
"condition": "${exchange.response.status == 200}",
"handler": "LoginRequestHandler"
}
]
}
},
{
"name": "LoginRequestHandler",
"type": "Chain",
"config": {
"filters": ["LoginRequest"],
"handler": "OutgoingChain"
}
},
{
"name": "LoginRequest",
"type": "StaticRequestFilter",
"config": {
"method": "POST",
"uri": "http://10.10.10.10/register/",
"form": {
"form:mode": ["edit"],
"form:id": ["login"],
"__confirmed_p": ["0"],
"__refreshing_p": ["0"],
"return_url": ["/dotlrn/control-panel"],
"time": ["${exchange.hiddenValue.time}"],
"token_id": ["${exchange.hiddenValue.tokenId}"],
"hash": ["${exchange.hiddenValue.hash}"]
"email": ["[email protected]"],
"password": ["password"]
}
"headers": {
"cookie": ["${exchange.response.headers['Set-Cookie'][0]}"],
}
}
},
{
"name": "OutgoingChain",
"type": "Chain",
"config": {
"filters": ["CaptureFilter"],
"handler": "ClientHandler"
}
},
{
"name": "CaptureFilter",
"type": "CaptureFilter",
"config": {
"captureEntity": false,
"file": "/tmp/gateway.log",
}
},
{
"name": "ClientHandler",
"comment": "Responsible for sending all requests to remote servers.",
"type": "ClientHandler",
"config": {
}
}
]
},
"servletObject": "HandlerServlet",
}
This is the final version:
{
"heap": {
"objects": [
{
"name": "LogSink",
"comment": "Default sink for logging information.",
"type": "ConsoleLogSink",
"config": {
"level": "DEBUG",
}
},
{
"name": "DispatchServlet",
"type": "DispatchServlet",
"config": {
"bindings": [
{
"pattern":"^/saml",
"object":"FederationServlet"
},
{
"pattern":"",
"object":"HandlerServlet"
}
]
}
},
{
"name": "FederationServlet",
"type": "org.forgerock.openig.saml.FederationServlet",
"config": {
"assertionMapping": {
"userName":"mail",
"password":"employeenumber"
},
"subjectMapping":"subjectName",
"redirectURI":"/register",
"logoutURI":"/register/logout"
}
},
{
"name": "HandlerServlet",
"comment": "Entry point that transforms Servlet request to handler request.",
"type": "HandlerServlet",
"config": {
"handler": "DispatchHandler",
"baseURI":"http://www.plataformaciapem.org.mx"
}
},
{
"name": "DispatchHandler",
"type": "DispatchHandler",
"config": {
"bindings": [
{
"condition": "${exchange.request.uri.path != '/register/'}",
"handler": "ClientHandler"
},
{
"condition": "${empty exchange.session.userName}",
"handler": "SPInitiatedSSORedirectHandler",
},
{
"handler": "LoginChain",
},
]
}
},
{
"name": "SPInitiatedSSORedirectHandler",
"type": "StaticResponseHandler",
"config": {
"status": 302,
"reason": "Found",
"headers": {
"Location": ["http://www.plataformaciapem.org.mx/saml/SPInitiatedSSO"]
}
}
},
{
"name": "LoginChain",
"type": "Chain",
"config": {
"filters": ["SwitchFilter", "HiddenValueExtract"],
"handler": "OutgoingChain"
}
},
{
"name": "HiddenValueExtract",
"type": "EntityExtractFilter",
"config": {
"messageType": "response",
"target": "${exchange.hiddenValue}",
"bindings": [
{
"key": "time",
"pattern": "time\"\s.*value=\"(.{10})\"",
"template": "$1"
},
{
"key": "tokenId",
"pattern": "token_id\"\s.*value=\"(.{3})\"",
"template": "$1"
},
{
"key": "hash",
"pattern": "hash\"\s.*value=\"(.*)\"",
"template": "$1"
}
]
}
},
{
"name": "SwitchFilter",
"type": "SwitchFilter",
"config": {
"onResponse": [
{
"condition": "${exchange.response.status == 200}",
"handler": "LoginRequestHandler"
}
]
}
},
{
"name": "LoginRequestHandler",
"type": "Chain",
"config": {
"filters": ["LoginRequest"],
"handler": "OutgoingChain"
}
},
{
"name": "LoginRequest",
"type": "StaticRequestFilter",
"config": {
"method": "POST",
"uri": "http://www.plataformaciapem.org.mx/register/",
"form": {
"form:mode": ["edit"],
"form:id": ["login"],
"__confirmed_p": ["0"],
"__refreshing_p": ["0"],
"return_url": ["/dotlrn/control-panel"],
"time": ["${exchange.hiddenValue.time}"],
"token_id": ["${exchange.hiddenValue.tokenId}"],
"hash": ["${exchange.hiddenValue.hash}"]
"email": ["${exchange.session.userName}"],
"password": ["${exchange.session.password}"],
}
"headers": {
"cookie": ["${exchange.response.headers['Set-Cookie'][0]}"],
}
}
},
{
"name": "OutgoingChain",
"type": "Chain",
"config": {
"filters": ["CaptureFilter"],
"handler": "ClientHandler"
}
},
{
"name": "CaptureFilter",
"type": "CaptureFilter",
"config": {
"captureEntity": false,
"file": "/tmp/gateway.log",
}
},
{
"name": "ClientHandler",
"comment": "Responsible for sending all requests to remote servers.",
"type": "ClientHandler",
"config": {
}
}
]
},
"servletObject": "DispatchServlet",
}