[APPM] AssertionConsumerServiceUrl Always set to server local IP

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[APPM] AssertionConsumerServiceUrl Always set to server local IP

Lahiru J Ekanayake-2
Hi,

I'm using App Manager 1.2.0 in my AWS instance and IS 5.3.0 as external identity provider in another AWS instance. In order to competible IS 5.3.0 with App Manager 1.2.0 , I have copied bellow jar files to App Manager dropins folder. The setup is working fine in my local environment but there is an issue when I'm using the same setup in AWS.

1. org.wso2.carbon.identity.sso.saml.stub_5.3.0.jar
2. org.wso2.carbon.identity.application.mgt.stub_5.7.5.jar

Steps to reproduce the issue.
  1. Create a app uisng app manager publisher.
  2. Publish the app into the store.
  3. Log into the store and try to lunch the app.
  4. I'm getting an error saying invalid assertion consumer URL.
I have used saml tracer and checked the saml request. As in the saml request AssertionConsumerServiceUrl takes the server local IP (image attached - acs.png). I tried to change that IP by configuring carbon.xml and app-manager.xml . But i couldn't find a way to do that. Is this a know issue or are there any configuration to change this AssertionConsumerServiceUrl ? . Could you please tell me , where this request is being generated, when I lunch the app.

Regards



--
Lahiru J Ekanayake.
University Of Peradeniya
Mobile : +94718812629

_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev

acs.png (157K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [APPM] AssertionConsumerServiceUrl Always set to server local IP

tharindue
Hi Lahiru,

Can you modify the wso2appm-1.2.0/repository/conf/identity/application-authentication.xml file and add SSOUrl parameter [1] under SAMLSSOAuthenticator configuration. There you can add the URL you need to be included as the SAML authentication request's ACS URL. The particular code that builds the request is in [2].

         <AuthenticatorConfig name="SAMLSSOAuthenticator" enabled="true">
                    <Parameter name="SSOUrl">XXXX</Parameter>

[1] https://github.com/wso2-attic/carbon-identity/blob/master/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/util/IdentityApplicationConstants.java#L107
[2] https://github.com/wso2-attic/carbon-identity/blob/master/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/SAMLSSOAuthenticator.java#L80

Thanks,
Tharindu Edirisinghe

On Wed, Nov 29, 2017 at 4:33 AM, Lahiru J Ekanayake <[hidden email]> wrote:
Hi,

I'm using App Manager 1.2.0 in my AWS instance and IS 5.3.0 as external identity provider in another AWS instance. In order to competible IS 5.3.0 with App Manager 1.2.0 , I have copied bellow jar files to App Manager dropins folder. The setup is working fine in my local environment but there is an issue when I'm using the same setup in AWS.

1. org.wso2.carbon.identity.sso.saml.stub_5.3.0.jar
2. org.wso2.carbon.identity.application.mgt.stub_5.7.5.jar

Steps to reproduce the issue.
  1. Create a app uisng app manager publisher.
  2. Publish the app into the store.
  3. Log into the store and try to lunch the app.
  4. I'm getting an error saying invalid assertion consumer URL.
I have used saml tracer and checked the saml request. As in the saml request AssertionConsumerServiceUrl takes the server local IP (image attached - acs.png). I tried to change that IP by configuring carbon.xml and app-manager.xml . But i couldn't find a way to do that. Is this a know issue or are there any configuration to change this AssertionConsumerServiceUrl ? . Could you please tell me , where this request is being generated, when I lunch the app.

Regards



--
Lahiru J Ekanayake.
University Of Peradeniya
Mobile : <a href="tel:+94%2071%20881%202629" value="+94718812629" target="_blank">+94718812629

_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev




--

Tharindu Edirisinghe
Senior Software Engineer | WSO2 Inc
Platform Security Team
Blog : http://tharindue.blogspot.com
mobile : +94 775181586


_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: [APPM] AssertionConsumerServiceUrl Always set to server local IP

Lahiru J Ekanayake-2
Hi Tharindu,

Thank you for the reply. I tried after adding above mentioned parameter. But it didn't work for me. But if I change the servicePrefix  [1] which comes from the axis2MessageContext, It worked for me.

[1] - https://github.com/wso2/carbon-appmgt/blob/master/components/org.wso2.carbon.appmgt.gateway/src/main/java/org/wso2/carbon/appmgt/gateway/utils/GatewayUtils.java#L88

Regards

On Thu, Dec 14, 2017 at 4:22 AM, Tharindu Edirisinghe <[hidden email]> wrote:
Hi Lahiru,

Can you modify the wso2appm-1.2.0/repository/conf/identity/application-authentication.xml file and add SSOUrl parameter [1] under SAMLSSOAuthenticator configuration. There you can add the URL you need to be included as the SAML authentication request's ACS URL. The particular code that builds the request is in [2].

         <AuthenticatorConfig name="SAMLSSOAuthenticator" enabled="true">
                    <Parameter name="SSOUrl">XXXX</Parameter>

[1] https://github.com/wso2-attic/carbon-identity/blob/master/components/application-mgt/org.wso2.carbon.identity.application.common/src/main/java/org/wso2/carbon/identity/application/common/util/IdentityApplicationConstants.java#L107
[2] https://github.com/wso2-attic/carbon-identity/blob/master/components/application-authenticators/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/SAMLSSOAuthenticator.java#L80

Thanks,
Tharindu Edirisinghe

On Wed, Nov 29, 2017 at 4:33 AM, Lahiru J Ekanayake <[hidden email]> wrote:
Hi,

I'm using App Manager 1.2.0 in my AWS instance and IS 5.3.0 as external identity provider in another AWS instance. In order to competible IS 5.3.0 with App Manager 1.2.0 , I have copied bellow jar files to App Manager dropins folder. The setup is working fine in my local environment but there is an issue when I'm using the same setup in AWS.

1. org.wso2.carbon.identity.sso.saml.stub_5.3.0.jar
2. org.wso2.carbon.identity.application.mgt.stub_5.7.5.jar

Steps to reproduce the issue.
  1. Create a app uisng app manager publisher.
  2. Publish the app into the store.
  3. Log into the store and try to lunch the app.
  4. I'm getting an error saying invalid assertion consumer URL.
I have used saml tracer and checked the saml request. As in the saml request AssertionConsumerServiceUrl takes the server local IP (image attached - acs.png). I tried to change that IP by configuring carbon.xml and app-manager.xml . But i couldn't find a way to do that. Is this a know issue or are there any configuration to change this AssertionConsumerServiceUrl ? . Could you please tell me , where this request is being generated, when I lunch the app.

Regards



--
Lahiru J Ekanayake.
University Of Peradeniya
Mobile : <a href="tel:+94%2071%20881%202629" value="+94718812629" target="_blank">+94718812629

_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev




--

Tharindu Edirisinghe
Senior Software Engineer | WSO2 Inc
Platform Security Team
Blog : http://tharindue.blogspot.com
mobile : <a href="tel:077%20518%201586" value="+94775181586" target="_blank">+94 775181586




--
Lahiru J Ekanayake.
University Of Peradeniya
Mobile : +94718812629

_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev