Skip to main content

SSO (Single Sign-On) Code

Introduction

This Document contains explanations of SSO code developed by opnbi. In this document, we have explained each method of SSO help user to understand SSO.

Prerequisites

Downloaded Sample project from Here..

Code Explanation

  1. The code starts with importing required dependencies as shown in below code snippet.
package com.opnbi.sso;

import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import java.util.logging.FileHandler;
import java.util.logging.Handler;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.logging.SimpleFormatter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.io.IOUtils;
import org.json.JSONException;
import org.json.JSONObject;

import com.activeintelligence.external.sso.SSOSecurity;

  1. Below code is to initialization of java logger. In Java, logging is an important feature that helps developers to trace out the errors. Java is the programming language that comes with the logging approach. It provides a Logging API that was introduced in Java 1.4 version. It provides the ability to capture the log file.
  • Here we have initialized logger and provided path where this log file will be stored
public class OPNBISSOImpl implements SSOSecurity {
private static final Logger logger = Logger.getLogger(OPNBISSOImpl.class.getName()); // init of logger
private static final String LOG_FOLDER = "C:/OPNBI4/logs/";
  1. User can configure logger settings by using below code. For example, logging level, components, Logging handlers or appenders, logging formatters or layouts, Java Logger class.
    public OPNBISSOImpl() { // to read external settings if any
try {
Handler fileHandler = new FileHandler(LOG_FOLDER + "sso.log", true);
fileHandler.setLevel(Level.ALL);
fileHandler.setFormatter(new SimpleFormatter());

logger.addHandler(fileHandler);

} catch (IOException e) {
logger.severe(e.getMessage());
}
}

4.Below code snippet contains business logic for user authentication. It has logic to grab username, Department and token from client application URL and authenticate with list of users available in opnbi database. It will allow user to access opnbi when found a match case.

    @Override
public Map<String, Object> authenticate(ServletRequest request, ServletResponse response, String extraInfoIN) { // for
logger.info("Inside SSO"); // external
HttpServletRequest req = (HttpServletRequest) request;
Map<String, Object> rtObj = null;
String userName =null;
String userToken = null;

String str = null;
try {
str = IOUtils.toString(request.getInputStream());
JSONObject jsonObj = new JSONObject(str);
userName=jsonObj.getString("userName");
userToken=jsonObj.getString("token");
if (userName.equals("Admin") && userToken.equals("S3CUR3T0K3N")){
/*
* put your own Authenticate logic to verify userName, password and Token. In
* the below we are matching username and token and returning object value
*/
logger.info(userName + "|" + userToken + "|");
rtObj = new HashMap<String, Object>();
rtObj.put("userName", userName);
if(jsonObj.has("deptCode")) rtObj.put("deptCode", jsonObj.getString("deptCode"));
HttpServletResponse res = (HttpServletResponse) response;
res.setHeader("tokens", userToken);
if (str != null) {
rtObj.put("requestValues", jsonObj.toString());
}
return rtObj;
}
else {
return null;
}
} catch (IOException | JSONException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
return null;
}

}

}

Test end to end flow

Code provided here is used to validate userName, deptCode and tokens from Embed URL. If user has third party application and he wants to display dashboard in to his application, opnbi has feature of embed link of dashboard. user can use this dashboard embed link in his application in iframe. but this embed link required user name, password or session token to be validated while dashboard is called with embed link. with invalid user credential dahboard will not open in iframe.

To load dashboard in iframe, user need to send user name, password, department name and session token in URL and opnbi will validate user credentials with SSO code provided above. This is basic sso code and user can apply his own logic to validate valid user.

Here we use userName, deptCode and Static token to validate valid user of opnbi.

info

In order to validate user using SSO, that user should be available & Active in opnbi application. To know how to fetch user from external sources in to opnbi, please check this document of External security.

Let's configure this code and check working of sso user verification code by using sample embed link of dashboard for Admin user.

From Prerequisites, download sample project and you will find sample sso project folder in this zip.

  1. Extract this project and open this project in eclipse IDE.

  2. Open OPNBISSOImpl.java class from src/com.opnbi.sso/ project path.

  3. Go to step no 25 and change folder path of logs folder. refer step number 6 of SSO & External security document.

  4. Save this changes and make sure there is no errors in project.

  5. Right click on OPNBISSO project and click on Export option to create a jar file

  6. Select JAR file from the export window and click on next

  7. provide jar file export path and name of jar file.

info

Jar file name should not be external.jar as it is already used by opnbi

  1. Stop tomcat server if running and place this jar in at (your_directory)/OPNBI/tomcat/webapps/opnbi/WEB-INF/lib/ folder.

  2. Restart tomcat server.

  3. Login to opnbi application and click on SSO Configuration check box, it will enable SSO Configuration setting into OPNBI, as shown in figure.

  4. Enter in class name: com.opnbi.sso.OPNBISSOImpl, as shown in figure. [It impairments SSO Jar File class path]

  5. Click on save button to save the changes.

  6. Go to dashboard section and generate embed link of any working dashboard without bypass option.

info

To know more on how to generate embed link Click here..

  1. Copy this embed URL and paste it in any text editor application. Provide password at &a_p__ and static token at &a_t__ . (static token we have used in sso code : S3CUR3T0K3N) in copied embed link.

User can change in sso code to get toekn dynamically.

For example,

http://localhost:8080/opnbi/embed/external/31767950674266325a554a743438647a6e7a4e374a4542777a67726650585833656d356d4f704f54587077253344/a_u__Admin&a_p__password&a_t__S3CUR3T0K3N&a_d__Default&a_ex__&a_af__false/noparam

  1. Run this embed link in Browser and dashboard will be displayed if user credentials are valid. SSO code will get credential details from embed link and validate with opnbi user details and allow dashboard to load.
info

If you facing issue on dashboard loading please email on support@opnbi.com