From 790958642ffa5f4b4912b50e835a18003cf1698c Mon Sep 17 00:00:00 2001 From: Umesh Kumar <166806589+TangoBeeAkto@users.noreply.github.com> Date: Thu, 30 Jan 2025 17:08:12 +0530 Subject: [PATCH 1/9] feat: enhance SSO integration with additional authentication URLs and email handling --- .../main/java/com/akto/action/HomeAction.java | 49 ++++++++++++++++--- .../java/com/akto/action/SignupAction.java | 23 ++++++--- .../com/akto/action/user/AzureSsoAction.java | 4 +- .../main/java/com/akto/utils/GithubLogin.java | 38 ++++++++++++++ .../main/java/com/akto/utils/OktaLogin.java | 4 +- .../java/com/akto/utils/sso/SsoUtils.java | 2 +- apps/dashboard/web/pages/login.jsp | 6 ++- .../pages/settings/integrations/GithubSso.jsx | 3 +- .../settings/integrations/sso/AzureSso.jsx | 4 ++ .../integrations/sso/CustomSamlSso.jsx | 4 +- .../integrations/sso/GoogleSamlSso.jsx | 4 ++ .../web/src/apps/signup/components/SignUp.jsx | 33 +++++++++---- .../src/main/java/com/akto/dto/Config.java | 22 +++++++++ .../main/java/com/akto/dto/SignupInfo.java | 12 ++++- 14 files changed, 175 insertions(+), 33 deletions(-) diff --git a/apps/dashboard/src/main/java/com/akto/action/HomeAction.java b/apps/dashboard/src/main/java/com/akto/action/HomeAction.java index 5d84c442f7..0c913a901d 100644 --- a/apps/dashboard/src/main/java/com/akto/action/HomeAction.java +++ b/apps/dashboard/src/main/java/com/akto/action/HomeAction.java @@ -1,14 +1,19 @@ package com.akto.action; import com.akto.dao.UsersDao; +import com.akto.dto.Config; import com.akto.dto.User; +import com.akto.dto.sso.SAMLConfig; import com.akto.listener.InitializerListener; import com.akto.utils.*; import com.akto.util.DashboardMode; +import com.akto.utils.sso.CustomSamlSettings; import com.auth0.AuthorizeUrl; import com.auth0.SessionUtils; import com.mongodb.BasicDBObject; import com.mongodb.client.model.Filters; +import com.onelogin.saml2.authn.AuthnRequest; +import com.onelogin.saml2.settings.Saml2Settings; import com.opensymphony.xwork2.Action; import io.jsonwebtoken.Claims; import io.jsonwebtoken.Jws; @@ -20,9 +25,13 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import java.io.ByteArrayOutputStream; +import java.net.URLEncoder; import java.nio.charset.StandardCharsets; import java.util.Base64; import java.util.Map; +import java.util.zip.Deflater; +import java.util.zip.DeflaterOutputStream; import static com.akto.action.SignupAction.*; import static com.akto.filter.UserDetailsFilter.LOGIN_URI; @@ -50,14 +59,38 @@ public String verifyEmail(){ public String execute() { servletRequest.setAttribute("isSaas", InitializerListener.isSaas); - if (GithubLogin.getClientId() != null) { - servletRequest.setAttribute("githubClientId", new String(Base64.getEncoder().encode(GithubLogin.getClientId().getBytes()))); - } - if (GithubLogin.getGithubUrl() != null) { - servletRequest.setAttribute("githubUrl", GithubLogin.getGithubUrl()); - } - if(DashboardMode.isOnPremDeployment() && OktaLogin.getAuthorisationUrl() != null){ - servletRequest.setAttribute("oktaAuthUrl", new String(Base64.getEncoder().encode(OktaLogin.getAuthorisationUrl().getBytes()))); + if(DashboardMode.isOnPremDeployment()) { + if (GithubLogin.getGithubUrl() != null) { + servletRequest.setAttribute("githubAuthUrl", GithubLogin.getGithubUrl() + "/login/oauth/authorize?client_id=" + GithubLogin.getClientId() + "&scope=user&state=1000000"); + servletRequest.setAttribute("activeSso", Config.ConfigType.GITHUB); + } else if (OktaLogin.getAuthorisationUrl() != null) { + servletRequest.setAttribute("oktaAuthUrl", OktaLogin.getAuthorisationUrl()); + servletRequest.setAttribute("activeSso", Config.ConfigType.OKTA); + } else if (Config.AzureConfig.getSSOConfigByAccountId(1000000, Config.ConfigType.AZURE) != null) { + try { + SAMLConfig samlConfig = Config.AzureConfig.getSSOConfigByAccountId(1000000, Config.ConfigType.AZURE); + Saml2Settings samlSettings = CustomSamlSettings.getSamlSettings(samlConfig); + String samlRequestXml = new AuthnRequest(samlSettings).getAuthnRequestXml(); + + ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(); + Deflater deflater = new Deflater(Deflater.DEFLATED, true); + DeflaterOutputStream deflaterOutputStream = new DeflaterOutputStream(byteArrayOutputStream, deflater); + deflaterOutputStream.write(samlRequestXml.getBytes(StandardCharsets.UTF_8)); + deflaterOutputStream.close(); + String base64Encoded = Base64.getEncoder().encodeToString(byteArrayOutputStream.toByteArray()); + String urlEncoded = URLEncoder.encode(base64Encoded, "UTF-8"); + + servletRequest.setAttribute("azureAuthUrl", samlConfig.getLoginUrl() + "?SAMLRequest=" + urlEncoded + "&RelayState=" + 1000000); + servletRequest.setAttribute("activeSso", Config.ConfigType.AZURE); + } catch (Exception e) { + e.printStackTrace(); + logger.error(e.getMessage()); + } + } else if (Config.GoogleConfig.getSSOConfigByAccountId(1000000, Config.ConfigType.GOOGLE_SAML) != null) { + Config.GoogleConfig googleSamlConfig = (Config.GoogleConfig) Config.GoogleConfig.getSSOConfigByAccountId(1000000, Config.ConfigType.GOOGLE_SAML); + servletRequest.setAttribute("googleSamlAuthUrl", googleSamlConfig.getAuthURI()); + servletRequest.setAttribute("activeSso", Config.ConfigType.GOOGLE_SAML); + } } if (InitializerListener.aktoVersion != null && InitializerListener.aktoVersion.contains("akto-release-version")) { servletRequest.setAttribute("AktoVersionGlobal", ""); diff --git a/apps/dashboard/src/main/java/com/akto/action/SignupAction.java b/apps/dashboard/src/main/java/com/akto/action/SignupAction.java index 816139f502..042f5581b6 100644 --- a/apps/dashboard/src/main/java/com/akto/action/SignupAction.java +++ b/apps/dashboard/src/main/java/com/akto/action/SignupAction.java @@ -457,6 +457,7 @@ public String registerViaGithub() { params.put("client_id", githubConfig.getClientId()); params.put("client_secret", githubConfig.getClientSecret()); params.put("code", this.code); + params.put("scope", "user"); logger.info("Github code length: {}", this.code.length()); try { String githubUrl = githubConfig.getGithubUrl(); @@ -491,12 +492,17 @@ public String registerViaGithub() { int refreshTokenExpiry = (int) Double.parseDouble(tokenData.getOrDefault("refresh_token_expires_in", "0").toString()); Map userData = CustomHttpRequest.getRequest(githubApiUrl + "/user", "Bearer " + accessToken); logger.info("Get request to {} success", githubApiUrl); - String company = "sso"; - String username = userData.get("login").toString() + "@" + company; + + List> emailResp = GithubLogin.getEmailRequest(accessToken); + String username = userData.get("name").toString(); + String email = GithubLogin.getPrimaryGithubEmail(emailResp); + if(email == null || email.isEmpty()) { + email = username + "@sso"; + } logger.info("username {}", username); - SignupInfo.GithubSignupInfo ghSignupInfo = new SignupInfo.GithubSignupInfo(accessToken, refreshToken, refreshTokenExpiry, username); + SignupInfo.GithubSignupInfo ghSignupInfo = new SignupInfo.GithubSignupInfo(accessToken, refreshToken, refreshTokenExpiry, email, username); shouldLogin = "true"; - createUserAndRedirect(username, username, ghSignupInfo, 1000000, Config.ConfigType.GITHUB.toString()); + createUserAndRedirect(email, username, ghSignupInfo, 1000000, Config.ConfigType.GITHUB.toString(), RBAC.Role.MEMBER); code = ""; logger.info("Executed registerViaGithub"); @@ -587,7 +593,7 @@ public String fetchDefaultInviteRole(int accountId, String fallbackDefault){ public String sendRequestToSamlIdP() throws IOException{ String queryString = servletRequest.getQueryString(); String emailId = Util.getValueFromQueryString(queryString, "email"); - if(emailId.isEmpty()){ + if(!DashboardMode.isOnPremDeployment() && emailId.isEmpty()){ code = "Error, user email cannot be empty"; logger.error(code); servletResponse.sendRedirect("/login"); @@ -595,7 +601,12 @@ public String sendRequestToSamlIdP() throws IOException{ } logger.info("Trying to sign in for: " + emailId); setUserEmail(emailId); - SAMLConfig samlConfig = SSOConfigsDao.instance.getSSOConfig(userEmail); + SAMLConfig samlConfig = null; + if(userEmail != null && !userEmail.isEmpty()) { + samlConfig = SSOConfigsDao.instance.getSSOConfig(userEmail); + } else if(!DashboardMode.isOnPremDeployment()) { + samlConfig = Config.AzureConfig.getSSOConfigByAccountId(1000000, ConfigType.AZURE); + } if(samlConfig == null) { code = "Error, cannot login via SSO, trying to login with okta sso"; logger.error(code); diff --git a/apps/dashboard/src/main/java/com/akto/action/user/AzureSsoAction.java b/apps/dashboard/src/main/java/com/akto/action/user/AzureSsoAction.java index cdd7197be0..6e8f90822a 100644 --- a/apps/dashboard/src/main/java/com/akto/action/user/AzureSsoAction.java +++ b/apps/dashboard/src/main/java/com/akto/action/user/AzureSsoAction.java @@ -41,7 +41,7 @@ private SAMLConfig getConfig(ConfigType configType, String domain){ public String addSamlSsoInfo(){ String userLogin = getSUser().getLogin(); String domain = userLogin.split("@")[1]; - if (SsoUtils.isAnySsoActive(Context.accountId.get())) { + if (SsoUtils.isAnySsoActive()) { addActionError("A SSO Integration already exists."); return ERROR.toUpperCase(); } @@ -79,7 +79,7 @@ public String execute() throws Exception { Filters.eq("configType", configType.name()) ) ); - if (SsoUtils.isAnySsoActive(Context.accountId.get()) && samlConfig == null) { + if (SsoUtils.isAnySsoActive() && samlConfig == null) { addActionError("A different SSO Integration already exists."); return ERROR.toUpperCase(); } diff --git a/apps/dashboard/src/main/java/com/akto/utils/GithubLogin.java b/apps/dashboard/src/main/java/com/akto/utils/GithubLogin.java index 7637b81959..bb9a05bcad 100644 --- a/apps/dashboard/src/main/java/com/akto/utils/GithubLogin.java +++ b/apps/dashboard/src/main/java/com/akto/utils/GithubLogin.java @@ -4,6 +4,13 @@ import com.akto.dao.context.Context; import com.akto.dto.Config; import com.akto.dto.Config.GithubConfig; +import com.akto.dto.OriginalHttpRequest; +import com.akto.dto.OriginalHttpResponse; +import com.akto.testing.ApiExecutor; +import com.fasterxml.jackson.core.type.TypeReference; +import com.fasterxml.jackson.databind.ObjectMapper; + +import java.util.*; public class GithubLogin { @@ -11,6 +18,7 @@ public class GithubLogin { private static GithubLogin instance = null; private GithubConfig githubConfig = null; private int lastProbeTs = 0; + public static final String GET_GITHUB_EMAILS_URL = "https://api.github.com/user/emails"; public static GithubLogin getInstance() { boolean shouldProbeAgain = true; @@ -52,6 +60,36 @@ public static String getGithubUrl() { return githubUrl; } + public static List> getEmailRequest(String accessToken){ + ObjectMapper objectMapper = new ObjectMapper(); + Map> headers = new HashMap<>(); + headers.put("Content-Type", Collections.singletonList("application/vnd.github+json")); + headers.put("Authorization", Collections.singletonList("Bearer " + accessToken)); + headers.put("X-GitHub-Api-Version", Collections.singletonList("2022-11-28")); + + OriginalHttpRequest request = new OriginalHttpRequest(GET_GITHUB_EMAILS_URL, "", "GET", null, headers, ""); + OriginalHttpResponse response = null; + try { + response = ApiExecutor.sendRequest(request, false, null, false, new ArrayList<>()); + return objectMapper.readValue(response.getBody(), new TypeReference>>() {}); + }catch(Exception e){ + return null; + } + } + + public static String getPrimaryGithubEmail(List> emailResp){ + if(emailResp == null){ + return ""; + }else{ + for (Map entryMap : emailResp) { + if(entryMap.get("primary").equals("true")){ + return entryMap.get("email"); + } + } + } + return null; + } + private GithubLogin() { } diff --git a/apps/dashboard/src/main/java/com/akto/utils/OktaLogin.java b/apps/dashboard/src/main/java/com/akto/utils/OktaLogin.java index 320040d9fa..a89d3bcbc3 100644 --- a/apps/dashboard/src/main/java/com/akto/utils/OktaLogin.java +++ b/apps/dashboard/src/main/java/com/akto/utils/OktaLogin.java @@ -24,7 +24,7 @@ public static OktaLogin getInstance() { } if (shouldProbeAgain) { - OktaConfig oktaConfig = (Config.OktaConfig) ConfigsDao.instance.findOne(Constants.ID, OktaConfig.getOktaId(Context.accountId.get())); + OktaConfig oktaConfig = (Config.OktaConfig) ConfigsDao.instance.findOne(Constants.ID, OktaConfig.getOktaId(1000000)); if (instance == null) { instance = new OktaLogin(); } @@ -47,7 +47,7 @@ public static String getAuthorisationUrl() { paramMap.put("redirect_uri",oktaConfig.getRedirectUri()); paramMap.put("response_type", "code"); paramMap.put("scope", "openid%20email%20profile"); - paramMap.put("state", "login"); + paramMap.put("state", String.valueOf(oktaConfig.getAccountId())); String queryString = SsoUtils.getQueryString(paramMap); diff --git a/apps/dashboard/src/main/java/com/akto/utils/sso/SsoUtils.java b/apps/dashboard/src/main/java/com/akto/utils/sso/SsoUtils.java index b2e4b89254..1a131fd586 100644 --- a/apps/dashboard/src/main/java/com/akto/utils/sso/SsoUtils.java +++ b/apps/dashboard/src/main/java/com/akto/utils/sso/SsoUtils.java @@ -49,7 +49,7 @@ public static boolean isAnySsoActive(){ }else{ List ssoList = Arrays.asList(oktaIdString, "GITHUB-ankush", "AZURE-ankush"); Bson filter = Filters.in("_id", ssoList); - return ConfigsDao.instance.count(filter) > 0; + return ConfigsDao.instance.count(filter) > 0 || isAnySsoActive(1000000); } } diff --git a/apps/dashboard/web/pages/login.jsp b/apps/dashboard/web/pages/login.jsp index 817493ed68..2a38088e38 100644 --- a/apps/dashboard/web/pages/login.jsp +++ b/apps/dashboard/web/pages/login.jsp @@ -72,7 +72,11 @@ window.TIME_ZONE = '${requestScope.currentTimeZone}' window.USER_FULL_NAME = '${requestScope.userFullName}' window.ORGANIZATION_NAME = '${requestScope.organizationName}' - window.GOOGLE_SSO_URL=atob('${requestScope.googleSsoUrl}') + window.GOOGLE_SAML_AUTH_URL=atob('${requestScope.googleSamlAuthUrl}') + window.OKTA_AUTH_URL = '${requestScope.oktaAuthUrl}' + window.AZURE_AUTH_URL = '${requestScope.azureAuthUrl}' + window.GITHUB_AUTH_URL = '${requestScope.githubAuthUrl}' + window.ACTIVE_SSO = '${requestScope.activeSso}' window.STIGG_IS_OVERAGE='${requestScope.stiggIsOverage}' window.USAGE_PAUSED=JSON.parse('${requestScope.usagePaused}' || '{}'); diff --git a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/GithubSso.jsx b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/GithubSso.jsx index a13631a2c4..47fdef50a0 100644 --- a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/GithubSso.jsx +++ b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/GithubSso.jsx @@ -13,7 +13,7 @@ function GithubSso() { const [showGithubSsoModal, setShowGithubSsoModal] = useState(false) const [githubPresent, setGithubPresent] = useState("") const [componentType, setComponentType] = useState(0) ; - const [nextButtonActive,setNextButtonActive] = useState(window.DASHBOARD_MODE === "ON_PREM"); + const [nextButtonActive,setNextButtonActive] = useState(); const [githubUrl, setGithubUrl] = useState("https://github.com") const [githubApiUrl, setGithubApiUrl] = useState("https://api.github.com") @@ -61,6 +61,7 @@ function GithubSso() { setGithubClientId(githubClientId) if (githubUrl) setGithubUrl(githubUrl) if (githubApiUrl) setGithubApiUrl(githubApiUrl) + setNextButtonActive(true) } catch (error) { setNextButtonActive(false) } diff --git a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/sso/AzureSso.jsx b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/sso/AzureSso.jsx index 3ef51af866..1865e7af94 100644 --- a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/sso/AzureSso.jsx +++ b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/sso/AzureSso.jsx @@ -15,6 +15,7 @@ function AzureSso() { const [loginUrl, setLoginUrl] = useState('') const [azureIdentity, setAzureIdentity] = useState('') + const [nextButtonActive, setNextButtonActive] = useState() const cardContent = "Enable Login via Azure AD on your Akto dashboard"; @@ -62,10 +63,12 @@ function AzureSso() { await settingRequests.fetchAzureSso("AZURE").then((resp)=> { setLoginUrl(resp.loginUrl) setAzureIdentity(resp.ssoEntityId) + setNextButtonActive(true) }) setLoading(false) } catch (error) { setLoading(false) + setNextButtonActive(false) } } @@ -92,6 +95,7 @@ function AzureSso() { pageTitle={"Azure AD SSO SAML"} loading={loading} certificateName={"Federation Metadata XML"} + isButtonActive={nextButtonActive} /> ) } diff --git a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/sso/CustomSamlSso.jsx b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/sso/CustomSamlSso.jsx index d34d18399e..c28756fab7 100644 --- a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/sso/CustomSamlSso.jsx +++ b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/sso/CustomSamlSso.jsx @@ -9,7 +9,7 @@ import func from "@/util/func" import Details from '../components/Details'; import { CancelMajor } from "@shopify/polaris-icons" -function CustomSamlSso({ssoType,entityTitle, entityId, loginURL,pageTitle, signinUrl, integrationSteps, cardContent, handleSubmitOutSide, handleDeleteOutside, samlUrlDocs, loading, showCustomInputs, certificateName}) { +function CustomSamlSso({ssoType,entityTitle, entityId, loginURL,pageTitle, signinUrl, integrationSteps, cardContent, handleSubmitOutSide, handleDeleteOutside, samlUrlDocs, loading, showCustomInputs, certificateName, isButtonActive}) { const [componentType, setComponentType] = useState(0) ; const [showDeleteModal, setShowDeleteModal] = useState(false); const [files, setFiles] = useState(null) @@ -17,7 +17,7 @@ function CustomSamlSso({ssoType,entityTitle, entityId, loginURL,pageTitle, signi const [identifier, setIdentifier] = useState('') const stepsComponent = ( - setComponentType(1)} buttonActive={true}/> + setComponentType(1)} buttonActive={isButtonActive}/> ) const setFilesCheck = (file) => { diff --git a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/sso/GoogleSamlSso.jsx b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/sso/GoogleSamlSso.jsx index 6b9f776a67..7111c07eec 100644 --- a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/sso/GoogleSamlSso.jsx +++ b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/sso/GoogleSamlSso.jsx @@ -15,6 +15,7 @@ function GoogleSamlSso() { const [loginUrl, setLoginUrl] = useState('') const [ssoIdentity, setSsoIdentity] = useState('') + const [nextButtonActive, setNextButtonActive] = useState() const cardContent = "Enable Login via Google Workspace on your Akto dashboard"; @@ -60,10 +61,12 @@ function GoogleSamlSso() { await settingRequests.fetchAzureSso("GOOGLE_SAML").then((resp)=> { setLoginUrl(resp.loginUrl) setSsoIdentity(resp.ssoEntityId) + setNextButtonActive(true) }) setLoading(false) } catch (error) { setLoading(false) + setNextButtonActive(false) } } @@ -91,6 +94,7 @@ function GoogleSamlSso() { showCustomInputs={true} certificateName={"X509 certificate"} signinUrl={AcsUrl} + isButtonActive={nextButtonActive} /> ) } diff --git a/apps/dashboard/web/polaris_web/web/src/apps/signup/components/SignUp.jsx b/apps/dashboard/web/polaris_web/web/src/apps/signup/components/SignUp.jsx index 8434ea93bd..35cabca907 100644 --- a/apps/dashboard/web/polaris_web/web/src/apps/signup/components/SignUp.jsx +++ b/apps/dashboard/web/polaris_web/web/src/apps/signup/components/SignUp.jsx @@ -35,34 +35,49 @@ function SignUp() { })) } - const oktaUrl = window.OKTA_AUTH_URL - const githubId = window.GITHUB_CLIENT_ID - const githubUrl = window.GITHUB_URL ? window.GITHUB_URL : "https://github.com" + const activeSSO = window.ACTIVE_SSO + const githubAuthUrl = window.GITHUB_AUTH_URL + const oktaAuthUrl = window.OKTA_AUTH_URL + const azureAuthUrl = window.AZURE_AUTH_URL const resetAll = PersistStore(state => state.resetAll) const { clearPollingInterval } = usePolling(); const githubAuthObj = { logo: '/public/github_icon.svg', text: 'Continue with Github SSO', - onClickFunc: () => { window.location.href = (githubUrl + "/login/oauth/authorize?client_id=" + githubId); } + onClickFunc: () => { window.location.href = githubAuthUrl } } const oktaAuthObj = { logo: '/public/okta_logo.svg', text: 'Continue with Okta SSO', - onClickFunc: () => { window.location.href = oktaUrl } + onClickFunc: () => { window.location.href = oktaAuthUrl } + } + + const azureAuthObj = { + logo: '/public/azure_logo.svg', + text: 'Continue with Azure SSO', + onClickFunc: () => { window.location.href = azureAuthUrl } + } + + const googleSamlAuthObj = { + logo: '/public/gcp.svg', + text: 'Continue with Google SAML SSO', + onClickFunc: () => { window.location.href = "" } } useEffect(() => { resetAll() clearPollingInterval() let copySsoList = [] - if (githubId !== undefined && githubId.length > 0) { + if (activeSSO?.toLowerCase() === "github" && githubAuthUrl?.length > 0) { copySsoList.push(githubAuthObj) - } - - if (oktaUrl !== undefined && oktaUrl.length > 0) { + } else if(activeSSO?.toLowerCase() === "okta" && oktaAuthUrl?.length > 0) { copySsoList.push(oktaAuthObj) + } else if(activeSSO?.toLowerCase() === "azure" && azureAuthUrl?.length > 0) { + copySsoList.push(azureAuthObj) + } else if(activeSSO?.toLowerCase() === "google_saml") { + copySsoList.push(googleSamlAuthObj) } setSsoList(copySsoList) diff --git a/libs/dao/src/main/java/com/akto/dto/Config.java b/libs/dao/src/main/java/com/akto/dto/Config.java index 63c67da9da..41af492eb4 100644 --- a/libs/dao/src/main/java/com/akto/dto/Config.java +++ b/libs/dao/src/main/java/com/akto/dto/Config.java @@ -5,6 +5,9 @@ import java.util.Set; import com.akto.dao.ConfigsDao; +import com.akto.dao.SSOConfigsDao; +import com.akto.dto.sso.SAMLConfig; +import com.akto.util.Constants; import com.mongodb.client.model.Filters; import org.bson.codecs.pojo.annotations.BsonDiscriminator; @@ -101,6 +104,16 @@ public GoogleConfig() { this.id = configType.name()+"-ankush"; } + public static Config getSSOConfigByAccountId(int accountId, ConfigType configType) { + return ConfigsDao.instance.findOne( + Filters.and( + Filters.eq(Constants.ID, configType.name()+CONFIG_SALT), + Filters.eq(OktaConfig.ACCOUNT_ID, accountId), + Filters.eq("configType", configType.name()) + ) + ); + } + public String getClientId() { return clientId; } @@ -539,6 +552,15 @@ public AzureConfig() { this.id = CONFIG_ID; } + public static SAMLConfig getSSOConfigByAccountId(int accountId, ConfigType configType) { + return SSOConfigsDao.instance.findOne( + Filters.and( + Filters.eq(Constants.ID, String.valueOf(accountId)), + Filters.eq("configType", configType.name()) + ) + ); + } + public String getX509Certificate() { return x509Certificate; } diff --git a/libs/dao/src/main/java/com/akto/dto/SignupInfo.java b/libs/dao/src/main/java/com/akto/dto/SignupInfo.java index 15024de460..722e4e35f9 100644 --- a/libs/dao/src/main/java/com/akto/dto/SignupInfo.java +++ b/libs/dao/src/main/java/com/akto/dto/SignupInfo.java @@ -389,16 +389,18 @@ public static class GithubSignupInfo extends SignupInfo { private String accessToken; private String refreshToken; private int refreshTokenExpiry; + private String email; private String username; public GithubSignupInfo() { } - public GithubSignupInfo(String accessToken, String refreshToken, int refreshTokenExpiry, String username) { + public GithubSignupInfo(String accessToken, String refreshToken, int refreshTokenExpiry, String username, String email) { this.accessToken = accessToken; this.refreshToken = refreshToken; this.refreshTokenExpiry = refreshTokenExpiry; + this.email = email; this.username = username; this.configType = Config.ConfigType.GITHUB; this.key = this.configType.name(); @@ -435,6 +437,14 @@ public String getUsername() { public void setUsername(String username) { this.username = username; } + + public String getEmail() { + return email; + } + + public void setEmail(String email) { + this.email = email; + } } public static class OktaSignupInfo extends SignupInfo { From 798b02543d10352a0613552c7bcd6da59715897f Mon Sep 17 00:00:00 2001 From: Umesh Kumar <166806589+TangoBeeAkto@users.noreply.github.com> Date: Fri, 31 Jan 2025 00:35:54 +0530 Subject: [PATCH 2/9] fix: getting default role based on the rbac feature for all sso functions --- .../java/com/akto/action/SignupAction.java | 33 ++++++++----------- 1 file changed, 13 insertions(+), 20 deletions(-) diff --git a/apps/dashboard/src/main/java/com/akto/action/SignupAction.java b/apps/dashboard/src/main/java/com/akto/action/SignupAction.java index 042f5581b6..f30f81663c 100644 --- a/apps/dashboard/src/main/java/com/akto/action/SignupAction.java +++ b/apps/dashboard/src/main/java/com/akto/action/SignupAction.java @@ -502,7 +502,7 @@ public String registerViaGithub() { logger.info("username {}", username); SignupInfo.GithubSignupInfo ghSignupInfo = new SignupInfo.GithubSignupInfo(accessToken, refreshToken, refreshTokenExpiry, email, username); shouldLogin = "true"; - createUserAndRedirect(email, username, ghSignupInfo, 1000000, Config.ConfigType.GITHUB.toString(), RBAC.Role.MEMBER); + createUserAndRedirectWithDefaultRole(email, username, ghSignupInfo, 1000000, Config.ConfigType.GITHUB.toString()); code = ""; logger.info("Executed registerViaGithub"); @@ -557,14 +557,8 @@ public String registerViaOkta() throws IOException{ String username = userInfo.get("preferred_username").toString(); SignupInfo.OktaSignupInfo oktaSignupInfo= new SignupInfo.OktaSignupInfo(accessToken, username); - - String defaultRole = RBAC.Role.MEMBER.name(); - if (UsageMetricCalculator.isRbacFeatureAvailable(accountId)) { - defaultRole = fetchDefaultInviteRole(accountId, RBAC.Role.GUEST.name()); - } - shouldLogin = "true"; - createUserAndRedirect(email, username, oktaSignupInfo, accountId, Config.ConfigType.OKTA.toString(), defaultRole); + createUserAndRedirectWithDefaultRole(email, username, oktaSignupInfo, accountId, Config.ConfigType.OKTA.toString()); code = ""; } catch (Exception e) { loggerMaker.errorAndAddToDb("Error while signing in via okta sso \n" + e.getMessage(), LogDb.DASHBOARD); @@ -692,12 +686,7 @@ public String registerViaAzure() throws Exception{ logger.info("Successful signing with Azure Idp for: "+ useremail); SignupInfo.SamlSsoSignupInfo signUpInfo = new SignupInfo.SamlSsoSignupInfo(username, useremail, Config.ConfigType.AZURE); - String defaultRole = RBAC.Role.MEMBER.name(); - if (UsageMetricCalculator.isRbacFeatureAvailable(this.accountId)) { - defaultRole = fetchDefaultInviteRole(this.accountId,RBAC.Role.GUEST.name()); - } - - createUserAndRedirect(useremail, username, signUpInfo, this.accountId, Config.ConfigType.AZURE.toString(), defaultRole); + createUserAndRedirectWithDefaultRole(useremail, username, signUpInfo, this.accountId, Config.ConfigType.AZURE.toString()); } catch (Exception e1) { loggerMaker.errorAndAddToDb("Error while signing in via azure sso \n" + e1.getMessage(), LogDb.DASHBOARD); servletResponse.sendRedirect("/login"); @@ -747,12 +736,7 @@ public String registerViaGoogleSamlSso() throws IOException{ shouldLogin = "true"; SignupInfo.SamlSsoSignupInfo signUpInfo = new SignupInfo.SamlSsoSignupInfo(username, userEmail, Config.ConfigType.GOOGLE_SAML); - String defaultRole = RBAC.Role.MEMBER.name(); - if (UsageMetricCalculator.isRbacFeatureAvailable(this.accountId)) { - defaultRole = fetchDefaultInviteRole(this.accountId, RBAC.Role.GUEST.name()); - } - - createUserAndRedirect(userEmail, username, signUpInfo, this.accountId, Config.ConfigType.GOOGLE_SAML.toString(), defaultRole); + createUserAndRedirectWithDefaultRole(userEmail, username, signUpInfo, this.accountId, Config.ConfigType.GOOGLE_SAML.toString()); } catch (Exception e1) { loggerMaker.errorAndAddToDb("Error while signing in via google workspace sso \n" + e1.getMessage(), LogDb.DASHBOARD); servletResponse.sendRedirect("/login"); @@ -839,6 +823,15 @@ private void createUserAndRedirect(String userEmail, String username, SignupInfo createUserAndRedirect(userEmail, username, signupInfo, invitationToAccount, method, null); } + private void createUserAndRedirectWithDefaultRole(String userEmail, String username, SignupInfo signupInfo, + int invitationToAccount, String method) throws IOException { + String defaultRole = RBAC.Role.MEMBER.name(); + if (UsageMetricCalculator.isRbacFeatureAvailable(invitationToAccount)) { + defaultRole = fetchDefaultInviteRole(invitationToAccount, RBAC.Role.GUEST.name()); + } + createUserAndRedirect(userEmail, username, signupInfo, invitationToAccount, method, defaultRole); + } + private void createUserAndRedirect(String userEmail, String username, SignupInfo signupInfo, int invitationToAccount, String method, String invitedRole) throws IOException { loggerMaker.infoAndAddToDb("createUserAndRedirect called"); From 8ed5d64c9342b51d1b6252f27e28710dd7dc9aa2 Mon Sep 17 00:00:00 2001 From: Umesh Kumar <166806589+TangoBeeAkto@users.noreply.github.com> Date: Mon, 3 Feb 2025 15:31:48 +0530 Subject: [PATCH 3/9] fixed sso bugs and cleaned code --- .../main/java/com/akto/action/HomeAction.java | 67 ++++++++++--------- .../java/com/akto/action/SignupAction.java | 12 ++-- .../main/java/com/akto/utils/OktaLogin.java | 4 +- .../java/com/akto/utils/sso/SsoUtils.java | 3 +- .../pages/settings/integrations/GithubSso.jsx | 11 ++- .../src/main/java/com/akto/dto/Config.java | 19 ------ .../java/com/akto/dto/sso/SAMLConfig.java | 12 ++++ 7 files changed, 71 insertions(+), 57 deletions(-) diff --git a/apps/dashboard/src/main/java/com/akto/action/HomeAction.java b/apps/dashboard/src/main/java/com/akto/action/HomeAction.java index 0c913a901d..255551f428 100644 --- a/apps/dashboard/src/main/java/com/akto/action/HomeAction.java +++ b/apps/dashboard/src/main/java/com/akto/action/HomeAction.java @@ -59,39 +59,44 @@ public String verifyEmail(){ public String execute() { servletRequest.setAttribute("isSaas", InitializerListener.isSaas); - if(DashboardMode.isOnPremDeployment()) { - if (GithubLogin.getGithubUrl() != null) { - servletRequest.setAttribute("githubAuthUrl", GithubLogin.getGithubUrl() + "/login/oauth/authorize?client_id=" + GithubLogin.getClientId() + "&scope=user&state=1000000"); - servletRequest.setAttribute("activeSso", Config.ConfigType.GITHUB); - } else if (OktaLogin.getAuthorisationUrl() != null) { - servletRequest.setAttribute("oktaAuthUrl", OktaLogin.getAuthorisationUrl()); - servletRequest.setAttribute("activeSso", Config.ConfigType.OKTA); - } else if (Config.AzureConfig.getSSOConfigByAccountId(1000000, Config.ConfigType.AZURE) != null) { - try { - SAMLConfig samlConfig = Config.AzureConfig.getSSOConfigByAccountId(1000000, Config.ConfigType.AZURE); - Saml2Settings samlSettings = CustomSamlSettings.getSamlSettings(samlConfig); - String samlRequestXml = new AuthnRequest(samlSettings).getAuthnRequestXml(); - - ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(); - Deflater deflater = new Deflater(Deflater.DEFLATED, true); - DeflaterOutputStream deflaterOutputStream = new DeflaterOutputStream(byteArrayOutputStream, deflater); - deflaterOutputStream.write(samlRequestXml.getBytes(StandardCharsets.UTF_8)); - deflaterOutputStream.close(); - String base64Encoded = Base64.getEncoder().encodeToString(byteArrayOutputStream.toByteArray()); - String urlEncoded = URLEncoder.encode(base64Encoded, "UTF-8"); - - servletRequest.setAttribute("azureAuthUrl", samlConfig.getLoginUrl() + "?SAMLRequest=" + urlEncoded + "&RelayState=" + 1000000); - servletRequest.setAttribute("activeSso", Config.ConfigType.AZURE); - } catch (Exception e) { - e.printStackTrace(); - logger.error(e.getMessage()); - } - } else if (Config.GoogleConfig.getSSOConfigByAccountId(1000000, Config.ConfigType.GOOGLE_SAML) != null) { - Config.GoogleConfig googleSamlConfig = (Config.GoogleConfig) Config.GoogleConfig.getSSOConfigByAccountId(1000000, Config.ConfigType.GOOGLE_SAML); - servletRequest.setAttribute("googleSamlAuthUrl", googleSamlConfig.getAuthURI()); - servletRequest.setAttribute("activeSso", Config.ConfigType.GOOGLE_SAML); + if (GithubLogin.getGithubUrl() != null) { + servletRequest.setAttribute("githubAuthUrl", GithubLogin.getGithubUrl() + "/login/oauth/authorize?client_id=" + GithubLogin.getClientId() + "&scope=user&state=1000000"); + servletRequest.setAttribute("activeSso", Config.ConfigType.GITHUB); + } + + if (OktaLogin.getAuthorisationUrl() != null) { + servletRequest.setAttribute("oktaAuthUrl", OktaLogin.getAuthorisationUrl()); + servletRequest.setAttribute("activeSso", Config.ConfigType.OKTA); + } + + if (SAMLConfig.getSAMLConfigByAccountId(1000000, Config.ConfigType.AZURE) != null) { + try { + SAMLConfig samlConfig = SAMLConfig.getSAMLConfigByAccountId(1000000, Config.ConfigType.AZURE); + Saml2Settings samlSettings = CustomSamlSettings.getSamlSettings(samlConfig); + String samlRequestXml = new AuthnRequest(samlSettings).getAuthnRequestXml(); + + ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(); + Deflater deflater = new Deflater(Deflater.DEFLATED, true); + DeflaterOutputStream deflaterOutputStream = new DeflaterOutputStream(byteArrayOutputStream, deflater); + deflaterOutputStream.write(samlRequestXml.getBytes(StandardCharsets.UTF_8)); + deflaterOutputStream.close(); + String base64Encoded = Base64.getEncoder().encodeToString(byteArrayOutputStream.toByteArray()); + String urlEncoded = URLEncoder.encode(base64Encoded, "UTF-8"); + + servletRequest.setAttribute("azureAuthUrl", samlConfig.getLoginUrl() + "?SAMLRequest=" + urlEncoded + "&RelayState=" + 1000000); + servletRequest.setAttribute("activeSso", Config.ConfigType.AZURE); + } catch (Exception e) { + e.printStackTrace(); + logger.error(e.getMessage()); } } + + // TODO("Haven't tested Google SAML SSO") + if (SAMLConfig.getSAMLConfigByAccountId(1000000, Config.ConfigType.GOOGLE_SAML) != null) { + SAMLConfig googleSamlConfig = SAMLConfig.getSAMLConfigByAccountId(1000000, Config.ConfigType.GOOGLE_SAML); + servletRequest.setAttribute("googleSamlAuthUrl", googleSamlConfig.getLoginUrl()); + servletRequest.setAttribute("activeSso", Config.ConfigType.GOOGLE_SAML); + } if (InitializerListener.aktoVersion != null && InitializerListener.aktoVersion.contains("akto-release-version")) { servletRequest.setAttribute("AktoVersionGlobal", ""); } else { diff --git a/apps/dashboard/src/main/java/com/akto/action/SignupAction.java b/apps/dashboard/src/main/java/com/akto/action/SignupAction.java index f30f81663c..7f00904eae 100644 --- a/apps/dashboard/src/main/java/com/akto/action/SignupAction.java +++ b/apps/dashboard/src/main/java/com/akto/action/SignupAction.java @@ -526,8 +526,12 @@ public String registerViaOkta() throws IOException{ servletResponse.sendRedirect("/login"); return ERROR.toUpperCase(); } - - setAccountId(1000000); + try { + setAccountId(Integer.parseInt(state)); + } catch (NumberFormatException e) { + servletResponse.sendRedirect("/login"); + return ERROR.toUpperCase(); + } oktaConfig = OktaLogin.getInstance().getOktaConfig(); } else { setAccountId(Integer.parseInt(state)); @@ -598,8 +602,8 @@ public String sendRequestToSamlIdP() throws IOException{ SAMLConfig samlConfig = null; if(userEmail != null && !userEmail.isEmpty()) { samlConfig = SSOConfigsDao.instance.getSSOConfig(userEmail); - } else if(!DashboardMode.isOnPremDeployment()) { - samlConfig = Config.AzureConfig.getSSOConfigByAccountId(1000000, ConfigType.AZURE); + } else if(DashboardMode.isOnPremDeployment()) { + samlConfig = SAMLConfig.getSAMLConfigByAccountId(1000000, ConfigType.AZURE); } if(samlConfig == null) { code = "Error, cannot login via SSO, trying to login with okta sso"; diff --git a/apps/dashboard/src/main/java/com/akto/utils/OktaLogin.java b/apps/dashboard/src/main/java/com/akto/utils/OktaLogin.java index a89d3bcbc3..c7512f5888 100644 --- a/apps/dashboard/src/main/java/com/akto/utils/OktaLogin.java +++ b/apps/dashboard/src/main/java/com/akto/utils/OktaLogin.java @@ -24,7 +24,9 @@ public static OktaLogin getInstance() { } if (shouldProbeAgain) { - OktaConfig oktaConfig = (Config.OktaConfig) ConfigsDao.instance.findOne(Constants.ID, OktaConfig.getOktaId(1000000)); + int accountId = Context.accountId.get() != null ? Context.accountId.get() : 1_000_000; + OktaConfig oktaConfig = (Config.OktaConfig) ConfigsDao.instance.findOne(Constants.ID, OktaConfig.getOktaId(accountId)); + if(oktaConfig == null) return null; if (instance == null) { instance = new OktaLogin(); } diff --git a/apps/dashboard/src/main/java/com/akto/utils/sso/SsoUtils.java b/apps/dashboard/src/main/java/com/akto/utils/sso/SsoUtils.java index 1a131fd586..d96eb251d1 100644 --- a/apps/dashboard/src/main/java/com/akto/utils/sso/SsoUtils.java +++ b/apps/dashboard/src/main/java/com/akto/utils/sso/SsoUtils.java @@ -49,7 +49,8 @@ public static boolean isAnySsoActive(){ }else{ List ssoList = Arrays.asList(oktaIdString, "GITHUB-ankush", "AZURE-ankush"); Bson filter = Filters.in("_id", ssoList); - return ConfigsDao.instance.count(filter) > 0 || isAnySsoActive(1000000); + accountId = Context.accountId.get() != null ? Context.accountId.get() : 1_000_000; + return ConfigsDao.instance.count(filter) > 0 || isAnySsoActive(accountId); } } diff --git a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/GithubSso.jsx b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/GithubSso.jsx index 47fdef50a0..7cb3a829c6 100644 --- a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/GithubSso.jsx +++ b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/GithubSso.jsx @@ -17,6 +17,8 @@ function GithubSso() { const [githubUrl, setGithubUrl] = useState("https://github.com") const [githubApiUrl, setGithubApiUrl] = useState("https://api.github.com") + const [isModalDisabled, setIsModalDisabled] = useState(false) + const location = window.location ; const hostname = location.origin; @@ -44,10 +46,13 @@ function GithubSso() { const addText = "Are you sure you want to add Github SSO Integration? This will enable all members of your GitHub account to access Akto dashboard." const handleDeleteGithubSso = async () => { + setIsModalDisabled(true) const response = await settingRequests.deleteGithubSso() if (response) { func.setToast(true, false, "Github SSO deleted successfully!") setComponentType(0); + setShowGithubSsoModal(false) + setIsModalDisabled(false) } } @@ -72,6 +77,7 @@ function GithubSso() { }, []) const handleAddGithubSso = async () => { + setIsModalDisabled(true) const response = await settingRequests.addGithubSso(githubClientId, githubClientSecret, githubUrl, githubApiUrl) if (response) { if (response.error) { @@ -80,6 +86,8 @@ function GithubSso() { func.setToast(true, false, "Github SSO added successfully!") window.location.reload() } + setShowGithubSsoModal(false) + setIsModalDisabled(false) } } @@ -124,7 +132,8 @@ function GithubSso() { title="Are you sure?" primaryAction={{ content: githubPresent ? 'Delete Github SSO' : 'Add GitHub SSO', - onAction: githubPresent ? handleDeleteGithubSso : handleAddGithubSso + onAction: githubPresent ? handleDeleteGithubSso : handleAddGithubSso, + disabled: isModalDisabled }} > diff --git a/libs/dao/src/main/java/com/akto/dto/Config.java b/libs/dao/src/main/java/com/akto/dto/Config.java index 41af492eb4..31f0c82c65 100644 --- a/libs/dao/src/main/java/com/akto/dto/Config.java +++ b/libs/dao/src/main/java/com/akto/dto/Config.java @@ -104,16 +104,6 @@ public GoogleConfig() { this.id = configType.name()+"-ankush"; } - public static Config getSSOConfigByAccountId(int accountId, ConfigType configType) { - return ConfigsDao.instance.findOne( - Filters.and( - Filters.eq(Constants.ID, configType.name()+CONFIG_SALT), - Filters.eq(OktaConfig.ACCOUNT_ID, accountId), - Filters.eq("configType", configType.name()) - ) - ); - } - public String getClientId() { return clientId; } @@ -552,15 +542,6 @@ public AzureConfig() { this.id = CONFIG_ID; } - public static SAMLConfig getSSOConfigByAccountId(int accountId, ConfigType configType) { - return SSOConfigsDao.instance.findOne( - Filters.and( - Filters.eq(Constants.ID, String.valueOf(accountId)), - Filters.eq("configType", configType.name()) - ) - ); - } - public String getX509Certificate() { return x509Certificate; } diff --git a/libs/dao/src/main/java/com/akto/dto/sso/SAMLConfig.java b/libs/dao/src/main/java/com/akto/dto/sso/SAMLConfig.java index b6c6a73947..d036257a08 100644 --- a/libs/dao/src/main/java/com/akto/dto/sso/SAMLConfig.java +++ b/libs/dao/src/main/java/com/akto/dto/sso/SAMLConfig.java @@ -1,4 +1,7 @@ package com.akto.dto.sso; +import com.akto.dao.SSOConfigsDao; +import com.akto.util.Constants; +import com.mongodb.client.model.Filters; import org.bson.codecs.pojo.annotations.BsonDiscriminator; import com.akto.dto.Config; @@ -43,6 +46,15 @@ public static SAMLConfig convertAzureConfigToSAMLConfig(Config.AzureConfig azure return samlConfig; } + public static SAMLConfig getSAMLConfigByAccountId(int accountId, ConfigType configType) { + return SSOConfigsDao.instance.findOne( + Filters.and( + Filters.eq(Constants.ID, String.valueOf(accountId)), + Filters.eq("configType", configType.name()) + ) + ); + } + public String getApplicationIdentifier() { return applicationIdentifier; } From 7ccc49e97898386f1c3cf4daf0a40e5656bd1dac Mon Sep 17 00:00:00 2001 From: Umesh Kumar <166806589+TangoBeeAkto@users.noreply.github.com> Date: Fri, 7 Feb 2025 00:23:20 +0530 Subject: [PATCH 4/9] moved getSAMLConfigByAccountId method from SAMLConfig to it's DAO --- .../src/main/java/com/akto/action/HomeAction.java | 9 +++++---- .../src/main/java/com/akto/action/SignupAction.java | 2 +- .../dao/src/main/java/com/akto/dao/SSOConfigsDao.java | 11 +++++++++++ .../src/main/java/com/akto/dto/sso/SAMLConfig.java | 9 --------- 4 files changed, 17 insertions(+), 14 deletions(-) diff --git a/apps/dashboard/src/main/java/com/akto/action/HomeAction.java b/apps/dashboard/src/main/java/com/akto/action/HomeAction.java index 255551f428..bca170fb79 100644 --- a/apps/dashboard/src/main/java/com/akto/action/HomeAction.java +++ b/apps/dashboard/src/main/java/com/akto/action/HomeAction.java @@ -1,5 +1,6 @@ package com.akto.action; +import com.akto.dao.SSOConfigsDao; import com.akto.dao.UsersDao; import com.akto.dto.Config; import com.akto.dto.User; @@ -69,9 +70,9 @@ public String execute() { servletRequest.setAttribute("activeSso", Config.ConfigType.OKTA); } - if (SAMLConfig.getSAMLConfigByAccountId(1000000, Config.ConfigType.AZURE) != null) { + if (SSOConfigsDao.getSAMLConfigByAccountId(1000000, Config.ConfigType.AZURE) != null) { try { - SAMLConfig samlConfig = SAMLConfig.getSAMLConfigByAccountId(1000000, Config.ConfigType.AZURE); + SAMLConfig samlConfig = SSOConfigsDao.getSAMLConfigByAccountId(1000000, Config.ConfigType.AZURE); Saml2Settings samlSettings = CustomSamlSettings.getSamlSettings(samlConfig); String samlRequestXml = new AuthnRequest(samlSettings).getAuthnRequestXml(); @@ -92,8 +93,8 @@ public String execute() { } // TODO("Haven't tested Google SAML SSO") - if (SAMLConfig.getSAMLConfigByAccountId(1000000, Config.ConfigType.GOOGLE_SAML) != null) { - SAMLConfig googleSamlConfig = SAMLConfig.getSAMLConfigByAccountId(1000000, Config.ConfigType.GOOGLE_SAML); + if (SSOConfigsDao.getSAMLConfigByAccountId(1000000, Config.ConfigType.GOOGLE_SAML) != null) { + SAMLConfig googleSamlConfig = SSOConfigsDao.getSAMLConfigByAccountId(1000000, Config.ConfigType.GOOGLE_SAML); servletRequest.setAttribute("googleSamlAuthUrl", googleSamlConfig.getLoginUrl()); servletRequest.setAttribute("activeSso", Config.ConfigType.GOOGLE_SAML); } diff --git a/apps/dashboard/src/main/java/com/akto/action/SignupAction.java b/apps/dashboard/src/main/java/com/akto/action/SignupAction.java index 7f00904eae..1f0075f249 100644 --- a/apps/dashboard/src/main/java/com/akto/action/SignupAction.java +++ b/apps/dashboard/src/main/java/com/akto/action/SignupAction.java @@ -603,7 +603,7 @@ public String sendRequestToSamlIdP() throws IOException{ if(userEmail != null && !userEmail.isEmpty()) { samlConfig = SSOConfigsDao.instance.getSSOConfig(userEmail); } else if(DashboardMode.isOnPremDeployment()) { - samlConfig = SAMLConfig.getSAMLConfigByAccountId(1000000, ConfigType.AZURE); + samlConfig = SSOConfigsDao.getSAMLConfigByAccountId(1000000, ConfigType.AZURE); } if(samlConfig == null) { code = "Error, cannot login via SSO, trying to login with okta sso"; diff --git a/libs/dao/src/main/java/com/akto/dao/SSOConfigsDao.java b/libs/dao/src/main/java/com/akto/dao/SSOConfigsDao.java index 68b2c68a07..328a48c114 100644 --- a/libs/dao/src/main/java/com/akto/dao/SSOConfigsDao.java +++ b/libs/dao/src/main/java/com/akto/dao/SSOConfigsDao.java @@ -1,6 +1,8 @@ package com.akto.dao; +import com.akto.dto.Config; import com.akto.dto.sso.SAMLConfig; +import com.akto.util.Constants; import com.mongodb.client.model.Filters; public class SSOConfigsDao extends CommonContextDao { @@ -22,6 +24,15 @@ public SAMLConfig getSSOConfig(String userEmail){ return config; } + public static SAMLConfig getSAMLConfigByAccountId(int accountId, Config.ConfigType configType) { + return SSOConfigsDao.instance.findOne( + Filters.and( + Filters.eq(Constants.ID, String.valueOf(accountId)), + Filters.eq("configType", configType.name()) + ) + ); + } + @Override public String getCollName() { return "sso_configs"; diff --git a/libs/dao/src/main/java/com/akto/dto/sso/SAMLConfig.java b/libs/dao/src/main/java/com/akto/dto/sso/SAMLConfig.java index d036257a08..67d25b6f42 100644 --- a/libs/dao/src/main/java/com/akto/dto/sso/SAMLConfig.java +++ b/libs/dao/src/main/java/com/akto/dto/sso/SAMLConfig.java @@ -46,15 +46,6 @@ public static SAMLConfig convertAzureConfigToSAMLConfig(Config.AzureConfig azure return samlConfig; } - public static SAMLConfig getSAMLConfigByAccountId(int accountId, ConfigType configType) { - return SSOConfigsDao.instance.findOne( - Filters.and( - Filters.eq(Constants.ID, String.valueOf(accountId)), - Filters.eq("configType", configType.name()) - ) - ); - } - public String getApplicationIdentifier() { return applicationIdentifier; } From fbd6eeeb6b6e6960546b493f240309c939bcdce2 Mon Sep 17 00:00:00 2001 From: Umesh Kumar <166806589+TangoBeeAkto@users.noreply.github.com> Date: Fri, 7 Feb 2025 00:37:13 +0530 Subject: [PATCH 5/9] improved code quality --- .../web/src/apps/signup/components/SignUp.jsx | 27 +++++++++++++------ 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/apps/dashboard/web/polaris_web/web/src/apps/signup/components/SignUp.jsx b/apps/dashboard/web/polaris_web/web/src/apps/signup/components/SignUp.jsx index 35cabca907..14fe93c060 100644 --- a/apps/dashboard/web/polaris_web/web/src/apps/signup/components/SignUp.jsx +++ b/apps/dashboard/web/polaris_web/web/src/apps/signup/components/SignUp.jsx @@ -70,14 +70,25 @@ function SignUp() { resetAll() clearPollingInterval() let copySsoList = [] - if (activeSSO?.toLowerCase() === "github" && githubAuthUrl?.length > 0) { - copySsoList.push(githubAuthObj) - } else if(activeSSO?.toLowerCase() === "okta" && oktaAuthUrl?.length > 0) { - copySsoList.push(oktaAuthObj) - } else if(activeSSO?.toLowerCase() === "azure" && azureAuthUrl?.length > 0) { - copySsoList.push(azureAuthObj) - } else if(activeSSO?.toLowerCase() === "google_saml") { - copySsoList.push(googleSamlAuthObj) + switch (activeSSO?.toLowerCase()) { + case "github": + if (githubAuthUrl?.length > 0) { + copySsoList.push(githubAuthObj); + } + break; + case "okta": + if (oktaAuthUrl?.length > 0) { + copySsoList.push(oktaAuthObj); + } + break; + case "azure": + if (azureAuthUrl?.length > 0) { + copySsoList.push(azureAuthObj); + } + break; + case "google_saml": + copySsoList.push(googleSamlAuthObj); + break; } setSsoList(copySsoList) From 879e95d0d223bf2f6ed688c149f0f0dd97fdc5c4 Mon Sep 17 00:00:00 2001 From: Umesh Kumar <166806589+TangoBeeAkto@users.noreply.github.com> Date: Mon, 10 Feb 2025 12:08:28 +0530 Subject: [PATCH 6/9] fix: handling azure sso auth url creation in backend --- .../main/java/com/akto/action/HomeAction.java | 28 +------------------ .../web/src/apps/signup/components/SignUp.jsx | 6 ++-- 2 files changed, 3 insertions(+), 31 deletions(-) diff --git a/apps/dashboard/src/main/java/com/akto/action/HomeAction.java b/apps/dashboard/src/main/java/com/akto/action/HomeAction.java index bca170fb79..a8b1ac787d 100644 --- a/apps/dashboard/src/main/java/com/akto/action/HomeAction.java +++ b/apps/dashboard/src/main/java/com/akto/action/HomeAction.java @@ -8,13 +8,10 @@ import com.akto.listener.InitializerListener; import com.akto.utils.*; import com.akto.util.DashboardMode; -import com.akto.utils.sso.CustomSamlSettings; import com.auth0.AuthorizeUrl; import com.auth0.SessionUtils; import com.mongodb.BasicDBObject; import com.mongodb.client.model.Filters; -import com.onelogin.saml2.authn.AuthnRequest; -import com.onelogin.saml2.settings.Saml2Settings; import com.opensymphony.xwork2.Action; import io.jsonwebtoken.Claims; import io.jsonwebtoken.Jws; @@ -26,13 +23,8 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import java.io.ByteArrayOutputStream; -import java.net.URLEncoder; import java.nio.charset.StandardCharsets; -import java.util.Base64; import java.util.Map; -import java.util.zip.Deflater; -import java.util.zip.DeflaterOutputStream; import static com.akto.action.SignupAction.*; import static com.akto.filter.UserDetailsFilter.LOGIN_URI; @@ -71,25 +63,7 @@ public String execute() { } if (SSOConfigsDao.getSAMLConfigByAccountId(1000000, Config.ConfigType.AZURE) != null) { - try { - SAMLConfig samlConfig = SSOConfigsDao.getSAMLConfigByAccountId(1000000, Config.ConfigType.AZURE); - Saml2Settings samlSettings = CustomSamlSettings.getSamlSettings(samlConfig); - String samlRequestXml = new AuthnRequest(samlSettings).getAuthnRequestXml(); - - ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(); - Deflater deflater = new Deflater(Deflater.DEFLATED, true); - DeflaterOutputStream deflaterOutputStream = new DeflaterOutputStream(byteArrayOutputStream, deflater); - deflaterOutputStream.write(samlRequestXml.getBytes(StandardCharsets.UTF_8)); - deflaterOutputStream.close(); - String base64Encoded = Base64.getEncoder().encodeToString(byteArrayOutputStream.toByteArray()); - String urlEncoded = URLEncoder.encode(base64Encoded, "UTF-8"); - - servletRequest.setAttribute("azureAuthUrl", samlConfig.getLoginUrl() + "?SAMLRequest=" + urlEncoded + "&RelayState=" + 1000000); - servletRequest.setAttribute("activeSso", Config.ConfigType.AZURE); - } catch (Exception e) { - e.printStackTrace(); - logger.error(e.getMessage()); - } + servletRequest.setAttribute("activeSso", Config.ConfigType.AZURE); } // TODO("Haven't tested Google SAML SSO") diff --git a/apps/dashboard/web/polaris_web/web/src/apps/signup/components/SignUp.jsx b/apps/dashboard/web/polaris_web/web/src/apps/signup/components/SignUp.jsx index 14fe93c060..5d9b1c5341 100644 --- a/apps/dashboard/web/polaris_web/web/src/apps/signup/components/SignUp.jsx +++ b/apps/dashboard/web/polaris_web/web/src/apps/signup/components/SignUp.jsx @@ -57,7 +57,7 @@ function SignUp() { const azureAuthObj = { logo: '/public/azure_logo.svg', text: 'Continue with Azure SSO', - onClickFunc: () => { window.location.href = azureAuthUrl } + onClickFunc: () => { window.location.href = "/trigger-saml-sso" } } const googleSamlAuthObj = { @@ -82,9 +82,7 @@ function SignUp() { } break; case "azure": - if (azureAuthUrl?.length > 0) { - copySsoList.push(azureAuthObj); - } + copySsoList.push(azureAuthObj); break; case "google_saml": copySsoList.push(googleSamlAuthObj); From 9ec176047cc79b3a06be3493cbc904d4689703c3 Mon Sep 17 00:00:00 2001 From: Umesh Kumar <166806589+TangoBeeAkto@users.noreply.github.com> Date: Mon, 10 Feb 2025 12:27:59 +0530 Subject: [PATCH 7/9] fix: removed nextButtonActive state and handling it in backend --- .../apps/dashboard/pages/settings/integrations/GithubSso.jsx | 3 +-- .../dashboard/pages/settings/integrations/sso/AzureSso.jsx | 4 ---- .../pages/settings/integrations/sso/GoogleSamlSso.jsx | 4 ---- 3 files changed, 1 insertion(+), 10 deletions(-) diff --git a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/GithubSso.jsx b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/GithubSso.jsx index 7cb3a829c6..60cd9d9aa4 100644 --- a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/GithubSso.jsx +++ b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/GithubSso.jsx @@ -13,7 +13,7 @@ function GithubSso() { const [showGithubSsoModal, setShowGithubSsoModal] = useState(false) const [githubPresent, setGithubPresent] = useState("") const [componentType, setComponentType] = useState(0) ; - const [nextButtonActive,setNextButtonActive] = useState(); + const [nextButtonActive,setNextButtonActive] = useState(window.DASHBOARD_MODE === "ON_PREM"); const [githubUrl, setGithubUrl] = useState("https://github.com") const [githubApiUrl, setGithubApiUrl] = useState("https://api.github.com") @@ -66,7 +66,6 @@ function GithubSso() { setGithubClientId(githubClientId) if (githubUrl) setGithubUrl(githubUrl) if (githubApiUrl) setGithubApiUrl(githubApiUrl) - setNextButtonActive(true) } catch (error) { setNextButtonActive(false) } diff --git a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/sso/AzureSso.jsx b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/sso/AzureSso.jsx index 1865e7af94..3ef51af866 100644 --- a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/sso/AzureSso.jsx +++ b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/sso/AzureSso.jsx @@ -15,7 +15,6 @@ function AzureSso() { const [loginUrl, setLoginUrl] = useState('') const [azureIdentity, setAzureIdentity] = useState('') - const [nextButtonActive, setNextButtonActive] = useState() const cardContent = "Enable Login via Azure AD on your Akto dashboard"; @@ -63,12 +62,10 @@ function AzureSso() { await settingRequests.fetchAzureSso("AZURE").then((resp)=> { setLoginUrl(resp.loginUrl) setAzureIdentity(resp.ssoEntityId) - setNextButtonActive(true) }) setLoading(false) } catch (error) { setLoading(false) - setNextButtonActive(false) } } @@ -95,7 +92,6 @@ function AzureSso() { pageTitle={"Azure AD SSO SAML"} loading={loading} certificateName={"Federation Metadata XML"} - isButtonActive={nextButtonActive} /> ) } diff --git a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/sso/GoogleSamlSso.jsx b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/sso/GoogleSamlSso.jsx index 7111c07eec..6b9f776a67 100644 --- a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/sso/GoogleSamlSso.jsx +++ b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/sso/GoogleSamlSso.jsx @@ -15,7 +15,6 @@ function GoogleSamlSso() { const [loginUrl, setLoginUrl] = useState('') const [ssoIdentity, setSsoIdentity] = useState('') - const [nextButtonActive, setNextButtonActive] = useState() const cardContent = "Enable Login via Google Workspace on your Akto dashboard"; @@ -61,12 +60,10 @@ function GoogleSamlSso() { await settingRequests.fetchAzureSso("GOOGLE_SAML").then((resp)=> { setLoginUrl(resp.loginUrl) setSsoIdentity(resp.ssoEntityId) - setNextButtonActive(true) }) setLoading(false) } catch (error) { setLoading(false) - setNextButtonActive(false) } } @@ -94,7 +91,6 @@ function GoogleSamlSso() { showCustomInputs={true} certificateName={"X509 certificate"} signinUrl={AcsUrl} - isButtonActive={nextButtonActive} /> ) } From b7f3f78cc11d769cb3b14c8c4219e39582b74f2f Mon Sep 17 00:00:00 2001 From: Ark2307 Date: Mon, 10 Feb 2025 14:38:35 +0530 Subject: [PATCH 8/9] Fixing basic errors --- .../main/java/com/akto/action/HomeAction.java | 39 +++++++++---------- .../java/com/akto/action/SignupAction.java | 13 ++++--- .../com/akto/action/user/OktaSsoAction.java | 11 ++---- .../main/java/com/akto/utils/OktaLogin.java | 6 ++- .../web/src/apps/signup/components/SignUp.jsx | 5 ++- .../main/java/com/akto/dao/SSOConfigsDao.java | 16 ++++++-- .../src/main/java/com/akto/dto/Config.java | 3 -- .../java/com/akto/dto/sso/SAMLConfig.java | 3 -- 8 files changed, 51 insertions(+), 45 deletions(-) diff --git a/apps/dashboard/src/main/java/com/akto/action/HomeAction.java b/apps/dashboard/src/main/java/com/akto/action/HomeAction.java index a8b1ac787d..9d52698ebf 100644 --- a/apps/dashboard/src/main/java/com/akto/action/HomeAction.java +++ b/apps/dashboard/src/main/java/com/akto/action/HomeAction.java @@ -4,7 +4,6 @@ import com.akto.dao.UsersDao; import com.akto.dto.Config; import com.akto.dto.User; -import com.akto.dto.sso.SAMLConfig; import com.akto.listener.InitializerListener; import com.akto.utils.*; import com.akto.util.DashboardMode; @@ -52,26 +51,26 @@ public String verifyEmail(){ public String execute() { servletRequest.setAttribute("isSaas", InitializerListener.isSaas); - if (GithubLogin.getGithubUrl() != null) { - servletRequest.setAttribute("githubAuthUrl", GithubLogin.getGithubUrl() + "/login/oauth/authorize?client_id=" + GithubLogin.getClientId() + "&scope=user&state=1000000"); - servletRequest.setAttribute("activeSso", Config.ConfigType.GITHUB); - } - - if (OktaLogin.getAuthorisationUrl() != null) { - servletRequest.setAttribute("oktaAuthUrl", OktaLogin.getAuthorisationUrl()); - servletRequest.setAttribute("activeSso", Config.ConfigType.OKTA); - } - - if (SSOConfigsDao.getSAMLConfigByAccountId(1000000, Config.ConfigType.AZURE) != null) { - servletRequest.setAttribute("activeSso", Config.ConfigType.AZURE); - } - - // TODO("Haven't tested Google SAML SSO") - if (SSOConfigsDao.getSAMLConfigByAccountId(1000000, Config.ConfigType.GOOGLE_SAML) != null) { - SAMLConfig googleSamlConfig = SSOConfigsDao.getSAMLConfigByAccountId(1000000, Config.ConfigType.GOOGLE_SAML); - servletRequest.setAttribute("googleSamlAuthUrl", googleSamlConfig.getLoginUrl()); - servletRequest.setAttribute("activeSso", Config.ConfigType.GOOGLE_SAML); + if(DashboardMode.isOnPremDeployment()){ + if (GithubLogin.getGithubUrl() != null) { + servletRequest.setAttribute("githubAuthUrl", GithubLogin.getGithubUrl() + "/login/oauth/authorize?client_id=" + GithubLogin.getClientId() + "&scope=user&state=1000000"); + servletRequest.setAttribute("activeSso", Config.ConfigType.GITHUB); + } + + if (OktaLogin.getAuthorisationUrl() != null) { + servletRequest.setAttribute("oktaAuthUrl", OktaLogin.getAuthorisationUrl()); + servletRequest.setAttribute("activeSso", Config.ConfigType.OKTA); + } + + if (SSOConfigsDao.getSAMLConfigByAccountId(1000000, Config.ConfigType.AZURE) != null) { + servletRequest.setAttribute("activeSso", Config.ConfigType.AZURE); + } + + if (SSOConfigsDao.getSAMLConfigByAccountId(1000000, Config.ConfigType.GOOGLE_SAML) != null) { + servletRequest.setAttribute("activeSso", Config.ConfigType.GOOGLE_SAML); + } } + if (InitializerListener.aktoVersion != null && InitializerListener.aktoVersion.contains("akto-release-version")) { servletRequest.setAttribute("AktoVersionGlobal", ""); } else { diff --git a/apps/dashboard/src/main/java/com/akto/action/SignupAction.java b/apps/dashboard/src/main/java/com/akto/action/SignupAction.java index 1f0075f249..4738ee813e 100644 --- a/apps/dashboard/src/main/java/com/akto/action/SignupAction.java +++ b/apps/dashboard/src/main/java/com/akto/action/SignupAction.java @@ -603,7 +603,7 @@ public String sendRequestToSamlIdP() throws IOException{ if(userEmail != null && !userEmail.isEmpty()) { samlConfig = SSOConfigsDao.instance.getSSOConfig(userEmail); } else if(DashboardMode.isOnPremDeployment()) { - samlConfig = SSOConfigsDao.getSAMLConfigByAccountId(1000000, ConfigType.AZURE); + samlConfig = SSOConfigsDao.getSAMLConfigByAccountId(1000000); } if(samlConfig == null) { code = "Error, cannot login via SSO, trying to login with okta sso"; @@ -638,10 +638,13 @@ public String oktaAuthUrlCreator(String emailId) throws IOException { logger.info("Trying to create auth url for okta sso for: " + emailId); Config.OktaConfig oktaConfig = Config.getOktaConfig(emailId); if(oktaConfig == null) { - code= "Error, cannot find okta sso for this organization, redirecting to login"; - logger.error(code); - servletResponse.sendRedirect("/login"); - return ERROR.toUpperCase(); + oktaConfig = OktaLogin.getInstance().getOktaConfig(); + if(oktaConfig == null){ + code= "Error, cannot find okta sso for this organization, redirecting to login"; + logger.error(code); + servletResponse.sendRedirect("/login"); + return ERROR.toUpperCase(); + } } String authorisationUrl = OktaLogin.getAuthorisationUrl(emailId); diff --git a/apps/dashboard/src/main/java/com/akto/action/user/OktaSsoAction.java b/apps/dashboard/src/main/java/com/akto/action/user/OktaSsoAction.java index 94632d8006..7f019986d4 100644 --- a/apps/dashboard/src/main/java/com/akto/action/user/OktaSsoAction.java +++ b/apps/dashboard/src/main/java/com/akto/action/user/OktaSsoAction.java @@ -12,7 +12,6 @@ import com.akto.dto.User; import com.akto.dto.Config.OktaConfig; import com.akto.util.Constants; -import com.akto.util.DashboardMode; import com.akto.utils.sso.SsoUtils; import com.mongodb.BasicDBObject; import com.mongodb.client.model.Filters; @@ -41,12 +40,10 @@ public String addOktaSso() { oktaConfig.setAuthorisationServerId(authorisationServerId); oktaConfig.setOktaDomainUrl(oktaDomain); oktaConfig.setRedirectUri(redirectUri); - if(!DashboardMode.isOnPremDeployment()){ - oktaConfig.setAccountId(Context.accountId.get()); - String userLogin = getSUser().getLogin(); - String domain = userLogin.split("@")[1]; - oktaConfig.setOrganizationDomain(domain); - } + oktaConfig.setAccountId(Context.accountId.get()); + String userLogin = getSUser().getLogin(); + String domain = userLogin.split("@")[1]; + oktaConfig.setOrganizationDomain(domain); ConfigsDao.instance.insertOne(oktaConfig); return SUCCESS.toUpperCase(); diff --git a/apps/dashboard/src/main/java/com/akto/utils/OktaLogin.java b/apps/dashboard/src/main/java/com/akto/utils/OktaLogin.java index c7512f5888..de4d290a14 100644 --- a/apps/dashboard/src/main/java/com/akto/utils/OktaLogin.java +++ b/apps/dashboard/src/main/java/com/akto/utils/OktaLogin.java @@ -49,7 +49,11 @@ public static String getAuthorisationUrl() { paramMap.put("redirect_uri",oktaConfig.getRedirectUri()); paramMap.put("response_type", "code"); paramMap.put("scope", "openid%20email%20profile"); - paramMap.put("state", String.valueOf(oktaConfig.getAccountId())); + int accountId = 1000000; + if(oktaConfig.getAccountId() != 0){ + accountId = oktaConfig.getAccountId(); + } + paramMap.put("state", String.valueOf(accountId)); String queryString = SsoUtils.getQueryString(paramMap); diff --git a/apps/dashboard/web/polaris_web/web/src/apps/signup/components/SignUp.jsx b/apps/dashboard/web/polaris_web/web/src/apps/signup/components/SignUp.jsx index 5d9b1c5341..1ae1e4cd0a 100644 --- a/apps/dashboard/web/polaris_web/web/src/apps/signup/components/SignUp.jsx +++ b/apps/dashboard/web/polaris_web/web/src/apps/signup/components/SignUp.jsx @@ -38,7 +38,6 @@ function SignUp() { const activeSSO = window.ACTIVE_SSO const githubAuthUrl = window.GITHUB_AUTH_URL const oktaAuthUrl = window.OKTA_AUTH_URL - const azureAuthUrl = window.AZURE_AUTH_URL const resetAll = PersistStore(state => state.resetAll) const { clearPollingInterval } = usePolling(); @@ -63,7 +62,7 @@ function SignUp() { const googleSamlAuthObj = { logo: '/public/gcp.svg', text: 'Continue with Google SAML SSO', - onClickFunc: () => { window.location.href = "" } + onClickFunc: () => { window.location.href = "/trigger-saml-sso" } } useEffect(() => { @@ -87,6 +86,8 @@ function SignUp() { case "google_saml": copySsoList.push(googleSamlAuthObj); break; + default: + break; } setSsoList(copySsoList) diff --git a/libs/dao/src/main/java/com/akto/dao/SSOConfigsDao.java b/libs/dao/src/main/java/com/akto/dao/SSOConfigsDao.java index 328a48c114..9435511cf5 100644 --- a/libs/dao/src/main/java/com/akto/dao/SSOConfigsDao.java +++ b/libs/dao/src/main/java/com/akto/dao/SSOConfigsDao.java @@ -1,6 +1,6 @@ package com.akto.dao; -import com.akto.dto.Config; +import com.akto.dto.Config.ConfigType; import com.akto.dto.sso.SAMLConfig; import com.akto.util.Constants; import com.mongodb.client.model.Filters; @@ -24,11 +24,19 @@ public SAMLConfig getSSOConfig(String userEmail){ return config; } - public static SAMLConfig getSAMLConfigByAccountId(int accountId, Config.ConfigType configType) { + public static SAMLConfig getSAMLConfigByAccountId(int accountId) { return SSOConfigsDao.instance.findOne( Filters.and( - Filters.eq(Constants.ID, String.valueOf(accountId)), - Filters.eq("configType", configType.name()) + Filters.eq(Constants.ID, String.valueOf(accountId)) + ) + ); + } + + public static SAMLConfig getSAMLConfigByAccountId(int accountId, ConfigType configType) { + return SSOConfigsDao.instance.findOne( + Filters.and( + Filters.eq(Constants.ID, String.valueOf(accountId)), + Filters.eq("configType", configType.name()) ) ); } diff --git a/libs/dao/src/main/java/com/akto/dto/Config.java b/libs/dao/src/main/java/com/akto/dto/Config.java index 31f0c82c65..63c67da9da 100644 --- a/libs/dao/src/main/java/com/akto/dto/Config.java +++ b/libs/dao/src/main/java/com/akto/dto/Config.java @@ -5,9 +5,6 @@ import java.util.Set; import com.akto.dao.ConfigsDao; -import com.akto.dao.SSOConfigsDao; -import com.akto.dto.sso.SAMLConfig; -import com.akto.util.Constants; import com.mongodb.client.model.Filters; import org.bson.codecs.pojo.annotations.BsonDiscriminator; diff --git a/libs/dao/src/main/java/com/akto/dto/sso/SAMLConfig.java b/libs/dao/src/main/java/com/akto/dto/sso/SAMLConfig.java index 67d25b6f42..b6c6a73947 100644 --- a/libs/dao/src/main/java/com/akto/dto/sso/SAMLConfig.java +++ b/libs/dao/src/main/java/com/akto/dto/sso/SAMLConfig.java @@ -1,7 +1,4 @@ package com.akto.dto.sso; -import com.akto.dao.SSOConfigsDao; -import com.akto.util.Constants; -import com.mongodb.client.model.Filters; import org.bson.codecs.pojo.annotations.BsonDiscriminator; import com.akto.dto.Config; From beadf3d71e780ca18f0c2f450b8972c268d3826c Mon Sep 17 00:00:00 2001 From: Umesh Kumar <166806589+TangoBeeAkto@users.noreply.github.com> Date: Mon, 10 Feb 2025 17:18:23 +0530 Subject: [PATCH 9/9] fixed some bugs --- apps/dashboard/src/main/java/com/akto/utils/OktaLogin.java | 1 - .../pages/settings/integrations/components/StepsComponent.jsx | 2 +- .../web/polaris_web/web/src/apps/signup/components/SignUp.jsx | 1 - 3 files changed, 1 insertion(+), 3 deletions(-) diff --git a/apps/dashboard/src/main/java/com/akto/utils/OktaLogin.java b/apps/dashboard/src/main/java/com/akto/utils/OktaLogin.java index de4d290a14..de92315fe6 100644 --- a/apps/dashboard/src/main/java/com/akto/utils/OktaLogin.java +++ b/apps/dashboard/src/main/java/com/akto/utils/OktaLogin.java @@ -26,7 +26,6 @@ public static OktaLogin getInstance() { if (shouldProbeAgain) { int accountId = Context.accountId.get() != null ? Context.accountId.get() : 1_000_000; OktaConfig oktaConfig = (Config.OktaConfig) ConfigsDao.instance.findOne(Constants.ID, OktaConfig.getOktaId(accountId)); - if(oktaConfig == null) return null; if (instance == null) { instance = new OktaLogin(); } diff --git a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/components/StepsComponent.jsx b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/components/StepsComponent.jsx index a740b06a5c..7bd16f8511 100644 --- a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/components/StepsComponent.jsx +++ b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/settings/integrations/components/StepsComponent.jsx @@ -17,7 +17,7 @@ function StepsComponent({integrationSteps, onClickFunc, buttonActive}) { ) })} - + diff --git a/apps/dashboard/web/polaris_web/web/src/apps/signup/components/SignUp.jsx b/apps/dashboard/web/polaris_web/web/src/apps/signup/components/SignUp.jsx index 1ae1e4cd0a..f6516fb06b 100644 --- a/apps/dashboard/web/polaris_web/web/src/apps/signup/components/SignUp.jsx +++ b/apps/dashboard/web/polaris_web/web/src/apps/signup/components/SignUp.jsx @@ -305,7 +305,6 @@ function SignUp() { {activeObject.headingText} {ssoCard} - {!func.checkLocal() ? window.location.href="/sso-login"} logos={['/public/azure_logo.svg', '/public/gcp.svg']} text={"Sign in with SSO"} /> : null} {signupEmailCard} {loginActive && isOnPrem && resetPasswordComp}