Orbeon Forms community mailing list

Passing SSO cookie to custom rest services

classic Classic list List threaded Threaded
10 messages Options
mgamsjager
Reply | Threaded
Open this post in threaded view
|

Passing SSO cookie to custom rest services

mgamsjager
CONTENTS DELETED
The author has deleted this message.
Alessandro Vernet
Reply | Threaded
Open this post in threaded view
|

Re: Passing SSO cookie to custom rest services

Alessandro Vernet
Administrator
Hi,

It "should work". Is this with a 4.0 build? If not, would you be able to test if it works for you with a 4.0 build? When you say that even after adding MYSAPSSO2 to oxf.http.forward-cookies, your service isn't called, are you saying that Orbeon Forms makes the call, but that it is blocked by security?

Alex


On Wed, Jan 30, 2013 at 6:13 PM, mgamsjager <[hidden email]> wrote:
Hello,

I try to get SSO working on our SAP Java server. We created our own
persistency webservices but require end to end authentication.
I was very happy when I found the property oxf.http.forward-cookies but
after adding the MYSAPSSO2 cookie entry (and every other cookie Chrome and
Firebug showed me) I still get no calls to our REST services.

Any ideas what else I could try?



--
View this message in context: http://orbeon-forms-ops-users.24843.n4.nabble.com/Passing-SSO-cookie-to-custom-rest-services-tp4656224.html
Sent from the Orbeon Forms (ops-users) mailing list archive at Nabble.com.


--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
OW2 mailing lists service home page: http://www.ow2.org/wws




--
Follow Orbeon on Twitter: @orbeon
Follow me on Twitter: @avernet


--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
OW2 mailing lists service home page: http://www.ow2.org/wws
--
Follow Orbeon on Twitter: @orbeon
Follow me on Twitter: @avernet
mgamsjager
Reply | Threaded
Open this post in threaded view
|

Re: Passing SSO cookie to custom rest services

mgamsjager
CONTENTS DELETED
The author has deleted this message.
mgamsjager
Reply | Threaded
Open this post in threaded view
|

Re: Passing SSO cookie to custom rest services

mgamsjager
This post was updated on .
CONTENTS DELETED
The author has deleted this message.
mgamsjager
Reply | Threaded
Open this post in threaded view
|

Re: Passing SSO cookie to custom rest services

mgamsjager
CONTENTS DELETED
The author has deleted this message.
Alessandro Vernet
Reply | Threaded
Open this post in threaded view
|

Re: Re: Passing SSO cookie to custom rest services

Alessandro Vernet
Administrator
On Thu, Jan 31, 2013 at 4:19 PM, mgamsjager <[hidden email]> wrote:
> I was wonder why Orbeon seems to trim the JSESSIONID string?
> same thing as this post:
> http://stackoverflow.com/questions/9730850/orbeon-trims-jsessionid-value-during-form-submission
> which is a SAP user as well.

I missed that post last year (it is from March 2012). And yes, indeed,
this looks like the same problem. Are you seeing that the proper
cookie is sent by the browser in the Ajax query, but then truncated
when forwarded by Orbeon Forms? I will also try to reproduce this here
with Tomcat, simulating a long JSESSIONID and will let you know what I
find.

Alex
--
Follow Orbeon on Twitter: @orbeon
Follow me on Twitter: @avernet


--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
OW2 mailing lists service home page: http://www.ow2.org/wws
--
Follow Orbeon on Twitter: @orbeon
Follow me on Twitter: @avernet
Alessandro Vernet
Reply | Threaded
Open this post in threaded view
|

Re: Re: Passing SSO cookie to custom rest services

Alessandro Vernet
Administrator
I was unable to reproduce this. Here is what I did:

- Added the property: <property as="xs:string"
name="oxf.http.forward-cookies" value="JSESSIONID JSESSIONIDSSO
MYSAPSSO2"/>.
- In my browser, used the Edit This Cookie extension for Chrome to set
the MYSAPSSO2 to
brdfDsBQZo-rQrglmsZGV7UPrvuSPAFytEcA_SAPSdRQjk3HGniAcKLZbf37eKyL (the
long value you  quoted).
- Added the workflow-send button to my form, the success URL to a
service that shows the cookies it receives: <property as="xs:anyURI"
name="oxf.fr.detail.send.success.uri.*.*"
value="http://xformstest.org/cgi-bin/echo.sh"/>
- Load the form (http://localhost:8080/orbeon/fr/foo/bar/new) and hit Send.
- The echo service shows that the proper cookies with the full values
have been forwarded:
HTTP_COOKIE=JSESSIONID=3413DC60946E8F35BCCBB750BF2AC0FE;
MYSAPSSO2=brdfDsBQZo-rQrglmsZGV7UPrvuSPAFytEcA_SAPSdRQjk3HGniAcKLZbf37eKyL.

Is your situation different?

Alex

On Wed, Feb 6, 2013 at 8:57 PM, Alessandro Vernet <[hidden email]> wrote:

> On Thu, Jan 31, 2013 at 4:19 PM, mgamsjager <[hidden email]> wrote:
>> I was wonder why Orbeon seems to trim the JSESSIONID string?
>> same thing as this post:
>> http://stackoverflow.com/questions/9730850/orbeon-trims-jsessionid-value-during-form-submission
>> which is a SAP user as well.
>
> I missed that post last year (it is from March 2012). And yes, indeed,
> this looks like the same problem. Are you seeing that the proper
> cookie is sent by the browser in the Ajax query, but then truncated
> when forwarded by Orbeon Forms? I will also try to reproduce this here
> with Tomcat, simulating a long JSESSIONID and will let you know what I
> find.
>
> Alex
> --
> Follow Orbeon on Twitter: @orbeon
> Follow me on Twitter: @avernet


--
Follow Orbeon on Twitter: @orbeon
Follow me on Twitter: @avernet


--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
OW2 mailing lists service home page: http://www.ow2.org/wws
--
Follow Orbeon on Twitter: @orbeon
Follow me on Twitter: @avernet
mgamsjager
Reply | Threaded
Open this post in threaded view
|

Re: Re: Passing SSO cookie to custom rest services

mgamsjager
CONTENTS DELETED
The author has deleted this message.
mgamsjager
Reply | Threaded
Open this post in threaded view
|

Re: Re: Passing SSO cookie to custom rest services

mgamsjager
CONTENTS DELETED
The author has deleted this message.
Alessandro Vernet
Reply | Threaded
Open this post in threaded view
|

Re: Re: Re: Passing SSO cookie to custom rest services

Alessandro Vernet
Administrator
OK, so it sounds like the truncation only happens with SAP NetWeaver.
As a next step, you could try increasing the debug level in Orbeon
Forms, and you should be able to see which headers are forwarded with
their respective value in orbeon.log. You can use the "development
configuration":

http://wiki.orbeon.com/forms/doc/developer-guide/xforms-logging#TOC-Development-configuration

And if you want to debug this, the code is in Connection.scala:

https://github.com/orbeon/orbeon-forms/blob/master/src/scala/org/orbeon/oxf/util/Connection.scala

Alex


--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
OW2 mailing lists service home page: http://www.ow2.org/wws
--
Follow Orbeon on Twitter: @orbeon
Follow me on Twitter: @avernet
Free forum by Nabble Edit this page