Skip to content
AIV

SSO (Single Sign-On) Code explanation

Introduction

This document contains explanations of the SSO code developed by AIV. We have provided detailed explanations for each SSO method to help users understand SSO implementation.

Prerequisites

Downloaded Sample project from here

Code Explanation

  1. The code starts with importing required dependencies as shown in below code snippet.
package com.aiv.sso;

import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import java.util.logging.FileHandler;
import java.util.logging.Handler;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.logging.SimpleFormatter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.io.IOUtils;
import org.json.JSONException;
import org.json.JSONObject;

import com.activeintelligence.external.sso.SSOSecurity;
  1. Below code is to initialization of java logger. In Java, logging is an important feature that helps developers to trace out the errors. Java is the programming language that comes with the logging approach. It provides a Logging API that was introduced in Java 1.4 version. It provides the ability to capture the log file.
  • Here we have initialized logger and provided path where this log file will be stored!
public class aivSSOImpl implements SSOSecurity {
	private static final Logger logger = Logger.getLogger(aivSSOImpl.class.getName()); // init of logger
	private static final String LOG_FOLDER = "C:/aiv/logs/";
  1. Users can configure logger settings using the following code. This includes options such as logging level, components, logging handlers or appenders, logging formatters or layouts, and the Java Logger class.
	public aivSSOImpl() { // to read external settings if any
		try {
			Handler fileHandler = new FileHandler(LOG_FOLDER + "sso.log", true);
			fileHandler.setLevel(Level.ALL);
			fileHandler.setFormatter(new SimpleFormatter());

			logger.addHandler(fileHandler);

		} catch (IOException e) {
			logger.severe(e.getMessage());
		}
	}
  1. The following code snippet contains the business logic for user authentication. It retrieves the username, department, and token from the client application URL and authenticates with a list of users available in the AIV database. Access to AIV is granted upon finding a match.
	@Override
	public Map<String, Object> authenticate(ServletRequest request, ServletResponse response, String extraInfoIN) { // for
		logger.info("Inside SSO");																										// external
		HttpServletRequest req = (HttpServletRequest) request;
		Map<String, Object> rtObj = null;
		String userName =null;
		String userToken = null;

		String str = null;
		try {
			str = IOUtils.toString(request.getInputStream());
			JSONObject jsonObj = new JSONObject(str);
			userName=jsonObj.getString("userName");
			userToken=jsonObj.getString("token");
			if (userName.equals("Admin") && userToken.equals("S3CUR3T0K3N")){
				/*
				 * put your own Authenticate logic to verify userName, password and Token. In
				 * the below we are matching username and token and returning object value
				 */
				logger.info(userName + "|" + userToken + "|");
				rtObj = new HashMap<String, Object>();
				rtObj.put("userName", userName);
				if(jsonObj.has("deptCode")) rtObj.put("deptCode", jsonObj.getString("deptCode"));
				HttpServletResponse res = (HttpServletResponse) response;
				res.setHeader("tokens", userToken);
				if (str != null) {
					rtObj.put("requestValues", jsonObj.toString());
				}
				return rtObj;
			}
			else {
				return null;
			}
		} catch (IOException | JSONException e1) {
			// TODO Auto-generated catch block
			e1.printStackTrace();
			return null;
		}
		
	}

}

How to Validate ?

  • Code provided here is to validate userName, deptCode, and tokens from an embedded URL. When a user wants to display an AIV dashboard in their application, they can use the dashboard’s embed link in an iframe. However, this embed link requires user credentials or session tokens to be validated. If the user credentials are invalid, the dashboard will not open in the iframe.

  • To load the dashboard in an iframe, users need to send their username, password, department name, and session token in the URL. AIV will then validate these user credentials using the provided SSO code above. This serves as a basic SSO implementation, and users can apply their own logic to validate valid users.

  • Here we use userName, deptCode and Static token to validate valid user of aiv.

  • Let’s configure this code and check working of SSO user verification code by using sample embed link of dashboard for Admin user.

  • From Prerequisites, download sample project and you will find sample SSO project folder in this zip.

  1. Extract the project and open it in Eclipse IDE.

  2. Open aivSSOImpl.java class from src/com.aiv.sso/ project path.

  3. Go to step no 25 and change folder path of logs folder. Refer step number 6 of SSO & External Security document.

  4. Save these changes and ensure there are no errors in the project.

  5. Right click on aivSSO project and click on Export option to create a jar file.

  6. Select JAR file from the export window and click on next.

  7. Provide jar file export path and name of jar file.

  1. Stop tomcat server if it is running and place this jar in at (your_directory)/aiv/tomcat/webapps/aiv/WEB-INF/lib/ folder.

  2. Restart tomcat server.

  3. Login to AIV application and click on SSO Configuration buttton, It will enable SSO Configuration setting into AIV, as shown in figure.

  4. Enter in class name: com.aiv.sso.aivSSOImpl, as shown in the figure. [It implements SSO Jar File class path]

  5. Click on submit button to save the changes.

  6. Go to dashboard section and generate embed link of any working dashboard without bypass option.

  1. Copy this embed URL and paste it in any text editor application. Provide password at &a_p__ and static token at &a_t__ . (static token we have used in SSO code : S3CUR3T0K3N) in copied embed link.

User can change in SSO code to get token dynamically.

For example,

http://localhost:8080/aiv/embed/external/31767950674266325a554a743438647a6e7a4e374a4542777a67726650585833656d356d4f704f54587077253344/a_u__Admin&a_p__password&a_t__S3CUR3T0K3N&a_d__Default&a_ex__&a_af__false/noparam
  1. Run this embed link in the browser, and if the user credentials are valid, the dashboard will be displayed. The SSO code will extract credential details from the embed link, validate them with AIV user details, and allow the dashboard to load.