Skip to content

SSO (Single Sign-On) Code Explanation

Introduction

This document contains explanations of the SSO code developed by AIV. We have provided detailed explanations for each SSO method to help users understand SSO implementation.

Prerequisites

Downloaded Sample project from here.

Code Explanation

  1. The code starts with importing required dependencies as shown in below code snippet.
package com.aiv.sso;

import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import java.util.logging.FileHandler;
import java.util.logging.Handler;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.logging.SimpleFormatter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.io.IOUtils;
import org.json.JSONException;
import org.json.JSONObject;

import com.activeintelligence.external.sso.SSOSecurity;
  1. The code below is for the initialization of the java logger. In Java, logging is an important feature that helps developers to trace out the errors. Java is a programming language that includes a built-in logging framework.It provides a Logging API that was introduced in Java 1.4 version. It provides the ability to capture the log file.
  • Here, we have initialized the logger and specified the path where the log file will be stored.
public class aivSSOImpl implements SSOSecurity {
	private static final Logger logger = Logger.getLogger(aivSSOImpl.class.getName()); // init of logger
	private static final String LOG_FOLDER = "C:/aiv/logs/";
  1. Users can configure logger settings using the following code. This includes options such as logging level, components, logging handlers or appenders, logging formatters or layouts, and the Java Logger class.
	public aivSSOImpl() { // to read external settings if any
		try {
			Handler fileHandler = new FileHandler(LOG_FOLDER + "sso.log", true);
			fileHandler.setLevel(Level.ALL);
			fileHandler.setFormatter(new SimpleFormatter());

			logger.addHandler(fileHandler);

		} catch (IOException e) {
			logger.severe(e.getMessage());
		}
	}
  1. The following code snippet contains the business logic for user authentication. It retrieves the username, department, and token from the client application URL and authenticates with a list of users available in the AIV database. Access to AIV is granted upon finding a match.
	@Override
	public Map<String, Object> authenticate(ServletRequest request, ServletResponse response, String extraInfoIN) { // for
		logger.info("Inside SSO");																										// external
		HttpServletRequest req = (HttpServletRequest) request;
		Map<String, Object> rtObj = null;
		String userName =null;
		String userToken = null;

		String str = null;
		try {
			str = IOUtils.toString(request.getInputStream());
			JSONObject jsonObj = new JSONObject(str);
			userName=jsonObj.getString("userName");
			userToken=jsonObj.getString("token");
			if (userName.equals("Admin") && userToken.equals("S3CUR3T0K3N")){
				/*
				 * put your own Authenticate logic to verify userName, password and Token. In
				 * the below we are matching username and token and returning object value
				 */
				logger.info(userName + "|" + userToken + "|");
				rtObj = new HashMap<String, Object>();
				rtObj.put("userName", userName);
				if(jsonObj.has("deptCode")) rtObj.put("deptCode", jsonObj.getString("deptCode"));
				HttpServletResponse res = (HttpServletResponse) response;
				res.setHeader("tokens", userToken);
				if (str != null) {
					rtObj.put("requestValues", jsonObj.toString());
				}
				return rtObj;
			}
			else {
				return null;
			}
		} catch (IOException | JSONException e1) {
			// TODO Auto-generated catch block
			e1.printStackTrace();
			return null;
		}
		
	}

}

How to Validate ?

  • Code provided here is to validate userName, deptCode, and tokens from an embedded URL. When a user wants to display an AIV dashboard in their application, they can use the dashboard’s embed link in an iframe. However, this embed link requires user credentials or session tokens to be validated. If the user credentials are invalid, the dashboard will not open in the iframe.

  • To load the dashboard in an iframe, users need to send their username, password, department name, and session token in the URL. AIV will then validate these user credentials using the provided SSO code above. This serves as a basic SSO implementation, and users can apply their own logic to validate valid users.

  • Here we use userName, deptCode and static token to validate valid user of aiv.

  • Let’s configure this code and check working of SSO user verification code by using sample embed link of dashboard for Admin user.

  • From Prerequisites, download sample project and you will find sample SSO project folder in this zip.

  1. Extract the project and open it in Eclipse IDE.

  2. Open aivSSOImpl.java class from src/com.aiv.sso/ project path.

  3. Go to line number 25 and change folder path of logs folder. Refer line number 6 of SSO & External Security document.

  4. Save these changes and ensure there are no errors in the project.

  5. Right click on aivSSO project and click on Export option to create a jar file.

  6. Select JAR file from the export window and click on next.

  7. Provide jar file export path and name of jar file.

  1. Stop the Tomcat server if it is running, and place this JAR file in the(your_directory)/aiv/tomcat/webapps/aiv/WEB-INF/lib/ folder.

  2. Restart the Tomcat server.

  3. Log in to the AIV application and click on the SSO Configuration button. This will enable the SSO Configuration settings in AIV, as shown in the figure.

  1. Enter the class name: com.aiv.sso.aivSSOImpl, as shown in the figure. (This implements the SSO JAR file class path.)

  1. Click the Submit button to save the changes.

  2. Go to the dashboard section and generate embed link of any working dashboard without bypass option.

  1. Copy this embed URL and paste it in any text editor application. Provide the password at &a_p__ and the static token at &a_t__ in the copied embed link.(The static token used in the SSO code is: S3CUR3T0K3N.)

User can change in SSO code to get token dynamically.

For example,

http://localhost:8080/aiv/embed/external/31767950674266325a554a743438647a6e7a4e374a4542777a67726650585833656d356d4f704f54587077253344/a_u__Admin&a_p__password&a_t__S3CUR3T0K3N&a_d__Default&a_ex__&a_af__false/noparam
  1. Run this embed link in the browser, and if the user credentials are valid, the dashboard will be displayed. The SSO code will extract credential details from the embed link, validate them with AIV user details, and allow the dashboard to load.