idp_initiated

added idp initiated support.  be sure to read notes.

extensions/fakeadfs_extension/index.js

@@ -5,12 +5,16 @@
 var f5 = require('f5-nodejs');
 
 /* Import the additional Node.JS Modules
+   If from scratch:
    npm install saml
    npm install querystring
    npm install fs 
    npm install moment 
    npm install https
    
+   If importing the ILX Workspace:
+   npm update
+   
    When the saml module is loaded, edit the saml11.template under /lib/
    to resemble the following:
    
@@ -55,6 +59,13 @@ var SigningKeypath = "/fakeadfs.f5lab.com.key";
 var SigningCert = fs.readFileSync(__dirname +SigningCertpath);
 var SigningKey = fs.readFileSync(__dirname +SigningKeypath);
 
+/* These are for IDP initated SSO requets, since the Querystring will be
+   blank.
+   */
+var idp_wa = "signin1.0";
+var idp_wtrealm = "urn:sharepoint:f5lab";
+var idp_wctx = "https://sharepoint.f5lab.com/_layouts/15/Authenticate.aspx?Source=%2F";
+
 /*
   Some Attribute Mapping Claims Options
   Source:  https://technet.microsoft.com/en-us/library/ee913589(v=ws.11).aspx
@@ -77,10 +88,25 @@ ilx.addMethod('Generate-WSFedToken', function(req,res) {
     var queryOptions = queryString.parse(query);
     var AttrUserName = req.params()[1];
     var AttrUserPrincipal = req.params()[2];
-
+
+    /* If incoming request is IDP initiated, the Querystrings will not 
+       be populated, so lets check, and if undefined, populate with static
+       IDP config vars.
+       */ 
     var wa = queryOptions.wa;
+    if (typeof wa == 'undefined') {
+        wa = idp_wa;
+    }
     var wtrealm = queryOptions.wtrealm;
+    if (typeof wtrealm == 'undefined') {
+        wtrealm = idp_wtrealm;
+    }
     var wctx = queryOptions.wctx;
+    if (typeof wctx == 'undefined') {
+        wctx = idp_wctx;
+    }
+
+    console.log("wa=" + wa + ", wtrealm=" + wtrealm + ", wctx=" + wctx);
 
     /* This is where the WS-Fed gibberish is assembled.  Moment is required to 
        insert the properly formatted time stamps.*/
@@ -129,3 +155,7 @@ ilx.addMethod('Generate-WSFedToken', function(req,res) {
 /* Start listening for ILX::call and ILX::notify events. */
 ilx.listen();
 
+
+
+
+

rules/fakeadfs_irule.tcl

@@ -1,5 +1,4 @@
 when HTTP_REQUEST {
-
     #  Wctx: This is some session data that the application wants sent back to 
     #  it after the user authenticates.
     set wctx [URI::decode [URI::query [HTTP::uri] wctx]]
@@ -11,10 +10,11 @@ when HTTP_REQUEST {
     #  here.
 
     #  Kept getting errors from APM, this fixed it.
-    node 127.0.0.1
+    node 127.0.0.1    
 
     #  Make sure that the user has authenticated and APM has created a session.
     if {[HTTP::cookie exists MRHSession]} {
+
         #log local0. "Generate POST form and Autopost "
 
         #  tmpresponse is the WS-Fed Assertion data, unencoded, so straight XML
@@ -24,7 +24,7 @@ when HTTP_REQUEST {
         #  SharePoint, this was the easiest way to solve that issue.  Set timeout
         #  to half a second, but can be adjusted as needed.
         set htmltop "<html><script type='text/javascript'>window.onload=function(){ window.setTimeout(document.wsFedAuth.submit.bind(document.wsFedAuth), 500);};</script><body>"
-        set htmlform "<form name='wsFedAuth' method=POST action='https://sharepoint.f5lab.com/_trust/'><input type=hidden name=wa value=$wa><input type=hidden name=wresult value='$tmpresponse'><input type=hidden name=wctx value=$wctx><input type='submit' value='Continue'></form/>"
+        set htmlform "<form name='wsFedAuth' method=POST action='https://sharepoint.f5lab.com/_trust/default.aspx?trust=FakeADFS'><input type=hidden name=wa value=$wa><input type=hidden name=wresult value='$tmpresponse'><input type=hidden name=wctx value=$wctx><input type='submit' value='Continue'></form/>"
         set htmlbottom "</body></html>"
         set page "$htmltop $htmlform $htmlbottom"
 
@@ -89,3 +89,6 @@ when ACCESS_ACL_ALLOWED {
 
 }
 
+
+
+