'[Dev] [DEV] [Mepin Authenticator] Problem while sending URL parameters using POST method'

[prev in list] [next in list] [prev in thread] [next in thread] 

List: wsf-c-dev
Subject: [Dev] [DEV] [Mepin Authenticator] Problem while sending URL parameters using POST method
From: Biruntha Gnaneswaran <biruntha () wso2 ! com>
Date: 2016-07-29 18:28:53
Message-ID: CAD14NEvvmwPJfYpr8F+1+Bj9U2ggzc+ir=gmnFHTTuPy8xcpoQ () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]

Hi Devs,

In Mepin authenticator, some URL parameters are send to Mepin UI page using
GET method [1]. When I try to send these parameters via POST method
using HttpURLConnection
class [2], it redirects to [3] not to the actual Mepin UI page. While I
try, I got the following Log .

[2016-07-29 23:30:00,903] DEBUG
{org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler}

- In authentication flow

[2016-07-29 23:30:00,903] DEBUG
{org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler}

- Executing the Step Based Authentication...

[2016-07-29 23:30:00,903] DEBUG
{org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler}

- Starting Step: 1

[2016-07-29 23:30:00,903] DEBUG
{org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils}
- Finding already authenticated IdPs of the Step

[2016-07-29 23:30:00,903] DEBUG
{org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler}

- Receive a response from the external party

[2016-07-29 23:30:00,903] DEBUG
{org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler}

- BasicAuthenticator can handle the request.

[2016-07-29 23:30:00,929] DEBUG
{org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler}

- BasicAuthenticator returned: SUCCESS_COMPLETED

[2016-07-29 23:30:00,930] DEBUG
{org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler}

- Step 1 is completed. Going to get the next one.

[2016-07-29 23:30:00,930] DEBUG
{org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler}

- Starting Step: 2

[2016-07-29 23:30:00,930] DEBUG
{org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils}
- Finding already authenticated IdPs of the Step

[2016-07-29 23:30:00,930] DEBUG
{org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler}

- Step contains only a single IdP. Going to call it directly

[2016-07-29 23:30:00,930] DEBUG
{org.wso2.carbon.identity.application.authentication.framework.config.ConfigurationFacade}

- Trying to find the IdP for name: mepin

[2016-07-29 23:30:00,934] DEBUG
{org.wso2.carbon.identity.application.authentication.framework.config.ConfigurationFacade}

- A registered IdP was found

[2016-07-29 23:30:03,520] DEBUG
{org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler}

- MePINAuthenticator returned: INCOMPLETE

[2016-07-29 23:30:03,521] DEBUG
{org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler}

- MePINAuthenticator is redirecting

[2016-07-29 23:30:03,521] DEBUG
{org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler}

- Step is not complete yet. Redirecting to outside.

So, I had offline chat with Dulanja. He said that it is not a direct method
when using POST method. POST method is not really needed. Because, even
facebook authenticator uses GET method to send URL parameters. And also he
give some suggestion,

   -

   For example, To send parameter called username, instead of using
   username as a name we can use "a" or "A" so from outside it can't be
   guess.
   -

   From java class , send as HTML body. While on submitting, need to get
   url parameters.

@ Dulanja, Please add If I miss anything.

Your comments and suggestions are highly appreciated.

[1]
*https://github.com/wso2-extensions/identity-outbound-auth-mepin/blob/master/component \
/authenticator/src/main/java/org/wso2/carbon/identity/authenticator/mepin/MepinAuthenticator.java#L112-#L116*
 <https://github.com/wso2-extensions/identity-outbound-auth-mepin/blob/master/componen \
t/authenticator/src/main/java/org/wso2/carbon/identity/authenticator/mepin/MepinAuthenticator.java#L112-%23L116>

[2]
http://stackoverflow.com/questions/4205980/java-sending-http-parameters-via-post-method-easily

[3] https://localhost:9443/samlsso

Thanks,

Biruntha

Associate Software Engineer
WSO2
Email : biruntha@wso2.com
Linkedin : https://lk.linkedin.com/in/biruntha
Mobile : +94773718986

[Attachment #5 (text/html)]

<div dir="ltr">Hi Devs,<br>

<p style="margin-bottom:0in;line-height:100%">

</p>

In Mepin authenticator, some URL \
parameters are send to Mepin UI page using GET method [1]. When
 I try to send these parameters via POST method using
<code class="gmail-western">HttpURLConnection </code><code \
class="gmail-western">class [2], </code><code \
class="gmail-western">it redirects to [</code><code \
class="gmail-western">3</code><code \
class="gmail-western">] not to the actual Mepin UI page. \
</code><code class="gmail-western">While I try, </code><code \
class="gmail-western">I got the following </code><code \
class="gmail-western">Log </code><code \
class="gmail-western">.</code><code class="gmail-western">[2016-07-29 23:30:00,903] DEBUG
{org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler}

-  In authentication flow</span></font></code></p>
<p style="margin-bottom:0in;line-height:100%"><code class="gmail-western"><font \
style="font-size:9pt" size="2"><span style="background:transparent none repeat scroll \
0% 0%">[2016-07-29 23:30:00,903] DEBUG
{org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler}

-  Executing the Step Based Authentication...</span></font></code></p>
<p style="margin-bottom:0in;line-height:100%"><code class="gmail-western"><font \
style="font-size:9pt" size="2"><span style="background:transparent none repeat scroll \
0% 0%">[2016-07-29 23:30:00,903] DEBUG
{org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler}

-  Starting Step: 1</span></font></code></p>
<p style="margin-bottom:0in;line-height:100%"><code class="gmail-western"><font \
style="font-size:9pt" size="2"><span style="background:transparent none repeat scroll \
0% 0%">[2016-07-29 23:30:00,903] DEBUG
{org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils}
-  Finding already authenticated IdPs of the Step</span></font></code></p>
<p style="margin-bottom:0in;line-height:100%"><code class="gmail-western"><font \
style="font-size:9pt" size="2"><span style="background:transparent none repeat scroll \
0% 0%">[2016-07-29 23:30:00,903] DEBUG
{org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler}

-  Receive a response from the external party</span></font></code></p>
<p style="margin-bottom:0in;line-height:100%"><code class="gmail-western"><font \
style="font-size:9pt" size="2"><span style="background:transparent none repeat scroll \
0% 0%">[2016-07-29 23:30:00,903] DEBUG
{org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler}

-  BasicAuthenticator can handle the request.</span></font></code></p>
<p style="margin-bottom:0in;line-height:100%"><code class="gmail-western"><font \
style="font-size:9pt" size="2"><span style="background:transparent none repeat scroll \
0% 0%">[2016-07-29 23:30:00,929] DEBUG
{org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler}

-  BasicAuthenticator returned: SUCCESS_COMPLETED</span></font></code></p>
<p style="margin-bottom:0in;line-height:100%"><code class="gmail-western"><font \
style="font-size:9pt" size="2"><span style="background:transparent none repeat scroll \
0% 0%">[2016-07-29 23:30:00,930] DEBUG
{org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler}

-  Step 1 is completed. Going to get the next one.</span></font></code></p>
<p style="margin-bottom:0in;line-height:100%"><code class="gmail-western"><font \
style="font-size:9pt" size="2"><span style="background:transparent none repeat scroll \
0% 0%">[2016-07-29 23:30:00,930] DEBUG
{org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler}

-  Starting Step: 2</span></font></code></p>
<p style="margin-bottom:0in;line-height:100%"><code class="gmail-western"><font \
style="font-size:9pt" size="2"><span style="background:transparent none repeat scroll \
0% 0%">[2016-07-29 23:30:00,930] DEBUG
{org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils}
-  Finding already authenticated IdPs of the Step</span></font></code></p>
<p style="margin-bottom:0in;line-height:100%"><code class="gmail-western"><font \
style="font-size:9pt" size="2"><span style="background:transparent none repeat scroll \
0% 0%">[2016-07-29 23:30:00,930] DEBUG
{org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler}

-  Step contains only a single IdP. Going to call it \
directly</span></font></code></p> <p style="margin-bottom:0in;line-height:100%"><code \
class="gmail-western"><font style="font-size:9pt" size="2"><span \
style="background:transparent none repeat scroll 0% 0%">[2016-07-29 23:30:00,930] \
DEBUG {org.wso2.carbon.identity.application.authentication.framework.config.ConfigurationFacade}

-  Trying to find the IdP for name: mepin</span></font></code></p>
<p style="margin-bottom:0in;line-height:100%"><code class="gmail-western"><font \
style="font-size:9pt" size="2"><span style="background:transparent none repeat scroll \
0% 0%">[2016-07-29 23:30:00,934] DEBUG
{org.wso2.carbon.identity.application.authentication.framework.config.ConfigurationFacade}

-  A registered IdP was found</span></font></code></p>
<p style="margin-bottom:0in;line-height:100%"><code class="gmail-western"><font \
style="font-size:9pt" size="2"><span style="background:transparent none repeat scroll \
0% 0%">[2016-07-29 23:30:03,520] DEBUG
{org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler}

-  MePINAuthenticator returned: INCOMPLETE</span></font></code></p>
<p style="margin-bottom:0in;line-height:100%"><code class="gmail-western"><font \
style="font-size:9pt" size="2"><span style="background:transparent none repeat scroll \
0% 0%">[2016-07-29 23:30:03,521] DEBUG
{org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler}

-  MePINAuthenticator is redirecting</span></font></code></p>
<p style="margin-bottom:0in;line-height:100%"><code class="gmail-western"><font \
style="font-size:9pt" size="2"><span style="background:transparent none repeat scroll \
0% 0%">[2016-07-29 23:30:03,521] DEBUG</span></font></code><code \
class="gmail-western"><font style="font-size:9pt" size="2"><span \
style="background:rgb(255,255,102) none repeat scroll 0% 0%"> \
{org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler}

-  Step is not complete yet. Redirecting to outside.</span></font></code></p><p \
style="margin-bottom:0in;line-height:100%"><br>

<code class="gmail-western">So, I \
</code><code class="gmail-western">had</code><code \
class="gmail-western"> offline chat with Dulanja. </code><code \
class="gmail-western">He said that </code><code \
class="gmail-western">it is not a direct method when using POST \
method</code><code class="gmail-western">. POST method is not really needed. \
Because, even facebook authenticator uses GET method to send URL parameters. \
</code><code class="gmail-western">And also he give some \
suggestion,</code> <ul><li>
<code class="gmail-western">For example, \
</code><code class="gmail-western">To send parameter called username, \
</code><code class="gmail-western">instead of using username \
</code><code class="gmail-western">as a name </code><code \
class="gmail-western">we can use "a" or "A" </code><code \
class="gmail-western">so from outside it can't be \
guess.</code> </li><li>
<code class="gmail-western">From java class \
, send as HTML body. While on submitting, need to get url \
parameters.</code> </li></ul>
<code class="gmail-western">@ \
</code><code class="gmail-western">Dulanja</code><code \
class="gmail-western"></code><code class="gmail-western">, Please add If I miss \
anything.</code><code \
class="gmail-western"> </code><code class="gmail-western">Your comments \
and suggestions are highly appreciated.</code>

<p style="margin-bottom:0in;line-height:100%"><code class="gmail-western"><font \
face="Bitstream Charter, serif"><font style="font-size:9pt" \
size="2">[1]</font></font></code><code class="gmail-western"><a \
href="https://github.com/wso2-extensions/identity-outbound-auth-mepin/blob/master/comp \
onent/authenticator/src/main/java/org/wso2/carbon/identity/authenticator/mepin/MepinAuthenticator.java#L112-%23L116"><font \
face="Bitstream Charter, serif"><font style="font-size:9pt" \
size="2"><u>https://github.com/wso2-extensions/identity-outbound-auth-mepin/blob/maste \
r/component/authenticator/src/main/java/org/wso2/carbon/identity/authenticator/mepin/MepinAuthenticator.java#L112-#L116</u></font></font></a></code></p>

<p style="margin-bottom:0in;line-height:100%"><code class="gmail-western"><font \
face="Bitstream Charter, serif"><font style="font-size:9pt" size="2">[2] <a \
href="http://stackoverflow.com/questions/4205980/java-sending-http-parameters-via-post \
-method-easily">http://stackoverflow.com/questions/4205980/java-sending-http-parameters-via-post-method-easily</a></font></font></code></p>

<p style="margin-bottom:0in;line-height:100%"><code class="gmail-western"><font \
face="Bitstream Charter, serif"><font style="font-size:9pt" size="2">[3] <a \
href="https://localhost:9443/samlsso">https://localhost:9443/samlsso</a></font></font></code></p><p \
style="margin-bottom:0in;line-height:100%"><code class="gmail-western"><font \
face="Bitstream Charter, serif"><font style="font-size:9pt" \
size="2"><br></font></font></code></p><p \
style="margin-bottom:0in;line-height:100%"><code class="gmail-western"><font \
face="Bitstream Charter, serif"><font style="font-size:9pt" \
size="2">Thanks,</font></font></code></p><p \
style="margin-bottom:0in;line-height:100%"><code class="gmail-western"><font \
face="Bitstream Charter, serif"><font style="font-size:9pt" \
size="2"><br></font></font></code></p><div><div><div class="gmail_signature"><div \
dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div \
dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div><span \
style="font-family:georgia,serif">Biruntha<br></span><br><div><div>Associate Software \
Engineer<br></div>WSO2<br></div>Email :<span><span style="font-family:georgia,serif"> \
<a href="mailto:biruntha@wso2.com" \
target="_blank">biruntha@wso2.com</a></span></span><font \
color="#666666"><br></font></div><div><font color="#666666"><span \
style="color:rgb(0,0,0)">Linkedin : </span></font><a \
href="https://lk.linkedin.com/in/biruntha" \
target="_blank"><span>https://lk.linkedin.com/in/biruntha</span></a></div><div><span><span \
style="font-family:georgia,serif">Mobile : \
+94773718986<br></span></span></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
 </div></div>

_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[prev in list] [next in list] [prev in thread] [next in thread] 