Resources For IT Professionals
Page Details
  • First published by (Microsoft Partner)
  • When: 15 Feb 2012 11:32 AM
  • Last revision by (MVP, Microsoft Community Contributor)
  • When: 6 Oct 2013 6:01 AM
  • Revisions: 10
  • Comments: 1
Options

Revision #1

Wiki  >  TechNet Articles  >  Advanced SSO with UAG  >  Revision #1
Advanced SSO with UAG
You are currently reviewing an older revision of this page.
Go to current version

Recently I was called to assist with an interesting SSO customization for UAG.

The requirments are as follows:

  1. Add a new input field named "Code" to the default login page.
  2. Add a second new input field named "Suffix", of type drop box to be used as username suffix.
  3. Collect and process the inputs during authentication process.  Here the requirment was to use "suffix+username" for username and "password" as password for authentication.
  4. Process the inputs (revert back to the original value of username) to support SSO.  Here the requirment was to send the original username + password + code to the backend application's FBA to achieve SSO.
  5. In addition, the whole solution needs to work with One Time Password / SMS solution (Radius with challenge-response).
The end result should resemble the below UAG portal login page:



Published Application's Form Based Authentication page:



Step #1
  • Prepare the login.asp according to requirment
  • Create a copy of the default login.asp and place it in /InternalSite/CustomUpdate/Trunk1newLogin.asp
  • Add the new input fields to the Trunk1newLogin.asp

a. Add suffix field to login page

<TR>
             <TD class="paramText">Prefix <TD colspan="2"><select class="paramText" TYPE="text" ID="pre_fix" NAME="pre_fix" onkeypress="keyDetect(event)">
             <option value="0">0</option>
             <option value="1">1</option>
             <option value="2">2</option>
             <option value="3">3</option>
              </select>
           </TD>
</TR>

b. Add code field to login page

<TD class="paramText">Code</TD>
<TD><INPUT class="paramTextbox" TYPE="text" ID="Code_Value" NAME="Code_Value" size="11"></TD>

 

  • Point the portal to use the new customized CustomUpdate/Trunk1newLogin.asp    



  • Edit the relevant URL SET rule to allow the passing of the new parameters

Step #2

  • Collect the new input data
  • Normally i would use postpostvalite.inc to collect the data and add it to session parameters, but this will only work with regular username/password authentication, here since we were using OTP I had to use an altenrnate method and place the code in validatecontinue.inc

 

<%
Code_Value = Request("Code_Value")
'response.write pre_fix & Code_Value
SetSessionResourceParam g_cookie, "B755EAE72762476794DA01092A57F824", "txtUserName", Code_Value
%> 
  • process the inputs before authentication process

 

 

<%

 if Session("CredentialsNum") = "" then
  if g_login_type = RESOURCE_OPERATION_LOGIN and GetSiteFixRepositories() then
   use_the_same_user_name = GetSiteUseTheSameUserName()
   repositories = GetSiteRepositoriesVec()
   i = 1
   for each repository_name in repositories
    Session("repository"&i) = repository_name
    i = i + 1
   next

   i = 1
   for each password in Request("password")
    Session("password"&i) = password
    if use_the_same_user_name then
     Session("user_name"&i) = Request("user_name")
    end if
    i = i + 1
   next
   
   if not use_the_same_user_name then
    i = 1
    for each user_name in Request("user_name")
     Session("user_name"&i) = user_name
     i = i + 1
    next
   end if

   Session("CredentialsNum") = i-1
  else
   Session("repository1") = Request("repository")
   x1 = Request("user_name")
   x2 = Request("pre_fix")
   Session("user_name1") = x2 & x1
   Session("password1") = Request("password")
   Session("CredentialsNum") = 1
   end if
  Session("CurrentCredentialsNum") = 1
 end if

 num = Session("CurrentCredentialsNum")
 user_name = Session("user_name"&num)
 password = Session("password"&num)
 repository = Session("repository"&num)

 HEAVY_TRACE "CurrentCredentialsNum [" & num & "] CredentialsNum [" & Session("CredentialsNum") & "]"

 HEAVY_TRACE "Validate got site_name [" & g_site_name & "] secure [" & g_secure & "] orig_url [" & g_orig_url & "] resource_id [" & g_resource_id & "] login_type [" & g_login_type & "] cookie [" & g_cookie & "] repository [" & repository & "] user_name [" & user_name & "]"

   
%>

 

Step #3

  • Revert the username manipulation back to its original state by adding the following code to sso.inc
 
Session("user_name1") = Request("user_name")
 

 


Step #4

  • Map the credentials to their corresponding counterparts in the application's FBA

formlogin.xml