Resources For IT Professionals
Page Details
  • First published by (Microsoft Partner)
  • When: 15 Feb 2012 11:32 AM
  • Last revision by (MVP, Microsoft Community Contributor)
  • When: 6 Oct 2013 6:01 AM
  • Revisions: 10
  • Comments: 1
Options

Revision #5

Wiki  >  TechNet Articles  >  Advanced SSO with UAG  >  Revision #5
Advanced SSO with UAG
You are currently reviewing an older revision of this page.
Go to current version

Recently I was called to assist with an interesting SSO customization for UAG.

The requirments are as follows:

  1. Add a new input field named "Code" to the default login page.
  2. Add a second new input field named "Suffix", of type drop box to be used as username suffix.
  3. Collect and process the inputs during authentication process.  Here the requirment was to use "suffix+username" for username and "password" as password for authentication.
  4. Process the inputs (revert back to the original value of username) to support SSO.  Here the requirment was to send the original username + password + code to the backend application's FBA to achieve SSO.
  5. In addition, the whole solution needs to work with One Time Password / SMS solution (Radius with challenge-response).
The end result should resemble the below UAG portal login page:



Published Application's Form Based Authentication page:



Step #1
  • Publish the web applciation in a portal

Step #2
       
  • Create a copy of the default login.asp and place it in /InternalSite/CustomUpdate/Trunk1newLogin.asp
  • Add the new input fields to the Trunk1newLogin.asp

a. Add suffix field to login page

<TR>
             <TD class="paramText">Prefix <TD colspan="2"><select class="paramText" TYPE="text" ID="pre_fix" NAME="pre_fix" onkeypress="keyDetect(event)">
             <option value="0">0</option>
             <option value="1">1</option>
             <option value="2">2</option>
             <option value="3">3</option>
              </select>
           </TD>
</TR>

b. Add code field to login page

<TD class="paramText">Code</TD>
<TD><INPUT class="paramTextbox" TYPE="text" ID="Code_Value" NAME="Code_Value" size="11"></TD>

 

  • Point the portal to use the new customized CustomUpdate/Trunk1newLogin.asp    



  • Edit the relevant URL Set rule to allow the passing of the new parameters

Step #3

  • Process the inputs before authentication process occures by adding the following code to /InternalSite/Inc/Trunk1Validate.inc

 

<%

if Session("CredentialsNum") = "" then
if g_login_type = RESOURCE_OPERATION_LOGIN and GetSiteFixRepositories() then
use_the_same_user_name = GetSiteUseTheSameUserName()
repositories = GetSiteRepositoriesVec()
i = 1
for each repository_name in repositories
Session("repository"&i) = repository_name
i = i + 1
next

i = 1
for each password in Request("password")
Session("password"&i) = password
if use_the_same_user_name then
Session("user_name"&i) = Request("user_name")
end if
i = i + 1
next

if not use_the_same_user_name then
i = 1
for each user_name in Request("user_name")
Session("user_name"&i) = user_name
i = i + 1
next
end if

Session("CredentialsNum") = i-1
else
Session("repository1") = Request("repository")
x1 = Request("user_name")
x2 = Request("pre_fix")
Session("user_name1") = x2 & x1
Session("password1") = Request("password")
Session("CredentialsNum") = 1
end if
Session("CurrentCredentialsNum") = 1
end if

num = Session("CurrentCredentialsNum")
user_name = Session("user_name"&num)
password = Session("password"&num)
repository = Session("repository"&num)

HEAVY_TRACE "CurrentCredentialsNum [" & num & "] CredentialsNum [" & Session("CredentialsNum") & "]"

HEAVY_TRACE "Validate got site_name [" & g_site_name & "] secure [" & g_secure & "] orig_url [" & g_orig_url & "] resource_id [" & g_resource_id & "] login_type [" & g_login_type & "] cookie [" & g_cookie & "] repository [" & repository & "] user_name [" & user_name & "]"


%>

 

       
  • Revert the username manipulation back to its original value for SSO to succeed
  • Collect the data and add it to session parameters, bu adding the following code to CustomUpdate/Trunk1validatecontinue.inc

Note: if you are using normal username / password authentication this code should be saved in /CustomUpdate/Trunk1postpostvalidate.inc and the code Session("user_name1") = Request("user_name") should be added to begining of InternalSite/Inc/sso.inc

<%
Session("user_name1") = Request("user_name")
Code_Value = Request("Code_Value")
SetSessionResourceParam g_cookie, "B755 Replace with application ID 92A57F824", "txtCode", Code_Value
%>

 
   

 
Step #4

  • Map the credentials to their corresponding counterparts in the application's FBA. Looking at the source code of the application's FBA revealed the input field's names.

Place the following code in \Conf\WizardDefaults\FormLogin\CustomUpdate\formlogin.xml

 

<WHLFILTFORMLOGIN ver="1.0">
 <APPLICATION>
  <APPLICATION_TYPE>App1</APPLICATION_TYPE>
  <USAGE description="form_login">
  <PRIMARY_HOST_URL><![CDATA[/.*]]></PRIMARY_HOST_URL>
  <SECONDARY_HOST_URL><![CDATA[/.*]]></SECONDARY_HOST_URL>
  <SCRIPT_NAME source="data_definition">FormLoginSubmitStandard</SCRIPT_NAME>
  <USER_AGENT>
   <AGENT_TYPE search="group">all_supported</AGENT_TYPE>
   <POLICY>multiplatform</POLICY>
   <SCRIPT_NAME source="data_definition">FormLoginHandler</SCRIPT_NAME>
  </USER_AGENT>
  <MULTIPLE_LOGIN>true</MULTIPLE_LOGIN>
  <LOGIN_FORM>
   <NAME></NAME>
   <METHOD>POST</METHOD>
   <CONTROL handling="real_value">
    <TYPE>USER_PROVIDED</TYPE>
    <NAME>txtCode</NAME>
    <DEF_VALUE>sitecode</DEF_VALUE>
   </CONTROL>
   <CONTROL handling="real_value">
    <TYPE>USER_NAME</TYPE>
    <NAME>txtUserName</NAME>
    <DEF_VALUE>siteusr</DEF_VALUE>
   </CONTROL>
   <CONTROL handling="real_value">
    <TYPE>PASSWORD</TYPE>
    <NAME>txtPassword</NAME>
    <DEF_VALUE>sitepass</DEF_VALUE>
   </CONTROL>
   <LOGIN_EVALUATOR indicate="failure">
    <SEARCH encoding="">ERROR:</SEARCH>
    <SEARCH encoding="">credentials supplied were invalid</SEARCH>
   </LOGIN_EVALUATOR>
  </LOGIN_FORM>
  </USAGE>
 </APPLICATION>
</WHLFILTFORMLOGIN>