Advanced SSO with UAG - TechNet Articles - United States (English) - TechNet Wiki

Recently I was called to assist with an interesting SSO customization for UAG.

The requirments are as follows:

  1. Add a new input field named "Code" to the default login page.
  2. Add a second new input field named "Suffix", of type drop box to be used as username suffix.
  3. Collect and process the inputs during authentication process.  Here the requirement was to use "suffix+username" for username and "password" as password for authentication.
  4. Process the inputs (revert back to the original valuv class="content-fragment-content">

    Advanced SSO with UAG

    Recently I was called to assist with ae of username) to support SSO.  Here the requirement was to send the original username + password + code to the backend application's FBA to achieve SSO.

  5. In addition, the whole solution needs to work with One Time Password / SMS solution (Radius with challenge-response).
The end result should resemble the below UAG portal login page:



Published Application's Form Based Authentication page:



Step #1

Step #2

a. Add suffix field to login page

<TR>
             <TD class="paramText">Prefix <TD colspan="2"><select class="paramText" TYPE="text" ID="pre_fix" NAME="pre_fix" onkeypress="keyDetect(event)">
             <option value="0">0</option>
             <option value="1">1</option>
             <option value="2">2</option>
             <option value="3">3</option>
              </select>
           </TD>
</TR>

b. Add code field to login page

<TD class="paramText">Code</TD>
<TD><INPUT class="paramTextbox" TYPE="text" ID="Code_Value" NAME="Code_Value" size="11"></TD>

 



Step #3

 

<%

if Session("CredentialsNum") = "" then
if g_login_type = RESOURCE_OPERATION_LOGIN and GetSiteFixRepositories() then
use_the_same_user_name = GetSiteUseTheSameUserName()
repositories = GetSiteRepositoriesVec()
i = 1
for each repository_name in repositories
Session("repository"&i) = repository_name
i = i + 1
next

i = 1
for each password in Request("password")
Session("password"&i) = password
if use_the_same_user_name then
Session("user_name"&i) = Request("user_name")
end if
i = i + 1
next

if not use_the_same_user_name then
i = 1
for each user_name in Request("user_name")
Session("user_name"&i) = user_name
i = i + 1
next
end if

Session("CredentialsNum") = i-1
else
Session("repository1") = Request("repository")
x1 = Request("user_name")
x2 = Request("pre_fix")
Session("user_nambr /> i = 1
for each repository_name in repositories
Session("repository"&i) = repository_name
i = i + 1
next

i = 1
for each password in Request("password")
Session("password&quoe1") = x2 & x1
Session("password1") = Request("password")
Session("CredentialsNum") = 1
end if
Session("CurrentCredentialsNum") = 1
end if

num = Session("CurrentCredentialsNum")
user_name = Session("user_name"&num)
password = Session("password"&num)
repository = Session("repository"&num)

HEAVY_TRACE "CurrentCredentialsNum [" & num & "] CredentialsNum [" & Session("CredentialsNum") & "]"

HEAVY_TRACE "Validate got site_name [" & g_site_name & "] secure [" & g_secure & "] orig_url [" & g_orig_url & "] resource_id [" & g_resource_id & "] login_type [" & g_login_type & "] cookie [" & g_cookie & "] repository [" & repository & "] user_name [" & user_name & "]"


%>

 

Note: if you are using normal username / password authentication this code should be saved in /CustomUpdate/Trunk1postpostvalidate.inc and the code Session("user_name1") = Request("user_name") should be added to begining of InternalSite/Inc/sso.inc

<%
Session("user_name1") = Request("user_name")
Code_Value = Request("Code_Value")
SetSessionResourceParam g_cookie, "B755 Replace with application ID 92A57F824", "txtCode", Code_Value
%>

 

   

 
Step #4

Place the following code in \Conf\WizardDefaults\FormLogin\CustomUpdate\formlogin.xml

 

<WHLFILTFORMLOGIN ver="1.0">
 <APPLICATION>
  <APPLICATION_TYPE>App1</APPLICATION_TYPE>
  <USAGE description="form_login">
  <PRIMARY_HOST_URL><![CDATA[/.*]]></PRIMARY_HOST_URL>
  <SECONDARY_HOST_URL><![CDATA[/.*]]></SECONDARY_HOST_URL>
  <SCRIPT_NAME source="data_definition">FormLoginSubmitStandard</SCRIPT_NAME>
  <USER_AGENT>
   <AGENT_TYPE search="group">all_supported</AGENT_TYPE>
   <POLICY>multiplatform</POLICY>
   <SCRIPT_NAME source="data_definition">FormLoginHandler</SCRIPT_NAME>
  </USER_AGENT>
  <MULTIPLE_LOGIN>true</MULTIPLE_LOGIN>
  <LOGIN_FORM>
   <NAME></NAME>
   <METHOD>POST</METHOD>
   <CONTROL handling="real_value">
    <TYPE>USER_PROVIDED</TYPE>
    <NAME>txtCode</NAME>
    <DEF_VALUE>sitecode</DEF_VALUE>
   </CONTROL>
   <CONTROL handling="real_value">
    <TYPE>USER_NAME</TYPE>
    <NAME>txtUserName</NAME>
    <DEF_VALUE>siteusr</DEF_VALUE>
   </CONTROL>
   <CONTROL handling="real_value">
    <TYPE>PASSWORD</TYPE>
    <NAME>txtPassword</NAME>
    <DEF_VALUE>sitepass</DEF_VALUE>
   </CONTROL>
   <LOGIN_EVALUATOR indicate="failure">
    <SEARCH encoding="">ERROR:</SEARCH>
    <SEARCH encoding="">credentials supplied were invalid</SEARCH>
   </LOGIN_EVALUATOR>
  </LOGIN_FORM>
  </USAGE>
 </APPLICATION>
</WHLFILTFORMLOGIN>