Implementing SSO from custom portal to vCloud Dire...

swapmaz · ‎02-29-2012

Hi,

We have a requirement of implement the SSO from our custom portal to the vCloud Director. I know this can be done as shown in "Timo Sugliani" blog post http://blog.tsugliani.fr/featured/login-to-vcloud-director-1-5-with-a-generated-cookie/ .

Here he is sending the first request to vCloud API and obtain the vcloud_session_id from the response headers and sending it back to the vCloud Director URL and it will log without asking the user/password.

In the demonstration he was using Fire Fox "Cookies Manager" to set the vcluod_session_id and send the request.

I want to do this programmatically using JSP/Servlets. I have already written Servlet filter which will call vCloud API and obtain the vcloud_session_id tokent and add it back as a custom attribute to the request header. But if I redirect the call to the vCloud Director URL I'm losing the header completely as the URL is residing outside my custom portal web server.

Any idea how to achieve this ?

Thanks in advance.

johanneshiemer · ‎03-01-2012

Hi,

what means you are loosing your header completely?

Could you provide a deeper level of detail?

swapmaz · ‎03-01-2012

Hi johanneshiemer,

Thank you for your response. Following are the tasks I'm doing through my jsp/servlet programms.

I have a class whcih logs into the vCloud API, authenticates and retrieving the x-vcloud-authorization toekn

x-vcloud-authorization tUbGBarTpJwCBZ6z0whzBioBIUC9vU4YrJ8lnS6N5fQ=
I have a servlet filter which will call a method in above class and grabs the authorization token and set it to the modified header as "vcloud_session_id".

Here is my filter method in the Servlet filter.

          public void doFilter (ServletRequest request, ServletResponse response, FilterChain chain) {

                         CloudLogin cl = new CloudLogin();

                         String vcloud_session_id = cl.getAuthString();

                try {
                         MyRequestWrapper myRequest = new MyRequestWrapper((HttpServletRequest) request, filterConfig );

myRequest.setAttribute("vcloud_session_id", vcloud_session_id);
chain.doFilter (myRequest, response);

                     } catch (IOException io) {
                             System.err.println ("IOException raised in RewriteRequestHeaderFilter :" + io.getMessage());
                     } catch (ServletException se) {
                             System.err.println ("ServletException raised in RewriteRequestHeaderFilter :" + se.getMessage());
                     }
           }

3. In my custom JSP file I'm calling the response.sendRedirect(https://<vcloud director ip>//); while doing this, I'm losing the custom header fields I have added above.

johanneshiemer · ‎03-01-2012

Hi,

had not to much time looking into it. But what I expect is that you render your JSP with the data, and afterwards redirects in the JSP to the vCD, right? If this is what your doing, this would swipe out the header information and vCD is not able to authenticate.

Could you show your JSP-File?

swapmaz · ‎03-01-2012

My JSP is a very much simple JSP which is only having nothing but response.sendRedirect() command.

When I call the JSP, the Servlet Filter would called and the process I described in my previous message would occur.

This prints the vcloud_session_id on the web server console, but ended up with login screen of the vCloud director.

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<%@ page contentType="text/html;charset=windows-1252" %>
<html>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=windows-1252"></meta>
    <title>vCloud SSO POC</title>
</head>
<body>
    <P>vCloud seesion id: <%=request.getAttribute("vcloud_session_id")%></P>
<%

// Prints the vCloud Session id on the web server console.
System.out.println("vCloud seesion id:" + request.getAttribute("vcloud_session_id"));

// Re-directs to the vCloud Director
response.sendRedirect("https://10.156.13.185");
%>
</body>
</html>

johanneshiemer · ‎03-01-2012

Hi,

I think the problem is as follows: When you are using RequestDispatcher, the target servlet/JSP receives the same request/response objects as the original servlet/JSP. Therefore, you can pass data between them using request.setAttribute().

Instead, when using sendRedirect(), it is a totally new request and from the client side, and the data is lost. The only way to get data transferred is by using the session (won't work) or URL (does not work either).

I am not sure about the approach at all, but did you try setting a cookie manually with your servlet?

swapmaz · ‎03-01-2012

Eureka Eureka

Finally I managed to achieve this.

Yes, when you use response.sendRedirect to a different URL , the previous request object would be destroyed and a new request object would be created so all my custom header fields would be wasted.

I managed to achieve this by using Cookie class and by creating a cookie and setting the vcloud_session_id .

There are certain rules to be followed when using cookies accross different servers as cookies can be persisted across the same domain. So we need to bring the two different URL under the same domain name. Technically we can achieve this by using reverse proxing. But in the simplest form, I added few entries in my /etc/hosts file and it worked ...!

Let me re-ractor my code little bit before I post them here.

Now it's past 2.00 am in the morning and I was struggling for last week or so only to jump this hurdle.

At last It's time to have a good night sleep.....!

yegres · ‎04-18-2012

Hi,

I'm developing the same functionality, but I need to support 1.5 and 1.0 versions. There is no problems with 1.5, but on 1.0 nothing is happening. Does it work with vCloudDirector 1.0?

All

Implementing SSO from custom portal to vCloud Director