The first OpenIG documentation sample shows how to use hard coded credentials to log the user in through some form.  Let’s improve that sample by using crypted credentials stored in a database.

To retrieve the credentials from the database, we use the SqlAttributesFilter as following :

{
    "name" : "SqlAttributesFilter",
    "type" : "SqlAttributesFilter",
    "config" :  {
    "target" : "${exchange.credentials}",
    "dataSource" : "java:comp/env/jdbc/forgerock",
    "preparedStatement" : "SELECT username, password FROM users WHERE email = ?;",
    "parameters" : ["george@seinfeld.com"]
    }
}

The credentials are now stored in the ${exchange.credentials} object. Unfortunately, the CryptoHeaderFilter can only be used on headers. So before calling it, we have to store the encrypted password in the header, this should be done  with the HeaderFilter but since it does not support expressions, we will use  the StaticRequestFiler instead.

{
"name": "HeaderRequestFilter",
"type": "StaticRequestFilter",
"config": {
    "method": "POST",
    "uri": "https://109.73.67.52:8080/wordpress/wp-login.php",
    "headers": {
    "password : ["${exchange.credentials.password}"]
         }
    }
}

Now, we have to call CryptoHeaderFilter to encrypt the password stored in the header.

{
    "name": "DecryptReplayPasswordFilter",
    "type": "CryptoHeaderFilter",
    "config": {
	"messageType": "REQUEST",
	"operation": "DECRYPT",
	"algorithm": "DES/ECB/NoPadding",
	"keyType": "DES",
	"key": "oqdP3DJdE1Q=",
	"headers": [ "password" ]
     }
}

AssignmentFilter is then called to retrieve the decrypted password from the header.

{
    "name": "HeaderPwdRetrieveFilter",
    "type": "AssignmentFilter",
    "config": {
    "onRequest": [
        {  
            "target": "${exchange.credentials.password}",
	    "value": "${exchange.request.headers['password'][0]}"
        } 
      ] 
   }
}

And finally we replay the credentials in the authentification form. To do so, we call StaticRequestFilter.

{
    "name": "LoginRequestFilter",
    "type": "StaticRequestFilter",
    "config": {
        "method": "POST",
        "uri": "https://109.73.67.52:8080/wordpress/wp-login.php",
        "form": {
            "log": ["${exchange.credentials.username}"],
            "pwd": ["${exchange.credentials.password}"], 
            "rememberme": ["forever"],
            "redirect_to" : ["https://demo.forgerock.com:8080/wordpress/wp-admin/"],
            "testcookie": ["1"]
        }
    }
}

You can download the full OpenIG configuration and the database structure.

Les derniers articles par janua (tout voir)