ssp_for_opennebula.patch

patch for enable SAML-based authentication of Sunstone - Milán Unicsovics, 01/17/2013 01:26 PM

Download (29.1 KB)

View differences:

opennebula-3.8.1_patched//install.sh 2013-01-04 14:21:18.868462395 +0100
509 509
    SUNSTONE_PUBLIC_VENDOR_JQUERYUI:$SUNSTONE_LOCATION/public/vendor/jQueryUI
510 510
    SUNSTONE_PUBLIC_VENDOR_JQUERYUIIMAGES:$SUNSTONE_LOCATION/public/vendor/jQueryUI/images
511 511
    SUNSTONE_PUBLIC_VENDOR_JQUERYLAYOUT:$SUNSTONE_LOCATION/public/vendor/jQueryLayout
512
    SUNSTONE_PUBLIC_VENDOR_JQUERYCOOKIE:$SUNSTONE_LOCATION/public/vendor/jQueryCookie
512 513
    SUNSTONE_PUBLIC_VENDOR_FLOT:$SUNSTONE_LOCATION/public/vendor/flot
513 514
    SUNSTONE_PUBLIC_VENDOR_FILEUPLOADER:$SUNSTONE_LOCATION/public/vendor/fileuploader
514 515
    SUNSTONE_PUBLIC_VENDOR_FONTAWESOME:$SUNSTONE_LOCATION/public/vendor/FontAwesome
......
1120 1121
                      src/cloud/common/CloudAuth/SunstoneCloudAuth.rb \
1121 1122
                      src/cloud/common/CloudAuth/EC2CloudAuth.rb \
1122 1123
                      src/cloud/common/CloudAuth/X509CloudAuth.rb \
1123
                      src/cloud/common/CloudAuth/OpenNebulaCloudAuth.rb"
1124
                      src/cloud/common/CloudAuth/OpenNebulaCloudAuth.rb \
1125
                      src/cloud/common/CloudAuth/SSPCloudAuth.rb \
1126
                      src/cloud/common/CloudAuth/ssp_helper.rb"
1124 1127

  
1125 1128
#-------------------------------------------------------------------------------
1126 1129
# EC2 Query for OpenNebula
......
1342 1345
SUNSTONE_VIEWS_FILES="src/sunstone/views/index.erb \
1343 1346
                      src/sunstone/views/login.erb \
1344 1347
                      src/sunstone/views/_login_standard.erb \
1345
                      src/sunstone/views/_login_x509.erb"
1348
                      src/sunstone/views/_login_x509.erb \
1349
                      src/sunstone/views/_login_ssp.erb"
1346 1350

  
1347 1351
SUNSTONE_PUBLIC_JS_FILES="src/sunstone/public/js/layout.js \
1348 1352
                        src/sunstone/public/js/login.js \
1353
                        src/sunstone/public/js/login_ssp.js \
1349 1354
                        src/sunstone/public/js/sunstone.js \
1350 1355
                        src/sunstone/public/js/sunstone-util.js \
1351 1356
                        src/sunstone/public/js/opennebula.js \
......
1421 1426
            src/sunstone/public/vendor/jQueryLayout/layout-default-latest.css \
1422 1427
            src/sunstone/public/vendor/jQueryLayout/jquery.layout-latest.min.js \
1423 1428
            src/sunstone/public/vendor/jQueryLayout/NOTICE"
1429
            
1430
SUNSTONE_PUBLIC_VENDOR_JQUERYCOOKIE="\
1431
            src/sunstone/public/vendor/jQueryCookie/jquery-cookie.js"
1424 1432

  
1425 1433
SUNSTONE_PUBLIC_VENDOR_FLOT="\
1426 1434
src/sunstone/public/vendor/flot/jquery.flot.min.js \
opennebula-3.8.1_patched//src/cloud/common/CloudAuth/SSPCloudAuth.rb 2012-12-21 11:53:07.000000000 +0100
1
# -------------------------------------------------------------------------- #
2
# Copyright 2002-2012, OpenNebula Project Leads (OpenNebula.org)             #
3
#                                                                            #
4
# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
5
# not use this file except in compliance with the License. You may obtain    #
6
# a copy of the License at                                                   #
7
#                                                                            #
8
# http://www.apache.org/licenses/LICENSE-2.0                                 #
9
#                                                                            #
10
# Unless required by applicable law or agreed to in writing, software        #
11
# distributed under the License is distributed on an "AS IS" BASIS,          #
12
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
13
# See the License for the specific language governing permissions and        #
14
# limitations under the License.                                             #
15
#--------------------------------------------------------------------------- #
16

  
17
DIR=File.dirname(__FILE__)
18
$: << DIR
19

  
20
require 'ssp_helper.rb'
21
require 'xmlrpc/client'
22
require 'rubygems'
23
require 'nokogiri'
24
require 'json'
25
require 'net/http'
26

  
27
# @mainpage  SSP Cloud Auth module for OpenNebula Sunstone
28
#
29
# @section desc Description
30
# This is a new authentication module for OpenNebula Sunstone. In its name SSP means 
31
# Simple SAML PHP (http://simplesamlphp.org/).
32
# SSP Cloud Auth module is useful, when a SingleSignOn is login needed, which service is realised 
33
# with SimpleSAMLphp. In this case, login handled by SimpleSAMLphp and so the Sunstone 
34
# auth module (this one) makes only the identification of the users. \n
35
# If new user wants to login, this module creates a new account for the user.
36
# 
37
# @section conf Configuration
38
# Configuration file is at the end of the main Sunstone configuration file (sunstone-server.conf).
39
module SSPCloudAuth
40

  
41
    attr_accessor :sessionid, :session
42
    
43
    @sessionid=''
44
    @session=''
45

  
46
    # original do_auth function
47
    # gets login datas from SimpleSAMLphp and authenticates the user
48
    # if new user wants to login, then creates its user
49
    # updates user's group
50
    # @param params['ssp_sessionid'] SSP session id from cookie
51
    # @return username if authentication success
52
    def do_auth(env, params={})
53
        auth = Rack::Auth::Basic::Request.new(env)
54

  
55
        # initialize some variable
56
        @sessionid=params['ssp_sessionid']
57

  
58
        if auth.provided? && auth.basic?
59

  
60
            # create helper
61
            ssp=SSP_Helper.new
62

  
63
            # get login datas from ssp
64
            @session=ssp.get_ssp_session(@sessionid)
65

  
66
            # test if user is authorized
67
            if (@session['is_auth']!=true)
68
                return nil
69
            end
70

  
71
            # get name from session
72
            @username=@session['data']['eduPersonPrincipalName'].join
73

  
74
            # if any privilege was sent then get it; if it was not sent and strict auth needed then deny login
75
            if @session['data'].has_key?('eduPersonEntitlement')
76
                @groupname=@session['data']['eduPersonEntitlement'].join
77
            else
78
                @groupname=''
79
            end
80

  
81
            # if new user wants to login then create it
82
            if ssp.get_userid(@username).empty?
83
                ssp.create_user(@username)
84
            end
85

  
86
            # update user's group
87
            ssp.update_group(@username,@groupname)
88

  
89
            return @username
90
        end
91

  
92
        return nil
93
    end
94
end
opennebula-3.8.1_patched//src/cloud/common/CloudAuth/ssp_helper.rb 2012-12-21 11:53:54.000000000 +0100
1
# -------------------------------------------------------------------------- #
2
# Copyright 2002-2012, OpenNebula Project Leads (OpenNebula.org)             #
3
#                                                                            #
4
# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
5
# not use this file except in compliance with the License. You may obtain    #
6
# a copy of the License at                                                   #
7
#                                                                            #
8
# http://www.apache.org/licenses/LICENSE-2.0                                 #
9
#                                                                            #
10
# Unless required by applicable law or agreed to in writing, software        #
11
# distributed under the License is distributed on an "AS IS" BASIS,          #
12
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
13
# See the License for the specific language governing permissions and        #
14
# limitations under the License.                                             #
15
#--------------------------------------------------------------------------- #
16

  
17
# Helper class to call methods in SSPCloudAuth module
18
class SSP_Helper
19

  
20
    attr_accessor :one_xmlrpc, :one_auth, :one_location, :config
21

  
22
    # initalize some instance variable
23
    def initialize
24
        @one_location=''
25
        
26
        # get ssp configuration
27
        if @one_location.empty?
28
            etc_location="/etc/one"
29
        else
30
            etc_location=@one_location+"/etc"
31
        end
32

  
33
        configuration_file=etc_location+"/sunstone-server.conf"
34

  
35
        begin
36
            @config = YAML.load_file(configuration_file)
37
        rescue Exception => e
38
            STDERR.puts "Error parsing config file #{configuration_file}: #{e.message}"
39
            exit 1
40
        end
41

  
42
        @one_xmlrpc=@config[:one_xmlrpc]
43
        @one_auth=@config[:one_auth_for_ssp]
44
    end 
45

  
46
    # creating new user
47
    # @param username username of user to be created
48
    def create_user(username)
49
        server=XMLRPC::Client.new2(@one_xmlrpc)
50
        
51
        session_string=self.get_credential["username"]+":"+self.get_credential["password"]
52
        
53
        begin
54
            response=server.call("one.user.allocate",session_string,username,self.generate_password,'')
55
        rescue Exception => e
56
            [false, e.message]
57
        end
58
    end
59

  
60
    # update user's group or create it's group
61
    # @param username username's group will be updated
62
    # @param groupname user's group
63
    def update_group(username,groupname)
64
        server=XMLRPC::Client.new2(@one_xmlrpc)
65
        
66
        session_string=self.get_credential["username"]+":"+self.get_credential["password"]
67

  
68
        if groupname.empty?
69
            groupname='users'
70
        end
71

  
72
        if self.get_groupid(groupname).empty?
73
            self.create_group(groupname)
74
        end
75

  
76
        begin
77
            response=server.call("one.user.chgrp",session_string,self.get_userid(username).to_i,self.get_groupid(groupname).to_i)
78
        rescue Exception => e
79
            [false, e.message]
80
        end
81
    end
82

  
83
    # get username and password from $ONE_AUTH file
84
    # @return username and password in a Hash
85
    def get_credential
86
        credential=Hash.new
87
        
88
        if File.readable?(@one_auth)
89
            File.open(@one_auth, 'r') do |line| 
90
                auth_line=line.gets.strip
91
                auth_line=auth_line.split(':')
92

  
93
                credential["username"]=auth_line[0]
94
                credential["password"]=auth_line[1]
95
            end
96
        else
97
            # TODO: write error into log (SSP_Helper ERROR: $ONE_AUTH file is not readable)
98
            raise "one auth file not readable"
99
        end
100
        return credential
101
    end
102

  
103
    # get user's ID
104
    # @param username username
105
    # @return user's ID
106
    def get_userid(username)
107
        server=XMLRPC::Client.new2(@one_xmlrpc)
108
        
109
        session_string=self.get_credential["username"]+":"+self.get_credential["password"]
110
        
111
        begin
112
            response=server.call("one.userpool.info",session_string)
113
        rescue Exception => e
114
            [false, e.message]
115
        end
116

  
117
        xml=Nokogiri::XML(response[1])
118
        return xml.xpath('//USER[NAME=\''+username+'\']/ID').inner_text
119
    end
120

  
121
    # get group ID of a group
122
    # @param groupname groupname
123
    # @return group's ID
124
    def get_groupid(groupname)
125
        server=XMLRPC::Client.new2(@one_xmlrpc)
126
        
127
        session_string=self.get_credential["username"]+":"+self.get_credential["password"]
128
        
129
        begin
130
            response=server.call("one.grouppool.info",session_string)
131
        rescue Exception => e
132
            [false, e.message]
133
        end
134

  
135
        xml=Nokogiri::XML(response[1])
136
        return xml.xpath('//GROUP[NAME=\''+groupname+'\']/ID').inner_text
137
    end
138

  
139
    # creating new group
140
    # @param groupname groupname of group to be created
141
    def create_group(groupname)
142
        server=XMLRPC::Client.new2(@one_xmlrpc)
143
        
144
        session_string=self.get_credential["username"]+":"+self.get_credential["password"]
145
        
146
        begin
147
            response=server.call("one.group.allocate",session_string,groupname)
148
        rescue Exception => e
149
            [false, e.message]
150
        end
151
    end
152

  
153
    # create random password for new users
154
    # @return random password
155
    def generate_password
156
        return rand(36**20).to_s(36)
157
    end
158

  
159
    # get ssp session variable in JSON format
160
    # @param sessionid ssp session id from cookie
161
    # @return ssp_session ssp session in JSON format
162
    def get_ssp_session(sessionid)
163
        url=URI.parse(@config[:ssp_host])
164
        http=Net::HTTP.new(url.host,url.port)
165
        req=Net::HTTP::Get.new(@config[:ssp_loginvalidator]+sessionid)
166
        if url.scheme=='https'
167
            http.use_ssl=true
168
            http.verify_mode=OpenSSL::SSL::VERIFY_NONE
169
        end
170
        res=http.request(req)
171
        ssp_session_json=res.body
172
        ssp_session=JSON.parse(ssp_session_json)
173
        return ssp_session
174
    end
175

  
176
    # is user authorized in ssp?
177
    # @param sessionid ssp session id from cookie
178
    # @return true if user is authorized
179
    def authorized?(sessionid)
180
        if sessionid.nil? or get_ssp_session(sessionid)['is_auth']!=true
181
            return false
182
        else
183
            return true
184
        end
185
    end
186

  
187
end
opennebula-3.8.1_patched//src/cloud/common/CloudAuth.rb 2012-12-11 18:20:46.000000000 +0100
21 21
    AUTH_MODULES = {
22 22
        "occi"       => 'OCCICloudAuth',
23 23
        "sunstone"   => 'SunstoneCloudAuth' ,
24
        "ssp"        => 'SSPCloudAuth' ,
24 25
        "ec2"        => 'EC2CloudAuth',
25 26
        "x509"       => 'X509CloudAuth',
26 27
        "opennebula" => 'OpenNebulaCloudAuth'
......
158 159
            raise rc.message if OpenNebula.is_error?(rc)
159 160
        }
160 161
    end
161
end
162
end
opennebula-3.8.1_patched//src/sunstone/etc/sunstone-server.conf 2012-12-18 11:58:11.000000000 +0100
50 50
#   opennebula, the authentication will be done by the opennebula core using the
51 51
#   driver defined for the user
52 52
#
53
:auth: sunstone
53
:auth: ssp
54 54

  
55 55
# Authentication driver to communicate with OpenNebula core
56 56
#   cipher, for symmetric cipher encryption of tokens
......
113 113
#:routes:
114 114
#    - custom
115 115
#    - other
116

  
117
################################################################################
118
## SSP Auth module
119
#################################################################################
120
#
121
## ssp_sessionid:        Simple SAML PHP session ID cookie name.
122
## ssp_host:             Simple SAML PHP host url.
123
## ssp_loginpage:        Simple SAML PHP login page.
124
## ssp_loginvalidator:   Simple SAML PHP login validator script path. This
125
##                       script authenticates users in Simple SAML PHP and
126
##                       gets login data in JSON format.
127
## ssp_logoutpage:       Simple SAML PHP logout page.
128
## one_auth_for_ssp:     one_auth file location
129
:ssp_sessionid: PHPSESSID
130
:ssp_host: http://192.168.204.100
131
:ssp_loginpage: /simplesaml/module.php/core/as_login.php?AuthId=default-sp&ReturnTo=/one/
132
:ssp_loginvalidator: /simplesaml/module.php/getSession/index.php?sessid=
133
:ssp_logoutpage: /simplesaml/module.php/core/as_logout.php?AuthId=default-sp&ReturnTo=/simplesaml/logout.php
134
:one_auth_for_ssp: /var/lib/one/.one/one_auth
opennebula-3.8.1_patched//src/sunstone/public/js/login_ssp.js 2012-12-11 18:20:46.000000000 +0100
1
/* -------------------------------------------------------------------------- */
2
/* Copyright 2002-2012, OpenNebula Project Leads (OpenNebula.org)             */
3
/*                                                                            */
4
/* Licensed under the Apache License, Version 2.0 (the "License"); you may    */
5
/* not use this file except in compliance with the License. You may obtain    */
6
/* a copy of the License at                                                   */
7
/*                                                                            */
8
/* http://www.apache.org/licenses/LICENSE-2.0                                 */
9
/*                                                                            */
10
/* Unless required by applicable law or agreed to in writing, software        */
11
/* distributed under the License is distributed on an "AS IS" BASIS,          */
12
/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   */
13
/* See the License for the specific language governing permissions and        */
14
/* limitations under the License.                                             */
15
/* -------------------------------------------------------------------------- */
16

  
17
function auth_success(req, response){
18
    window.location.href = ".";
19
}
20

  
21
function auth_error(req, error){
22

  
23
    var status = error.error.http_status;
24

  
25
    switch (status){
26
    case 401:
27
        $("#error_box").text("Invalid username or password");
28
        break;
29
    case 500:
30
        $("#error_box").text("OpenNebula is not running or there was a server exception. Please check the server logs.");
31
        break;
32
    case 0:
33
        $("#error_box").text("No answer from server. Is it running?");
34
        break;
35
    default:
36
        $("#error_box").text("Unexpected error. Status "+status+". Check the server logs.");
37
    };
38
    $("#error_box").fadeIn("slow");
39
}
40

  
41
function authenticate(){
42
    var username = '';
43
    var password = '';
44
    var remember = true;
45

  
46
    $("#error_box").fadeOut("slow");
47

  
48
    OpenNebula.Auth.login({ data: {username: username
49
                                    , password: password}
50
                            , remember: remember
51
                            , success: auth_success
52
                            , error: auth_error
53
                        });
54
}
55

  
56
function getInternetExplorerVersion(){
57
// Returns the version of Internet Explorer or a -1
58
// (indicating the use of another browser).
59
    var rv = -1; // Return value assumes failure.
60
    if (navigator.appName == 'Microsoft Internet Explorer')
61
    {
62
        var ua = navigator.userAgent;
63
        var re  = new RegExp("MSIE ([0-9]{1,}[\.0-9]{0,})");
64
        if (re.exec(ua) != null)
65
            rv = parseFloat( RegExp.$1 );
66
    }
67
    return rv;
68
}
69

  
70
function checkVersion(){
71
    var ver = getInternetExplorerVersion();
72

  
73
    if ( ver > -1 ){
74
        msg = ver <= 7.0 ? "You are using an old version of IE. \
75
Please upgrade or use Firefox or Chrome for full compatibility." :
76
        "OpenNebula Sunstone is best seen with Chrome or Firefox";
77
        $("#error_box").text(msg);
78
        $("#error_box").fadeIn('slow');
79
    }
80
}
81

  
82
$(document).ready(function(){
83

  
84
var pathname=$(location).attr('href');
85
$.ajax({
86
   type: 'GET',
87
   url:pathname,
88
   complete: function(XMLHttpRequest,textStatus){
89
        authenticate();
90
        return false;
91
   }
92
  });
93
    //compact login elements according to screen height
94
    if (screen.height <= 600){
95
        $('div#logo_sunstone').css("top","15px");
96
        $('.error_message').css("top","10px");
97
    };
98

  
99
    checkVersion();
100
});
opennebula-3.8.1_patched//src/sunstone/public/js/sunstone.js 2012-12-11 18:20:46.000000000 +0100
399 399
    //This variables can be used anywhere
400 400
    switch(whichUI()){
401 401
    case "sunstone":
402
        username = cookie["one-user"];
402
        username = decodeURIComponent(cookie["one-user"]);
403 403
        uid = cookie["one-user_id"];
404 404
        gid = cookie["one-user_gid"];
405 405
        break;
406 406
    case "ozones":
407
        username = cookie["ozones-user"];
407
        username = decodeURIComponent(cookie["ozones-user"]);
408 408
        break;
409 409
    case "selfservice":
410
        username = cookie["occi-user"];
410
        username = decodeURIComponent(cookie["occi-user"]);
411 411
        uid = cookie["occi-user-id"];
412 412
        break;
413 413
    };
......
416 416
    $("div#header span#user").html(username);
417 417

  
418 418
    $("div#header a#logout").click(function(){
419
        redirect = function(){window.location.href = "login";};
419
        if ($.cookie("ssp_logoutpage") == undefined)
420
            redirect = function(){window.location.href = "login";};
421
        else {
422
            redirect = function(){window.location.href = $.cookie("ssp_logoutpage");};
423
        }
420 424
        switch(whichUI()){
421 425
        case "sunstone":
422 426
            OpenNebula.Auth.logout({success:redirect});
opennebula-3.8.1_patched//src/sunstone/public/vendor/jQueryCookie/jquery-cookie.js 2012-12-11 18:20:46.000000000 +0100
1
/*jshint eqnull:true */
2
/*!
3
 * jQuery Cookie Plugin v1.1
4
 * https://github.com/carhartl/jquery-cookie
5
 *
6
 * Copyright 2011, Klaus Hartl
7
 * Dual licensed under the MIT or GPL Version 2 licenses.
8
 * http://www.opensource.org/licenses/mit-license.php
9
 * http://www.opensource.org/licenses/GPL-2.0
10
 */
11
(function($, document) {
12

  
13
	var pluses = /\+/g;
14
	function raw(s) {
15
		return s;
16
	}
17
	function decoded(s) {
18
		return decodeURIComponent(s.replace(pluses, ' '));
19
	}
20

  
21
	$.cookie = function(key, value, options) {
22

  
23
		// key and at least value given, set cookie...
24
		if (arguments.length > 1 && (!/Object/.test(Object.prototype.toString.call(value)) || value == null)) {
25
			options = $.extend({}, $.cookie.defaults, options);
26

  
27
			if (value == null) {
28
				options.expires = -1;
29
			}
30

  
31
			if (typeof options.expires === 'number') {
32
				var days = options.expires, t = options.expires = new Date();
33
				t.setDate(t.getDate() + days);
34
			}
35

  
36
			value = String(value);
37

  
38
			return (document.cookie = [
39
				encodeURIComponent(key), '=', options.raw ? value : encodeURIComponent(value),
40
				options.expires ? '; expires=' + options.expires.toUTCString() : '', // use expires attribute, max-age is not supported by IE
41
				options.path    ? '; path=' + options.path : '',
42
				options.domain  ? '; domain=' + options.domain : '',
43
				options.secure  ? '; secure' : ''
44
			].join(''));
45
		}
46

  
47
		// key and possibly options given, get cookie...
48
		options = value || $.cookie.defaults || {};
49
		var decode = options.raw ? raw : decoded;
50
		var cookies = document.cookie.split('; ');
51
		for (var i = 0, parts; (parts = cookies[i] && cookies[i].split('=')); i++) {
52
			if (decode(parts.shift()) === key) {
53
				return decode(parts.join('='));
54
			}
55
		}
56
		return null;
57
	};
58

  
59
	$.cookie.defaults = {};
60

  
61
})(jQuery, document);
62

  
opennebula-3.8.1_patched//src/sunstone/sunstone-server.rb 2012-12-11 18:20:46.000000000 +0100
41 41

  
42 42
$: << RUBY_LIB_LOCATION
43 43
$: << RUBY_LIB_LOCATION+'/cloud'
44
$: << RUBY_LIB_LOCATION+'/cloud/CloudAuth'
44 45
$: << SUNSTONE_ROOT_DIR
45 46
$: << SUNSTONE_ROOT_DIR+'/models'
46 47

  
......
58 59
require 'SunstoneServer'
59 60
require 'SunstonePlugins'
60 61

  
62
require 'ssp_helper'
61 63

  
62 64
##############################################################################
63 65
# Configuration
......
77 79
#Sinatra configuration
78 80

  
79 81
set :config, conf
80
set :bind, settings.config[:host]
81
set :port, settings.config[:port]
82
set :bind, conf[:host]
83
set :port, conf[:port]
82 84

  
83 85
use Rack::Session::Pool, :key => 'sunstone'
84 86

  
85 87
# Enable logger
86 88

  
87 89
include CloudLogger
88
enable_logging SUNSTONE_LOG, settings.config[:debug_level].to_i
89

  
90
logger = enable_logging SUNSTONE_LOG, conf[:debug_level].to_i
90 91
begin
91 92
    ENV["ONE_CIPHER_AUTH"] = SUNSTONE_AUTH
92
    cloud_auth = CloudAuth.new(settings.config, settings.logger)
93
    cloud_auth = CloudAuth.new(conf, logger)
93 94
rescue => e
94
    settings.logger.error {
95
        "Error initializing authentication system" }
96
    settings.logger.error { e.message }
95
    logger.error { "Error initializing authentication system" }
96
    logger.error { e.message }
97 97
    exit -1
98 98
end
99 99

  
......
102 102
#start VNC proxy
103 103

  
104 104
configure do
105
    vnc = OpenNebulaVNC.new(conf, logger)
106

  
105 107
    set :run, false
106
    set :vnc, OpenNebulaVNC.new(conf, settings.logger)
107
    settings.vnc.start()
108
    set :vnc, vnc
109

  
110
    vnc.start()
111

  
108 112
    Kernel.at_exit do
109
        settings.vnc.stop
113
        vnc.stop
110 114
    end
111 115
end
112 116

  
......
120 124

  
121 125
    def build_session
122 126
        begin
127
            if settings.config[:auth]=='ssp'
128
                response.set_cookie('ssp_logoutpage',settings.config[:ssp_host]+settings.config[:ssp_logoutpage])
129
                params['ssp_sessionid']=request.cookies[settings.config[:ssp_sessionid]]
130
            end
123 131
            result = settings.cloud_auth.auth(request.env, params)
124 132
        rescue Exception => e
125 133
            logger.error { e.message }
......
211 219
##############################################################################
212 220
# Custom routes
213 221
##############################################################################
214
if settings.config[:routes]
215
    settings.config[:routes].each { |route|
222
if conf[:routes]
223
    conf[:routes].each { |route|
216 224
        require "routes/#{route}"
217 225
    }
218 226
end
......
222 230
##############################################################################
223 231
get '/' do
224 232
    content_type 'text/html', :charset => 'utf-8'
233

  
234
    if settings.config[:auth]=='ssp' 
235
        ssp_sessionid=request.cookies[settings.config[:ssp_sessionid]]
236
        ssp=SSP_Helper.new
237
        if not ssp.authorized?(ssp_sessionid)
238
            redirect settings.config[:ssp_host]+settings.config[:ssp_loginpage], 302
239
        end
240
    end
241

  
225 242
    if !authorized?
226 243
        return erb :login
227 244
    end
opennebula-3.8.1_patched//src/sunstone/views/index.erb 2012-12-11 18:20:46.000000000 +0100
16 16
    <script type="text/javascript" src="vendor/jGrowl/jquery.jgrowl_minimized.js"></script>
17 17
    <script type="text/javascript" src="vendor/jQueryUI/jquery-ui-1.8.16.custom.min.js"></script>
18 18
    <script type="text/javascript" src="vendor/jQueryLayout/jquery.layout-latest.min.js"></script>
19
    <script type="text/javascript" src="vendor/jQueryCookie/jquery-cookie.js"></script>
19 20
    <script type="text/javascript" src="vendor/dataTables/jquery.dataTables.min.js"></script>
20 21
    <script type="text/javascript" src="vendor/dataTables/ColVis.min.js"></script>
21 22
<!--    <script type="text/javascript" src="vendor/dataTables/ColReorderWithResize.js"></script>-->
opennebula-3.8.1_patched//src/sunstone/views/login.erb 2012-12-11 18:20:46.000000000 +0100
16 16
    <![endif]-->
17 17

  
18 18
    <script type="text/javascript" src="js/opennebula.js"></script>
19
    <script type="text/javascript" src="js/login.js"></script>
19
    <% if settings.config[:auth] == "ssp" %>
20
        <script type="text/javascript" src="js/login_ssp.js"></script>
21
    <% else %>
22
        <script type="text/javascript" src="js/login.js"></script>
23
    <% end %>
20 24

  
21 25
</head>
22 26

  
......
30 34

  
31 35
<% if settings.config[:auth] == "x509" %>
32 36
  <%= erb :_login_x509 %>
37
<% elsif settings.config[:auth] == "ssp" %>
38
  <%= erb :_login_ssp %>
33 39
<% else %>
34 40
  <%= erb :_login_standard %>
35 41
<% end %>
opennebula-3.8.1_patched//src/sunstone/views/_login_ssp.erb 2012-12-11 18:20:46.000000000 +0100
1
<div id="wrapper">
2
      <div id="logo_sunstone">
3
      </div>
4

  
5
      <div id="error_box" class="error_message ui-state-error ui-corner-all">
6
      </div>
7

  
8
</div>