Chromium Code Reviews Chromium Code Reviews
Issue 1831523003:
FR: SAML Sign In - Interstitial page to send users directly to IdP login screen (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 <include src="saml_handler.js"> | 5 <include src="saml_handler.js"> |
| 6 | 6 |
| 7 /** | 7 /** |
| 8 * @fileoverview An UI component to authenciate to Chrome. The component hosts | 8 * @fileoverview An UI component to authenciate to Chrome. The component hosts |
| 9 * IdP web pages in a webview. A client who is interested in monitoring | 9 * IdP web pages in a webview. A client who is interested in monitoring |
| 10 * authentication events should pass a listener object of type | 10 * authentication events should pass a listener object of type |
| (...skipping 13 matching lines...) Expand all Loading... | |
| 24 'chrome-extension://mfffpogegjflfpflabcdkioaeobkgjik/success.html'; | 24 'chrome-extension://mfffpogegjflfpflabcdkioaeobkgjik/success.html'; |
| 25 var SIGN_IN_HEADER = 'google-accounts-signin'; | 25 var SIGN_IN_HEADER = 'google-accounts-signin'; |
| 26 var EMBEDDED_FORM_HEADER = 'google-accounts-embedded'; | 26 var EMBEDDED_FORM_HEADER = 'google-accounts-embedded'; |
| 27 var LOCATION_HEADER = 'location'; | 27 var LOCATION_HEADER = 'location'; |
| 28 var COOKIE_HEADER = 'cookie'; | 28 var COOKIE_HEADER = 'cookie'; |
| 29 var SET_COOKIE_HEADER = 'set-cookie'; | 29 var SET_COOKIE_HEADER = 'set-cookie'; |
| 30 var OAUTH_CODE_COOKIE = 'oauth_code'; | 30 var OAUTH_CODE_COOKIE = 'oauth_code'; |
| 31 var GAPS_COOKIE = 'GAPS'; | 31 var GAPS_COOKIE = 'GAPS'; |
| 32 var SERVICE_ID = 'chromeoslogin'; | 32 var SERVICE_ID = 'chromeoslogin'; |
| 33 var EMBEDDED_SETUP_CHROMEOS_ENDPOINT = 'embedded/setup/chromeos'; | 33 var EMBEDDED_SETUP_CHROMEOS_ENDPOINT = 'embedded/setup/chromeos'; |
| 34 var SAML_REDIRECTION_PATH = 'samlredirect'; | |
| 34 | 35 |
| 35 /** | 36 /** |
| 36 * The source URL parameter for the constrained signin flow. | 37 * The source URL parameter for the constrained signin flow. |
| 37 */ | 38 */ |
| 38 var CONSTRAINED_FLOW_SOURCE = 'chrome'; | 39 var CONSTRAINED_FLOW_SOURCE = 'chrome'; |
| 39 | 40 |
| 40 /** | 41 /** |
| 41 * Enum for the authorization mode, must match AuthMode defined in | 42 * Enum for the authorization mode, must match AuthMode defined in |
| 42 * chrome/browser/ui/webui/inline_login_ui.cc. | 43 * chrome/browser/ui/webui/inline_login_ui.cc. |
| 43 * @enum {number} | 44 * @enum {number} |
| (...skipping 213 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 257 | 258 |
| 258 /** | 259 /** |
| 259 * Reloads the authenticator component. | 260 * Reloads the authenticator component. |
| 260 */ | 261 */ |
| 261 Authenticator.prototype.reload = function() { | 262 Authenticator.prototype.reload = function() { |
| 262 this.clearCredentials_(); | 263 this.clearCredentials_(); |
| 263 this.webview_.src = this.reloadUrl_; | 264 this.webview_.src = this.reloadUrl_; |
| 264 }; | 265 }; |
| 265 | 266 |
| 266 Authenticator.prototype.constructInitialFrameUrl_ = function(data) { | 267 Authenticator.prototype.constructInitialFrameUrl_ = function(data) { |
| 268 if (data.doSamlRedirect) { | |
| 269 var url = this.idpOrigin_ + SAML_REDIRECTION_PATH; | |
| 270 url = appendParam(url, 'domain', data.enterpriseDomain); | |
| 271 url = appendParam(url, 'continue', data.gaiaUrl + | |
| 272 'o/oauth2/programmatic_auth?hl=' + data.hl + | |
| 273 '&scope=https%3A%2F%2Fwww.google.com%2Faccounts%2FOAuthLogin&' + | |
| 274 'client_id=' + data.clientId + '&access_type=offline'); | |
|
xiyuan
2016/03/28 20:58:40
To be on the safe side, encodeURIComponent(data.cl
afakhry
2016/03/28 23:15:33
Done.
| |
| 275 | |
| 276 return url; | |
| 277 } | |
| 278 | |
| 267 var path = data.gaiaPath; | 279 var path = data.gaiaPath; |
| 268 if (!path && this.isNewGaiaFlow) | 280 if (!path && this.isNewGaiaFlow) |
| 269 path = EMBEDDED_SETUP_CHROMEOS_ENDPOINT; | 281 path = EMBEDDED_SETUP_CHROMEOS_ENDPOINT; |
| 270 if (!path) | 282 if (!path) |
| 271 path = IDP_PATH; | 283 path = IDP_PATH; |
| 272 var url = this.idpOrigin_ + path; | 284 var url = this.idpOrigin_ + path; |
| 273 | 285 |
| 274 if (this.isNewGaiaFlow) { | 286 if (this.isNewGaiaFlow) { |
| 275 if (data.chromeType) | 287 if (data.chromeType) |
| 276 url = appendParam(url, 'chrometype', data.chromeType); | 288 url = appendParam(url, 'chrometype', data.chromeType); |
| (...skipping 521 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 798 Authenticator.AuthMode = AuthMode; | 810 Authenticator.AuthMode = AuthMode; |
| 799 Authenticator.SUPPORTED_PARAMS = SUPPORTED_PARAMS; | 811 Authenticator.SUPPORTED_PARAMS = SUPPORTED_PARAMS; |
| 800 | 812 |
| 801 return { | 813 return { |
| 802 // TODO(guohui, xiyuan): Rename GaiaAuthHost to Authenticator once the old | 814 // TODO(guohui, xiyuan): Rename GaiaAuthHost to Authenticator once the old |
| 803 // iframe-based flow is deprecated. | 815 // iframe-based flow is deprecated. |
| 804 GaiaAuthHost: Authenticator, | 816 GaiaAuthHost: Authenticator, |
| 805 Authenticator: Authenticator | 817 Authenticator: Authenticator |
| 806 }; | 818 }; |
| 807 }); | 819 }); |
| OLD | NEW |
