FR: SAML Sign In - Interstitial page to send users directly to IdP login screen

chrome/browser/ui/webui/chromeos/login/gaia_screen_handler.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ui/webui/chromeos/login/gaia_screen_handler.h"
 
 #include "ash/system/chromeos/devicetype_utils.h"
 #include "base/bind.h"
 #include "base/guid.h"
 #include "base/logging.h"
 #include "base/metrics/histogram.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/values.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/browser_shutdown.h"
 #include "chrome/browser/chromeos/input_method/input_method_util.h"
 #include "chrome/browser/chromeos/language_preferences.h"
 #include "chrome/browser/chromeos/login/screens/network_error.h"
 #include "chrome/browser/chromeos/login/ui/user_adding_screen.h"
 #include "chrome/browser/chromeos/login/users/chrome_user_manager.h"
 #include "chrome/browser/chromeos/net/network_portal_detector_impl.h"
 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
+#include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h"
 #include "chrome/browser/chromeos/profiles/profile_helper.h"
 #include "chrome/browser/chromeos/settings/cros_settings.h"
 #include "chrome/browser/io_thread.h"
 #include "chrome/browser/ui/webui/chromeos/login/signin_screen_handler.h"
 #include "chrome/browser/ui/webui/signin/get_auth_frame.h"
 #include "chrome/common/channel_info.h"
 #include "chrome/common/pref_names.h"
 #include "chrome/grit/generated_resources.h"
 #include "chromeos/chromeos_switches.h"
 #include "chromeos/login/auth/user_context.h"
 #include "chromeos/settings/cros_settings_names.h"
 #include "chromeos/system/devicetype.h"
 #include "chromeos/system/version_loader.h"
 #include "components/login/localized_values_builder.h"
 #include "components/prefs/pref_service.h"
 #include "components/user_manager/known_user.h"
 #include "components/user_manager/user_manager.h"
 #include "components/version_info/version_info.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/render_frame_host.h"
 #include "google_apis/gaia/gaia_auth_util.h"
 #include "google_apis/gaia/gaia_urls.h"
 #include "grit/components_strings.h"
 #include "ui/base/ime/chromeos/input_method_manager.h"
 #include "ui/base/l10n/l10n_util.h"
 
 using content::BrowserThread;
+namespace em = enterprise_management;
 
 namespace chromeos {
 
 namespace {
 
 const char kJsScreenPath[] = "login.GaiaSigninScreen";
 const char kAuthIframeParentName[] = "signin-frame";
 
 const char kRestrictiveProxyURL[] = "https://www.google.com/generate_204";
 
 const char kEndpointGen[] = "1.0";
 
+// The possible modes that the Gaia signin screen can be in.
+enum GaiaScreenMode {
+  // Default Gaia authentication will be used.
+  GAIA_SCREEN_MODE_DEFAULT = 0,
+
+  // Gaia offline mode will be used.
+  GAIA_SCREEN_MODE_OFFLINE = 1,
+
+  // An interstitial page will be used before SAML redirection.
+  GAIA_SCREEN_MODE_SAML_INTERSTITIAL = 2,
+};
+
+GaiaScreenMode GetGaiaScreenMode(bool use_offline) {
+  if (use_offline)
+    return GAIA_SCREEN_MODE_OFFLINE;
+
+  int authentication_behavior = 0;
+  CrosSettings::Get()->GetInteger(kLoginAuthenticationBehavior,
+                                  &authentication_behavior);
+  if (authentication_behavior ==
+      em::LoginAuthenticationBehaviorProto::SAML_INTERSTITIAL) {
+    return GAIA_SCREEN_MODE_SAML_INTERSTITIAL;
+  }
+
+  return GAIA_SCREEN_MODE_DEFAULT;
+}
+
+std::string GetEnterpriseDomain() {
+  policy::BrowserPolicyConnectorChromeOS* connector =
+      g_browser_process->platform_part()->browser_policy_connector_chromeos();
+  return connector->GetEnterpriseDomain();
+}
+
 std::string GetChromeType() {
   switch (chromeos::GetDeviceType()) {
     case chromeos::DeviceType::kChromebox:
       return "chromebox";
     case chromeos::DeviceType::kChromebase:
       return "chromebase";
     case chromeos::DeviceType::kChromebit:
       return "chromebit";
     case chromeos::DeviceType::kChromebook:
       return "chromebook";
@@ skipping 108 matching lines @@
       base::Bind(&GaiaScreenHandler::LoadGaiaWithVersion,
                  weak_factory_.GetWeakPtr(), context));
 }
 
 void GaiaScreenHandler::LoadGaiaWithVersion(
     const GaiaContext& context,
     const std::string& platform_version) {
   base::DictionaryValue params;
 
   params.SetBoolean("forceReload", context.force_reload);
-  params.SetBoolean("useOffline", context.use_offline);
   params.SetString("gaiaId", context.gaia_id);
   params.SetBoolean("readOnlyEmail", true);
   params.SetString("email", context.email);
   params.SetString("gapsCookie", context.gaps_cookie);
 
   UpdateAuthParams(&params, IsRestrictiveProxy());
 
-  if (!context.use_offline) {
+  GaiaScreenMode screen_mode = GetGaiaScreenMode(context.use_offline);
+  params.SetInteger("screenMode", screen_mode);
+  if (screen_mode != GAIA_SCREEN_MODE_OFFLINE) {
     const std::string app_locale = g_browser_process->GetApplicationLocale();
     if (!app_locale.empty())
       params.SetString("hl", app_locale);
-  } else {
-    policy::BrowserPolicyConnectorChromeOS* connector =
-        g_browser_process->platform_part()->browser_policy_connector_chromeos();
-    std::string enterprise_domain(connector->GetEnterpriseDomain());
-    if (!enterprise_domain.empty()) {
-      params.SetString(
-          "enterpriseInfoMessage",
-          l10n_util::GetStringFUTF16(IDS_OFFLINE_LOGIN_DEVICE_MANAGED_BY_NOTICE,
-                                     base::UTF8ToUTF16(enterprise_domain)));
-    }
   }
 
-  base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
-
-  policy::BrowserPolicyConnectorChromeOS* connector =
-      g_browser_process->platform_part()->browser_policy_connector_chromeos();
-  std::string enterprise_domain(connector->GetEnterpriseDomain());
+  std::string enterprise_domain(GetEnterpriseDomain());
   if (!enterprise_domain.empty())
     params.SetString("enterpriseDomain", enterprise_domain);
 
   params.SetString("chromeType", GetChromeType());
   params.SetString("clientId",
                    GaiaUrls::GetInstance()->oauth2_chrome_client_id());
   params.SetString("clientVersion", version_info::GetVersionNumber());
   if (!platform_version.empty())
     params.SetString("platformVersion", platform_version);
   params.SetString("releaseChannel", chrome::GetChannelString());
   params.SetString("endpointGen", kEndpointGen);
 
   std::string email_domain;
   if (CrosSettings::Get()->GetString(kAccountsPrefLoginScreenDomainAutoComplete,
                                      &email_domain) &&
       !email_domain.empty()) {
     params.SetString("emailDomain", email_domain);
   }
 
   params.SetString("gaiaUrl", GaiaUrls::GetInstance()->gaia_url().spec());
 
   if (use_easy_bootstrap_) {
     params.SetBoolean("useEafe", true);
     // Easy login overrides.
     std::string eafe_url = "https://easylogin.corp.google.com/";
+    base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
     if (command_line->HasSwitch(switches::kEafeUrl))
       eafe_url = command_line->GetSwitchValueASCII(switches::kEafeUrl);
     std::string eafe_path = "planters/cbaudioChrome";
     if (command_line->HasSwitch(switches::kEafePath))
       eafe_path = command_line->GetSwitchValueASCII(switches::kEafePath);
 
     params.SetString("gaiaUrl", eafe_url);
     params.SetString("gaiaPath", eafe_path);
-    params.SetString("clientId",
-                     GaiaUrls::GetInstance()->oauth2_chrome_client_id());
   }
 
   frame_state_ = FRAME_STATE_LOADING;
   CallJS("loadAuthExtension", params);
 }
 
 void GaiaScreenHandler::ReloadGaia(bool force_reload) {
   if (frame_state_ == FRAME_STATE_LOADING && !force_reload) {
     VLOG(1) << "Skipping reloading of Gaia since gaia is loading.";
     return;
@@ skipping 32 matching lines @@
   builder->Add("fatalErrorMessageNoPassword",
                IDS_LOGIN_FATAL_ERROR_NO_PASSWORD);
   builder->Add("fatalErrorMessageVerificationFailed",
                IDS_LOGIN_FATAL_ERROR_PASSWORD_VERIFICATION);
   builder->Add("fatalErrorMessageInsecureURL",
                IDS_LOGIN_FATAL_ERROR_TEXT_INSECURE_URL);
   builder->Add("fatalErrorDoneButton", IDS_DONE);
   builder->Add("fatalErrorTryAgainButton",
                IDS_LOGIN_FATAL_ERROR_TRY_AGAIN_BUTTON);
 
-  builder->AddF("offlineLoginWelcome", IDS_OFFLINE_LOGIN_WELCOME,
+  builder->AddF("loginWelcomeMessage", IDS_LOGIN_WELCOME_MESSAGE,
                 ash::GetChromeOSDeviceTypeResourceId());
   builder->Add("offlineLoginEmail", IDS_OFFLINE_LOGIN_EMAIL);
   builder->Add("offlineLoginPassword", IDS_OFFLINE_LOGIN_PASSWORD);
   builder->Add("offlineLoginInvalidEmail", IDS_OFFLINE_LOGIN_INVALID_EMAIL);
   builder->Add("offlineLoginInvalidPassword",
                IDS_OFFLINE_LOGIN_INVALID_PASSWORD);
   builder->Add("offlineLoginNextBtn", IDS_OFFLINE_LOGIN_NEXT_BUTTON_TEXT);
   builder->Add("offlineLoginForgotPasswordBtn",
                IDS_OFFLINE_LOGIN_FORGOT_PASSWORD_BUTTON_TEXT);
   builder->Add("offlineLoginForgotPasswordDlg",
                IDS_OFFLINE_LOGIN_FORGOT_PASSWORD_DIALOG_TEXT);
   builder->Add("offlineLoginCloseBtn", IDS_OFFLINE_LOGIN_CLOSE_BUTTON_TEXT);
+  builder->AddF("enterpriseInfoMessage",
+                IDS_LOGIN_DEVICE_MANAGED_BY_NOTICE,
+                base::UTF8ToUTF16(GetEnterpriseDomain()));
+  builder->Add("samlInterstitialMessage",
+                IDS_LOGIN_SAML_INTERSTITIAL_MESSAGE);
+  builder->Add("samlInterstitialChangeAccountLink",
+               IDS_LOGIN_SAML_INTERSTITIAL_CHANGE_ACCOUNT_LINK_TEXT);
+  builder->Add("samlInterstitialNextBtn",
+               IDS_LOGIN_SAML_INTERSTITIAL_NEXT_BUTTON_TEXT);
 }
 
 void GaiaScreenHandler::Initialize() {
 }
 
 void GaiaScreenHandler::RegisterMessages() {
   AddCallback("webviewLoadAborted",
               &GaiaScreenHandler::HandleWebviewLoadAborted);
   AddCallback("completeLogin", &GaiaScreenHandler::HandleCompleteLogin);
   AddCallback("completeAuthentication",
@@ skipping 453 matching lines @@
 bool GaiaScreenHandler::IsRestrictiveProxy() const {
   return !disable_restrictive_proxy_check_for_test_ &&
          !IsOnline(captive_portal_status_);
 }
 
 void GaiaScreenHandler::DisableRestrictiveProxyCheckForTest() {
   disable_restrictive_proxy_check_for_test_ = true;
 }
 
 }  // namespace chromeos