Versions Compared

Old Version 3

changes.mady.by.user Former user

Saved on

compared with

New Version 4

changes.mady.by.user Arto Vainiolehto

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Access blocked to SSO with HTTP-POST for users that use Chrome

SSO blocks all POST requests sent using Chrome browser, that originate from a website, whose second level domain name differs from SSO's. The workaround for this is to comment out four servlet-name elements inside the <filter-mapping> having <filter-name>  org.apache.catalina.filters.CorsFilter#disabled in file ubilogin-sso/ubilogin/webapps/uas/WEB-INF/web.xml. 

Code Block
<filter-mapping>
    <filter-name>org.apache.catalina.filters.CorsFilter#disabled</filter-name>
    <!-- THIS LINE IS COMMENTED OUT
        <servlet-name>com.ubisecure.ubilogin.sso.ui.conversation.logout.UbiloginLogoutConversationServlet</servlet-name>
    -->
    <servlet-name>com.ubisecure.saml2.trace.TraceServlet</servlet-name>
    <servlet-name>com.ubisecure.ubilogin.sso.ui.servlet.InfoServlet</servlet-name>
    <servlet-name>com.ubisecure.ubilogin.sso.ui.servlet.saml2.SessionRelayServlet</servlet-name>
    <servlet-name>com.ubisecure.ubilogin.sso.ui.servlet.v0.MainServlet</servlet-name>
    <servlet-name>com.ubisecure.ubilogin.sso.ui.conversation.authn.AuthnConversationServlet</servlet-name>
    <!-- THIS LINE IS COMMENTED OUT
        <servlet-name>com.ubisecure.ubilogin.sso.ui.servlet.saml2.SingleSignOnServlet</servlet-name>
    -->
    <!-- THIS LINE IS COMMENTED OUT
        <servlet-name>com.ubisecure.ubilogin.sso.ui.servlet.saml2.ServiceProviderServlet</servlet-name>
    -->
    <servlet-name>com.ubisecure.ubilogin.sso.ui.servlet.DiscoveryResponseServlet</servlet-name>
    <!-- THIS LINE IS COMMENTED OUT
        <servlet-name>com.ubisecure.ubilogin.sso.ui.servlet.ReturnServlet</servlet-name>
    -->
    <servlet-name>com.ubisecure.ubilogin.sso.ui.servlet.LandingPageServlet</servlet-name>
    <servlet-name>com.ubisecure.ubilogin.sso.ui.servlet.wsf.PassiveRequestorServlet</servlet-name>
    <servlet-name>SSO_ECP</servlet-name>
    <servlet-name>com.ubisecure.ubilogin.sso.ui.servlet.oauth2.AuthorizationServlet</servlet-name>
    <servlet-name>com.ubisecure.ubilogin.sso.ui.servlet.tupas.TupasIdentificationServlet</servlet-name>
    <servlet-name>servlet.saml2.NamesServlet</servlet-name>
</filter-mapping>

After editing the file you must run ubilogin-sso/ubilogin/config/tomcat/update.[sh|cmd]

Long certificates require manual installation in Linux version

...