Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

By default support for CORS with credentials is enabled for the following features:

  • CORS with credentials

    • RefreshServlet

...

    • - uas/refresh

...

  • CORS with authentication

    • TokenServlet - /uas/oauth2/token

    • UserInfoServlet - /uas/oauth2/userinfo

    • IntrospectionServlet - /uas/oauth2/introspection

    • TokenRevocationServlet - /uas/oauth2/revocation

By default it's configured so that it's allowed to be called from any origin. If you want to change this behavior so that it's either possible to call only from certain known origins, or not possible at all, follow the steps below.

  • Find the web.xml file in the following path:

    • On Linux /usr/local/ubisecure/ubilogin/webapps/uas/WEB-INF/web.xml.

    • On Windows %PROGRAMFILES%\Ubisecure\ubilogin-sso\ubilogin\webapps\uas\WEB-INF\web.xml.

  • Use a text-editor that supports UTF-8, such as notepad++ or vim. In Windows, notepad is not recommended as it will add the byte order mark (BOM), that may cause problems.

  • Define the origins that are to be allowed in the param-value section of the param-name: cors.allowed.origins.

    • A valid origin consist of scheme, host and port, as described inĀ RFC-6454.

    • The list is comma-separated.

    • Empty value or null means that it's not possible to call with CORS from any origin

...

Example of modified CorsFilter configuration in web.xml
Code Block
languagetext
<filter>
    <filter-name>CorsFilter#enabled-with-credentials</filter-name>
    <filter-class>com.ubisecure.util.filter.CorsFilter</filter-class>
    <init-param>
        <param-name>cors.allowed.origins</param-name>
        <param-value>https://www.example.com, https://mail.example.com:8080</param-value>
    </init-param>
    <init-param>
        <param-name>cors.allowed.methods</param-name>
        <param-value>GET,POST</param-value>
    </init-param>
    <init-param>
        <param-name>cors.support.credentials</param-name>
        <param-value>true</param-value>
    </init-param>
</filter>

  • After updating web.xml, run the update command as follows:

    • On Linux: /usr/local/ubisecure/ubilogin-sso/ubilogin/config/tomcat/update.sh

...

    • On Windows: %PROGRAMFILES%\Ubisecure\ubilogin-sso\ubilogin\config\tomcat\update.cmd

...