Configuring CORS with credentials - SSO
By default support for CORS with credentials is enabled for the following features:
- RefreshServlet (uas/refresh)
By default it's configured so that it's allowed to be called from any origin. If you want to change this behavior so that it's either possible to call only from certain known origins, or not possible at all, follow the steps below.
- Find the
web.xml
file in the following path:- On Linux
/usr/local/ubisecure/ubilogin/webapps/uas/WEB-INF/web.xml
. - On Windows
%PROGRAMFILES%\Ubisecure\ubilogin-sso\ubilogin\webapps\uas\WEB-INF\web.xml
.
- On Linux
- Use a text-editor that supports UTF-8, such as notepad++ or vim. In Windows, notepad is not recommended as it will add the byte order mark (BOM), that may cause problems.
- Define the origins that are to be allowed in the param-value section of the param-name
cors.allowed.origins
.- A valid origin consist of scheme, host and port, as described in RFC-6454.
- The list is comma-separated.
- Empty value or null means that it's not possible to call with CORS from any origin
CorsFilter configuration in web.xml
<filter> <filter-name>CorsFilter#enabled-with-credentials</filter-name> <filter-class>com.ubisecure.util.filter.CorsFilter</filter-class> <init-param> <param-name>cors.allowed.origins</param-name> <param-value>https://www.example.com, https://mail.example.com:8080</param-value> </init-param> <init-param> <param-name>cors.allowed.methods</param-name> <param-value>GET,POST</param-value> </init-param> <init-param> <param-name>cors.support.credentials</param-name> <param-value>true</param-value> </init-param> </filter>
- After updating web.xml, run the update command as follows:
- On Linux:
/usr/local/ubisecure/ubilogin-sso/ubilogin/config/tomcat/update.sh.
- On Windows:
%PROGRAMFILES%\Ubisecure\ubilogin-sso\ubilogin\config\tomcat\update.cmd.
- On Linux: