diff -Naru a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/servlet/SsoPostLoginServlet.java b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/servlet/SsoPostLoginServlet.java --- a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/servlet/SsoPostLoginServlet.java 2021-07-20 03:39:24.000000000 +0800 +++ b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/servlet/SsoPostLoginServlet.java 2022-06-06 14:16:06.807214000 +0800 @@ -8,6 +8,7 @@ import javax.naming.InitialContext; import javax.naming.NamingException; +import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -41,7 +42,7 @@ } @Override - public void init() { + public void init() throws ServletException { String strVal = getServletConfig().getInitParameter("login-as-admin"); if (strVal == null) { throw new RuntimeException("No login-as-admin init parameter specified for SsoPostLoginServlet."); @@ -61,9 +62,8 @@ @Override protected void service(HttpServletRequest request, HttpServletResponse response) throws IOException { log.debug("Entered SsoPostLoginServlet"); - String username; + String username = null; String profile = null; - String authzName; InitialContext ctx = null; try { String error_description = request.getParameter("error_description"); @@ -90,12 +90,12 @@ Map payload = (Map) jsonResponse.get("ovirt"); username = (String) jsonResponse.get("user_id"); + profile = ""; int index = username.lastIndexOf("@"); if (index != -1) { profile = username.substring(index + 1); username = username.substring(0, index); } - authzName = (String) jsonResponse.get("user_authz"); try { ctx = new InitialContext(); @@ -120,14 +120,12 @@ "Unable to login user %s@%s with profile [%s]" + " because the maximum number of allowed sessions %s is exceeded", username, - authzName, profile, maxUserSessions)); } throw new RuntimeException(String.format( "The user %s@%s with profile [%s] is not authorized to perform login", username, - authzName, profile)); } else { HttpSession httpSession = request.getSession(true); @@ -143,9 +141,7 @@ } catch (RuntimeException ex) { throw ex; } catch (Exception ex) { - throw new RuntimeException( - String.format("User login failure: %s@%s with profile [%s]", username, authzName, profile), - ex); + throw new RuntimeException(String.format("User login failure: %s", username), ex); } finally { try { if (ctx != null) { diff -Naru a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/SsoUtils.java b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/SsoUtils.java --- a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/SsoUtils.java 2021-07-20 03:39:24.000000000 +0800 +++ b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/SsoUtils.java 2022-06-06 14:19:02.265717000 +0800 @@ -33,7 +33,7 @@ public static String createUserSession(HttpServletRequest req, Map jsonResponse, boolean loginAsAdmin) throws Exception { - String engineSessionId; + String engineSessionId = null; if (!FiltersHelper.isStatusOk(jsonResponse)) { throw new RuntimeException((String) jsonResponse.get("MESSAGE")); } @@ -46,7 +46,6 @@ profile = username.substring(index + 1); username = username.substring(0, index); } - String authzName = (String) jsonResponse.get("user_authz"); try { ctx = new InitialContext(); ActionReturnValue queryRetVal = FiltersHelper.getBackend(ctx).runAction(ActionType.CreateUserSession, @@ -70,14 +69,12 @@ "Unable to login user %s@%s with profile [%s] " + "because the maximum number of allowed sessions %s is exceeded", username, - authzName, profile, EngineLocalConfig.getInstance().getInteger("ENGINE_MAX_USER_SESSIONS"))); } throw new RuntimeException(String.format( "The user %s@%s with profile [%s] is not authorized to perform login", username, - authzName, profile)); } engineSessionId = queryRetVal.getActionReturnValue(); @@ -90,8 +87,8 @@ true); } } catch (Exception ex) { - log.error("User '{}@{}' with profile [{}] login failed: {}", username, authzName, profile, ex.getMessage()); - log.debug("User '{}@{}' with profile [{}] login failed", username, authzName, profile, ex); + log.error("User '{}@{}' login failed: {}", username, profile, ex.getMessage()); + log.debug("User '{}@{}' login failed", username, profile, ex); throw ex; } finally { try { @@ -139,7 +136,6 @@ if (StringUtils.isNotBlank(alternateFqdnString)) { Arrays.stream(alternateFqdnString.trim().split("\\s *")) .filter(StringUtils::isNotBlank) - .map(String::toLowerCase) .forEach(allowedDomains::add); } @@ -148,7 +144,7 @@ private static String parseHostFromUrl(String url, String urlPropertyName) { try { - return new URI(url).getHost().toLowerCase(); + return new URI(url).getHost(); } catch (URISyntaxException e) { throw new IllegalStateException(urlPropertyName + " not a valid URI: " + url); } diff -Naru a/backend/manager/modules/aaa/src/test/java/org/ovirt/engine/core/aaa/SsoUtilsTest.java b/backend/manager/modules/aaa/src/test/java/org/ovirt/engine/core/aaa/SsoUtilsTest.java --- a/backend/manager/modules/aaa/src/test/java/org/ovirt/engine/core/aaa/SsoUtilsTest.java 2021-07-20 03:39:24.000000000 +0800 +++ b/backend/manager/modules/aaa/src/test/java/org/ovirt/engine/core/aaa/SsoUtilsTest.java 2022-06-06 14:20:07.028614000 +0800 @@ -38,23 +38,6 @@ } @Test - public void shouldMatchAppUrlDomainOnAlternateSSOEngineUrlRegardlessUpperCase() { - // given - EngineLocalConfig.getInstance(new HashMap<>() { - { - put("SSO_ENGINE_URL", "https://engine.example.com:8221/ovirt-engine"); - put("SSO_ALTERNATE_ENGINE_FQDNS", "engine1.example.com ALTERNATE-engine.example.com"); - } - }); - - // when - boolean valid = SsoUtils.isDomainValid("https://alternate-engine.EXAMPLE.com:20001/somerest/api_v9"); - - // then - Assertions.assertTrue(valid); - } - - @Test public void shouldAllowBlankAppUrl() { // given EngineLocalConfig.getInstance(new HashMap<>() { @@ -103,23 +86,6 @@ // then Assertions.assertTrue(valid); - } - - @Test - public void shouldMatchAppUrlDomainOnSSOEngineUrlRegardlessUpperCase() { - // given - EngineLocalConfig.getInstance(new HashMap<>() { - { - put("SSO_ENGINE_URL", "https://engine.EXAMPLE.com:30003/ovirt-engine"); - put("SSO_ALTERNATE_ENGINE_FQDNS", "alternate-engine.example.com"); - } - }); - - // when - boolean valid = SsoUtils.isDomainValid("https://ENGINE.example.com:20001/somerest/api_v9"); - - // then - Assertions.assertTrue(valid); } @Test