Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(ui5-middleware-onelogin): possible to provide certificate to login directly #1079

Open
wants to merge 14 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
50 changes: 42 additions & 8 deletions packages/ui5-middleware-onelogin/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,26 +27,60 @@ npm install ui5-middleware-onelogin --save-dev

## Configuration options (in `$yourapp/ui5.yaml`)

Currently you can define the properties in the configuration (see below) or the following environment variables are used.
You can define the properties either in the configuration (YAML file) or using environment variables. The order of precedence is:

- path: `string` either the url or the hostname and port of the SAP system
- subdirectory`(optional)`: `string` the subdirectory that is appended to the path, defaults to the fiori launchpad at /sap/bc/ui2/flp
- username`(optional)`: `string` Username to be used to login to the launchpad
- password`(optional)`: `string`Password used to login
- useCertificate`(optional)`: `boolean` use a certificate to login instead of username and password
- debug`(optional)`: `boolean` true will open up the playwright browser so you can see what's going on
1. YAML file configuration
2. Environment variables
3. Default configuration

**Important:** When configuring `ClientCertificate`, you must define all its properties either in the YAML file or in environment variables. Mixing definitions between YAML and environment variables for `ClientCertificate` is not supported.

Currently, you can define the following properties:

- **path**: `string` either the url or the hostname and port of the SAP system
- **subdirectory**`(optional)`: `string` the subdirectory that is appended to the path, defaults to the fiori launchpad at /sap/bc/ui2/flp
- **username**`(optional)`: `string` Username to be used to login to the launchpad
- **password**`(optional)`: `string` Password used to login
- **useCertificate**`(optional)`: `boolean` use a certificate to login instead of username and password
- **debug**`(optional)`: `boolean` true will open up the playwright browser so you can see what's going on

**NB1:** If you choose to use the certificate login then check the property AutoSelectCertificateForUrls in chrome://policy if it holds the url pattern for your system. [Playwright](https://github.com/microsoft/playwright/issues/1799) has an issue to handle the certificate prompt. Another workaround is to set debug and useCertificate to true in the configuration and press ok when the prompt opens

**NB2:** If your system does not host a fiori launchpad, you will have to adjust the subdirectory to point to a different login protected page. In the case of a MII java stack that hosts an OData service, try setting subdirectory to XMII/PropertyAccessServlet?Mode=List

You can either add the following properties to your .env file, remember to add that to your .gitignore
### **Certificate properties:**

- **certificateOrigin**`(optional)`: `string` Exact origin that the certificate is valid for. Origin includes https protocol, a hostname and optionally a port.
- **certificateCertPath**`(optional)`: `string` Path to the file with the certificate in PEM format.
- **certificateKeyPath**`(optional)`: `string` Path to the file with the private key in PEM format.
- **certificatePfxPath**`(optional)`: `string` Path to the PFX or PKCS12 encoded private key and certificate chain.
- **certificatePassphrase**`(optional)`: `string` Passphrase for the private key (PEM or PFX).

Those properties are only work when useCertificate is set to true.

### **Using SAP Passport:**

You can use SAP Passport certificates to login without having to provide a username and password.
Get your certificate from [SAP Passport](https://support.sap.com/en/my-support/single-sign-on-passports.html).
Here you download a **pfx** file with a passphrase. You can move the certificate to the root of your project and set the `certificatePfxPath` to the file name.
Add the passphrase to the **.env** file with the property `UI5_MIDDLEWARE_ONELOGIN_CERTIFICATE_PASSPHRASE`.

### **Using environment variables:**

You can set the following environment variables in your **.env** file (remember to add it to your .gitignore):

You can either add the following properties to your **.env** file, remember to add that to your .gitignore

- UI5_MIDDLEWARE_ONELOGIN_LOGIN_URL or UI5_MIDDLEWARE_SIMPLE_PROXY_BASEURI
- UI5_MIDDLEWARE_ONELOGIN_LOGIN_SUBDIRECTORY
- UI5_MIDDLEWARE_ONELOGIN_USERNAME
- UI5_MIDDLEWARE_ONELOGIN_PASSWORD
- UI5_MIDDLEWARE_ONELOGIN_USE_CERTIFICATE
- UI5_MIDDLEWARE_ONELOGIN_CERTIFICATE_ORIGIN
- UI5_MIDDLEWARE_ONELOGIN_CERTIFICATE_CERT_PATH
- UI5_MIDDLEWARE_ONELOGIN_CERTIFICATE_KEY_PATH
- UI5_MIDDLEWARE_ONELOGIN_CERTIFICATE_PFX_PATH
- UI5_MIDDLEWARE_ONELOGIN_CERTIFICATE_PASSPHRASE
- UI5_MIDDLEWARE_ONELOGIN_QUERY or UI5_MIDDLEWARE_SIMPLE_PROXY_QUERY
- UI5_MIDDLEWARE_ONELOGIN_DEBUG

Expand Down
84 changes: 68 additions & 16 deletions packages/ui5-middleware-onelogin/lib/cookieGetter.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading
Loading