I have the public key, private key, certificates files.
I want to create rsh sha1 algorithm use to create signature and Digest Value.
This is the my code
<cfscript>
var samlData =
{
NotBefore = DateFormat(DateConvert('local2utc',Now()),'YYYY-MM-DDT') & TimeFormat(DateConvert('local2utc',DateAdd('n',-1,Now())),'HH:mm:SSZ')
,NotAfter = DateFormat(DateConvert('local2utc',DateAdd('n',1,Now())),'YYYY-MM-DDT') & TimeFormat(DateConvert('local2utc',DateAdd('n',1,Now())),'HH:mm:SSZ')
,assertionId = createUUID()
,IDPDomain = "xxx.com"
,Issuer = "xxx"
,SPService = "dropbox"
,SPDomain = "dropbox.com"
,email = "xxxx#gmail.com"
,name = "xxxxx"
,Destination="https://www.dropbox.com/saml_login"
};
</cfscript>
<cfoutput>
<cfxml variable="samlAssertionXML">
<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified" Destination="#samlData['Destination']#" ID="#samlData['assertionId']#" IssueInstant="#samlData['NotBefore']#" Version="2.0" >
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" >#samlData['Issuer']#</saml2:Issuer>
<saml2p:Status>
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
</saml2p:Status>
<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="#createUUID()#" IssueInstant="#samlData['NotBefore']#" Version="2.0" >
<saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">#samlData['Issuer']#</saml2:Issuer>
<saml2:Subject>
<saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">#samlData['email']#</saml2:NameID>
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml2:SubjectConfirmationData NotOnOrAfter="#samlData['NotAfter']#" Recipient="#samlData['Destination']#" />
</saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:Conditions NotBefore="#samlData['NotBefore']#" NotOnOrAfter="#samlData['NotAfter']#" >
<saml2:AudienceRestriction>
<saml2:Audience>#samlData['SPService']#</saml2:Audience>
</saml2:AudienceRestriction>
</saml2:Conditions>
<saml2:AuthnStatement AuthnInstant="#samlData['NotBefore']#" SessionIndex="997f3463-8d81-4fac-ab8c-916fdc04898b" >
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
</saml2:AuthnContext>
</saml2:AuthnStatement>
</saml2:Assertion>
</saml2p:Response>
</cfxml>
</cfoutput>
<cfset samlXML = ToString(samlAssertionXML)>
<cfset samlResponce = replaceNoCase(samlXML, '+0000', "Z","all")>
<cfset samlXML = replaceNoCase(samlXML, '<?xml version="1.0" encoding="UTF-8"?>', "")>
<cfdump var="#samlXML#" />
<cfoutput>
<form method="post" action="https://www.dropbox.com/saml_login">
<input type="hidden" name="RelayState" value="">
<input type="hidden" name="SAMLResponse" value="#toBase64(samlXML)#">
<input type="submit" name="submit" vaule="submit">
</form>
</cfoutput>
this use to submit form going to dropbox saml login page and then i've faced
could not validate saml assertion dropbox issue
Related
This is my HTML POST Form.
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
</head>
<body>
<form action="http://sigv4examplebucket.s3.amazonaws.com/" method="post" enctype="multipart/form-data">
Key to upload:
<input type="input" name="key" value="user/user1/${filename}" /><br />
<input type="hidden" name="acl" value="public-read" />
<input type="hidden" name="success_action_redirect" value="http://sigv4examplebucket.s3.amazonaws.com/successful_upload.html" />
Content-Type:
<input type="input" name="Content-Type" value="image/jpeg" /><br />
<input type="hidden" name="x-amz-meta-uuid" value="14365123651274" />
<input type="hidden" name="x-amz-server-side-encryption" value="AES256" />
<input type="text" name="X-Amz-Credential" value="AKIAIOSFODNN7EXAMPLE/20151229/us-east-1/s3/aws4_request" />
<input type="text" name="X-Amz-Algorithm" value="AWS4-HMAC-SHA256" />
<input type="text" name="X-Amz-Date" value="20151229T000000Z" />
Tags for File:
<input type="input" name="x-amz-meta-tag" value="" /><br />
<input type="hidden" name="Policy" value='<Base64-encoded policy string>' />
<input type="hidden" name="X-Amz-Signature" value="<signature-value>" />
File:
<input type="file" name="file" /> <br />
<!-- The elements after this will be ignored -->
<input type="submit" name="submit" value="Upload to Amazon S3" />
</form>
</html>
I got this from the AWS S3 Docs shown below.
https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-post-example.html
From AWS Console I have gotten my security credentials as shown below.
I am aware that I need to set values for "Policy" and "X-Amz-Signature" but I am not sure as to how to do that.
In the docs they have mentioned that I need to StringToSign and get the Policy/Signature but I am not sure how to do that.
Can someone help me as to how to generate Policy and Signature for my HTML FORM ?
You will have to calculate the signature from backend. Follow these details Calculating a Signature to implement at your own.
That would be something like this:
$kDate = hash_hmac('sha256', $short_date, 'AWS4' . $secret_key, true);
$kRegion = hash_hmac('sha256', $region, $kDate, true);
$kService = hash_hmac('sha256', "s3", $kRegion, true);
$kSigning = hash_hmac('sha256', "aws4_request", $kService, true);
$signature = hash_hmac('sha256', base64_encode($policy), $kSigning);
Or you can use any of the AWS SDKs of your choice.
For example using PHP SDK you would implement:
Aws\Signature\S3SignatureV4
Trying to upload to AWS S3 using createPresignedPost approach, but either the seemingly uploaded file is invisible or not showing in S3 bucket or "Policy Condition failed" error returned.
Need to upload files to AWS S3 bucke securely, so I try to generate a presigned post policy in Lambda. Then I copy the policy details into a test HTML form, then upload files. If I put in the "key" parameter like this: <input type="input" name="key" value="datafile/math3/${filename}" />, a "Policy Condition failed" error will return. Why? This seems to be the right way to set this parameter. But if I set "key" like this (remove the {filename} part"), <input type="input" name="key" value="datafile/math3/" />, the uploading seems to be successful. No error returned, I even see the folder "datafile/math3" got created in S3. But there is no file under the folder. If I check the size of the folder, the size roughly match the file I try to upload. No object showing up. Why?
Lambda code:
var policy;
var AWS = require('aws-sdk');
AWS.config.update({accessKeyId: 'xxxxxxxxxxx', secretAccessKey: 'yyyyyyyyyyyyyyyyyyyyyyy'});
const s3 = new AWS.S3();
const key = 'datafile/math3/';
const params = {
Bucket: 'my-file-store',
Key: key,
Expires: 60*60, // in seconds,
Fields: {
key: key,
}
// Conditions: [
// // {'acl': 'public-read'},
// // ["starts-with", "$key", "datafile/math3/"],
// // {'key': 'datafile/math3/'}
// ]
};
s3.createPresignedPost(params, function(err, data) {
if (err) {
throw err;
}
else {
policy = data;
}
});
return policy;
I run this lambda code in test mode, and copy over the necessary info into the html code.
HTML code:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
</head>
<body>
<form action="https://s3.amazonaws.com/my-file-store" method="post" enctype="multipart/form-data">
Key to upload:
<input type="input" name="key" value="datafile/math3/${filename}" /><br />
<!-- <input type="input" name="key" value="datafile/math3/" /><br /> -->
<!-- <input type="hidden" name="acl" value="public-read" /> -->
<!-- <input type="hidden" name="success_action_redirect" value="http://aztopia-file-store.s3.amazonaws.com/successful_upload.html" /> -->
Content-Type:
<!-- <input type="input" name="Content-Type" value="image/jpeg" /><br /> -->
<!-- <input type="hidden" name="x-amz-meta-uuid" value="14365123651274" /> -->
<!-- <input type="hidden" name="x-amz-server-side-encryption" value="AES256" /> -->
<input type="text" name="X-Amz-Credential" value="erzdfgsdfgsddgdffdfffxxxxxx/20190330/us-east-1/s3/aws4_request" />
<input type="text" name="X-Amz-Algorithm" value="AWS4-HMAC-SHA256" />
<input type="text" name="X-Amz-Date" value="20190330T030853Z" />
Tags for File:
<!-- <input type="input" name="x-amz-meta-tag" value="" /><br /> -->
<input type="hidden" name="Policy" value='asdfasfadsfasdfasdfasrheghjfghjfhhjfgjghxxxxxxxxxxxxxxxxxxxxxxxxxxxx==' />
<input type="hidden" name="X-Amz-Signature" value="343rgwgdhgsfgsdfgdgdfgsdfgsdfgsdfgfdyyyyyyyy" />
File:
<input type="file" name="file" /> <br />
<!-- The elements after this will be ignored -->
<input type="submit" name="submit" value="Upload to Amazon S3" />
</form>
</html>
BTW, I have CORS setup in the bucket like below.
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>PUT</AllowedMethod>
<AllowedMethod>DELETE</AllowedMethod>
<AllowedMethod>HEAD</AllowedMethod>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>
Now why it does not like me to set key like this:<input type="input" name="key" value="datafile/math3/${filename}" />? From all sources, the {filename} part seems necessary.
If I remove ${filename}, I kinda know it cannot put the object correctly since it does not know the filename.
What do I miss here?
Another maybe related point: if I add the <input type="hidden" name="acl" value="public-read" />parameter in both lambda and html form, (commented out now), I got an "access denied" error. Why is that?
Tried many other combinations like starts-with condition too. No avail.
Much appreciation for looking! Been struggling for the whole day.
This is my HTML POST Form.
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
</head>
<body>
<form action="http://sigv4examplebucket.s3.amazonaws.com/" method="post" enctype="multipart/form-data">
Key to upload:
<input type="input" name="key" value="user/user1/${filename}" /><br />
<input type="hidden" name="acl" value="public-read" />
<input type="hidden" name="success_action_redirect" value="http://sigv4examplebucket.s3.amazonaws.com/successful_upload.html" />
Content-Type:
<input type="input" name="Content-Type" value="image/jpeg" /><br />
<input type="hidden" name="x-amz-meta-uuid" value="14365123651274" />
<input type="hidden" name="x-amz-server-side-encryption" value="AES256" />
<input type="text" name="X-Amz-Credential" value="AKIAIOSFODNN7EXAMPLE/20151229/us-east-1/s3/aws4_request" />
<input type="text" name="X-Amz-Algorithm" value="AWS4-HMAC-SHA256" />
<input type="text" name="X-Amz-Date" value="20151229T000000Z" />
Tags for File:
<input type="input" name="x-amz-meta-tag" value="" /><br />
<input type="hidden" name="Policy" value='<Base64-encoded policy string>' />
<input type="hidden" name="X-Amz-Signature" value="<signature-value>" />
File:
<input type="file" name="file" /> <br />
<!-- The elements after this will be ignored -->
<input type="submit" name="submit" value="Upload to Amazon S3" />
</form>
</html>
I got this from the AWS S3 Docs shown below.
https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-post-example.html
From AWS Console I have gotten my security credentials as shown below.
I am aware that I need to set values for "Policy" and "X-Amz-Signature" but I am not sure as to how to do that.
In the docs they have mentioned that I need to StringToSign and get the Policy/Signature but I am not sure how to do that.
Can someone help me as to how to generate Policy and Signature for my HTML FORM ?
You will have to calculate the signature from backend. Follow these details Calculating a Signature to implement at your own.
That would be something like this:
$kDate = hash_hmac('sha256', $short_date, 'AWS4' . $secret_key, true);
$kRegion = hash_hmac('sha256', $region, $kDate, true);
$kService = hash_hmac('sha256', "s3", $kRegion, true);
$kSigning = hash_hmac('sha256', "aws4_request", $kService, true);
$signature = hash_hmac('sha256', base64_encode($policy), $kSigning);
Or you can use any of the AWS SDKs of your choice.
For example using PHP SDK you would implement:
Aws\Signature\S3SignatureV4
I have a code that has been in the production environment for the past 2 years with no issues, last week our hosting company was down for two days, and when the server got back online, our application started having a particular issue.
This issue is when you try to login, it will bring you back to the login page with no errors.
I submitted a troble ticket and i was asked to clear my browser cache. I cleared my cache and the application started working again.
Is there no other way to resolve this issue without clearing the browser cache?
I have tried several method, I have used
<meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate" />
<meta http-equiv="Pragma" content="no-cache" />
<meta http-equiv="Expires" content="0" />
and also used
<cflocation url="index.cfm" addtoken="yes">
Please see the code for Application.cfc
<cfcomponent>
<cfset this.name = "some_app">
<cfset this.applicationTimeout = createTimeSpan(0,9,0,0)>
<cfset this.clientmanagement= "yes">
<cfset this.ClientStorage = "registry"><!--- this was formally cookie, i changed it to registry, but no change --->
<cfset this.loginstorage = "session" >
<cfset this.sessionmanagement = "yes">
<cfset this.sessiontimeout = createTimeSpan(0,4,0,0)>
<cfset this.setClientCookies = "yes">
<cfset this.setDomainCookies = "yes">
<cfset this.scriptProtect = "all">
<cfset this.datasource = "some_dsn">
<cffunction name="onApplicationStart" output="false">
<cfset application.scriptProtect = "all">
<cfset application.sessions = 0>
<cfset application.surportmail = "support#some_app.com">
<cfset application.site.url = "http://some_app.com/"/>
<cfset application.com.Employee = CreateObject("component","com.user.Employee").init()/>
<cfset application.com.Appraisal = CreateObject("component","com.Appraisal").init()/>
<cfset application.com.Security = CreateObject("component","com.system.Login").init()/>
<cfset application.com.Log = CreateObject("component","com.adexfe.portal.system.Log").init()/>
<cfset application.com.Temp = CreateObject("component","com.adexfe.portal.Temp").init()/>
<cfset application.com.Util.Security = CreateObject("component","com.adexfe.util.Security").init()/>
<cfset application.com.Security.url = application.site.url/>
</cffunction>
<cffunction name="onApplicationEnd" output="false">
<cfargument name="applicationScope" required="true">
</cffunction>
<cffunction name="onRequestStart">
<cfargument name="requestname" required=true/>
<cflock type="exclusive" scope="session" timeout="10">
<cfparam name="session.IsLogin" default="false" type="boolean" />
<cfparam name="session.Userinfo" default="" />
</cflock>
<cflock type="readonly" scope="session" timeout="40">
<cfset request.IsLogin = session.IsLogin>
<cfset request.UserInfo = session.UserInfo>
</cflock>
<!--- Check for login here --->
<cfif Not request.IsLogin and ListLast(cgi.SCRIPT_NAME,'/') NEQ "login.cfm" and ListLast(cgi.SCRIPT_NAME,'/') NEQ "forget.cfm">
<cflocation url="login.cfm" addtoken="no">
</cfif>
<cfset application.com.Security.url = application.site.url/>
<cfset request.Security = application.com.Util.Security/>
<cfparam name="url.bp" default="#request.Security.URLEncrypt('bp=home')#"/>
<cfset url.bpr = url.bp/>
<cfif listfirst(url.bp,'=') eq 'h'>
<cfset request.aurl = request.Security.URLDecrypt(listlast(url.bp,'='))/>
<cfelse>
<cfset request.aurl.bp = url.bp/>
</cfif>
<cfset request.aurl.bp = Replace(request.aurl.bp,'.','/','all')>
</cffunction>
</cfcomponent>
Login.cfm code:
<html>
<head>
<title>Login</title>
<link rel="icon" href="favicon.ico" type="image/x-icon">
<link rel="shortcut icon" href="favicon.ico" type="image/x-icon">
<link href="Assets/css/reset.css" rel="stylesheet" type="text/css" />
<link href="Assets/css/login.css" rel="stylesheet" type="text/css" />
<meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate" />
<meta http-equiv="Pragma" content="no-cache" />
<meta http-equiv="Expires" content="0" />
</head>
<body>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr><td width="50%" align="right"><br /> <img src="Assets/img/logo-b.jpg" width="445" height="164" /></td>
<td><span class="label"> <img src="Assets/img/comp_logo.gif" vspace="100" hspace="50" /></span></td></tr>
</table>
<cfform name="login">
<table width="300" border="0" align="center" >
<tr><td nowrap class="label"> Email:</td>
<td><cfinput class="in" name="username" message="Valid email address is required please" type="text" required="yes" /></td></tr>
<tr><td height="41" class="label">Password:</td>
<td><cfinput class="in" name="Password" style="color:red;" required="yes" type="password"/></td></tr>
<tr><td height="41"> </td>
<td><input type="submit" value="Login" class="sub"/><input name="Captcha" value="" type="hidden"></td></tr>
<tr><td> </td>
<td>Forget password?</td></tr>
</table>
</cfform>
<cfoutput>
<cfif structkeyexists(form,'Captcha')>
<!---login with user info --->
<cfset s = createobject("component","com.system.Security").init(false,false)/>
<cfset l = createobject("component","com.system.Login").init()/>
<cfset l.url = application.site.url/>
<cfset l.SignIn(form,s)/>
<cfif Not l.IsLogin>
<div align="center" style="color:##F00; font-weight:bold; text-align:center;">#l.errmsg#</div>
<cfset application.com.Log.WriteLoginAttempt(form.username)/>
<cfelse>
<!--- set session --->
<cflock type="exclusive" scope="session" timeout="30" throwontimeout="yes">
<cfset session.IsLogin = true>
<cfset session.userInfo = application.com.Employee.GetEmployee(l.userInfo.employeeid)/>
</cflock>
<cfset application.com.Log.WriteLoginSuccess(form.username,l.userInfo.employeeId)/>
<cflocation url="index.cfm" addtoken="no">
</cfif>
</cfif>
</cfoutput>
</body>
</html>
Thank you
you can clear you application variables on the server if you use these commands, also you can use structClear() if you want to reset any of the variables and restart the application. Generally speaking once application variables are set they stay persistent in memory until the application is restarted.
these commands will restart the application.
<cfscript> applicationStop(); </cfscript> or <cfset applicationStop()>
after the variables have been cleared you can remove that line of code and that should resolve the caching issue.
I have a CFgrid that was working fine in CF 9.0, but now we have upgraded to 9.0.1, nothing comes up form (form.#GridName#.#Column1Name#) after the form is submitted. I made up some test code (below) which i have tried on a 9.0.1 server, which comes up with empty string in the form, were as on a 9.0 it somes up with all the info for the selected row. Any ideas on what the problem is and any fixes for it?
Cheers in advance
DUMP form: <cfdump var="#form#"><br>
<cfform action="#CGI.script_name#" method="post">
<cfset args = structNew()>
<cfset args.name = "requestGrid">
<cfset args.format = "html">
<cfset args.stripeRows = true>
<cfset args.selectmode = "row">
<cfset args.height = "150">
<cfset arg.width = "320">
<cfset args.autowidth = "yes">
<cfset args.gridLines = "yes">
<cfgrid attributeCollection="#args#">
<cfgridcolumn name="iRequestProductID" display="false">
<cfgridcolumn name="iItemID" display="false">
<cfgridcolumn name="iProductID" display="false">
<cfgridcolumn name="productName" header="Requested Product" width="150" >
<cfgridcolumn name="ItemName" header="Allocated Item" width="100" dataAlign="center">
<cfgridcolumn name="sSerialNo" header="Serial no" width="100" dataAlign="center">
<cfgridrow data = "1,1,2,test1,aaa,123">
<cfgridrow data = "1,2,2,test2,bbb,234">
<cfgridrow data = "1,3,2,test3,ccc,345">
<cfgridrow data = "1,4,2,test4,ddd,456">
<cfgridrow data = "1,5,2,test5,eee,567">
</cfgrid>
<input type="Submit" name="allocate" value="Allocate Item" style="color:ff0000" />
</cfform>
One of the enhancements in ColdFusion 9.0.1:
In ColdFusion 9, data for the first row is available on form submission in a form with dynamic grid. In ColdFusion 9.0.1, the data is not available.
Reference: http://help.adobe.com/en_US/ColdFusion/9.0/CFMLRef/WSc3ff6d0ea77859461172e0811cbec22c24-7baf.html