Setting up Implementation-specific Log-in Sequences

Owned by Ravikumar Babu CTOO (Unlicensed)
Last updated: May 10, 2019

For the application built using Canvas, you can either use your existing entitlement service for authenticating and authorizing users OR use the authentication service provided by Canvas. In the first scenario, a centralized authentication system (e.g. ARX) is available and users of the applications (including the one built using Canvas) are authenticated by that central system on its log-on page. In the second scenario, Canvas' log-in sequence is used for authenticating users.

Even though Canvas offers a default authentication provider, you can use other authentication provider, such as ARX, to authenticate users and validate their entitlement.

Perform the following steps to setup an implementation-specific log-on sequence:

  1. Create a custom authentication provider by implementing the Java Interface, IAuthenticationServiceProvider. See the sample custom authentication provider for reference.

  2. Mention the custom authentication provider to Canvas framework by providing a value for the AUTH_SERV_PROV_CLASS key in the securityconfig.properties file.

    # The following key indicates the authentication provider that is to
# be used during log-in, log-out or re-authentication purposes.
AUTH_SERV_PROV_CLASS=com.intellectdesign.app.smartbank.servlets.login.SmartBankAuthenticationProvider

# Here, SmartBankAuthenticationProvider.java is the custom authentication provider class.

  3. Create a custom validate class by implementing the Java interface, IEntitlementSource. See the sample custom validate class for reference.

  4. Mention the custom validate class to Canvas framework by providing a value for the VIEW_ENTITLEMENT_CLASS key in the implclassconfig.properties file.

    # The following key indicates the class that validates the users' entitlement.
VIEW_ENTITLEMENT_CLASS=com.intellectdesign.app.smartbank.servlets.entitilements.SmartBankViewEntitlement

# Here, SmartBankViewEntitlement.java is the custom entitlement validation class.

  5. Retrieve the users' log-in ID and password using the request.getParameter method and set those to uservalue in the extractLoginParameters method in Login Servlet.

    private IUserValue extractLoginParameters(HttpServletRequest request)
{
	UserValue userValue = new UserValue();
		
	String userName = (request.getParameter("ctLoginID")).trim();
	String password = request.getParameter("loginPSW");

	// Set the login Id into the User Value
	userValue.setLoginId(userName);

	// Set the simulation model flag in the user Value
	String isSimulationMode = request.getParameter("isSimulated");
	if (isSimulationMode != null && "true".equals(isSimulationMode))
	{
		userValue.setSimulated(true);
		userValue.setSimulatingUserNo(request.getParameter("simulatingUserNo"));
	}

	// Set the password into the user value
	userValue.setUserPin(password);
		
	String checkSumValue = userName + "-" + password + "-" + "INTELLECT_SMARTBANK";
		
	String checkSum = null;
	
	try 
	{
		checkSum = generateSHA256(checkSumValue, userName);
	} 
	catch (Exception e) 
	{
		e.printStackTrace();
	}
	
	userValue.setRSATokenSerialNo(checkSum);

	return userValue;
}

  6. Get the users' log-in ID and password from uservalue and pass those to authentication service in authenticateUser method in the custom authentication provider class. Also, set the setStatusFlag as E if response code is 200.

    public void authenticateUser(IUserValue uValue) throws AuthenticationException
{
	Map customSSOProperties = uValue.getCustomSSOProperties();
		
	String userName = (String) uValue.getLoginId();
	String password = (String) uValue.getUserPin();
	String checksum = (String) uValue.getRSATokenSerialNo();

	if (checksum != null)
	{
		try
		{
			URL url = new URL("http://1.2.3.4:1234/smartbankAPI/api/app/customerloginbyusername/" + userName + ","
						+ password + "," + checksum + "");
				
			HttpURLConnection conn = (HttpURLConnection) url.openConnection();
			conn.setDoOutput(true);
			conn.setRequestMethod("GET");
		    conn.setRequestProperty("Content-Type", "application/json");
		    int response = conn.getResponseCode();

			if (response == 200)
			{
				// Add SSO properties using Canvas thread local, which will be
				// internally used by entitlements to fetch user and 
				// entitlement details from third party application.
				CanvasThreadLocal.put("ssoProperties", customSSOProperties);

				uValue.setTransactionStatus(IAuthenticationServiceProvider.Status.success.name());
				uValue.setStatusFlag("E");
				String info = "User name is validated successfully.";
				uValue.setInfo(info);
			} else if (response == 705)
			{
				uValue.setTransactionStatus(IAuthenticationServiceProvider.Status.failure.name());
				uValue.setInfo("Invalid User Name.");

			} else
			{
				uValue.setTransactionStatus(IAuthenticationServiceProvider.Status.failure.name());
				uValue.setInfo("Error while validating the user name.");
			}
		} catch (NumberFormatException | IOException e)
		{
			logger.cterror("FAUTHG001", e);
			throw new AuthenticationException(e);
		}
	} else if (uValue.getUserPin() != null && uValue.getUserPin() != null)
	{
		List resultList = null;

		DatabaseRequest dbRequest = new CanvasDatabaseRequest();

		try
		{
			dbRequest.setDataAccessMapKey("USER_PWD_CHECK");
			dbRequest.setOperation(DatabaseConstants.SELECT);
			dbRequest.setOperationExtension("ENCRYPT");
			dbRequest.addFilter("OD_USER_PWD", uValue.getUserPin());
			dbRequest.addFilter("OD_LOGIN_ID", uValue.getLoginId());
			resultList = dbRequest.execute().getReturnedList();
			HashMap tmpMap;
			if (null != resultList && !resultList.isEmpty())
			{
				tmpMap = (HashMap) resultList.get(0);
				String count = (String) tmpMap.get("COUNT");
				if ("0".equals(count))
				{
					uValue.setTransactionStatus(IAuthenticationServiceProvider.Status.failure.name());
					uValue.setInfo("Invalid User Credentials");
					uValue.setInvalidCred(true);
				} else
				{
					uValue.setTransactionStatus(IAuthenticationServiceProvider.Status.success.name());
					uValue.setStatusFlag("E");
					String info = "User Profile has been successfully Registered";
					uValue.setInfo(info);
				}
			}
		} catch (Exception e)
		{
				uValue.setTransactionStatus(IAuthenticationServiceProvider.Status.failure.name());
		}
	} else
	{
		logger.cterror("FAUTHG002");
		throw new AuthenticationException("User ticket is not available in SSO properties.");
	}
}

  7. Set values for the following mandatory user details in the getUserDetails method in the custom validate class (View Entitlement class). Following code snippet contains sample values for reference:

    uValue.setUserNo("8632");
uValue.setPrimaryGcif("8HIG1002");
uValue.setTransactionStatus(LoginMasterConstants.STATUS_SUCCESS);
uValue.setFIRST_NAME("UPENDRA");
uValue.setLAST_NAME("singh");
uValue.setLoginId("8600537541");
uValue.setStatusFlag("E");

    The following steps are necessary in cases where the log-on page is part of the application and you need to validate it in the custom authentication provider. If the log-on sequence is outside the application (e.g. in ARX), you do not have the perform the following steps.

  8. Create a custom servlet class by implementing the Java interface, HttpServlet. See the sample servlet class for reference.

  9. Add entry to the custom servlet in the web.xml file.

    <servlet>
	<servlet-name>PortalLoginServlet</servlet-name>
	<servlet-class>com.intellectdesign.app.smartbank.servlets.login.SmartBankLoginServlet</servlet-class>
</servlet>
  10. Restart the servers and access your application.