SSO Ruby code fails

  • updated
  • Fixed
The SSO Ruby code sample fails in my environment.  Using the sample script accessible via the Ruby link on Ruby 1.9.3 yields the following:

irb(main):028:0* 16.times { |i| message_json[i] ^= iv[i] }
NoMethodError: undefined method `^' for "{":String
from (irb):28:in `block in irb_binding'
from (irb):28:in `times'
from (irb):28
Sergey Stukov
  • Under review
Will check and apply fix soon
Sergey Stukov
  • Answer
  • Fixed
We added support for ruby 1.9.+ now.

replace 
16.times { |i| message_json[i] ^= iv[i] }
with
16.times { |i| message_json[i] = (message_json[i].ord ^ iv[i].ord).chr }
and all should work
jrimmer
Executes fine via IRB.  I'll comment after integrating it.
jrimmer

Code works fine, though I did change

sso_token = ([encrypted_bytes].pack('m*'))

to

sso_token = ([encrypted_bytes].pack('m0'))

as otherwise the browser complains about the carriage returns in the resulting value.


With all of that done unfortunately it doesn't work.  I haven't changed any of the key creation code so any pointers are appreciated. 

Here's a generated javascript request:
<script type="text/javascript">

var _ues = {
  host:'feedback.mirthworks.com',
  forum:'10578',
  lang:'en',
  tab_corner_radius:10,
  tab_font_size:20,
  tab_image_hash:'RmVlZGJhY2s%3D',
  tab_alignment:'right',
  tab_text_color:'#FFFFFF',
  tab_bg_color:'#8CC63F',
  tab_hover_color:'#62C462',
  params:{sso_token:'P+/gdwI9jKhbAJ5mO+fgJuTIXXoKg+pU/KBzcwVJsBY1fm0oWKCjKuY1VvTNcfipyoiapqd7lj87GzYlpL0+EXoSM2Hl+F6SfFqfKCtAUY02+fMQskX8RMo+vtGJxqTmlVTJ2iWRxvFlkQIYCa9i3OxORmHKZSdcL6Ec7tdGq7xKFWsPsyM9w+FW31YYY5iHXNiUBg9JIGTumoixd0NvfEgSYrNp1tfYB+nYRRjCfrj7L7IidVnK/HEJ3f1Mx6dxtcHczjwXWA1hWOKm+1lHEi/bA5JriM6ThJO5fPfZMMQXPK0gQjuBy76YS8PoZIwZ'}
};
(function() {
  var _ue = document.createElement('script'); _ue.type = 'text/javascript'; _ue.async = true;
  _ue.src = ('https:' == document.location.protocol ? 'https://s3.amazonaws.com/' : 'http://') + 'cdn.userecho.com/js/widget-1.4.gz.js';
  var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(_ue, s);
})();
</script>

Note that I also unsuccessfully tested with the key in a straight GET and mucked with the hostname such as 'mirthworks.userecho.com' both to no avail.


Sergey Stukov
Quote from jrimmer

Code works fine, though I did change

sso_token = ([encrypted_bytes].pack('m*'))

to

sso_token = ([encrypted_bytes].pack('m0'))

as otherwise the browser complains about the carriage returns in the resulting value.


With all of that done unfortunately it doesn't work.  I haven't changed any of the key creation code so any pointers are appreciated. 

Here's a generated javascript request:
<script type="text/javascript">

var _ues = {
  host:'feedback.mirthworks.com',
  forum:'10578',
  lang:'en',
  tab_corner_radius:10,
  tab_font_size:20,
  tab_image_hash:'RmVlZGJhY2s%3D',
  tab_alignment:'right',
  tab_text_color:'#FFFFFF',
  tab_bg_color:'#8CC63F',
  tab_hover_color:'#62C462',
  params:{sso_token:'P+/gdwI9jKhbAJ5mO+fgJuTIXXoKg+pU/KBzcwVJsBY1fm0oWKCjKuY1VvTNcfipyoiapqd7lj87GzYlpL0+EXoSM2Hl+F6SfFqfKCtAUY02+fMQskX8RMo+vtGJxqTmlVTJ2iWRxvFlkQIYCa9i3OxORmHKZSdcL6Ec7tdGq7xKFWsPsyM9w+FW31YYY5iHXNiUBg9JIGTumoixd0NvfEgSYrNp1tfYB+nYRRjCfrj7L7IidVnK/HEJ3f1Mx6dxtcHczjwXWA1hWOKm+1lHEi/bA5JriM6ThJO5fPfZMMQXPK0gQjuBy76YS8PoZIwZ'}
};
(function() {
  var _ue = document.createElement('script'); _ue.type = 'text/javascript'; _ue.async = true;
  _ue.src = ('https:' == document.location.protocol ? 'https://s3.amazonaws.com/' : 'http://') + 'cdn.userecho.com/js/widget-1.4.gz.js';
  var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(_ue, s);
})();
</script>

Note that I also unsuccessfully tested with the key in a straight GET and mucked with the hostname such as 'mirthworks.userecho.com' both to no avail.


Replace last string in the source with
puts url+"/?sso_token=" + CGI.escape([encrypted_bytes].pack('m0')).gsub('+','%2B')
miketest1
Quote from Sergey Stukov
Replace last string in the source with
puts url+"/?sso_token=" + CGI.escape([encrypted_bytes].pack('m0')).gsub('+','%2B')
Later edit: Well would you look at that, it's using the test account that I created in Prod to leave this comment, Now I'm definitely confused.

Quandary time.  It works in my test environment but not in production.  I presume there's an environmental difference but I'm at a loss to explain it.


SSO key in Prod:

params:{sso_token:'RQQJKgwLVzxVAgfOZcDo7tA0hfvgEiDJjSRnqgNUV74QHiTMX4fgDVGJpEfpWxlA1zoKWvXxEh9Mf1lRlUoF%2BJWRRGy55g9JsKaCYCI9Tdm6wE1XFgiT4y0YQrkZQIUUqTfF/xqhG1zde7t/MqFatQwYI9BJ02Jrq/5CZ5RNO19pVsdOHHFNyFDB%2BwAhZidKVkf%2BudN4382BswqhkPSmuvhlZXy642%2BJ/55RZ/yXGqeUKbQ8Qhf/bPfOUcUyvtpjORc9Mmi%2BKxUGJztuhglPiuC1u%2BFykRlD6TtP9isT3Kn4UeRpkJgYWh2o0Y4GSmYI'}};
SSO key in stage:
      params:{sso_token:'LY39txV1FcypbzOB9385pRTEI%2B2kEfNxK/gdkTszw%2BEIdmPUgPAgC5txRSlx2noiQg1Bw7oIrzJFW39XCQG12gBLwwlvT9%2BIACfjnNPo2/XP6N/rm2hKaEkOGbX5Z%2BfljpoC/VDZLI/uMzTwVBxueW%2BRDu5A9R6fxNJdQWH5wWG9%2BgEBZpQfasrNlsdm3aL16v7xFVBaKrol7JXreOZu9vnDmXfI4tNp7wC5A9BtpNXKq4ZhnI%2BftrNynBmgHfKa0tvsb8Fp0NaEX73EKGhhBm6Qcp2UbTVeZSmn1I3IMOA='}


miketest1
Quote from miketest1
Later edit: Well would you look at that, it's using the test account that I created in Prod to leave this comment, Now I'm definitely confused.

Quandary time.  It works in my test environment but not in production.  I presume there's an environmental difference but I'm at a loss to explain it.


SSO key in Prod:

params:{sso_token:'RQQJKgwLVzxVAgfOZcDo7tA0hfvgEiDJjSRnqgNUV74QHiTMX4fgDVGJpEfpWxlA1zoKWvXxEh9Mf1lRlUoF%2BJWRRGy55g9JsKaCYCI9Tdm6wE1XFgiT4y0YQrkZQIUUqTfF/xqhG1zde7t/MqFatQwYI9BJ02Jrq/5CZ5RNO19pVsdOHHFNyFDB%2BwAhZidKVkf%2BudN4382BswqhkPSmuvhlZXy642%2BJ/55RZ/yXGqeUKbQ8Qhf/bPfOUcUyvtpjORc9Mmi%2BKxUGJztuhglPiuC1u%2BFykRlD6TtP9isT3Kn4UeRpkJgYWh2o0Y4GSmYI'}};
SSO key in stage:
      params:{sso_token:'LY39txV1FcypbzOB9385pRTEI%2B2kEfNxK/gdkTszw%2BEIdmPUgPAgC5txRSlx2noiQg1Bw7oIrzJFW39XCQG12gBLwwlvT9%2BIACfjnNPo2/XP6N/rm2hKaEkOGbX5Z%2BfljpoC/VDZLI/uMzTwVBxueW%2BRDu5A9R6fxNJdQWH5wWG9%2BgEBZpQfasrNlsdm3aL16v7xFVBaKrol7JXreOZu9vnDmXfI4tNp7wC5A9BtpNXKq4ZhnI%2BftrNynBmgHfKa0tvsb8Fp0NaEX73EKGhhBm6Qcp2UbTVeZSmn1I3IMOA='}


The plot thickens.  When a user clicks through to our feedback page the user doesn't show as logged in, but if they then use the URL bar to navigate to http://userecho.com/ then they show as logged in via the SSO mechanism.

Why aren't the users showing as logged in on our page?

miketest1
Quote from miketest1
Later edit: Well would you look at that, it's using the test account that I created in Prod to leave this comment, Now I'm definitely confused.

Quandary time.  It works in my test environment but not in production.  I presume there's an environmental difference but I'm at a loss to explain it.


SSO key in Prod:

params:{sso_token:'RQQJKgwLVzxVAgfOZcDo7tA0hfvgEiDJjSRnqgNUV74QHiTMX4fgDVGJpEfpWxlA1zoKWvXxEh9Mf1lRlUoF%2BJWRRGy55g9JsKaCYCI9Tdm6wE1XFgiT4y0YQrkZQIUUqTfF/xqhG1zde7t/MqFatQwYI9BJ02Jrq/5CZ5RNO19pVsdOHHFNyFDB%2BwAhZidKVkf%2BudN4382BswqhkPSmuvhlZXy642%2BJ/55RZ/yXGqeUKbQ8Qhf/bPfOUcUyvtpjORc9Mmi%2BKxUGJztuhglPiuC1u%2BFykRlD6TtP9isT3Kn4UeRpkJgYWh2o0Y4GSmYI'}};
SSO key in stage:
      params:{sso_token:'LY39txV1FcypbzOB9385pRTEI%2B2kEfNxK/gdkTszw%2BEIdmPUgPAgC5txRSlx2noiQg1Bw7oIrzJFW39XCQG12gBLwwlvT9%2BIACfjnNPo2/XP6N/rm2hKaEkOGbX5Z%2BfljpoC/VDZLI/uMzTwVBxueW%2BRDu5A9R6fxNJdQWH5wWG9%2BgEBZpQfasrNlsdm3aL16v7xFVBaKrol7JXreOZu9vnDmXfI4tNp7wC5A9BtpNXKq4ZhnI%2BftrNynBmgHfKa0tvsb8Fp0NaEX73EKGhhBm6Qcp2UbTVeZSmn1I3IMOA='}


Sorted it out.  It appears your SSO functionality is incompatible with your domain aliasing feature.  If I remove domain aliasing and change the 'host:' line in the javascript to refer to the '<site>.userecho.com' name instead SSO works as expected.

I also don't understand the point of adding the login URLs and whatnot to the SSO page as it suggests that doing so will redirect logins to the provided URL but I haven't found that to be the case.  Even with my site SSO'd if I'm logged out and navigate straight to my (non domain-aliased) Userecho site and click login the Userecho login pops up rather than redirecting to the login URL I provided on the SSO page.

Sergey Stukov
Quote from miketest1
Sorted it out.  It appears your SSO functionality is incompatible with your domain aliasing feature.  If I remove domain aliasing and change the 'host:' line in the javascript to refer to the '<site>.userecho.com' name instead SSO works as expected.

I also don't understand the point of adding the login URLs and whatnot to the SSO page as it suggests that doing so will redirect logins to the provided URL but I haven't found that to be the case.  Even with my site SSO'd if I'm logged out and navigate straight to my (non domain-aliased) Userecho site and click login the Userecho login pops up rather than redirecting to the login URL I provided on the SSO page.

We fixed issue and now you support community works on http://feedback.mirthworks.com/


Also now when users click sign-in on the UserEcho side it will redirect user to the your authorization url.

jrimmer
Quote from Sergey Stukov
We fixed issue and now you support community works on http://feedback.mirthworks.com/


Also now when users click sign-in on the UserEcho side it will redirect user to the your authorization url.

Great, I'll test and report back.
 Sign in to leave a comment