Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Add Duo integration via OIDC interface

Description

We need to build a second Duo flow that interfaces with their new OIDC-based API in place of the iframe.

Their SDK provides a fast path, but uses a different OIDC library set than our work, so proposing we do this with their code first and then native ourselves later.

Environment

None

Activity

Show:

Scott CantorJune 22, 2020 at 2:12 PM

I don't think we want any of this infecting servlet contexts they shouldn't be, but I don't have the V4 code in front of me to remember how this all changed.

Basically, whatever we need the paths to be, they need to be only those paths and never any others, so whatever it takes for that to happen.

Philip SmartJune 22, 2020 at 9:46 AM
Edited

Yeah, it seems controllers are not scanned for or registered in the root application context because there is no RequestMappingHandlerMapping defined - whereas it is in the dispatcher servlet context.

Some options:

  1. Use only a postconfig.xml, but move the RequestMappingHandlerMapping to the root context e.g. inside global-system.xml. This works, but not sure of all the implications.

  2. Use only a postconfig.xml, but add detectHandlerMethodsInAncestorContexts="true" to the RequestMappingHandlerMapping in the mvc-beans.xml. This will scan for controllers and mappings in the parent (root) context.

  3. Add a new post-webflow-config.xml which is added to the configuration of the idp servlet (as tested above).

I quite like the second option, although it does mean you could register a controller in the root context and not specifically in the IdP servlet's context.

Scott CantorJune 19, 2020 at 5:13 PM

It must be a requirement of MVC for the configuration to be inside the servlet, I see they get processed by the Spring dispatcher servlet.

I think it's pretty likely that we just have to add a second convention there, it's just unfortunate that it will mean editing web.xml to do it for deployers.

Philip SmartJune 19, 2020 at 4:21 PM
Edited

It creates the bean if specified in the (existing) postconfig hook, but is not routing to it as a controller. First though is the annotation processing - but not sure.  I will investigate.

Scott CantorJune 19, 2020 at 4:03 PM
Edited

You're right, that's true, so it would need to be a postconfig file. My question is why the existing hook for that in web.xml won't work, but I think this relates to my never understanding the reason the files had to be split like that.

I thought it was one global context, but I suppose that must not be really true, in which case I guess we should have created a pre/post hook convention for the IdP servlet also?

Done

Details

Assignee

Reporter

Components

Fix versions

Created March 20, 2020 at 4:42 PM
Updated March 24, 2021 at 3:41 PM
Resolved March 24, 2021 at 3:40 PM