Page tree
Skip to end of metadata
Go to start of metadata

By default support for CORS with credentials is enabled for the following features:

  • RefreshServlet (uas/refresh)

By default it's configured so that it's allowed to be called from any origin. If you want to change this behavior so that it's either possible to call only from certain known origins, or not possible at all, follow the steps below.

  • Find the web.xml file in the following path:
    • On Linux /usr/local/ubisecure/ubilogin/webapps/uas/WEB-INF/web.xml.
    • On Windows %PROGRAMFILES%\Ubisecure\ubilogin-sso\ubilogin\webapps\uas\WEB-INF\web.xml.
  • Use a text-editor that supports UTF-8, such as notepad++ or vim. In Windows, notepad is not recommended as it will add the byte order mark (BOM), that may cause problems.
  • Define the origins that are to be allowed in the param-value section of the param-name cors.allowed.origins.
    • A valid origin consist of scheme, host and port, as described in RFC-6454.
    • The list is comma-separated.
    • Empty value or null means that it's not possible to call with CORS from any origin

CorsFilter configuration in web.xml
<filter>
    <filter-name>CorsFilter#enabled-with-credentials</filter-name>
    <filter-class>com.ubisecure.util.filter.CorsFilter</filter-class>
    <init-param>
        <param-name>cors.allowed.origins</param-name>
        <param-value>https://www.example.com, https://mail.example.com:8080</param-value>
    </init-param>
    <init-param>
        <param-name>cors.allowed.methods</param-name>
        <param-value>GET,POST</param-value>
    </init-param>
    <init-param>
        <param-name>cors.support.credentials</param-name>
        <param-value>true</param-value>
    </init-param>
</filter>

  • After updating web.xml, run the update command as follows:
    • On Linux: /usr/local/ubisecure/ubilogin-sso/ubilogin/config/tomcat/update.sh.
    • On Windows: %PROGRAMFILES%\Ubisecure\ubilogin-sso\ubilogin\config\tomcat\update.cmd.

  • No labels