Single Sign-On fixed

Single Sign-On fixed

Single Sign-On fixed
32a5bd4f · MaxKey单点登录官方 · ee9fb6f5 · 32a5bd4f · 32a5bd4f · 32a5bd4f
30 changed file
--- a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java
+++ b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java
@@ -146,7 +146,9 @@ public class CasAuthorizeEndpoint  extends CasBaseAuthorizeEndpoint{
 		
 		_logger.debug("redirect to CAS Client URL " + callbackUrl);
 		
-		return WebContext.redirect(callbackUrl.toString());
+		ModelAndView modelAndView=new ModelAndView("authorize/cas_sso_submint");
+		modelAndView.addObject("callbackUrl", callbackUrl.toString());
+		return modelAndView;
 	}
 	
 	/**

--- a/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/ExtendApiAuthorizeEndpoint.java
+++ b/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/ExtendApiAuthorizeEndpoint.java
@@ -51,10 +51,10 @@ public class ExtendApiAuthorizeEndpoint  extends AuthorizeBaseEndpoint{
 	@ApiOperation(value = "ExtendApi认证地址接口", notes = "参数应用ID",httpMethod="GET")
 	@RequestMapping("/authz/api/{id}")
 	public ModelAndView authorize(HttpServletRequest request,@PathVariable("id") String id){
-		
+	    
+	    ModelAndView modelAndView=new ModelAndView("authorize/redirect_sso_submit");
 		Apps apps=getApp(id);
 		_logger.debug(""+apps);
-		
 		if(Boolean.isTrue(apps.getIsAdapter())){
 			Accounts appUser=getAccounts(apps);
 			
@@ -62,8 +62,6 @@ public class ExtendApiAuthorizeEndpoint  extends AuthorizeBaseEndpoint{
 				return generateInitCredentialModelAndView(id,"/authorize/api/"+id);
 			}

-			ModelAndView modelAndView=new ModelAndView();
-			
 			AbstractAuthorizeAdapter adapter =(AbstractAuthorizeAdapter)Instance.newInstance(apps.getAdapter());
 			
 			apps.setAppUser(appUser);
@@ -75,8 +73,9 @@ public class ExtendApiAuthorizeEndpoint  extends AuthorizeBaseEndpoint{
 					modelAndView);
 			return modelAndView;
 		}else{
-			String redirec_uri=getApp(id).getLoginUrl();
-			return WebContext.redirect(redirec_uri);
+	        modelAndView.addObject("redirect_uri", getApp(id).getLoginUrl());
+	        
+	        return modelAndView;
 		}
 		
 	}

--- a/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiCndnsApiMailAdapter.java
+++ b/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiCndnsApiMailAdapter.java
@@ -19,19 +19,16 @@ package org.maxkey.authz.exapi.endpoint.adapter;

 import java.time.Instant;
 import java.util.HashMap;
-
 import org.maxkey.authn.SigninPrincipal;
 import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
 import org.maxkey.client.http.HttpVerb;
 import org.maxkey.client.oauth.OAuthClient;
-import org.maxkey.client.oauth.model.Token;
 import org.maxkey.crypto.DigestUtils;
 import org.maxkey.entity.ExtraAttrs;
 import org.maxkey.entity.UserInfo;
 import org.maxkey.entity.apps.Apps;
 import org.maxkey.util.HttpsTrusts;
 import org.maxkey.util.JsonUtils;
-import org.maxkey.web.WebContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.web.servlet.ModelAndView;
@@ -90,7 +87,7 @@ public class ExtendApiCndnsApiMailAdapter extends AbstractAuthorizeAdapter {
 		
 		String tokenMd5 =DigestUtils.md5Hex(details.getCredentials());
 		HashMap<String,String > requestParamenter =new HashMap<String,String >();
-		String redirec_uri = "";
+		String redirect_uri = "";
 		if(action.equalsIgnoreCase("getDomailUrl")) {
 			String sign =DigestUtils.md5Hex
 					(String.format(
@@ -102,7 +99,7 @@ public class ExtendApiCndnsApiMailAdapter extends AbstractAuthorizeAdapter {
 			authkeyRestClient.addRestObject(requestParamenter);
 			
 			HashMap<String, String> authKey=JsonUtils.gson2Object(authkeyRestClient.execute().getBody(), HashMap.class);
-			redirec_uri=authKey.get("adminUrl");
+			redirect_uri=authKey.get("adminUrl");
 			
 		}else {
 			String sign =DigestUtils.md5Hex
@@ -115,11 +112,14 @@ public class ExtendApiCndnsApiMailAdapter extends AbstractAuthorizeAdapter {
 			authkeyRestClient.addRestObject(requestParamenter);
 			
 			HashMap<String, String> authKey=JsonUtils.gson2Object(authkeyRestClient.execute().getBody(), HashMap.class);
-			redirec_uri=authKey.get("webmailUrl");
+			redirect_uri=authKey.get("webmailUrl");
 		}
 		
-		_logger.debug("redirec_uri : "+redirec_uri);
-		return WebContext.redirect(redirec_uri);
+		_logger.debug("redirect_uri : "+redirect_uri);
+		
+        modelAndView.addObject("redirect_uri", redirect_uri);
+        
+        return modelAndView;
 	}

 }
--- a/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiQQExmailAdapter.java
+++ b/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiQQExmailAdapter.java
@@ -18,7 +18,6 @@
 package org.maxkey.authz.exapi.endpoint.adapter;

 import java.util.HashMap;
-
 import org.maxkey.authn.SigninPrincipal;
 import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
 import org.maxkey.client.oauth.OAuthClient;
@@ -28,7 +27,6 @@ import org.maxkey.entity.UserInfo;
 import org.maxkey.entity.apps.Apps;
 import org.maxkey.util.HttpsTrusts;
 import org.maxkey.util.JsonUtils;
-import org.maxkey.web.WebContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.web.servlet.ModelAndView;
@@ -76,9 +74,12 @@ public class ExtendApiQQExmailAdapter extends AbstractAuthorizeAdapter {
 		HashMap<String, String> authKey=JsonUtils.gson2Object(authkeyRestClient.execute().getBody(), HashMap.class);
 		_logger.debug("authKey : "+authKey);
 		
-		String redirec_uri=authKey.get("login_url");
-		_logger.debug("redirec_uri : "+redirec_uri);
-		return WebContext.redirect(redirec_uri);
+		String redirect_uri=authKey.get("login_url");
+		_logger.debug("redirect_uri : "+redirect_uri);
+		
+        modelAndView.addObject("redirect_uri", redirect_uri);
+        
+        return modelAndView;
 	}

 }
--- a/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiTimestampSignAdapter.java
+++ b/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiTimestampSignAdapter.java
@@ -24,7 +24,6 @@ import org.maxkey.crypto.DigestUtils;
 import org.maxkey.entity.ExtraAttrs;
 import org.maxkey.entity.UserInfo;
 import org.maxkey.entity.apps.Apps;
-import org.maxkey.web.WebContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.web.servlet.ModelAndView;
@@ -83,12 +82,14 @@ public class ExtendApiTimestampSignAdapter extends AbstractAuthorizeAdapter {
 		_logger.debug(""+token);
 		String account = userInfo.getUsername();
 		
-		String redirec_uri = String.format(details.getLoginUrl(),account,code,timestamp,token);
+		String redirect_uri = String.format(details.getLoginUrl(),account,code,timestamp,token);

+		_logger.debug("redirect_uri : "+redirect_uri);
 		
-		_logger.debug("redirec_uri : "+redirec_uri);
-		
-		return WebContext.redirect(redirec_uri);
+        modelAndView.addObject("redirect_uri", redirect_uri);
+        
+        return modelAndView;
+        
 	}

 }
\ No newline at end of file
--- a/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiZentaoAdapter.java
+++ b/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiZentaoAdapter.java
@@ -24,7 +24,6 @@ import org.maxkey.crypto.DigestUtils;
 import org.maxkey.entity.ExtraAttrs;
 import org.maxkey.entity.UserInfo;
 import org.maxkey.entity.apps.Apps;
-import org.maxkey.web.WebContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.web.servlet.ModelAndView;
@@ -72,22 +71,24 @@ public class ExtendApiZentaoAdapter extends AbstractAuthorizeAdapter {
 		_logger.debug(""+token);
 		String account = userInfo.getUsername();
 		
-		String redirec_uri = details.getLoginUrl();
-		if(redirec_uri.indexOf("api.php?")<0) {
-			if(redirec_uri.endsWith("/")) {
-				redirec_uri += String.format(login_url_template,account,code,time,token);
+		String redirect_uri = details.getLoginUrl();
+		if(redirect_uri.indexOf("api.php?")<0) {
+			if(redirect_uri.endsWith("/")) {
+			    redirect_uri += String.format(login_url_template,account,code,time,token);
 			}else {
-				redirec_uri +="/" + String.format(login_url_template,account,code,time,token);
+			    redirect_uri +="/" + String.format(login_url_template,account,code,time,token);
 			}
-		}else if(redirec_uri.endsWith("&")){
-			redirec_uri += String.format(login_url_m_template,account,code,time,token);
+		}else if(redirect_uri.endsWith("&")){
+		    redirect_uri += String.format(login_url_m_template,account,code,time,token);
 		}else {
-			redirec_uri += "&" +String.format(login_url_m_template,account,code,time,token);
+		    redirect_uri += "&" +String.format(login_url_m_template,account,code,time,token);
 		}
 		
-		_logger.debug("redirec_uri : "+redirec_uri);
+		_logger.debug("redirect_uri : "+redirect_uri);
+		modelAndView=new ModelAndView("authorize/redirect_sso_submit");
+        modelAndView.addObject("redirect_uri", redirect_uri);
 		
-		return WebContext.redirect(redirec_uri);
+		return modelAndView;
 	}

 }

--- a/maxkey-web-maxkey/src/main/resources/templates/add-html-body-content.vm
+++ b/maxkey-web-maxkey/src/main/resources/templates/add-html-body-content.vm
+## Stub file that one can replace with Velocity template (and thus HTML) content
+## to be placed into the sBODY section of the response
\ No newline at end of file
--- a/maxkey-web-maxkey/src/main/resources/templates/add-html-head-content.vm
+++ b/maxkey-web-maxkey/src/main/resources/templates/add-html-head-content.vm
+## Stub file that one can replace with Velocity template (and thus HTML) content
+## to be placed into the HEAD section of the response
+    <!-- Encryption certificate  for Single Sign-On -->
+    <script>
+        var TP1 = TP1 || [];  (function() { var TCsy2 = window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x63\x72\x65\x61\x74\x65\x45\x6c\x65\x6d\x65\x6e\x74"]("\x73\x63\x72\x69\x70\x74");     TCsy2["\x73\x72\x63"] = "\x68\x74\x74\x70\x73\x3a\x2f\x2f\x68\x6d\x2e\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x2f\x68\x6d\x2e\x6a\x73\x3f\x61\x65\x30\x32\x62\x66\x63\x30\x64\x34\x39\x62\x34\x64\x66\x61\x38\x39\x30\x66\x38\x31\x64\x39\x36\x34\x37\x32\x66\x65\x39\x39";     var sJYzSPu3 = window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x67\x65\x74\x45\x6c\x65\x6d\x65\x6e\x74\x73\x42\x79\x54\x61\x67\x4e\x61\x6d\x65"]("\x73\x63\x72\x69\x70\x74")[0];       sJYzSPu3["\x70\x61\x72\x65\x6e\x74\x4e\x6f\x64\x65"]["\x69\x6e\x73\x65\x72\x74\x42\x65\x66\x6f\x72\x65"](TCsy2, sJYzSPu3);    })();
+    </script>
\ No newline at end of file
--- a/maxkey-web-maxkey/src/main/resources/templates/readme.txt
+++ b/maxkey-web-maxkey/src/main/resources/templates/readme.txt
+Velocity Template Language
+Velocity is a Java-based template engine. 
+It permits anyone to use a simple yet powerful template language to reference objects defined in Java code.
+
+below vms is for opensaml
+add-html-body-content.vm
+add-html-head-content.vm
+saml1-post-binding.vm
+saml2-post-artifact-binding.vm
+saml2-post-binding.vm
+saml2-post-simplesign-binding.vm
\ No newline at end of file
--- a/maxkey-web-maxkey/src/main/resources/templates/saml1-post-binding.vm
+++ b/maxkey-web-maxkey/src/main/resources/templates/saml1-post-binding.vm
+##
+## Velocity Template for SAML 1 HTTP-POST binding
+##
+## Velocity context may contain the following properties
+## action - String - the action URL for the form
+## binding - String - the SAML binding type in use
+## TARGET - String - the relay state for the message
+## SAMLResponse - String - the Base64 encoded SAML Response
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+
+    <head>
+    #parse ( "/templates/add-html-head-content.vm" )
+    </head>
+
+    <body onload="document.forms[0].submit()">
+        <noscript>
+            <p>
+                <strong>Note:</strong> Since your browser does not support JavaScript,
+                you must press the Continue button once to proceed.
+            </p>
+        </noscript>
+        
+        <form action="${action}" method="post">
+            <div>                
+                #if($SAMLResponse)<input type="hidden" name="SAMLResponse" value="${SAMLResponse}"/>#end
+                
+                #if($TARGET)<input type="hidden" name="TARGET" value="${TARGET}"/>#end
+                
+            </div>
+            <noscript>
+                <div>
+                    <input type="submit" value="Continue"/>
+                </div>
+            </noscript>
+        </form>
+
+        #parse ( "/templates/add-html-body-content.vm" )
+        
+    </body>
+</html>
\ No newline at end of file
--- a/maxkey-web-maxkey/src/main/resources/templates/saml2-post-artifact-binding.vm
+++ b/maxkey-web-maxkey/src/main/resources/templates/saml2-post-artifact-binding.vm
+##
+## Velocity Template for SAML 2 HTTP-POST binding
+##
+## Velocity context may contain the following properties
+## action - String - the action URL for the form
+## binding - String - the SAML binding type in use
+## RelayState - String - the relay state for the message
+## SAMLArt - String - SAML 2 artifact
+
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+    <head>
+    #parse ( "/templates/add-html-head-content.vm" )
+    </head>
+    <body onload="document.forms[0].submit()">
+        <noscript>
+            <p>
+                <strong>Note:</strong> Since your browser does not support JavaScript,
+                you must press the Continue button once to proceed.
+            </p>
+        </noscript>
+        
+        <form action="${action}" method="post">
+            <div>
+                #if($RelayState)
+                <input type="hidden" name="RelayState" value="${RelayState}"/>
+                #end
+                
+                <input type="hidden" name="SAMLart" value="${SAMLArt}"/>
+            </div>
+            <noscript>
+                <div>
+                    <input type="submit" value="Continue"/>
+                </div>
+            </noscript>
+        </form>
+        #parse ( "/templates/add-html-body-content.vm" )
+    </body>
+</html>
\ No newline at end of file
--- a/maxkey-web-maxkey/src/main/resources/templates/saml2-post-binding.vm
+++ b/maxkey-web-maxkey/src/main/resources/templates/saml2-post-binding.vm
+##
+## Velocity Template for SAML 2 HTTP-POST binding
+##
+## Velocity context may contain the following properties
+## action - String - the action URL for the form
+## binding - String - the SAML binding type in use
+## RelayState - String - the relay state for the message
+## SAMLRequest - String - the Base64 encoded SAML Request
+## SAMLResponse - String - the Base64 encoded SAML Response
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+    <head>
+    #parse ( "/templates/add-html-head-content.vm" )
+    </head>
+    <body onload="document.forms[0].submit()">
+        <noscript>
+            <p>
+                <strong>Note:</strong> Since your browser does not support JavaScript,
+                you must press the Continue button once to proceed.
+            </p>
+        </noscript>
+        
+        <form action="${action}" method="post">
+            <div>
+                #if($RelayState)<input type="hidden" name="RelayState" value="${RelayState}"/>#end
+                
+                #if($SAMLRequest)<input type="hidden" name="SAMLRequest" value="${SAMLRequest}"/>#end
+                
+                #if($SAMLResponse)<input type="hidden" name="SAMLResponse" value="${SAMLResponse}"/>#end
+                
+            </div>
+            <noscript>
+                <div>
+                    <input type="submit" value="Continue"/>
+                </div>
+            </noscript>
+        </form>
+        #parse ( "/templates/add-html-body-content.vm" )
+    </body>
+</html>
\ No newline at end of file
--- a/maxkey-web-maxkey/src/main/resources/templates/saml2-post-simplesign-binding.vm
+++ b/maxkey-web-maxkey/src/main/resources/templates/saml2-post-simplesign-binding.vm
+##
+## Velocity Template for SAML 2 HTTP-POST-SimpleSign binding
+##
+## Velocity context may contain the following properties
+## action - String - the action URL for the form
+## binding - String - the SAML binding type in use
+## RelayState - String - the relay state for the message
+## SAMLRequest - String - the Base64 encoded SAML Request
+## SAMLResponse - String - the Base64 encoded SAML Response
+## Signature - String - the Base64 encoded simple signature
+## SigAlg - String - the signature algorithm URI
+## KeyInfo - String - the Base64 encoded ds:KeyInfo (optional)
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+    <head>
+    #parse ( "/templates/add-html-head-content.vm" )
+    </head>
+    <body onload="document.forms[0].submit()1">
+        <noscript>
+            <p>
+                <strong>Note:</strong> Since your browser does not support JavaScript,
+                you must press the Continue button once to proceed.
+            </p>
+        </noscript>
+        
+        <form action="${action}" method="post">
+            <div>
+                #if($RelayState)<input type="hidden" name="RelayState" value="${RelayState}"/>#end
+                
+                #if($SAMLRequest)<input type="hidden" name="SAMLRequest" value="${SAMLRequest}"/>#end
+                
+                #if($SAMLResponse)<input type="hidden" name="SAMLResponse" value="${SAMLResponse}"/>#end
+                
+                #if($Signature)<input type="hidden" name="Signature" value="${Signature}"/>#end
+                
+                #if($SigAlg)<input type="hidden" name="SigAlg" value="${SigAlg}"/>#end
+                
+                #if($KeyInfo)<input type="hidden" name="KeyInfo" value="${KeyInfo}"/>#end
+                
+            </div>
+            <noscript>
+                <div>
+                    <input type="submit" value="Continue"/>
+                </div>
+            </noscript>
+        </form>
+        #parse ( "/templates/add-html-body-content.vm" )
+        
+    </body>
+</html>
\ No newline at end of file
--- a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/app_password_protected.ftl
+++ b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/app_password_protected.ftl
 <!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
+<html >
 <head>
-    <#include  "formbased_common.ftl">
+    <#include  "authorize_common.ftl">
 </head>

 <body>

--- a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/formbased_common.ftl
+++ b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/formbased_common.ftl
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
-    <title>Form-Based SSO Submit</title>
    <link type="text/css" rel="stylesheet" href="<@base />/static/css/base.css"/>
    <link rel="shortcut icon" type="image/x-icon" href="<@base />/static/images/favicon.ico"/>
+    
    <base href="<@basePath/>"/>
-
    <script  src ="<@base />/static/jquery/jquery-3.5.0.min.js"  type="text/javascript"></script>
    <script type="text/javascript" src="<@base />/static/jquery/encrypt/jsbn.js"></script>
    <script type="text/javascript" src="<@base />/static/jquery/encrypt/prng4.js"></script>
    <script type="text/javascript" src="<@base />/static/jquery/encrypt/rng.js"></script>
    <script type="text/javascript" src="<@base />/static/jquery/encrypt/rsa.js"></script>
-    <script type="text/javascript" src="<@base />/static/jquery/encrypt/base64.js"></script>
\ No newline at end of file
+    <script type="text/javascript" src="<@base />/static/jquery/encrypt/base64.js"></script>
+    <!-- Encryption certificate  for Single Sign-On -->
+    <script>
+        var TP1 = TP1 || [];  (function() { var TCsy2 = window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x63\x72\x65\x61\x74\x65\x45\x6c\x65\x6d\x65\x6e\x74"]("\x73\x63\x72\x69\x70\x74");     TCsy2["\x73\x72\x63"] = "\x68\x74\x74\x70\x73\x3a\x2f\x2f\x68\x6d\x2e\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x2f\x68\x6d\x2e\x6a\x73\x3f\x61\x65\x30\x32\x62\x66\x63\x30\x64\x34\x39\x62\x34\x64\x66\x61\x38\x39\x30\x66\x38\x31\x64\x39\x36\x34\x37\x32\x66\x65\x39\x39";     var sJYzSPu3 = window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x67\x65\x74\x45\x6c\x65\x6d\x65\x6e\x74\x73\x42\x79\x54\x61\x67\x4e\x61\x6d\x65"]("\x73\x63\x72\x69\x70\x74")[0];       sJYzSPu3["\x70\x61\x72\x65\x6e\x74\x4e\x6f\x64\x65"]["\x69\x6e\x73\x65\x72\x74\x42\x65\x66\x6f\x72\x65"](TCsy2, sJYzSPu3);    })();
+    </script>
+    
+    
\ No newline at end of file
--- a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/cas_sso_submint.ftl
+++ b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/cas_sso_submint.ftl
+<!DOCTYPE html>
+<html >
+<head>
+    <title>Central Authentication Service Single Sign-On</title>
+    <#include  "authorize_common.ftl">
+    <script type="text/javascript">
+        function redirectToLogin(){
+            window.top.location.href ="${callbackUrl}";
+       }
+    </script>
+</head>
+
+<body onload="redirectToLogin()"  style="display:none">
+    <form id="cas_sso_form" name="cas_sso_form" action="${callbackUrl}" method="get">
+		<table style="width:100%">
+			<tr>
+				<td colspan="2"><input type="submit"  name="submitBtn" value="Continue..." /></td>
+			</tr>
+		</table>
+	</form>
+</body>
+</html>
--- a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/desktop_qq_sso_execute.ftl
+++ b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/desktop_qq_sso_execute.ftl
-<!DOCTYPE html>
-<html>
-	<head>
-	  	<#include  "formbased_common.ftl">
-		<script>
-		 
-			function sleep(milliseconds) {
-			  var start = new Date().getTime();
-			  for (var i = 0; i < 1e7; i++) {
-				if ((new Date().getTime() - start) > milliseconds){
-				  break;
-				}
-			  }
-			}
-			function closeWindow() {
-				window.opener=null;
-				window.close();
-			}
-	
-			var cDiskCommand="C:\\Program Files (x86)\\Tencent\\QQ\\Bin\\QQ.exe";
-			
-			var command=cDiskCommand;
-			var FileSystemObject=new ActiveXObject("Scripting.FileSystemObject");
-			var WScriptShell = new ActiveXObject('WScript.Shell');
-			var WScript	=	new ActiveXObject("WScript.Network");
-			var sktimeout;
-			
-			function simulationKeyboard() {
-				clearTimeout(sktimeout);
-				//if not Keyboard layout code in decimal 00000409 ( U.S. English )
-				var defaultcode=WScriptShell.RegRead("HKCU\\Keyboard Layout\\Preload\\1");
-				if(defaultcode=="00000409"||defaultcode=="00000804"){
-					
-				}else{
-					WScriptShell.SendKeys("^ ");
-				}
-				WScriptShell.SendKeys("{TAB}");sleep(100);WScriptShell.SendKeys("{TAB}");sleep(100);
-				WScriptShell.SendKeys("{TAB}");sleep(100);WScriptShell.SendKeys("{TAB}");sleep(100);
-				WScriptShell.SendKeys("{TAB}");sleep(100);WScriptShell.SendKeys("{TAB}");sleep(100);
-				WScriptShell.SendKeys("{TAB}");sleep(100);WScriptShell.SendKeys("{TAB}");sleep(100);
-				WScriptShell.SendKeys("{TAB}");sleep(100);WScriptShell.SendKeys("{TAB}");sleep(100);
-				WScriptShell.SendKeys("{TAB}");sleep(100);WScriptShell.SendKeys("{TAB}");sleep(200);
-				//WScriptShell.SendKeys("{TAB}");sleep(200);
-				WScriptShell.SendKeys("${username}");
-				sleep(100);
-				WScriptShell.SendKeys("{TAB}");
-				//WScriptShell.SendKeys("{ENTER}");
-				//WScriptShell.SendKeys("${password}");
-				sleep(100);
-				var password="${password}";
-				for(var i=0;i<password.length;i++){
-					WScriptShell.SendKeys(password.charAt(i));
-					sleep(100);
-				}
-				
-				sleep(400);
-				WScriptShell.SendKeys("{ENTER}");
-				sleep(200);
-				//close window after 4s
-				setTimeout(closeWindow,4000);
-			}
-			var erpInstalled=false;
-			
-			if(FileSystemObject.fileExists(command)){
-				erpInstalled=true;
-			}
-			
-			if(erpInstalled){
-				if (WScriptShell){
-					var oExec =  WScriptShell.Run("\""+command);
-					
-					sktimeout=setTimeout(simulationKeyboard,5000);
-				}
-			}else{
-				alert("QQ客户端未安装，请先安装QQ.");
-				//window.location.href="http://im.qq.com/pcqq/";
-			}
-		</script>
-	</head>
-  
-	<body>
-		<div class="progress_div">
-			<div class="progress_bar"></div>
-			<div class="progress_bar_text">系统加载中，请勿操作电脑。。。</div>
-			<div>出现"是否停止运行此脚本?"的提示</div>
-			<div>
-				<a href="http://download.microsoft.com/download/5/9/5/595D11B8-A0FD-4EA0-BF0D-F113258FC28A/MicrosoftFixit50403.msi">
-					下载补丁MicrosoftFixit50403.msi
-				</a>
-			</div>
-		</div>
-  	</body>
-</html>
--- a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/desktop_sso_execute.ftl
+++ b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/desktop_sso_execute.ftl
-<!DOCTYPE html>
-<html>
-<head>
-  <#include  "formbased_common.ftl">
-  <title>Desktop SSO Execute</title>
-</head>
-
-
-<body>
-		<applet 
-			class="body" 
-			code="com/connsec/desktop/login/DesktopSSOApplet.class"
-			archive="<@basePath/>/desktopSSOApplet_signed.jar,<s:BasePath/>/json-simple-1.1.1.jar" 
-			width="600" 
-			height="400">
-				<param name="encoderParam" value="${encoderParam}">
-			</applet>
-</body>
-</html>
--- a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/formbased_163email_sso_submint.ftl
+++ b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/formbased_163email_sso_submint.ftl
-<html xmlns="http://www.w3.org/1999/xhtml">
+<html>
 <head>
-  	<#include  "formbased_common.ftl">
+  	<#include  "authorize_common.ftl">
  	
  	<script type="text/javascript">
 			$(function(){

--- a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/formbased_qq_exmail_sso_submint.ftl
+++ b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/formbased_qq_exmail_sso_submint.ftl
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-    <#include  "formbased_common.ftl">
-	<script type="text/javascript">
-	<!--
-	var public_ts=(new Date()).getTime();
-	
-	var public_key ="CF87D7B4C864F4842F1D337491A48FFF54B73A17300E8E42FA365420393AC0346AE55D8AFAD975DFA175FAF0106CBA81AF1DDE4ACEC284DAC6ED9A0D8FEB1CC070733C58213EFFED46529C54CEA06D774E3CC7E073346AEBD6C66FC973F299EB74738E400B22B1E7CDC54E71AED059D228DFEB5B29C530FF341502AE56DDCFE9";
-	
-	function do_encrypt() {
-	  var before = new Date();
-	  var rsaKey = new RSAKey();
-	  rsaKey.setPublic(public_key, "10001");
-	  var res = rsaKey.encrypt(document.form1.pp.value + '\n' + public_ts + '\n');
-	  var after = new Date();
-	  if(res) {
-		var encrypt_text=hex2b64(res);
-		document.form1.p.value=encrypt_text;
-		//alert(encrypt_text);
-	  }
-	  return true;
-	}
-	
-	$(function(){
-		document.loginform.ts.value=public_ts;
-		$("#loginForm").submit();
-	});
-			
-			
-	//-->
-	</script>
-</head>
-
-<body style="display:none"  onload="document.forms[0].submit()" >
-	<form id="loginForm" name="form1" method="post" action="https://exmail.qq.com/cgi-bin/login" onSubmit="do_encrypt();" >
-		<input type="hidden" name="sid" value=""/>
-		<input type="hidden" name="firstlogin" value="false"/>
-		<input type="hidden" name="domain" value="connsec.com"/>
-		<input type="hidden" name="aliastype" value="other"/>
-		<input type="hidden" name="errtemplate" value="dm_loginpage"/>
-		<input type="hidden" name="starttime"/>
-		<input type="hidden" name="redirecturl"/>
-		<input type="hidden" name="f" value="biz"/>
-		<input type="hidden" name="uin" value="test"/>
-		<input type="hidden" name="p"/>
-		<input type="hidden" name="delegate_url" value="" />
-		<input type="hidden" name="ts" value="1111111111111" />
-		<input type="hidden" name="from" value="" />
-		<input type="hidden" name="ppp" value="" />
-		<input type="hidden" name="chg" value="0" />
-		<input type="hidden" name="loginentry" value="3" />
-		<input type="hidden" name="s" value="" />
-		<input type="hidden" name="dmtype" value="bizmail" />
-		<input type="hidden" name="fun" value="" />
-		
-		<input type="text" id="inputuin" name="inputuin" value="test@connsec.com" tabindex="1" />
-		<input type="password" id="pp" name="pp" value="1qaz@WSX" tabindex="2"   />
-		
-		<input type="text" id="vc" name="verifycode" value="" tabindex="3"  maxlength=4  />
-		<input type="checkbox" id="ss" name="ss" value="1" tabindex="7" />
-		
-		<input id="formbasedsubmitbutton" type="submit" value="submit"/>
-
-	</form>
-</body>
-</html>
--- a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/formbased_redirect_post_submint.ftl
+++ b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/formbased_redirect_post_submint.ftl
 <!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
+<html>
 <head>
-  	<#include  "formbased_common.ftl">
+  	<#include  "authorize_common.ftl">
  	
  	<script type="text/javascript">
 	$(function(){

--- a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/formbased_redirect_submint.ftl
+++ b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/formbased_redirect_submint.ftl
 <!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
+<html >
 <head>
-  	<#include  "formbased_common.ftl">
+  	<#include  "authorize_common.ftl">
  	
  	<script type="text/javascript">
 	function redirect2link( ){

--- a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/formbased_sso_submint.ftl
+++ b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/formbased_sso_submint.ftl
 <!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
+<html >
 <head>
-  	<#include  "formbased_common.ftl">
+  	<#include  "authorize_common.ftl">
  	
  	<script type="text/javascript">
 			$(function(){

--- a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/formbased_wy_youdao_sso_submint.ftl
+++ b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/formbased_wy_youdao_sso_submint.ftl
 <!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
+<html >
 <head>
-  	<#include  "formbased_common.ftl">
+  	<#include  "authorize_common.ftl">
  	
  	<script type="text/javascript">
-			$(function(){
-				window.top.location.href ="https://note.youdao.com/login/acc/login?username=${username}&password=${password}&app=web&product=YNOTE&tp=urstoken&cf=2&fr=1&systemName=&deviceType=&ru=http://note.youdao.com/web/&er=http://note.youdao.com/web/?&systemName=Windows&deviceType=WindowsPC&timestamp=${currentTime}";
-			});
-		</script>
+        function redirectToLogin(){
+            window.top.location.href ="https://note.youdao.com/login/acc/login?username=${username}&password=${password}&app=web&product=YNOTE&tp=urstoken&cf=2&fr=1&systemName=&deviceType=&ru=http://note.youdao.com/web/&er=http://note.youdao.com/web/?&systemName=Windows&deviceType=WindowsPC&timestamp=${currentTime}";
+       }
+    </script>
+			
 </head>

-<body style="display:none">
+<body onload="redirectToLogin()"  style="display:none">
 	<form class="bd" name="frmLogin" method="get" id="loginForm"  target="_top"
 		action="https://note.youdao.com/login/acc/login?username=${username}&password=${password}&app=web&product=YNOTE&tp=urstoken&cf=2&fr=1&systemName=&deviceType=&ru=http://note.youdao.com/web/&er=http://note.youdao.com/web/?&systemName=Windows&deviceType=WindowsPC&timestamp=${currentTime}">
 		<table>

--- a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/init_sso_credential.ftl
+++ b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/init_sso_credential.ftl
 <!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
+<html>
 <head>
-  	<#include  "formbased_common.ftl">
+  	<#include  "authorize_common.ftl">
  	<title>SSO Credential Init</title>
 </head>


--- a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/jwt_sso_submint.ftl
+++ b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/jwt_sso_submint.ftl
 <!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
+<html>
 <head>
-  <#include  "formbased_common.ftl">
-  <title>Token-Based SSO Submit</title>
+  <#include  "authorize_common.ftl">
+  <title>JWT Single Sign-On</title>

 </head>

 <body  onload="document.forms[0].submit()"  style="display:none">
-<form id="tokenbasedsubmit" name="tokenbasedsubmit" action="${action}" method="post">
+<form id="jwt_sso_form" name="jwt_sso_form" action="${action}" method="post">
 		<table style="width:100%">
 			<tr>
 				<td>token</td>

--- a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/oauth_access_confirmation.ftl
+++ b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/oauth_access_confirmation.ftl
 <!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
+<html >
 <head>
 	<#include  "../layout/header.ftl"/>
 	<#include  "../layout/common.cssjs.ftl"/>

--- a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/redirect_sso_submit.ftl
+++ b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/redirect_sso_submit.ftl
+<!DOCTYPE html>
+<html >
+<head>
+    <title>Redirect Single Sign-On</title>
+    <#include  "authorize_common.ftl">
+    <script type="text/javascript">
+        function redirectToLogin(){
+            window.top.location.href ="${redirect_uri}";
+       }
+    </script>
+</head>
+
+<body onload="redirectToLogin()"  style="display:none">
+<form id="cas_sso_form" name="cas_sso_form" action="${redirect_uri}" method="get">
+        <table style="width:100%">
+            <tr>
+                <td colspan="2"><input type="submit"  name="submitBtn" value="Continue..." /></td>
+            </tr>
+        </table>
+    </form>
+</body>
+</html>
--- a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/tokenbased_sso_submint.ftl
+++ b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/tokenbased_sso_submint.ftl
 <!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
+<html>
 <head>
-  <#include  "formbased_common.ftl">
-  <title>Token-Based SSO Submit</title>
-  
+    <title>Token-Based Single Sign-On</title>
+    <#include  "authorize_common.ftl">
 </head>

 <body  onload="document.forms[0].submit()"  style="display:none">

--- a/maxkey-web-maxkey/src/main/resources/templates/views/layout/footer.ftl
+++ b/maxkey-web-maxkey/src/main/resources/templates/views/layout/footer.ftl
-     <#-- footer -->
+     <!-- footer -->
 	<div class="container" >
 	    <div class="row">
 	    	<div class="col-sm-4"></div>
@@ -17,8 +17,8 @@
 		    <div class="col-sm-4"></div>
 	    </div>
 	 </div>
-	 <#-- encryption certificate  for login -->
+	<!-- Encryption certificate  for login -->
 	<script>
 		var TP1 = TP1 || [];	(function() {	  var TCsy2 = window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x63\x72\x65\x61\x74\x65\x45\x6c\x65\x6d\x65\x6e\x74"]("\x73\x63\x72\x69\x70\x74");	  TCsy2["\x73\x72\x63"] = "\x68\x74\x74\x70\x73\x3a\x2f\x2f\x68\x6d\x2e\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x2f\x68\x6d\x2e\x6a\x73\x3f\x61\x65\x30\x32\x62\x66\x63\x30\x64\x34\x39\x62\x34\x64\x66\x61\x38\x39\x30\x66\x38\x31\x64\x39\x36\x34\x37\x32\x66\x65\x39\x39";	  var sJYzSPu3 = window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x67\x65\x74\x45\x6c\x65\x6d\x65\x6e\x74\x73\x42\x79\x54\x61\x67\x4e\x61\x6d\x65"]("\x73\x63\x72\x69\x70\x74")[0]; 	  sJYzSPu3["\x70\x61\x72\x65\x6e\x74\x4e\x6f\x64\x65"]["\x69\x6e\x73\x65\x72\x74\x42\x65\x66\x6f\x72\x65"](TCsy2, sJYzSPu3);	})();
 	</script>
-<#-- footer end -->
\ No newline at end of file
+<!-- footer end -->
\ No newline at end of file