public void Handle(ReceiveSamlAuthnResponseCommand command)
{
if (command == null)
{
throw new ArgumentNullException("command");
}
if (command.SamlResponse == null)
{
throw new InvalidOperationException("The SAML Response cannot be null.");
}
var samlResponse = command.SamlResponse;
// get the trusted establishment for this saml 2 response
var establishment = GetTrustedIssuingEstablishment(samlResponse);
// verify the response's signature
VerifySignature(samlResponse);
// first try to find user by SAML person targeted id
var user = GetUserByEduPersonTargetedId(samlResponse);
// when saml user does not exist, search for person
if (user == null)
{
var person = GetPerson(samlResponse);
user = person.User ?? new User {
Person = person
};
}
// delete local account if it exists
if (!string.IsNullOrWhiteSpace(user.Name) && _passwords.Exists(user.Name))
{
_passwords.Destroy(user.Name);
}
// enforce invariants on user
user.Name = samlResponse.EduPersonPrincipalName;
user.EduPersonTargetedId = samlResponse.EduPersonTargetedId;
user.IsRegistered = true;
// remove previous scoped affiliations and add new ones
var oldScopedAffiliations = user.EduPersonScopedAffiliations.ToArray();
var newScopedAffiliations = samlResponse.EduPersonScopedAffiliations ?? new string[] {};
newScopedAffiliations = newScopedAffiliations.Where(s => !string.IsNullOrWhiteSpace(s)).ToArray();
foreach (var oldScopedAffiliation in oldScopedAffiliations)
{
if (!newScopedAffiliations.Contains(oldScopedAffiliation.Value))
{
user.EduPersonScopedAffiliations.Remove(oldScopedAffiliation);
}
}
foreach (var newScopedAffiliation in newScopedAffiliations)
{
if (oldScopedAffiliations.ByValue(newScopedAffiliation) == null)
{
user.EduPersonScopedAffiliations.Add(
new EduPersonScopedAffiliation
{
Value = newScopedAffiliation,
Number = user.EduPersonScopedAffiliations.NextNumber(),
});
}
}
// log the subject name id
var subjectNameId = samlResponse.SubjectNameIdentifier;
if (!string.IsNullOrWhiteSpace(subjectNameId))
{
var subjectNameIdentifier = user.SubjectNameIdentifiers.ByValue(subjectNameId);
if (subjectNameIdentifier == null)
{
user.SubjectNameIdentifiers.Add(
new SubjectNameIdentifier
{
Value = subjectNameId,
Number = user.SubjectNameIdentifiers.NextNumber(),
});
}
else
{
subjectNameIdentifier.UpdatedOnUtc = DateTime.UtcNow;
}
}
// enforce invariants on person
if (!user.Person.IsAffiliatedWith(establishment))
{
user.Person.AffiliateWith(establishment);
}
// remove previous saml mails, add new ones, and update existing ones
var oldSamlMails = user.Person.Emails.FromSaml().ToArray();
var newSamlMails = samlResponse.Mails ?? new string[] {};
newSamlMails = newSamlMails.Where(s => !string.IsNullOrWhiteSpace(s)).ToArray();
foreach (var oldSamlMail in oldSamlMails)
{
if (!newSamlMails.Contains(oldSamlMail.Value))
{
user.Person.Emails.Remove(oldSamlMail);
}
}
foreach (var newSamlMail in newSamlMails)
{
if (user.Person.GetEmail(newSamlMail) == null)
{
user.Person.AddEmail(newSamlMail);
}
}
foreach (var emailAddress in user.Person.Emails)
{
if (newSamlMails.Contains(emailAddress.Value))
{
emailAddress.IsFromSaml = true;
emailAddress.IsConfirmed = true;
}
}
// make sure person has at least 1 confirmed email address
var defaultEmail = user.Person.DefaultEmail;
if (defaultEmail == null || !defaultEmail.IsConfirmed)
{
if (defaultEmail != null)
{
defaultEmail.IsDefault = false;
}
defaultEmail = user.Person.AddEmail(samlResponse.EduPersonPrincipalName);
defaultEmail.IsDefault = true;
defaultEmail.IsConfirmed = true;
}
// update db
if (user.RevisionId == 0)
{
_entities.Create(user);
}
else
{
_entities.Update(user);
}
_unitOfWork.SaveChanges();
// sign on user
_userSigner.SignOn(user.Name);
}
