public ValueTask <LogoutModel> LogoutCallback(IdentityHttpRequest request)
{
var callbackBinding = Saml2Binding.GetBindingForRequest(request, BindingDirection.Response);
callbackBinding.ValidateSignature(identityProviderCert, true);
callbackBinding.ValidateFields(new string[] { redirectUrl });
var callbackDocument = new Saml2LogoutResponse(callbackBinding);
SamlIDManager.Validate(serviceProvider, callbackDocument.InResponseTo);
if (String.IsNullOrWhiteSpace(callbackDocument.Issuer))
{
return(new ValueTask <LogoutModel>((LogoutModel)null));
}
var logout = new LogoutModel()
{
ServiceProvider = callbackDocument.Issuer,
State = null,
OtherClaims = null
};
return(new ValueTask <LogoutModel>(logout));
}
public ValueTask <IdentityHttpResponse> Logout(string state)
{
var id = SamlIDManager.Generate(serviceProvider);
var requestDocument = new Saml2LogoutRequest(
id: id,
issuer: serviceProvider,
destination: redirectUrlPostLogout
);
var requestBinding = Saml2Binding.GetBindingForDocument(requestDocument, BindingType.Query, XmlSignatureAlgorithmType.RsaSha256, null, null);
requestBinding.Sign(serviceProviderCert, requiredSignature);
requestBinding.GetResponse(logoutUrl);
var response = requestBinding.GetResponse(logoutUrl);
return(new ValueTask <IdentityHttpResponse>(response));
}
public ValueTask <IdentityHttpResponse> Login(string state)
{
var id = SamlIDManager.Generate(serviceProvider);
var requestDocument = new Saml2AuthnRequest(
id: id,
issuer: serviceProvider,
assertionConsumerServiceURL: redirectUrl,
bindingType: BindingType.Form
);
var requestBinding = Saml2Binding.GetBindingForDocument(requestDocument, BindingType.Form, XmlSignatureAlgorithmType.RsaSha256, null, null);
requestBinding.Sign(serviceProviderCert, requiredSignature);
var response = requestBinding.GetResponse(loginUrl);
return(new ValueTask <IdentityHttpResponse>(response));
}
public ValueTask <IdentityModel> LoginCallback(IdentityHttpRequest request)
{
var callbackBinding = Saml2Binding.GetBindingForRequest(request, BindingDirection.Response);
callbackBinding.ValidateSignature(identityProviderCert, true);
callbackBinding.Decrypt(serviceProviderCert, requiredEncryption);
callbackBinding.ValidateFields(new string[] { redirectUrl });
var callbackDocument = new Saml2AuthnResponse(callbackBinding);
SamlIDManager.Validate(serviceProvider, callbackDocument.InResponseTo);
if (callbackDocument.Audience != serviceProvider)
{
throw new IdentityProviderException("Saml Audience is not valid",
String.Format("Received: {0}, Expected: {1}", serviceProvider, callbackDocument.Audience));
}
if (String.IsNullOrWhiteSpace(callbackDocument.UserID))
{
return(new ValueTask <IdentityModel>((IdentityModel)null));
}
var identity = new IdentityModel()
{
UserID = callbackDocument.UserID,
UserName = callbackDocument.UserName,
Name = callbackDocument.UserName,
Roles = callbackDocument.Roles,
ServiceProvider = callbackDocument.Issuer,
State = null,
OtherClaims = null
};
return(new ValueTask <IdentityModel>(identity));
}
