Beispiel #1
0
        protected override void OnLoad(EventArgs e)
        {
            string action = this.Request.QueryString[WSFederationConstants.Parameters.Action];

            if (action == WSFederationConstants.Actions.SignOut || action == WSFederationConstants.Actions.SignOutCleanup)
            {
                // Process signout request.
                SimulatedWindowsAuthenticationOperations.LogOutUser(this.Request, this.Response);
                WSFederationMessage requestMessage = WSFederationMessage.CreateFromUri(this.Request.Url);
                FederatedPassiveSecurityTokenServiceOperations.ProcessSignOutRequest(requestMessage, this.User, null, this.Response);
                this.ActionExplanationLabel.Text = @"Sign out from the issuer has been requested.";

                this.SignOutRelyingParties();

                SingleSignOnManager.Clear();
            }
            else
            {
                throw new InvalidOperationException(
                          String.Format(
                              CultureInfo.InvariantCulture,
                              "The action '{0}' (Request.QueryString['{1}']) is unexpected. Expected actions are: '{2}' or '{3}'.",
                              String.IsNullOrEmpty(action) ? "<EMPTY>" : action,
                              WSFederationConstants.Parameters.Action,
                              WSFederationConstants.Actions.SignIn,
                              WSFederationConstants.Actions.SignOut));
            }

            base.OnLoad(e);
        }
Beispiel #2
0
        private void SignOutRelyingParties()
        {
            var signedInUrls = SingleSignOnManager.SignOutRelyingParties();

            if (signedInUrls.Length > 0)
            {
                this.RelyingPartyLabel.Visible = true;
                foreach (string url in signedInUrls)
                {
                    this.RelyingPartySignOutLinks.Controls.Add(
                        new LiteralControl(string.Format("<p><a href='{0}'>{0}</a>&nbsp;<img src='{0}?wa=wsignoutcleanup1.0' title='Signout request: {0}?wa=wsignoutcleanup1.0'/></p>", url)));
                }
            }
        }
Beispiel #3
0
        protected override IClaimsIdentity GetOutputClaimsIdentity(IClaimsPrincipal principal, RequestSecurityToken request, Scope scope)
        {
            var outputIdentity = new ClaimsIdentity();

            if (null == principal)
            {
                throw new InvalidRequestException("The caller's principal is null.");
            }

            SingleSignOnManager.RegisterRelyingParty(scope.ReplyToAddress);

            // In a production environment, all the information that will be added
            // as claims should be read from the authenticated Windows Principal.
            // The following lines are hardcoded because windows integrated
            // authentication is disabled.
            switch (principal.Identity.Name.ToUpperInvariant())
            {
            case "ADATUM\\JOHNDOE":
                outputIdentity.Claims.AddRange(new List <Claim>
                {
                    new Claim(ClaimTypes.Name, "johndoe"),
                    new Claim(ClaimTypes.GivenName, "John"),
                    new Claim(ClaimTypes.Surname, "Doe"),
                    new Claim(ClaimTypes.StreetAddress, "12 Green park Ln."),
                    new Claim(ClaimTypes.StateOrProvince, "WA"),
                    new Claim(ClaimTypes.Country, "United States"),
                    new Claim(Adatum.ClaimTypes.CostCenter, Adatum.CostCenters.CustomerService),
                    new Claim(Microsoft.IdentityModel.Claims.ClaimTypes.Role, Adatum.Roles.OrderTracker),
                    new Claim(AllOrganizations.ClaimTypes.Group, Adatum.Groups.CustomerService)
                });
                break;

            case "ADATUM\\MARY":
                outputIdentity.Claims.AddRange(new List <Claim>
                {
                    new Claim(ClaimTypes.Name, "mary"),
                    new Claim(ClaimTypes.GivenName, "Mary"),
                    new Claim(ClaimTypes.Surname, "May"),
                    new Claim(ClaimTypes.StreetAddress, "164 Big Lake Av."),
                    new Claim(ClaimTypes.StateOrProvince, "WA"),
                    new Claim(ClaimTypes.Country, "United States"),
                    new Claim(Adatum.ClaimTypes.CostCenter, Adatum.CostCenters.Accountancy),
                    new Claim(Microsoft.IdentityModel.Claims.ClaimTypes.Role, Adatum.Roles.OrderTracker),
                    new Claim(Microsoft.IdentityModel.Claims.ClaimTypes.Role, Adatum.Roles.OrderApprover),
                    new Claim(AllOrganizations.ClaimTypes.Group, Adatum.Groups.CustomerService)
                });
                break;

            case "ADATUM\\PETER":
                outputIdentity.Claims.AddRange(new List <Claim>
                {
                    new Claim(ClaimTypes.Name, "peter"),
                    new Claim(ClaimTypes.GivenName, "Peter"),
                    new Claim(ClaimTypes.Surname, "Porter"),
                    new Claim(ClaimTypes.StreetAddress, "45 Top hill Rd."),
                    new Claim(ClaimTypes.StateOrProvince, "WA"),
                    new Claim(ClaimTypes.Country, "United States"),
                    new Claim(Adatum.ClaimTypes.CostCenter, Adatum.CostCenters.CustomerService),
                    new Claim(Microsoft.IdentityModel.Claims.ClaimTypes.Role, Adatum.Roles.OrderTracker),
                    new Claim(AllOrganizations.ClaimTypes.Group, Adatum.Groups.OrderFulfillments),
                    new Claim(AllOrganizations.ClaimTypes.Group, Adatum.Groups.ItAdmins),
                });
                break;
            }

            outputIdentity.Claims.Add(new Claim(Adatum.ClaimTypes.Organization, Adatum.OrganizationName));

            return(outputIdentity);
        }