private static void InitializeUserClaims(
AuthenticationType authenticationType,
string email,
IDictionary <string, string> additionalClaims,
ClaimsIdentity identity)
{
SamlPocTraceListener.Log("SAML", $"AuthenticationService.InitializeUserClaims: Initialize claims of user {identity.Name}");
identity.AddClaim(new Claim(nameof(AuthenticationType), authenticationType.ToString()));
if (additionalClaims != null)
{
identity.AddClaims(additionalClaims.Select(attr => new Claim(attr.Key, attr.Value)));
}
// Check if user email is present in claims or attributes under a standard claim type
if (!identity.HasClaim(c => c.Type == ClaimTypes.Email))
{
// Add email claim under a standard claim type
identity.AddClaim(new Claim(ClaimTypes.Email, email));
}
SamlPocTraceListener.Log("SAML", $"AuthenticationService.InitializeUserClaims: Initialized claims of user {identity.Name}:\r\n" +
Utils.SerializeToJson(identity.Claims.Select(c => new { c.Type, c.Value })));
}
public bool Authenticate(
AuthenticationType authenticationType,
string email,
string password,
IDictionary <string, string> additionalClaims = null)
{
SamlPocTraceListener.Log("SAML", $"AuthenticationService.Authenticate: Authenticate user {email}");
var user = FindUser(_userManager, email, password);
if (user != null)
{
var identity = _userManager.CreateIdentity(user, DefaultAuthenticationTypes.ApplicationCookie);
// Save received attributes as claims
InitializeUserClaims(authenticationType, email, additionalClaims, identity);
// Sign in user
_authenticationManager.SignIn(new AuthenticationProperties()
{
IsPersistent = true
}, identity);
return(true);
}
return(false);
}
private static void ConfigureIdentityProvidersUsingRepository(
SAMLConfiguration samlConfiguration,
SamlIdentityProvidersRepository repository)
{
SamlPocTraceListener.Log("SAML", "SamlConfigurationManager.ConfigureIdentityProvidersUsingRepository: Loading Identity Providers");
var providers = repository.GetRegisteredIdentityProviders();
SamlPocTraceListener.Log("SAML", $"SamlConfigurationManager.ConfigureIdentityProvidersUsingRepository: {providers.Count()} Identity Providers loaded:");
var providersConfig = Utils.SerializeToJson(providers);
SamlPocTraceListener.Log("SAML", $"SamlConfigurationManager.ConfigureIdentityProvidersUsingRepository: Identity Providers configuration:\r\n{providersConfig}");
foreach (var provider in providers)
{
samlConfiguration.AddPartnerIdentityProvider(
new PartnerIdentityProviderConfiguration()
{
Name = provider.Name,
Description = provider.Description,
SignAuthnRequest = provider.SignAuthnRequest,
SingleSignOnServiceUrl = provider.SingleSignOnUrl,
SingleLogoutServiceUrl = provider.SingleLogoutUrl,
PartnerCertificateFile = provider.CertificateFile,
UseEmbeddedCertificate = provider.UseEmbeddedCertificate,
DisableInboundLogout = !provider.SingleLogoutSupported,
DisableOutboundLogout = !provider.SingleLogoutSupported
});
}
}
public static void Configure(SamlIdentityProvidersRepository repository)
{
SamlPocTraceListener.Log("SAML", $"SamlConfigurationManager.Configure: Starting configuration of SAML environment.");
SAMLConfiguration samlConfiguration = new SAMLConfiguration();
ConfigureServiceProvider(samlConfiguration);
ConfigureIdentityProvidersUsingRepository(samlConfiguration, repository);
// ConfigureIdentityProvidersUsingHardCodedConfiguration(samlConfiguration);
SAMLController.Configuration = samlConfiguration;
SamlPocTraceListener.Log("SAML", $"SamlConfigurationManager.Configure: Ended configuration of SAML environment.");
}
private static void ConfigureServiceProvider(SAMLConfiguration samlConfiguration)
{
samlConfiguration.LocalServiceProviderConfiguration = new
LocalServiceProviderConfiguration()
{
Name = ConfigurationManager.AppSettings[ServiceProviderName],
Description = ConfigurationManager.AppSettings[ServiceProviderDescription],
AssertionConsumerServiceUrl = ConfigurationManager.AppSettings[ServiceProviderAssertionConsumerServiceUrl],
LocalCertificateFile = ConfigurationManager.AppSettings[ServiceProviderLocalCertificateFile],
LocalCertificatePassword = ConfigurationManager.AppSettings[ServiceProviderLocalCertificatePassword]
};
var spConfig = Utils.SerializeToJson(samlConfiguration.LocalServiceProviderConfiguration);
SamlPocTraceListener.Log("SAML", $"SamlConfigurationManager.ConfigureServiceProvider: Service Provider configuration:\r\n{spConfig}");
}