private async Task <IActionResult> InternalLogin(SAMLRequestDto parameter, CancellationToken cancellationToken) { var nameId = string.Empty; if (User != null && User.Claims.Any()) { nameId = User.Claims.First(c => c.Type == ClaimTypes.NameIdentifier).Value; } var result = await _singleSignOnHandler.Handle(parameter, nameId, cancellationToken); if (result.IsValid) { var location = await result.RelyingParty.GetAssertionLocation(_entityDescriptorStore, Saml.Constants.Bindings.HttpRedirect, cancellationToken); var uri = new Uri(location); var redirectionUrl = MessageEncodingBuilder.EncodeHTTPBindingResponse(uri, result.Response.SerializeToXmlElement(), parameter.RelayState, _options.SigningCertificate, _options.SignatureAlg); return(Redirect(redirectionUrl)); } return(RedirectToAction("Index", "Authenticate", new { SAMLRequest = parameter.SAMLRequest, RelayState = parameter.RelayState, area = result.Amr })); }
public IActionResult Index([FromQuery] SAMLRequestDto singleSignOnParameter) { var viewModel = new LoginViewModel { Parameter = singleSignOnParameter }; return(View(viewModel)); }
public async Task <SingleSignOnResult> Handle(SAMLRequestDto parameter, string userId, CancellationToken cancellationToken) { var authnRequest = CheckParameter(parameter); var relyingParty = await CheckRelyingParty(authnRequest, cancellationToken); var authenticator = CheckAuthnContextClassRef(authnRequest); if (string.IsNullOrWhiteSpace(userId)) { return(SingleSignOnResult.Redirect(authenticator.Amr)); } var user = await _userRepository.Get(userId, cancellationToken); var validationResult = CheckNameIDPolicy(relyingParty, user, authnRequest); var response = await BuildResponse(authnRequest, relyingParty, validationResult, cancellationToken); return(SingleSignOnResult.Ok(response, relyingParty)); }
protected virtual AuthnRequestType CheckParameter(SAMLRequestDto parameter) { var authnRequest = SAMLValidator.CheckSaml <AuthnRequestType>(parameter.SAMLRequest, parameter.RelayState); if (authnRequest.Content.Issuer == null || string.IsNullOrWhiteSpace(authnRequest.Content.Issuer.Value)) { throw new SamlException(HttpStatusCode.BadRequest, Saml.Constants.StatusCodes.Requester, string.Format(Global.MissingParameter, nameof(authnRequest.Content.Issuer))); } if (!string.IsNullOrWhiteSpace(authnRequest.Content.Issuer.Format) && authnRequest.Content.Issuer.Format != Saml.Constants.NameIdentifierFormats.EntityIdentifier) { throw new SamlException(HttpStatusCode.BadRequest, Saml.Constants.StatusCodes.Requester, string.Format(Global.UnsupportNameIdFormat, nameof(authnRequest.Content.Issuer.Format))); } if (!string.IsNullOrWhiteSpace(authnRequest.Content.ProtocolBinding) && authnRequest.Content.ProtocolBinding != Saml.Constants.Bindings.HttpRedirect) { throw new SamlException(HttpStatusCode.BadRequest, Saml.Constants.StatusCodes.UnsupportedBinding, string.Format(Global.UnsupportBinding, authnRequest.Content.ProtocolBinding)); } return(authnRequest.Content); }
public Task <IActionResult> LoginPost([FromBody] SAMLRequestDto parameter, CancellationToken cancellationToken) { return(InternalLogin(parameter, cancellationToken)); }