private async Task <IActionResult> InternalLogin(SAMLRequestDto parameter, CancellationToken cancellationToken)
{
var nameId = string.Empty;
if (User != null && User.Claims.Any())
{
nameId = User.Claims.First(c => c.Type == ClaimTypes.NameIdentifier).Value;
}
var result = await _singleSignOnHandler.Handle(parameter, nameId, cancellationToken);
if (result.IsValid)
{
var location = await result.RelyingParty.GetAssertionLocation(_entityDescriptorStore, Saml.Constants.Bindings.HttpRedirect, cancellationToken);
var uri = new Uri(location);
var redirectionUrl = MessageEncodingBuilder.EncodeHTTPBindingResponse(uri, result.Response.SerializeToXmlElement(), parameter.RelayState, _options.SigningCertificate, _options.SignatureAlg);
return(Redirect(redirectionUrl));
}
return(RedirectToAction("Index", "Authenticate", new
{
SAMLRequest = parameter.SAMLRequest,
RelayState = parameter.RelayState,
area = result.Amr
}));
}
public IActionResult Index([FromQuery] SAMLRequestDto singleSignOnParameter)
{
var viewModel = new LoginViewModel {
Parameter = singleSignOnParameter
};
return(View(viewModel));
}
public async Task <SingleSignOnResult> Handle(SAMLRequestDto parameter, string userId, CancellationToken cancellationToken)
{
var authnRequest = CheckParameter(parameter);
var relyingParty = await CheckRelyingParty(authnRequest, cancellationToken);
var authenticator = CheckAuthnContextClassRef(authnRequest);
if (string.IsNullOrWhiteSpace(userId))
{
return(SingleSignOnResult.Redirect(authenticator.Amr));
}
var user = await _userRepository.Get(userId, cancellationToken);
var validationResult = CheckNameIDPolicy(relyingParty, user, authnRequest);
var response = await BuildResponse(authnRequest, relyingParty, validationResult, cancellationToken);
return(SingleSignOnResult.Ok(response, relyingParty));
}
protected virtual AuthnRequestType CheckParameter(SAMLRequestDto parameter)
{
var authnRequest = SAMLValidator.CheckSaml <AuthnRequestType>(parameter.SAMLRequest, parameter.RelayState);
if (authnRequest.Content.Issuer == null || string.IsNullOrWhiteSpace(authnRequest.Content.Issuer.Value))
{
throw new SamlException(HttpStatusCode.BadRequest, Saml.Constants.StatusCodes.Requester, string.Format(Global.MissingParameter, nameof(authnRequest.Content.Issuer)));
}
if (!string.IsNullOrWhiteSpace(authnRequest.Content.Issuer.Format) && authnRequest.Content.Issuer.Format != Saml.Constants.NameIdentifierFormats.EntityIdentifier)
{
throw new SamlException(HttpStatusCode.BadRequest, Saml.Constants.StatusCodes.Requester, string.Format(Global.UnsupportNameIdFormat, nameof(authnRequest.Content.Issuer.Format)));
}
if (!string.IsNullOrWhiteSpace(authnRequest.Content.ProtocolBinding) && authnRequest.Content.ProtocolBinding != Saml.Constants.Bindings.HttpRedirect)
{
throw new SamlException(HttpStatusCode.BadRequest, Saml.Constants.StatusCodes.UnsupportedBinding, string.Format(Global.UnsupportBinding, authnRequest.Content.ProtocolBinding));
}
return(authnRequest.Content);
}
public Task <IActionResult> LoginPost([FromBody] SAMLRequestDto parameter, CancellationToken cancellationToken)
{
return(InternalLogin(parameter, cancellationToken));
}
