Ejemplo n.º 1
0
        public ActionResult Logout()
        {
            SamlPocTraceListener.Log("SAML", $"SamlController.Logout: Request for SLO received.");

            // Logout locally.
            FormsAuthentication.SignOut();

            SamlPocTraceListener.Log("SAML", $"SamlController.Logout: User was logged out locally.");

            if (SAMLServiceProvider.CanSLO())
            {
                // Request logout at the identity provider.
                string partnerIdP = Session["IdentityProvider"].ToString();

                SamlPocTraceListener.Log("SAML", $"SamlController.Logout: Initiating SLO with IdP {partnerIdP}.");

                SAMLServiceProvider.InitiateSLO(Response, null, null, partnerIdP);

                return(new EmptyResult());
            }

            SamlPocTraceListener.Log("SAML", $"SamlController.Logout: Identity Provider doesn't support SLO.");

            return(RedirectToAction("Index", "Home"));
        }
Ejemplo n.º 2
0
        public ActionResult SingleSignOn(string idpName)
        {
            SamlPocTraceListener.Log("SAML", $"SamlController.SingleSignOn: Request for SSO with IdP {idpName} received.");

            // To login at the service provider, initiate single sign-on to the identity provider (SP-initiated SSO).
            //string partnerIdP = WebConfigurationManager.AppSettings[idpName];
            SAMLServiceProvider.InitiateSSO(Response, null, idpName);

            SamlPocTraceListener.Log("SAML", $"SamlController.SingleSignOn: SSO with IdP {idpName} initiated.");

            Session["IdentityProvider"] = idpName;

            return(new EmptyResult());
        }
Ejemplo n.º 3
0
        public ActionResult LogOff()
        {
            var authenticationType = ((ClaimsIdentity)User.Identity).FindFirstValue(nameof(AuthenticationType));

            if (authenticationType == AuthenticationType.Saml.ToString())
            {
                return(RedirectToAction("LogOff", "SAML"));
            }

            SamlPocTraceListener.Log("SAML", $"AccountController.Logout: Log out user {User.Identity.Name} locally.");

            AuthenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie);

            return(RedirectToAction("Index", "Home"));
        }
Ejemplo n.º 4
0
        private ActionResult SignInUserLocally(string userName, IDictionary <string, string> attributes)
        {
            SamlPocTraceListener.Log("SAML", "SamlController.SignInUserLocally: Sign in user locally.");

            // Extract user email
            var email = SamlHelper.ExtractUserEmailFromSamlAttributes(userName, attributes);
            var user  = _authenticationService.FindUser(UserManager, email);

            if (user == null)
            {
                SamlPocTraceListener.Log("SAML", $"SamlController.SignInUserLocally: Register new user: {userName} with email {email}");

                // Register new user
                user = new ApplicationUser {
                    UserName = userName, Email = email
                };
                var result = UserManager.Create(user, userName); // Use fake password

                if (!result.Succeeded)
                {
                    var errors = string.Join("\r\n", result.Errors);

                    SamlPocTraceListener.Log(
                        "SAML",
                        $"SamlController.SignInUserLocally: Error while registering user: {errors}");

                    return(View("Error"));
                }
            }
            else
            {
                SamlPocTraceListener.Log("SAML", $"SamlController.SignInUserLocally: Found existing user: {userName}");
            }

            // There might be no attributes
            attributes = attributes ?? new Dictionary <string, string>();

            _authenticationService.Authenticate(
                AuthenticationType.Saml,
                email,
                password: userName, // Use fake password
                additionalClaims: attributes);

            return(null);
        }
Ejemplo n.º 5
0
        public ActionResult AssertionConsumerService()
        {
            bool   isInResponseTo = false;
            string partnerIdP     = null;
            string authnContext   = null;
            string userName       = null;
            IDictionary <string, string> attributes = null;
            string targetUrl = null;

            SamlPocTraceListener.Log("SAML", "SamlController.AssertionConsumerService: Request to AssertionConsumerService received");

            // Receive and process the SAML assertion contained in the SAML response.
            // The SAML response is received either as part of IdP-initiated or SP-initiated SSO.
            SAMLServiceProvider.ReceiveSSO(Request, out isInResponseTo, out partnerIdP, out authnContext, out userName, out attributes, out targetUrl);

            // If no target URL is provided, provide a default.
            if (targetUrl == null)
            {
                targetUrl = "~/";
            }

            SamlPocTraceListener.Log("SAML", "SamlController.AssertionConsumerService: Login user automatically using the asserted identity.");

            // Login automatically using the asserted identity.
            // This example uses forms authentication. Your application can use any authentication method you choose.
            // There are no restrictions on the method of authentication.

            // Save idp name to claims. We will reuse it on logout
            attributes = attributes ?? new Dictionary <string, string>();
            attributes[IdentityProviderClaimType] = partnerIdP;

            var result = SignInUserLocally(userName, attributes);

            if (result != null)
            {
                return(result);
            }

            // Redirect to the target URL.
            return(RedirectToLocal(targetUrl));
        }
Ejemplo n.º 6
0
        public ActionResult Login(string domain, string returnUrl)
        {
            SamlPocTraceListener.Log("SAML", $"SamlController.SingleSignOn: Request for SSO with IdP of domain {domain} received.");

            // Get appropriate IdP name
            var idpName = SamlIdentityProvidersRepository.GetIdentityProviderName(domain);

            if (idpName == null)
            {
                SamlPocTraceListener.Log("SAML", $"SamlController.SingleSignOn: IdP for domain {domain} not found.");

                return(View("Error"));
            }

            // To login at the service provider, initiate single sign-on to the identity provider (SP-initiated SSO).
            SAMLServiceProvider.InitiateSSO(Response, returnUrl, idpName);

            SamlPocTraceListener.Log("SAML", $"SamlController.SingleSignOn: SSO with IdP {idpName} initiated.");

            return(new EmptyResult());
        }
Ejemplo n.º 7
0
        public ActionResult AssertionConsumerService()
        {
            bool   isInResponseTo = false;
            string partnerIdP     = null;
            string authnContext   = null;
            string userName       = null;
            IDictionary <string, string> attributes = null;
            string targetUrl = null;

            SamlPocTraceListener.Log("SAML", "SamlController.AssertionConsumerService: Request to AssertionConsumerService received");

            // Receive and process the SAML assertion contained in the SAML response.
            // The SAML response is received either as part of IdP-initiated or SP-initiated SSO.
            SAMLServiceProvider.ReceiveSSO(Request, out isInResponseTo, out partnerIdP, out authnContext, out userName, out attributes, out targetUrl);

            // If no target URL is provided, provide a default.
            if (targetUrl == null)
            {
                targetUrl = "~/";
            }

            SamlPocTraceListener.Log("SAML", "SamlController.AssertionConsumerService: Login user automatically using the asserted identity.");

            // Login automatically using the asserted identity.
            // This example uses forms authentication. Your application can use any authentication method you choose.
            // There are no restrictions on the method of authentication.
            FormsAuthentication.SetAuthCookie(userName, false);

            ((ClaimsIdentity)HttpContext.User.Identity).AddClaim(new Claim(ClaimTypes.Name, userName));

            // Save received attributes as claims
            if (attributes != null)
            {
                ((ClaimsIdentity)HttpContext.User.Identity)
                .AddClaims(attributes.Select(attr => new Claim(attr.Key, attr.Value)));
            }

            // Redirect to the target URL.
            return(RedirectToLocal(targetUrl));
        }
Ejemplo n.º 8
0
        public ActionResult LogOff()
        {
            SamlPocTraceListener.Log("SAML", $"SamlController.Logout: Request for SLO received.");

            string partnerIdP = ((ClaimsIdentity)User.Identity).FindFirstValue(IdentityProviderClaimType);

            // Logout locally.
            SamlPocTraceListener.Log("SAML", $"SamlController.Logout: Log out user {User.Identity.Name} locally.");
            AuthenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie);

            if (SAMLServiceProvider.CanSLO(partnerIdP))
            {
                SamlPocTraceListener.Log("SAML", $"SamlController.Logout: Initiating SLO with IdP {partnerIdP}.");

                // Request logout at the identity provider.
                SAMLServiceProvider.InitiateSLO(Response, null, null, partnerIdP);

                return(new EmptyResult());
            }

            SamlPocTraceListener.Log("SAML", $"SamlController.Logout: Identity Provider {partnerIdP} doesn't support SLO.");

            return(RedirectToAction("Index", "Home"));
        }
Ejemplo n.º 9
0
        public ActionResult SLOService()
        {
            SamlPocTraceListener.Log("SAML", "SamlController.SLOService: Request to single logout received from Identity Provider");

            // Receive the single logout request or response.
            // If a request is received then single logout is being initiated by the identity provider.
            // If a response is received then this is in response to single logout having been initiated by the service provider.
            bool   isRequest    = false;
            string logoutReason = null;
            string partnerIdP   = null;
            string relayState   = null;

            SAMLServiceProvider.ReceiveSLO(Request, out isRequest, out logoutReason, out partnerIdP, out relayState);

            if (isRequest)
            {
                SamlPocTraceListener.Log("SAML", "SamlController.SLOService: Processing IdP initiated logout");

                // Logout locally.
                AuthenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie);

                SamlPocTraceListener.Log("SAML", "SamlController.SLOService: User was logged out. Respond to IdP that logout succeeded.");

                // Respond to the IdP-initiated SLO request indicating successful logout.
                SAMLServiceProvider.SendSLO(Response, null);
            }
            else
            {
                SamlPocTraceListener.Log("SAML", "SamlController.SLOService: SP-initiated SLO has completed. Redirecting to login page.");

                // SP-initiated SLO has completed.
                return(RedirectToAction("Index", "Home"));
            }

            return(new EmptyResult());
        }