protected override void OnLoad(EventArgs e)
{
string action = this.Request.QueryString[WSFederationConstants.Parameters.Action];
if (action == WSFederationConstants.Actions.SignOut || action == WSFederationConstants.Actions.SignOutCleanup)
{
// Process signout request.
SimulatedWindowsAuthenticationOperations.LogOutUser(this.Request, this.Response);
WSFederationMessage requestMessage = WSFederationMessage.CreateFromUri(this.Request.Url);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignOutRequest(requestMessage, this.User, null, this.Response);
this.ActionExplanationLabel.Text = @"Sign out from the issuer has been requested.";
this.SignOutRelyingParties();
SingleSignOnManager.Clear();
}
else
{
throw new InvalidOperationException(
String.Format(
CultureInfo.InvariantCulture,
"The action '{0}' (Request.QueryString['{1}']) is unexpected. Expected actions are: '{2}' or '{3}'.",
String.IsNullOrEmpty(action) ? "<EMPTY>" : action,
WSFederationConstants.Parameters.Action,
WSFederationConstants.Actions.SignIn,
WSFederationConstants.Actions.SignOut));
}
base.OnLoad(e);
}
private void SignOutRelyingParties()
{
var signedInUrls = SingleSignOnManager.SignOutRelyingParties();
if (signedInUrls.Length > 0)
{
this.RelyingPartyLabel.Visible = true;
foreach (string url in signedInUrls)
{
this.RelyingPartySignOutLinks.Controls.Add(
new LiteralControl(string.Format("<p><a href='{0}'>{0}</a> <img src='{0}?wa=wsignoutcleanup1.0' title='Signout request: {0}?wa=wsignoutcleanup1.0'/></p>", url)));
}
}
}
protected override IClaimsIdentity GetOutputClaimsIdentity(IClaimsPrincipal principal, RequestSecurityToken request, Scope scope)
{
var outputIdentity = new ClaimsIdentity();
if (null == principal)
{
throw new InvalidRequestException("The caller's principal is null.");
}
SingleSignOnManager.RegisterRelyingParty(scope.ReplyToAddress);
// In a production environment, all the information that will be added
// as claims should be read from the authenticated Windows Principal.
// The following lines are hardcoded because windows integrated
// authentication is disabled.
switch (principal.Identity.Name.ToUpperInvariant())
{
case "ADATUM\\JOHNDOE":
outputIdentity.Claims.AddRange(new List <Claim>
{
new Claim(ClaimTypes.Name, "johndoe"),
new Claim(ClaimTypes.GivenName, "John"),
new Claim(ClaimTypes.Surname, "Doe"),
new Claim(ClaimTypes.StreetAddress, "12 Green park Ln."),
new Claim(ClaimTypes.StateOrProvince, "WA"),
new Claim(ClaimTypes.Country, "United States"),
new Claim(Adatum.ClaimTypes.CostCenter, Adatum.CostCenters.CustomerService),
new Claim(Microsoft.IdentityModel.Claims.ClaimTypes.Role, Adatum.Roles.OrderTracker),
new Claim(AllOrganizations.ClaimTypes.Group, Adatum.Groups.CustomerService)
});
break;
case "ADATUM\\MARY":
outputIdentity.Claims.AddRange(new List <Claim>
{
new Claim(ClaimTypes.Name, "mary"),
new Claim(ClaimTypes.GivenName, "Mary"),
new Claim(ClaimTypes.Surname, "May"),
new Claim(ClaimTypes.StreetAddress, "164 Big Lake Av."),
new Claim(ClaimTypes.StateOrProvince, "WA"),
new Claim(ClaimTypes.Country, "United States"),
new Claim(Adatum.ClaimTypes.CostCenter, Adatum.CostCenters.Accountancy),
new Claim(Microsoft.IdentityModel.Claims.ClaimTypes.Role, Adatum.Roles.OrderTracker),
new Claim(Microsoft.IdentityModel.Claims.ClaimTypes.Role, Adatum.Roles.OrderApprover),
new Claim(AllOrganizations.ClaimTypes.Group, Adatum.Groups.CustomerService)
});
break;
case "ADATUM\\PETER":
outputIdentity.Claims.AddRange(new List <Claim>
{
new Claim(ClaimTypes.Name, "peter"),
new Claim(ClaimTypes.GivenName, "Peter"),
new Claim(ClaimTypes.Surname, "Porter"),
new Claim(ClaimTypes.StreetAddress, "45 Top hill Rd."),
new Claim(ClaimTypes.StateOrProvince, "WA"),
new Claim(ClaimTypes.Country, "United States"),
new Claim(Adatum.ClaimTypes.CostCenter, Adatum.CostCenters.CustomerService),
new Claim(Microsoft.IdentityModel.Claims.ClaimTypes.Role, Adatum.Roles.OrderTracker),
new Claim(AllOrganizations.ClaimTypes.Group, Adatum.Groups.OrderFulfillments),
new Claim(AllOrganizations.ClaimTypes.Group, Adatum.Groups.ItAdmins),
});
break;
}
outputIdentity.Claims.Add(new Claim(Adatum.ClaimTypes.Organization, Adatum.OrganizationName));
return(outputIdentity);
}
