private async Task <bool> HandleSignOut()
        {
            if (!Request.Path.Value.EndsWith(Options.SingleLogoutServiceUrl, StringComparison.OrdinalIgnoreCase))
            {
                return(false);
            }

            _logger.LogDebug($"Entering {nameof(HandleSignOut)}");

            if (!_httpRedirectBinding.IsValid(Context.Request))
            {
                return(false);
            }

            var uri = new Uri(Context.Request.GetEncodedUrl());

            if (_httpRedirectBinding.IsLogoutRequest(Context.Request)
                ) //idp initiated logout. TODO: BUG:Context.User and cookies are not populated
            {
                var logoutReponse = _samlService.GetLogoutReponse(uri);
                if (logoutReponse.StatusCode != Saml2Constants.StatusCodes.Success ||
                    Context.User.Identity.IsAuthenticated)
                {
                    return(false);
                }

                var relayState = _httpRedirectBinding.GetCompressedRelayState(Context.Request);
                var url        = _samlService.GetLogoutResponseUrl(logoutReponse, relayState);
                await Context.SignOutAsync(Options.SignOutScheme, new AuthenticationProperties());

                Context.Response.Redirect(url, true);
                return(true);
            }

            //sp initiated logout
            var response = _httpRedirectBinding.GetResponse(Context.Request);
            var authenticationProperties =
                Options.StateDataFormat.Unprotect(response.RelayState) ?? new AuthenticationProperties();

            var initialLogoutRequestId = GetRequestId();

            if (!_samlService.IsLogoutResponseValid(uri, initialLogoutRequestId))
            {
                return(false);
            }

            await Context.SignOutAsync(Options.SignOutScheme, authenticationProperties);

            var cookieOptions = Options.RequestIdCookie.Build(Context, Clock.UtcNow);

            Context.Response.DeleteAllRequestIdCookies(Context.Request, cookieOptions);

            var redirectUrl = GetRedirectUrl(authenticationProperties);

            _logger.LogDebug(
                $"Method={nameof(HandleSignOut)}. Received and handled sp initiated logout response. Redirecting to {redirectUrl}");

            Context.Response.Redirect(redirectUrl, true);
            return(true);
        }
Example #2
0
        private async Task <bool> HandleSignIn()
        {
            if (!Request.Path.Value.EndsWith(Options.AssertionConsumerServiceUrl, StringComparison.OrdinalIgnoreCase) ||
                !_httpRedirectBinding.IsValid(Context.Request))
            {
                return(false);
            }

            _logger.LogDebug($"Entering {nameof(HandleSignIn)}");

            var properties = await _sessionStore.LoadAsync <AuthenticationProperties>() ?? new AuthenticationProperties();

            properties.Items.TryGetValue(AuthnRequestIdKey, out var initialAuthnRequestId);

            var result = _httpRedirectBinding.GetResponse(Context.Request);
            var base64EncodedSamlResponse = result.Response;
            var assertion = _samlService.HandleHttpRedirectResponse(base64EncodedSamlResponse, initialAuthnRequestId);

            await SignIn(assertion, properties);

            await _sessionStore.RemoveAsync <AuthenticationProperties>();

            var redirectUrl = GetRedirectUrl(properties);

            _logger.LogDebug(
                $"Method={nameof(HandleSignIn)}. Received and handled SSO redirect response. Redirecting to {redirectUrl}");

            Context.Response.Redirect(redirectUrl, true);
            return(true);
        }
Example #3
0
        public Task <Saml2Assertion> ReceiveHttpRedirectAuthnResponseAsync(string initialRequestId)
        {
            var result = _httpRedirectBinding.GetResponse();
            var samlResponseDocument = _xmlProvider.GetDecodedSamlResponse(result);
            var response             = samlResponseDocument.DocumentElement;
            var isValid = _validator.Validate(response, initialRequestId);

            if (isValid)
            {
                return(Task.FromResult(_validator.GetValidatedAssertion(response)));
            }

            throw new InvalidOperationException("The received samlAssertion is invalid");
        }