public ActionResult Logout() { SamlPocTraceListener.Log("SAML", $"SamlController.Logout: Request for SLO received."); // Logout locally. FormsAuthentication.SignOut(); SamlPocTraceListener.Log("SAML", $"SamlController.Logout: User was logged out locally."); if (SAMLServiceProvider.CanSLO()) { // Request logout at the identity provider. string partnerIdP = Session["IdentityProvider"].ToString(); SamlPocTraceListener.Log("SAML", $"SamlController.Logout: Initiating SLO with IdP {partnerIdP}."); SAMLServiceProvider.InitiateSLO(Response, null, null, partnerIdP); return(new EmptyResult()); } SamlPocTraceListener.Log("SAML", $"SamlController.Logout: Identity Provider doesn't support SLO."); return(RedirectToAction("Index", "Home")); }
public ActionResult SingleSignOn(string idpName) { SamlPocTraceListener.Log("SAML", $"SamlController.SingleSignOn: Request for SSO with IdP {idpName} received."); // To login at the service provider, initiate single sign-on to the identity provider (SP-initiated SSO). //string partnerIdP = WebConfigurationManager.AppSettings[idpName]; SAMLServiceProvider.InitiateSSO(Response, null, idpName); SamlPocTraceListener.Log("SAML", $"SamlController.SingleSignOn: SSO with IdP {idpName} initiated."); Session["IdentityProvider"] = idpName; return(new EmptyResult()); }
public ActionResult LogOff() { var authenticationType = ((ClaimsIdentity)User.Identity).FindFirstValue(nameof(AuthenticationType)); if (authenticationType == AuthenticationType.Saml.ToString()) { return(RedirectToAction("LogOff", "SAML")); } SamlPocTraceListener.Log("SAML", $"AccountController.Logout: Log out user {User.Identity.Name} locally."); AuthenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie); return(RedirectToAction("Index", "Home")); }
private ActionResult SignInUserLocally(string userName, IDictionary <string, string> attributes) { SamlPocTraceListener.Log("SAML", "SamlController.SignInUserLocally: Sign in user locally."); // Extract user email var email = SamlHelper.ExtractUserEmailFromSamlAttributes(userName, attributes); var user = _authenticationService.FindUser(UserManager, email); if (user == null) { SamlPocTraceListener.Log("SAML", $"SamlController.SignInUserLocally: Register new user: {userName} with email {email}"); // Register new user user = new ApplicationUser { UserName = userName, Email = email }; var result = UserManager.Create(user, userName); // Use fake password if (!result.Succeeded) { var errors = string.Join("\r\n", result.Errors); SamlPocTraceListener.Log( "SAML", $"SamlController.SignInUserLocally: Error while registering user: {errors}"); return(View("Error")); } } else { SamlPocTraceListener.Log("SAML", $"SamlController.SignInUserLocally: Found existing user: {userName}"); } // There might be no attributes attributes = attributes ?? new Dictionary <string, string>(); _authenticationService.Authenticate( AuthenticationType.Saml, email, password: userName, // Use fake password additionalClaims: attributes); return(null); }
public ActionResult AssertionConsumerService() { bool isInResponseTo = false; string partnerIdP = null; string authnContext = null; string userName = null; IDictionary <string, string> attributes = null; string targetUrl = null; SamlPocTraceListener.Log("SAML", "SamlController.AssertionConsumerService: Request to AssertionConsumerService received"); // Receive and process the SAML assertion contained in the SAML response. // The SAML response is received either as part of IdP-initiated or SP-initiated SSO. SAMLServiceProvider.ReceiveSSO(Request, out isInResponseTo, out partnerIdP, out authnContext, out userName, out attributes, out targetUrl); // If no target URL is provided, provide a default. if (targetUrl == null) { targetUrl = "~/"; } SamlPocTraceListener.Log("SAML", "SamlController.AssertionConsumerService: Login user automatically using the asserted identity."); // Login automatically using the asserted identity. // This example uses forms authentication. Your application can use any authentication method you choose. // There are no restrictions on the method of authentication. // Save idp name to claims. We will reuse it on logout attributes = attributes ?? new Dictionary <string, string>(); attributes[IdentityProviderClaimType] = partnerIdP; var result = SignInUserLocally(userName, attributes); if (result != null) { return(result); } // Redirect to the target URL. return(RedirectToLocal(targetUrl)); }
public ActionResult Login(string domain, string returnUrl) { SamlPocTraceListener.Log("SAML", $"SamlController.SingleSignOn: Request for SSO with IdP of domain {domain} received."); // Get appropriate IdP name var idpName = SamlIdentityProvidersRepository.GetIdentityProviderName(domain); if (idpName == null) { SamlPocTraceListener.Log("SAML", $"SamlController.SingleSignOn: IdP for domain {domain} not found."); return(View("Error")); } // To login at the service provider, initiate single sign-on to the identity provider (SP-initiated SSO). SAMLServiceProvider.InitiateSSO(Response, returnUrl, idpName); SamlPocTraceListener.Log("SAML", $"SamlController.SingleSignOn: SSO with IdP {idpName} initiated."); return(new EmptyResult()); }
public ActionResult AssertionConsumerService() { bool isInResponseTo = false; string partnerIdP = null; string authnContext = null; string userName = null; IDictionary <string, string> attributes = null; string targetUrl = null; SamlPocTraceListener.Log("SAML", "SamlController.AssertionConsumerService: Request to AssertionConsumerService received"); // Receive and process the SAML assertion contained in the SAML response. // The SAML response is received either as part of IdP-initiated or SP-initiated SSO. SAMLServiceProvider.ReceiveSSO(Request, out isInResponseTo, out partnerIdP, out authnContext, out userName, out attributes, out targetUrl); // If no target URL is provided, provide a default. if (targetUrl == null) { targetUrl = "~/"; } SamlPocTraceListener.Log("SAML", "SamlController.AssertionConsumerService: Login user automatically using the asserted identity."); // Login automatically using the asserted identity. // This example uses forms authentication. Your application can use any authentication method you choose. // There are no restrictions on the method of authentication. FormsAuthentication.SetAuthCookie(userName, false); ((ClaimsIdentity)HttpContext.User.Identity).AddClaim(new Claim(ClaimTypes.Name, userName)); // Save received attributes as claims if (attributes != null) { ((ClaimsIdentity)HttpContext.User.Identity) .AddClaims(attributes.Select(attr => new Claim(attr.Key, attr.Value))); } // Redirect to the target URL. return(RedirectToLocal(targetUrl)); }
public ActionResult LogOff() { SamlPocTraceListener.Log("SAML", $"SamlController.Logout: Request for SLO received."); string partnerIdP = ((ClaimsIdentity)User.Identity).FindFirstValue(IdentityProviderClaimType); // Logout locally. SamlPocTraceListener.Log("SAML", $"SamlController.Logout: Log out user {User.Identity.Name} locally."); AuthenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie); if (SAMLServiceProvider.CanSLO(partnerIdP)) { SamlPocTraceListener.Log("SAML", $"SamlController.Logout: Initiating SLO with IdP {partnerIdP}."); // Request logout at the identity provider. SAMLServiceProvider.InitiateSLO(Response, null, null, partnerIdP); return(new EmptyResult()); } SamlPocTraceListener.Log("SAML", $"SamlController.Logout: Identity Provider {partnerIdP} doesn't support SLO."); return(RedirectToAction("Index", "Home")); }
public ActionResult SLOService() { SamlPocTraceListener.Log("SAML", "SamlController.SLOService: Request to single logout received from Identity Provider"); // Receive the single logout request or response. // If a request is received then single logout is being initiated by the identity provider. // If a response is received then this is in response to single logout having been initiated by the service provider. bool isRequest = false; string logoutReason = null; string partnerIdP = null; string relayState = null; SAMLServiceProvider.ReceiveSLO(Request, out isRequest, out logoutReason, out partnerIdP, out relayState); if (isRequest) { SamlPocTraceListener.Log("SAML", "SamlController.SLOService: Processing IdP initiated logout"); // Logout locally. AuthenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie); SamlPocTraceListener.Log("SAML", "SamlController.SLOService: User was logged out. Respond to IdP that logout succeeded."); // Respond to the IdP-initiated SLO request indicating successful logout. SAMLServiceProvider.SendSLO(Response, null); } else { SamlPocTraceListener.Log("SAML", "SamlController.SLOService: SP-initiated SLO has completed. Redirecting to login page."); // SP-initiated SLO has completed. return(RedirectToAction("Index", "Home")); } return(new EmptyResult()); }