public OAuthData ProcessLogin(HttpContextBase context) { if (!Enabled) { return(null); } //should have a SamlOAuthClient.oauthTokeyQuerystringKey which corresponds to the current cookie to decrypt string tokenKey = HttpContext.Current.Request[oauthTokeyQuerystringKey]; if (!string.IsNullOrEmpty(tokenKey)) { var samlTokenData = SamlTokenData.GetTokenDataFromDatabase(tokenKey); if (samlTokenData == null) { throw new ArgumentException("The SAML token was not found in the HttpContext.Current.Request, or could not be extracted. Please ensure cookies are enabled and try again"); } //Store our token key so we can retrieve it later to raise the SamlUserCreated and SamlAuthenticated events and delete it var afterAuthenticatedCookie = new HttpCookie(clientType, tokenKey) { HttpOnly = true, Expires = DateTime.Now.AddHours(8) }; CookieHelper.AddCookie(afterAuthenticatedCookie); //this object is stored in temporary storage by the oauth handler, its guid is placed into the return url into the "TOKEN" placeholder. //the expectation of this processing is the return url at this time is to the login page, and that any login based return url should be double encoded return(samlTokenData.GetOAuthData()); } //if this is not a sign-in response, we should probably redirect to login.aspx throw new ArgumentException("The SAML token was not found in the HttpContext.Current.Request, please check the configuration and try again"); }
private Dictionary <string, string> GetSamlTokenProfileData(SamlTokenData samlTokenData) { var extractedProfileData = new Dictionary <string, string>(); foreach (var claim in samlTokenData.Attributes) { try { var key = string.Concat(ProfileFieldPrefix, Regex.Replace(claim.ClaimType, @"[^\w\-]", string.Empty)).ToLower(); if (!extractedProfileData.ContainsKey(key)) { extractedProfileData.Add(key, claim.Value); } else { extractedProfileData[key] = extractedProfileData[key] + "," + claim.Value; } } catch (Exception ex) { _eventLogApi.Write("ProfileAttributeManager Error GetSamlTokenProfileData: " + ex.Message + " : " + ex.StackTrace, new EventLogEntryWriteOptions() { Category = "SAML", EventId = 1, EventType = "Error" }); } } return(extractedProfileData); }
private void Events_AfterUserCreate(UserAfterCreateEventArgs e) { var afterCreatedCookie = CookieHelper.GetCookie(SamlCookieName); if (afterCreatedCookie == null) { return; } var samlTokenData = SamlTokenData.GetTokenDataFromDatabase(afterCreatedCookie.Value); if (samlTokenData == null) { return; } //destroy secure cookie for new user if cookie is still present CookieHelper.DeleteCookie(afterCreatedCookie.Value); //also cleanup our afterCreatedCookie CookieHelper.DeleteCookie(afterCreatedCookie.Name); //update the samlTokenData now that we know the user ID and cleanup the cookie used by the login samlTokenData.UserId = e.Id.Value; //Update the cookie SAMLToken Data to have the UserId now that its an existing user to fire the after authenticated events (which also removes the cookie) var tokenKey = samlTokenData.SaveTokenDataToDatabase(); var afterAuthenticatedCookie = new HttpCookie(clientType, tokenKey) { Expires = DateTime.Now.AddHours(8), HttpOnly = true }; CookieHelper.AddCookie(afterAuthenticatedCookie); if (PersistClaims) { SqlData.SaveSamlToken(samlTokenData); } var apiUser = _usersApi.Get(new UsersGetOptions() { Id = e.Id.Value }); //raise new SamlUserCreated Event try { SamlEvents.Instance.OnAfterUserCreate(apiUser, samlTokenData); } catch (Exception ex) { _eventLogApi.Write("SamlOAuthClient Error OnAfterUserCreate: " + ex.Message + " : " + ex.StackTrace, new EventLogEntryWriteOptions() { Category = "SAML", EventId = 1, EventType = "Error" }); } }
private void ManageUserRoles(User user, SamlTokenData samlTokenData) { var usersSamlTokenRoles = GetSamlTokenRoles(samlTokenData); Apis.Get <IUsers>().RunAsUser("admin", () => { CreateMissingRoles(usersSamlTokenRoles); AddRemoveUserFromManagedRoles(user, usersSamlTokenRoles); }); }
public SamlTokenData GenerateDisplayName(SamlTokenData samlTokenData) { if (samlTokenData == null) { return(null); } if (!string.IsNullOrWhiteSpace(samlTokenData.CommonName) && !Override) { return(samlTokenData); } var displayName = string.Empty; if (DisplayNameAttribute.Contains("}")) { var displayNameParts = DisplayNameAttribute.Split('{', '}'); bool foundAttribute = false; string templatedDisplayName = string.Empty; foreach (var displayNamePart in displayNameParts) { if (DisplayNameAttribute.Contains(string.Concat("{", displayNamePart, "}"))) { var attribute = samlTokenData.GetAttribute(displayNamePart); if (!string.IsNullOrEmpty(attribute)) { foundAttribute = true; templatedDisplayName = templatedDisplayName + attribute; } } else { templatedDisplayName = templatedDisplayName + displayNamePart; } } if (foundAttribute) //only use this display name if we managed to find at least one saml attribute { displayName = templatedDisplayName; } } else { displayName = samlTokenData.GetAttribute(DisplayNameAttribute); } if (!string.IsNullOrEmpty(displayName)) { samlTokenData.CommonName = displayName; } return(samlTokenData); }
public void OnAfterUserCreate(PublicEntity user, SamlTokenData samlTokenData) { SamlAfterUserCreateEventArgs args = null; Execute <SamlAfterUserCreateEventHandler>(AfterAuthenticateEvent, h => { if (args == null) { args = new SamlAfterUserCreateEventArgs(user, samlTokenData); } h(args); }, false); }
private List <String> GetSamlTokenRoles(SamlTokenData samlTokenData) { var samlUserRoles = new List <string>(); foreach (var roleName in samlTokenData.GetAttributes(RoleClaim)) { var samlRoleName = RoleNamePrefix + Regex.Replace(roleName, @"[^\w\-]", string.Empty); if (!samlUserRoles.Contains(samlRoleName)) { samlUserRoles.Add(samlRoleName); } } return(samlUserRoles); }
private void ManageUserProfileFields(User user, SamlTokenData samlTokenData) { _usersApi.RunAsUser("admin", () => { var usersSamlTokenProfileData = GetSamlTokenProfileData(samlTokenData); CreateMissingProfileFields(usersSamlTokenProfileData.Keys); var updatedProfileFields = UpdatedProfileFields(usersSamlTokenProfileData, ConvertTitlesToNames(user.ProfileFields)); if (updatedProfileFields != null) { UpdateProfileFields(user.Id.Value, updatedProfileFields); } }); }
public static void SaveSamlToken(SamlTokenData samlTokenData) { if (!samlTokenData.IsExistingUser()) { throw new InvalidOperationException("The User Id must be greater than zero."); } if (GetSamlTokenStoreData(samlTokenData.UserId) == null) { InsertSamlToken(samlTokenData); } else { UpdateSamlToken(samlTokenData); } }
private void ManageUser(User user, SamlTokenData samlTokenData) { _usersApi.RunAsUser("admin", () => { if (user.PrivateEmail.ToLower() != samlTokenData.Email.ToLower()) { try { _usersApi.Update(new UsersUpdateOptions { PrivateEmail = samlTokenData.Email, Id = user.Id }); } catch (Exception ex) { _eventLogApi.Write("UserEmailManager Error ManageUser: "******" : " + ex.StackTrace, new EventLogEntryWriteOptions() { Category = "SAML", EventId = 1, EventType = "Error" }); } } }); }
internal SamlAfterUserCreateEventArgs(PublicEntity user, SamlTokenData samlTokenData) { User = user; SamlTokenData = samlTokenData; }
void Events_AfterIdentify(UserAfterIdentifyEventArgs e) { var context = HttpContext.Current; if (context == null) { return; } if (context.Request == null) { return; } if (!context.Request.IsAuthenticated) { return; } //filter some requests basic non UI requests if (context.Request.RawUrl.ToLower().StartsWith("/socket.ashx")) { return; } if (context.Request.RawUrl.ToLower().StartsWith("/webresource.axd")) { return; } if (context.Request.RawUrl.ToLower().StartsWith("/api.ashx")) { return; } if (context.Request.RawUrl.ToLower().StartsWith("/utility/")) { return; } if (context.Request.RawUrl.ToLower().StartsWith("/cfs-filesystemfile/")) { return; } if (context.Request.RawUrl.ToLower().StartsWith("/dynamic-style")) { return; } if (context.Request.RawUrl.ToLower().StartsWith("/favicon.ico")) { return; } if (context.Request.RawUrl.ToLower().EndsWith(".css")) { return; } //check to see if our Oauth ProcessLogin() cookie exists try { var afterAuthenticatedCookie = CookieHelper.GetCookie(clientType); if (afterAuthenticatedCookie == null) { return; } var samlTokenData = SamlTokenData.GetTokenDataFromDatabase(afterAuthenticatedCookie.Value); if (samlTokenData == null) { return; } if (!samlTokenData.IsExistingUser()) { return; } if (samlTokenData.UserId != e.Id.Value) { return; //check to see that the logged in user and ProcessLogin() user have the same ID; } if (Guid.TryParse(afterAuthenticatedCookie.Value, out var tokenKey)) { SamlTokenData.DeleteTokenDataFromDatabase(afterAuthenticatedCookie.Value); } CookieHelper.DeleteCookie(afterAuthenticatedCookie.Value); CookieHelper.DeleteCookie(afterAuthenticatedCookie.Name); //Get the API user and the last SAML token to keep things API friendly var apiUser = _usersApi.Get(new UsersGetOptions() { Id = e.Id.Value }); SamlEvents.Instance.OnAfterAuthenticate(apiUser, samlTokenData); } catch (Exception ex) { _eventLogApi.Write("SamlOAuthClient Error OnAfterAuthenticate: " + ex.Message + " : " + ex.StackTrace, new EventLogEntryWriteOptions() { Category = "SAML", EventId = 1, EventType = "Error" }); } }
private static void UpdateSamlToken(SamlTokenData oAuthData) { var oAuthDataXml = SamlHelpers.ConvertToString(oAuthData); UpdateSamlToken(oAuthData.UserId, oAuthDataXml, oAuthData.ResponseDate, oAuthData.Email, oAuthData.NameId); }
internal SamlBeforeAuthenticateEventArgs(PublicEntity user, SamlTokenData samlTokenData) { User = user; SamlTokenData = samlTokenData; }