public async Task <SignOutValidationResult> ValidateAsync(SignOutRequestMessage message)
{
Logger.Info("Start WS-Federation signout request validation");
var result = new SignOutValidationResult();
// check realm
var realm = message.GetParameter("wtrealm");
if (String.IsNullOrWhiteSpace(realm))
{
LogError("Realm has not been provided", result);
}
result.Realm = realm;
var rp = await _relyingParties.GetByRealmAsync(realm);
if (rp == null || rp.Enabled == false)
{
LogError("Relying party not found: " + realm, result);
return(new SignOutValidationResult
{
IsError = true,
Error = "invalid_relying_party"
});
}
result.RelyingParty = rp;
LogSuccess(result);
return(result);
}
private async Task <IHttpActionResult> ProcessSignOutAsync(SignOutRequestMessage msg)
{
// in order to determine redirect url wreply and wtrealm must be non-empty
if (String.IsNullOrWhiteSpace(msg.Reply) || String.IsNullOrWhiteSpace(msg.GetParameter("wtrealm")))
{
return(RedirectToLogOut());
}
var result = await _signOutValidator.ValidateAsync(msg);
if (result.IsError)
{
Logger.Error(result.Error);
await _events.RaiseFailureWsFederationEndpointEventAsync(
WsFederationEventConstants.Operations.SignOut,
result.RelyingParty.Realm,
User as ClaimsPrincipal,
Request.RequestUri.AbsoluteUri,
result.Error);
return(BadRequest(result.Error));
}
if (await _redirectUriValidator.IsPostLogoutRedirectUriValidAsync(msg.Reply, result.RelyingParty) == false)
{
const string error = "invalid_signout_reply_uri";
Logger.Error(error);
await _events.RaiseFailureWsFederationEndpointEventAsync(
WsFederationEventConstants.Operations.SignOut,
result.RelyingParty.Realm,
User as ClaimsPrincipal,
Request.RequestUri.AbsoluteUri,
error);
return(BadRequest(error));
}
await _events.RaiseSuccessfulWsFederationEndpointEventAsync(
WsFederationEventConstants.Operations.SignOut,
result.RelyingParty.Realm,
User as ClaimsPrincipal,
Request.RequestUri.AbsoluteUri);
return(RedirectToLogOut(msg.Reply));
}
