private HttpResponseMessage ProcessJwtRequest(TokenRequest request)
{
if (string.IsNullOrEmpty(request.Assertion))
{
Tracing.Error("ADFS integration authentication request (JWT) with empty assertion");
return(OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidGrant));
}
Tracing.Information("Starting ADFS integration authentication request (JWT) for scope: " + request.Scope);
var bridge = new AdfsBridge(ConfigurationRepository);
GenericXmlSecurityToken token;
try
{
Tracing.Verbose("Starting ADFS integration authentication request (JWT) for assertion: " + request.Assertion);
token = bridge.AuthenticateJwt(request.Assertion, request.Scope);
}
catch (Exception ex)
{
Tracing.Error("Error while communicating with ADFS: " + ex.ToString());
return(OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidRequest));
}
var response = CreateTokenResponse(token, request.Scope);
Tracing.Verbose("ADFS integration JWT authentication successful");
return(response);
}
private HttpResponseMessage ProcessUserNameRequest(TokenRequest request)
{
if (string.IsNullOrEmpty(request.UserName) ||
string.IsNullOrEmpty(request.Password))
{
Tracing.Error("ADFS integration username authentication request with empty username or password");
return(OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidGrant));
}
Tracing.Information("Starting ADFS integration username authentication request for scope: " + request.Scope);
var bridge = new AdfsBridge(ConfigurationRepository);
GenericXmlSecurityToken token;
try
{
Tracing.Verbose("ADFS integration username authentication request for user: "******"Error while communicating with ADFS: " + ex.ToString());
return(OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidRequest));
}
var response = CreateTokenResponse(token, request.Scope);
Tracing.Verbose("ADFS integration username authentication request successful");
return(response);
}
private HttpResponseMessage CreateTokenResponse(GenericXmlSecurityToken token, string scope)
{
var response = new TokenResponse();
if (ConfigurationRepository.AdfsIntegration.PassThruAuthenticationToken)
{
response.AccessToken = token.TokenXml.OuterXml;
response.ExpiresIn = (int)(token.ValidTo.Subtract(DateTime.UtcNow).TotalSeconds);
}
else
{
var bridge = new AdfsBridge(ConfigurationRepository);
if (ConfigurationRepository.Keys.DecryptionCertificate != null)
{
var configuration = new SecurityTokenHandlerConfiguration
{
AudienceRestriction = { AudienceMode = AudienceUriMode.Never },
CertificateValidationMode = X509CertificateValidationMode.None,
RevocationMode = X509RevocationMode.NoCheck,
CertificateValidator = X509CertificateValidator.None,
ServiceTokenResolver = SecurityTokenResolver.CreateDefaultSecurityTokenResolver(
new ReadOnlyCollection <SecurityToken>(new SecurityToken[] { new X509SecurityToken(ConfigurationRepository.Keys.DecryptionCertificate) }), false)
};
var handler = SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection(configuration);
response = bridge.ConvertSamlToJwt(token.ToSecurityToken(handler), scope);
}
else
{
response = bridge.ConvertSamlToJwt(token.ToSecurityToken(), scope);
}
}
return(Request.CreateResponse <TokenResponse>(HttpStatusCode.OK, response));
}
private HttpResponseMessage ProcessJwtRequest(TokenRequest request)
{
if (string.IsNullOrEmpty(request.Assertion))
{
Tracing.Error("ADFS integration authentication request (JWT) with empty assertion");
return OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidGrant);
}
Tracing.Information("Starting ADFS integration authentication request (JWT) for scope: " + request.Scope);
var bridge = new AdfsBridge(ConfigurationRepository);
GenericXmlSecurityToken token;
try
{
Tracing.Verbose("Starting ADFS integration authentication request (JWT) for assertion: " + request.Assertion);
token = bridge.AuthenticateJwt(request.Assertion, request.Scope);
}
catch (Exception ex)
{
Tracing.Error("Error while communicating with ADFS: " + ex.ToString());
return OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidRequest);
}
var response = CreateTokenResponse(token, request.Scope);
Tracing.Verbose("ADFS integration JWT authentication successful");
return response;
}
private HttpResponseMessage CreateTokenResponse(GenericXmlSecurityToken token, string scope)
{
var response = new TokenResponse();
if (ConfigurationRepository.AdfsIntegration.PassThruAuthenticationToken)
{
response.AccessToken = token.TokenXml.OuterXml;
response.ExpiresIn = (int)(token.ValidTo.Subtract(DateTime.UtcNow).TotalSeconds);
}
else
{
var bridge = new AdfsBridge(ConfigurationRepository);
response = bridge.ConvertSamlToJwt(token.ToSecurityToken(), scope);
}
return(Request.CreateResponse <TokenResponse>(HttpStatusCode.OK, response));
}
private HttpResponseMessage ProcessSamlRequest(TokenRequest request)
{
if (string.IsNullOrEmpty(request.Assertion))
{
Tracing.Error("ADFS integration SAML authentication request with empty assertion");
return(OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidGrant));
}
// un-base64 saml token string
string incomingSamlToken;
try
{
incomingSamlToken = Encoding.UTF8.GetString(Convert.FromBase64String(request.Assertion));
}
catch
{
Tracing.Error("ADFS integration SAML authentication request with malformed SAML assertion: " + request.Assertion);
return(OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidGrant));
}
Tracing.Information("Starting ADFS integration SAML authentication request for scope: " + request.Scope);
var bridge = new AdfsBridge(ConfigurationRepository);
GenericXmlSecurityToken token;
try
{
Tracing.Verbose("ADFS integration SAML authentication request for assertion: " + request.Assertion);
token = bridge.AuthenticateSaml(incomingSamlToken, request.Scope);
}
catch (Exception ex)
{
Tracing.Error("Error while communicating with ADFS: " + ex.ToString());
return(OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidRequest));
}
var response = CreateTokenResponse(token, request.Scope);
Tracing.Verbose("ADFS integration SAML authentication request successful");
return(response);
}
private HttpResponseMessage CreateTokenResponse(GenericXmlSecurityToken token, string scope)
{
var response = new TokenResponse();
if (ConfigurationRepository.AdfsIntegration.PassThruAuthenticationToken)
{
response.AccessToken = token.TokenXml.OuterXml;
response.ExpiresIn = (int)(token.ValidTo.Subtract(DateTime.UtcNow).TotalSeconds);
}
else
{
var bridge = new AdfsBridge(ConfigurationRepository);
response = bridge.ConvertSamlToJwt(token.ToSecurityToken(), scope);
}
return Request.CreateResponse<TokenResponse>(HttpStatusCode.OK, response);
}
private HttpResponseMessage ProcessUserNameRequest(TokenRequest request)
{
if (string.IsNullOrEmpty(request.UserName) ||
string.IsNullOrEmpty(request.Password))
{
Tracing.Error("ADFS integration username authentication request with empty username or password");
return OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidGrant);
}
Tracing.Information("Starting ADFS integration username authentication request for scope: " + request.Scope);
var bridge = new AdfsBridge(ConfigurationRepository);
GenericXmlSecurityToken token;
try
{
Tracing.Verbose("ADFS integration username authentication request for user: "******"Error while communicating with ADFS: " + ex.ToString());
return OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidRequest);
}
var response = CreateTokenResponse(token, request.Scope);
Tracing.Verbose("ADFS integration username authentication request successful");
return response;
}
private HttpResponseMessage ProcessSamlRequest(TokenRequest request)
{
if (string.IsNullOrEmpty(request.Assertion))
{
Tracing.Error("ADFS integration SAML authentication request with empty assertion");
return OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidGrant);
}
// un-base64 saml token string
string incomingSamlToken;
try
{
incomingSamlToken = Encoding.UTF8.GetString(Convert.FromBase64String(request.Assertion));
}
catch
{
Tracing.Error("ADFS integration SAML authentication request with malformed SAML assertion: " + request.Assertion);
return OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidGrant);
}
Tracing.Information("Starting ADFS integration SAML authentication request for scope: " + request.Scope);
var bridge = new AdfsBridge(ConfigurationRepository);
GenericXmlSecurityToken token;
try
{
Tracing.Verbose("ADFS integration SAML authentication request for assertion: " + request.Assertion);
token = bridge.AuthenticateSaml(incomingSamlToken, request.Scope);
}
catch (Exception ex)
{
Tracing.Error("Error while communicating with ADFS: " + ex.ToString());
return OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidRequest);
}
var response = CreateTokenResponse(token, request.Scope);
Tracing.Verbose("ADFS integration SAML authentication request successful");
return response;
}
private HttpResponseMessage CreateTokenResponse(GenericXmlSecurityToken token, string scope)
{
var response = new TokenResponse();
if (ConfigurationRepository.AdfsIntegration.PassThruAuthenticationToken)
{
response.AccessToken = token.TokenXml.OuterXml;
response.ExpiresIn = (int)(token.ValidTo.Subtract(DateTime.UtcNow).TotalSeconds);
}
else
{
var bridge = new AdfsBridge(ConfigurationRepository);
if (ConfigurationRepository.Keys.DecryptionCertificate != null)
{
var configuration = new SecurityTokenHandlerConfiguration
{
AudienceRestriction = { AudienceMode = AudienceUriMode.Never },
CertificateValidationMode = X509CertificateValidationMode.None,
RevocationMode = X509RevocationMode.NoCheck,
CertificateValidator = X509CertificateValidator.None,
ServiceTokenResolver = SecurityTokenResolver.CreateDefaultSecurityTokenResolver(
new ReadOnlyCollection<SecurityToken>(new SecurityToken[] { new X509SecurityToken(ConfigurationRepository.Keys.DecryptionCertificate) }), false)
};
var handler = SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection(configuration);
response = bridge.ConvertSamlToJwt(token.ToSecurityToken(handler), scope);
}
else
{
response = bridge.ConvertSamlToJwt(token.ToSecurityToken(), scope);
}
}
return Request.CreateResponse<TokenResponse>(HttpStatusCode.OK, response);
}
