Exemple #1
0
        protected override ClaimsIdentity GetOutputClaimsIdentity(ClaimsPrincipal principal, RequestSecurityToken request, Scope scope)
        {
            if (null == principal)
            {
                throw new InvalidRequestException("The caller's principal is null.");
            }

            var userId = principal.Claims.First(claim => claim.Type == ClaimTypes.NameIdentifier).Value;
            var user   = AsyncRunner.RunNoSynchronizationContext(() => _userStore.FindByIdAsync(userId));

            if (user == null)
            {
                _userStore.CreateAsync(new T {
                    Id = userId
                });
                user = AsyncRunner.RunNoSynchronizationContext(() => _userStore.FindByIdAsync(userId));
                _userStore.AddLoginAsync(user, new UserLoginInfo(_loginProviderName, userId));
            }

            var callerIdentity       = (ClaimsIdentity)principal.Identity;
            var identity             = callerIdentity.Clone();
            var authenticationmethod = "http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod"; // this one triggers: The 'AuthenticationInstant' used to create a 'SAML11' AuthenticationStatement cannot be null. Thereforme it is removed.

            foreach (var claim in identity.Claims.Where(claim => claim.Type == authenticationmethod))
            {
                identity.RemoveClaim(claim);
            }
            var claims = AsyncRunner.RunNoSynchronizationContext(() => (_userStore.GetClaimsAsync(user)));

            identity.AddClaims(claims.Select(x => new Claim(x.Type, HttpUtility.UrlEncode(x.Value))));
            // Append default namespace to avoid ID4216: The ClaimType '...' must be of format 'namespace'/'name'.
            foreach (var claim in identity.Claims.ToList())
            {
                if (claim.Type.Contains("/"))
                {
                    continue;
                }
                identity.RemoveClaim(claim);
                identity.AddClaim(new Claim(Consts.DefaultClaimNamespace + claim.Type, claim.Value));
            }
            return(identity);
        }