public RedirectActionResult Logout([FromUri] LogoutRequestParams requestParams) { var returnUrl = requestParams?.ReturnUrl ?? $"{BaseUrl}/en/"; var errorUrl = requestParams?.ErrorUrl ?? $"{BaseUrl}/en/bad-request"; var unauthorizedUrl = requestParams?.UnauthorizedUrl ?? $"{BaseUrl}/en/unauthorized"; // AllowAnonymous so we can redirect to unauthorized instead of returning json if (!User.Identity.IsAuthenticated) { return(new RedirectActionResult($"{unauthorizedUrl}?error=IsAuthenticated")); } try { // triggers the saml2 sign out AuthenticationManager.SignOut(); // Dont clear Current.User needed for sign out GccfAuthorizationFilter.DeregisterSession(); } catch (Exception e) { Log.Logger.Error(e, ""); return(new RedirectActionResult($"{errorUrl}?error=Exception")); } // todo CookieHandler has this route hardcoded to clear cookies return(new RedirectActionResult(returnUrl)); }
private static Saml2AuthenticationOptions CreateSaml2Options() { var spOptions = CreateSpOptions(); var saml2Options = new Saml2AuthenticationOptions(false) { SPOptions = spOptions }; var idp5 = new IdentityProvider( new EntityId("http://idp5.canadacentral.cloudapp.azure.com:80/opensso"), spOptions) { MetadataLocation = HostingEnvironment.MapPath("~/App_Data/idp5-metadata.xml"), AllowUnsolicitedAuthnResponse = true }; // Key from IDP COT idp5.SigningKeys.AddConfiguredKey(new X509Certificate2( HostingEnvironment.MapPath("~/App_Data/idp5.canadacentral.cloudapp.azure.com.cer"))); var cbs = new IdentityProvider( new EntityId("https://cbs-uat-cbs.securekey.com"), spOptions) { MetadataLocation = HostingEnvironment.MapPath("~/App_Data/cbs-metadata-signed.xml") }; cbs.SigningKeys.AddConfiguredKey(GetGccfSigninCertificate()); var gckey = new IdentityProvider( new EntityId("https://te.clegc-gckey.gc.ca"), spOptions) { MetadataLocation = HostingEnvironment.MapPath("~/App_Data/gckey-metadata-signed.xml") }; gckey.SigningKeys.AddConfiguredKey(GetGccfSigninCertificate()); saml2Options.Notifications = new Saml2Notifications { GetBinding = GccfAuthorizationFilter.GetSaml2Binding() }; saml2Options.IdentityProviders.Add(idp5); saml2Options.IdentityProviders.Add(cbs); saml2Options.IdentityProviders.Add(gckey); return(saml2Options); }
public async Task <RedirectActionResult> SigninCallback([FromUri] SigninCallbackRequestParams requestParams) { /** * Could create a session in SamlOwin.Identity.ApplicationSignInManager.CreateUserIdentityAsync * and have it checked and deleted on soap logout */ var returnUrl = requestParams?.ReturnUrl ?? $"{BaseUrl}/en/"; var errorUrl = requestParams?.ErrorUrl ?? $"{BaseUrl}/en/bad-request"; var unauthorizedUrl = requestParams?.UnauthorizedUrl ?? $"{BaseUrl}/en/unauthorized"; var samlError = requestParams?.Error; if (samlError != null) { return(new RedirectActionResult($"{errorUrl}?error=SamlSignInError")); } try { // refreshing url will be null var loginInfo = await AuthenticationManager.GetExternalLoginInfoAsync(); if (loginInfo == null) { return(new RedirectActionResult($"{errorUrl}?error=ExternalLoginInfo")); } // If IsPersistent property of AuthenticationProperties is set to false, then the cookie expiration time is set to Session. var signInStatus = await _signInManager.ExternalSignInAsync(loginInfo, true); if (signInStatus != SignInStatus.Success) { return(new RedirectActionResult($"{unauthorizedUrl}?error={signInStatus:G}")); } // required for saml2 single sign out AuthenticationManager.User.AddIdentity(loginInfo.ExternalIdentity); GccfAuthorizationFilter.RegisterSession(loginInfo.ExternalIdentity); } catch (Exception e) { Log.Logger.Error(e, ""); return(new RedirectActionResult($"{errorUrl}?error=Exception")); } return(new RedirectActionResult($"{returnUrl}#SignIn")); }