public void SimpleOTP()
{
server
.Given(
Request.Create()
.WithPath("/validate/check")
.UsingPost()
.WithBody("user=test&pass=test")
.WithHeader("Content-Type", "application/x-www-form-urlencoded; charset=utf-8")
)
.RespondWith(
Response.Create()
.WithStatusCode(200)
.WithBody("{\n" +
"\"detail\":" +
" {\n" +
"\"message\": \"matching 1 tokens\",\n" +
"\"otplen\": 6,\n" +
"\"serial\": \"PISP0001C673\",\n" +
"\"threadid\": 140536383567616,\n" +
"\"type\": \"totp\"\n" +
"},\n" +
"\"id\": 1,\n" +
"\"jsonrpc\": \"2.0\",\n" +
"\"result\": " +
"{\n" +
"\"status\": true,\n" +
"\"value\": true\n" +
"},\n" +
"\"time\": 1589276995.4397042,\n" +
"\"version\": \"privacyIDEA 3.2.1\",\n" +
"\"versionnumber\": \"3.2.1\",\n" +
"\"signature\": \"rsa_sha256_pss:AAAAAAAAAAA\"}"));
var resp = privacyIDEA.ValidateCheck("test", "test");
Assert.IsNotNull(resp);
Assert.IsTrue(resp.Value);
Assert.IsTrue(resp.Status);
Assert.AreEqual("totp", resp.Type);
Assert.AreEqual("PISP0001C673", resp.Serial);
}
/// <summary>
/// Initiates a new authentication process and returns our form to the AD FS system.
/// </summary>
/// <param name="identityClaim">Claim information from the ADFS</param>
/// <param name="request">The http request</param>
/// <param name="authContext">The context for the authentication</param>
/// <returns>new instance of IAdapterPresentationForm</returns>
public IAdapterPresentation BeginAuthentication(Claim identityClaim, HttpListenerRequest request,
IAuthenticationContext authContext)
{
Log("BeginAuthentication: identityClaim: " + identityClaim.Value);
string username, domain, upn = "";
// separates the username from the domain
string[] tmp = identityClaim.Value.Split('\\');
if (tmp.Length > 1)
{
username = tmp[1];
domain = tmp[0];
if (use_upn)
{
// get UPN from sAMAccountName
Log("Getting UPN for user:"******" and domain: " + domain + "...");
PrincipalContext ctx = new PrincipalContext(ContextType.Domain, domain);
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, username);
upn = user.UserPrincipalName;
Log("Found UPN: " + upn);
}
else
{
upn = "not used";
}
}
else
{
username = tmp[0];
upn = tmp[0];
domain = "";
}
Log("UPN value: " + upn + ", Domain value: " + domain);
// use upn or sam as loginname attribute
if (use_upn)
{
username = upn;
}
// Prepare the form
var form = new AdapterPresentationForm();
// trigger challenges with service account or empty pass if configured
PIResponse response = null;
if (privacyIDEA != null)
{
if (this.triggerChallenge)
{
response = privacyIDEA.TriggerChallenges(username, domain);
}
else if (this.sendEmptyPassword)
{
response = privacyIDEA.ValidateCheck(username, "", domain: domain);
}
}
else
{
Error("privacyIDEA not initialized!");
}
// Evaluate the response for triggered token and prepare the form accordingly
if (response != null)
{
if (response.Challenges.Count > 0)
{
form = ExtractChallengeDataToForm(response, form, authContext);
}
else if (response.Value)
{
// Success in step 1, carry this over to the second step so that step will be skipped
authContext.Data.Add("authSuccess", "1");
form.AutoSubmit = "1";
}
else
{
if (!string.IsNullOrEmpty(response.ErrorMessage))
{
Error("Error in first step: " + response.ErrorMessage);
form.ErrorMessage = response.ErrorMessage;
}
else
{
Error("Sent something in first step and got failure without message");
}
}
}
form.Mode = "otp";
authContext.Data.Add("userid", username);
authContext.Data.Add("domain", domain);
// Perform optional user enrollment
// If a challenge was triggered previously, checking if the user has a token is skipped
if (enrollmentEnabled &&
(response != null && string.IsNullOrEmpty(response.TransactionID) || (response == null)) &&
!privacyIDEA.UserHasToken(username, domain))
{
PIEnrollResponse res = privacyIDEA.TokenInit(username, domain);
if (enrollmentApps.Any())
{
form.EnrollmentApps = enrollmentApps;
}
form.EnrollmentUrl = res.TotpUrl;
form.EnrollmentImg = res.Base64TotpImage;
}
return(form);
}
