public async Task <SignOutValidationResult> ValidateAsync(SignOutRequestMessage message) { Logger.Info("Start WS-Federation signout request validation"); var result = new SignOutValidationResult(); // check realm var realm = message.GetParameter("wtrealm"); if (String.IsNullOrWhiteSpace(realm)) { LogError("Realm has not been provided", result); } result.Realm = realm; var rp = await _relyingParties.GetByRealmAsync(realm); if (rp == null || rp.Enabled == false) { LogError("Relying party not found: " + realm, result); return(new SignOutValidationResult { IsError = true, Error = "invalid_relying_party" }); } result.RelyingParty = rp; LogSuccess(result); return(result); }
private async Task <IHttpActionResult> ProcessSignOutAsync(SignOutRequestMessage msg) { // in order to determine redirect url wreply and wtrealm must be non-empty if (String.IsNullOrWhiteSpace(msg.Reply) || String.IsNullOrWhiteSpace(msg.GetParameter("wtrealm"))) { return(RedirectToLogOut()); } var result = await _signOutValidator.ValidateAsync(msg); if (result.IsError) { Logger.Error(result.Error); await _events.RaiseFailureWsFederationEndpointEventAsync( WsFederationEventConstants.Operations.SignOut, result.RelyingParty.Realm, User as ClaimsPrincipal, Request.RequestUri.AbsoluteUri, result.Error); return(BadRequest(result.Error)); } if (await _redirectUriValidator.IsPostLogoutRedirectUriValidAsync(msg.Reply, result.RelyingParty) == false) { const string error = "invalid_signout_reply_uri"; Logger.Error(error); await _events.RaiseFailureWsFederationEndpointEventAsync( WsFederationEventConstants.Operations.SignOut, result.RelyingParty.Realm, User as ClaimsPrincipal, Request.RequestUri.AbsoluteUri, error); return(BadRequest(error)); } await _events.RaiseSuccessfulWsFederationEndpointEventAsync( WsFederationEventConstants.Operations.SignOut, result.RelyingParty.Realm, User as ClaimsPrincipal, Request.RequestUri.AbsoluteUri); return(RedirectToLogOut(msg.Reply)); }