private async Task <IActionResult> LogoutRequestAsync <T>(SamlDownParty party, Saml2Binding <T> binding)
{
var samlConfig = saml2ConfigurationLogic.GetSamlDownConfig(party);
var saml2LogoutRequest = new Saml2LogoutRequest(samlConfig);
binding.ReadSamlRequest(HttpContext.Request.ToGenericHttpRequest(), saml2LogoutRequest);
logger.ScopeTrace($"SAML Logout request '{saml2LogoutRequest.XmlDocument.OuterXml}'.");
try
{
ValidateLogoutRequest(party, saml2LogoutRequest);
binding.Unbind(HttpContext.Request.ToGenericHttpRequest(), saml2LogoutRequest);
logger.ScopeTrace("Down, SAML Logout request accepted.", triggerEvent: true);
await sequenceLogic.SaveSequenceDataAsync(new SamlDownSequenceData
{
Id = saml2LogoutRequest.Id.Value,
RelayState = binding.RelayState,
ResponseUrl = party.LoggedOutUrl,
});
await formActionLogic.CreateFormActionByUrlAsync(party.LoggedOutUrl);
var type = RouteBinding.ToUpParties.First().Type;
logger.ScopeTrace($"Request, Up type '{type}'.");
switch (type)
{
case PartyTypes.Login:
return(await serviceProvider.GetService <LogoutUpLogic>().LogoutRedirect(RouteBinding.ToUpParties.First(), new LogoutRequest
{
DownParty = party,
SessionId = saml2LogoutRequest.SessionIndex,
RequireLogoutConsent = false,
PostLogoutRedirect = true,
}));
case PartyTypes.OAuth2:
throw new NotImplementedException();
case PartyTypes.Oidc:
throw new NotImplementedException();
case PartyTypes.Saml2:
return(await serviceProvider.GetService <SamlLogoutUpLogic>().LogoutAsync(RouteBinding.ToUpParties.First(), GetSamlUpLogoutRequest(saml2LogoutRequest, party)));
default:
throw new NotSupportedException($"Party type '{type}' not supported.");
}
}
catch (SamlRequestException ex)
{
logger.Error(ex);
return(await LogoutResponseAsync(party.Id, samlConfig, saml2LogoutRequest.Id.Value, binding.RelayState, saml2LogoutRequest.Destination?.OriginalString, party.AuthnBinding.ResponseBinding, ex.Status));
}
}
private async Task <IActionResult> AuthnRequestAsync <T>(SamlDownParty party, Saml2Binding <T> binding)
{
var samlConfig = saml2ConfigurationLogic.GetSamlDownConfig(party);
var request = HttpContext.Request;
var saml2AuthnRequest = new Saml2AuthnRequest(samlConfig);
binding.ReadSamlRequest(request.ToGenericHttpRequest(), saml2AuthnRequest);
logger.ScopeTrace($"SAML Authn request '{saml2AuthnRequest.XmlDocument.OuterXml}'.");
try
{
ValidateAuthnRequest(party, saml2AuthnRequest);
binding.Unbind(request.ToGenericHttpRequest(), saml2AuthnRequest);
logger.ScopeTrace("Down, SAML Auth request accepted.", triggerEvent: true);
var responseUrl = GetAcsUrl(party, saml2AuthnRequest);
await sequenceLogic.SaveSequenceDataAsync(new SamlDownSequenceData
{
Id = saml2AuthnRequest.Id.Value,
RelayState = binding.RelayState,
ResponseUrl = responseUrl,
});
await formActionLogic.CreateFormActionByUrlAsync(responseUrl);
var type = RouteBinding.ToUpParties.First().Type;
logger.ScopeTrace($"Request, Up type '{type}'.");
switch (type)
{
case PartyTypes.Login:
return(await serviceProvider.GetService <LoginUpLogic>().LoginRedirectAsync(RouteBinding.ToUpParties.First(), GetLoginRequestAsync(party, saml2AuthnRequest)));
case PartyTypes.OAuth2:
throw new NotImplementedException();
case PartyTypes.Oidc:
return(await serviceProvider.GetService <OidcAuthUpLogic <OidcDownParty, OidcDownClient, OidcDownScope, OidcDownClaim> >().AuthenticationRequestAsync(RouteBinding.ToUpParties.First()));
case PartyTypes.Saml2:
return(await serviceProvider.GetService <SamlAuthnUpLogic>().AuthnRequestAsync(RouteBinding.ToUpParties.First(), GetLoginRequestAsync(party, saml2AuthnRequest)));
default:
throw new NotSupportedException($"Party type '{type}' not supported.");
}
}
catch (SamlRequestException ex)
{
logger.Error(ex);
return(await AuthnResponseAsync(party.Id, samlConfig, saml2AuthnRequest.Id.Value, binding.RelayState, GetAcsUrl(party, saml2AuthnRequest), party.AuthnBinding.ResponseBinding, ex.Status));
}
}
private async Task <IActionResult> LogoutRequestAsync <T>(SamlDownParty party, Saml2Binding <T> binding)
{
var samlConfig = saml2ConfigurationLogic.GetSamlDownConfig(party);
var saml2LogoutRequest = new Saml2LogoutRequest(samlConfig);
binding.ReadSamlRequest(HttpContext.Request.ToGenericHttpRequest(), saml2LogoutRequest);
logger.ScopeTrace($"SAML Logout request '{saml2LogoutRequest.XmlDocument.OuterXml}'.");
try
{
ValidateLogoutRequest(party, saml2LogoutRequest);
binding.Unbind(HttpContext.Request.ToGenericHttpRequest(), saml2LogoutRequest);
logger.ScopeTrace("Down, SAML Logout request accepted.", triggerEvent: true);
await sequenceLogic.SaveSequenceDataAsync(new SamlDownSequenceData
{
Id = saml2LogoutRequest.Id.Value,
RelayState = binding.RelayState
});
var type = RouteBinding.ToUpParties.First().Type;
logger.ScopeTrace($"Request, Up type '{type}'.");
switch (type)
{
case PartyTypes.Login:
return(await serviceProvider.GetService <LogoutUpLogic>().LogoutRedirect(RouteBinding.ToUpParties.First(), GetLogoutRequest(party, saml2LogoutRequest)));
case PartyTypes.OAuth2:
throw new NotImplementedException();
case PartyTypes.Oidc:
return(await serviceProvider.GetService <OidcRpInitiatedLogoutUpLogic <OidcUpParty, OidcUpClient> >().EndSessionRequestRedirectAsync(RouteBinding.ToUpParties.First(), GetLogoutRequest(party, saml2LogoutRequest)));
case PartyTypes.Saml2:
return(await serviceProvider.GetService <SamlLogoutUpLogic>().LogoutRequestRedirectAsync(RouteBinding.ToUpParties.First(), GetSamlLogoutRequest(party, saml2LogoutRequest)));
default:
throw new NotSupportedException($"Party type '{type}' not supported.");
}
}
catch (SamlRequestException ex)
{
logger.Error(ex);
return(await LogoutResponseAsync(party, samlConfig, saml2LogoutRequest.Id.Value, binding.RelayState, ex.Status));
}
}
public async Task <IActionResult> IdPMetadataAsync(string partyId)
{
logger.ScopeTrace("Down, IdP Metadata request.");
logger.SetScopeProperty("downPartyId", partyId);
var party = await tenantRepository.GetAsync <SamlDownParty>(partyId);
var samlConfig = saml2ConfigurationLogic.GetSamlDownConfig(party, true);
var authnDestination = new Uri(UrlCombine.Combine(HttpContext.GetHost(), RouteBinding.TenantName, RouteBinding.TrackName, RouteBinding.PartyNameAndBinding, Constants.Routes.SamlController, Constants.Endpoints.SamlAuthn));
var logoutDestination = new Uri(UrlCombine.Combine(HttpContext.GetHost(), RouteBinding.TenantName, RouteBinding.TrackName, RouteBinding.PartyNameAndBinding, Constants.Routes.SamlController, Constants.Endpoints.SamlLogout));
var entityDescriptor = new EntityDescriptor(samlConfig);
entityDescriptor.ValidUntil = new TimeSpan(0, 0, party.MetadataLifetime).Days;
entityDescriptor.IdPSsoDescriptor = new IdPSsoDescriptor
{
SigningCertificates = new X509Certificate2[]
{
samlConfig.SigningCertificate
},
//EncryptionCertificates = new X509Certificate2[]
//{
// config.DecryptionCertificate
//},
SingleSignOnServices = new SingleSignOnService[]
{
new SingleSignOnService {
Binding = ToSamleBindingUri(party.AuthnBinding.RequestBinding), Location = authnDestination,
},
},
};
if (party.LogoutBinding != null)
{
entityDescriptor.IdPSsoDescriptor.SingleLogoutServices = new SingleLogoutService[]
{
new SingleLogoutService {
Binding = ToSamleBindingUri(party.LogoutBinding.RequestBinding), Location = logoutDestination
},
};
}
return(new Saml2Metadata(entityDescriptor).CreateMetadata().ToActionResult());
}
