public ActionResult Create(IdentityProvider model, IPCertInputModel cert)
{
if (cert != null && cert.Cert != null)
{
model.IssuerThumbprint = cert.Cert.Thumbprint;
if (model.IssuerThumbprint != null)
{
ModelState["IssuerThumbprint"].Errors.Clear();
ModelState["IssuerThumbprint"].Value = new ValueProviderResult(model.IssuerThumbprint, model.IssuerThumbprint, ModelState["IssuerThumbprint"].Value.Culture);
}
}
if (ModelState.IsValid)
{
try
{
this.identityProviderRepository.Add(model);
TempData["Message"] = Resources.IPController.IdentityProviderCreated;
return RedirectToAction("IP", new { id=model.ID });
}
catch (ValidationException ex)
{
ModelState.AddModelError("", ex.Message);
}
catch
{
ModelState.AddModelError("", Resources.IPController.ErrorCreatingIdentityProvider);
}
}
// if we're here, then we should clear name so the view thinks it's new
model.ID = 0;
return View("IP", model);
}
public bool TryGet(string name, out IdentityProvider identityProvider)
{
identityProvider = null;
IEnumerable<IdentityProvider> idps = this.GetAll();
identityProvider = idps.First(_ => _.Name == name);
return (identityProvider != null);
}
public void RegisterOpenIdIdentityProvider(IdentityProvider identityProvider)
{
AuthenticationClientData client;
switch (identityProvider.OpenIdProviderType)
{
case OpenIdProviderTypes.Google:
if (!OAuthWebSecurity.TryGetOAuthClientData(identityProvider.OpenIdProviderType.ToString(), out client))
{
OAuthWebSecurity.RegisterGoogleClient(identityProvider.OAuth2ProviderType.ToString());
}
break;
}
}
public void RemoveIdentityProvider(IdentityProvider identityProvider)
{
//OAuthWebSecurity.TryGetOAuthClientData(
//foreach (var registeredIdentityProvider in OAuthWebSecurity.TryGetOAuthClientData.RegisteredClientData)
//{
// if (registeredIdentityProvider.DisplayName == identityProvider.ProviderType.ToString())
// {
// registeredIdentityProvider.AuthenticationClient.
// }
//}
}
public void RegisterOauth2IdentityProvider(IdentityProvider identityProvider)
{
AuthenticationClientData client;
switch (identityProvider.OAuth2ProviderType)
{
case OAuth2ProviderTypes.Facebook:
if (!OAuthWebSecurity.TryGetOAuthClientData(identityProvider.OAuth2ProviderType.ToString(), out client))
{
OAuthWebSecurity.RegisterFacebookClient(identityProvider.ClientID, identityProvider.ClientSecret, identityProvider.OAuth2ProviderType.ToString());
}
break;
case OAuth2ProviderTypes.Microsoft:
if (!OAuthWebSecurity.TryGetOAuthClientData(identityProvider.OAuth2ProviderType.ToString(), out client))
{
var newClient = new ExtendedMicrosoftClient(identityProvider.ClientID, identityProvider.ClientSecret, "wl.signin%20wl.emails");
OAuthWebSecurity.RegisterClient(newClient, identityProvider.OAuth2ProviderType.ToString(), null);
//OAuthWebSecurity.RegisterMicrosoftClient(identityProvider.ClientID, identityProvider.ClientSecret, identityProvider.ProviderType.ToString());
}
break;
case OAuth2ProviderTypes.LinkedIn:
if (!OAuthWebSecurity.TryGetOAuthClientData(identityProvider.OAuth2ProviderType.ToString(), out client))
{
OAuthWebSecurity.RegisterLinkedInClient(identityProvider.ClientID, identityProvider.ClientSecret, identityProvider.OAuth2ProviderType.ToString());
}
break;
case OAuth2ProviderTypes.Twitter:
if (!OAuthWebSecurity.TryGetOAuthClientData(identityProvider.OAuth2ProviderType.ToString(), out client))
{
OAuthWebSecurity.RegisterTwitterClient(identityProvider.ClientID, identityProvider.ClientSecret, identityProvider.OAuth2ProviderType.ToString());
}
break;
case OAuth2ProviderTypes.Yahoo:
if (!OAuthWebSecurity.TryGetOAuthClientData(identityProvider.OAuth2ProviderType.ToString(), out client))
{
OAuthWebSecurity.RegisterYahooClient(identityProvider.OAuth2ProviderType.ToString());
}
break;
case OAuth2ProviderTypes.Thinktecture:
if (!OAuthWebSecurity.TryGetOAuthClientData(identityProvider.OAuth2ProviderType.ToString(), out client))
{
var newClient = new ThinktectureClient(identityProvider.ClientID, identityProvider.ClientSecret, identityProvider.Scope, "bccidentityprovideropensource.local:44300");
OAuthWebSecurity.RegisterClient(newClient, identityProvider.OAuth2ProviderType.ToString(), null);
//OAuthWebSecurity.RegisterMicrosoftClient(identityProvider.ClientID, identityProvider.ClientSecret, identityProvider.ProviderType.ToString());
}
break;
}
}
/// <summary>
/// Process Saml2 sigin Request
/// </summary>
/// <param name="ip"></param>
/// <param name="request"></param>
/// <returns></returns>
private ActionResult ProcessSaml2SignIn(IdentityProvider ip, SignInRequestMessage request)
{
if (ip.Enabled)
{
var saml2ProtocolSerializer = new Saml2ProtocolSerializer();
var protocolBinding = ProtocolBindings.HttpRedirect;
HttpBindingSerializer httpBindingSerializer = new HttpRedirectBindingSerializer(saml2ProtocolSerializer);
var authenticationRequest = new AuthenticationRequest
{
Issuer = new Microsoft.IdentityModel.Tokens.Saml2.Saml2NameIdentifier(request.Realm.TrimEnd('/'), new Uri(ip.WSFederationEndpoint)),
Destination = new Uri(ip.WSFederationEndpoint)
};
//Provide Service provider default signin home page - hardcoded for testing purpose
var messageContainer = new MessageContainer(authenticationRequest, new ProtocolEndpoint(protocolBinding, new Uri(ip.WSFederationEndpoint + "/signon.ashx")));
var httpMessage = httpBindingSerializer.Serialize(messageContainer);
httpBindingSerializer.WriteHttpMessage(new HttpResponseWrapper(System.Web.HttpContext.Current.Response), httpMessage);
ControllerContext.HttpContext.ApplicationInstance.CompleteRequest();
}
return View("Error");
}
public IEnumerable<Claim> ProcessClaims(ClaimsPrincipal incomingPrincipal, IdentityProvider identityProvider, RequestDetails details)
{
var audienceUri = details.Realm.Uri.AbsoluteUri;
var newClaimsPrincipal = (ClaimsIdentity)incomingPrincipal.Identity;
newClaimsPrincipal.AddClaim(new Claim("http://schemas.fcsamerica.com/claims/PartnerApps/audienceuri", audienceUri));
return newClaimsPrincipal.Claims;
/* Prototype code to test loading Claims Mapper Claims from STS.
ClaimsIdentity claimsIdentity = incomingPrincipal.Identity as ClaimsIdentity;
var emailClaim = incomingPrincipal.Claims.FirstOrDefault(_ => _.Type.Equals(ClaimTypes.Email));
// var partnerClaim = incomingPrincipal.Claims.FirstOrDefault(_ => _.Type.Con)
// NOTE: McGruff has a Get Partner Name from Host Header Method.
// QUESTION: How will we store the STS generated SAML token on the claims principal? It isn't rewritten yet. We will need to generate it here?
// QUESTION: If the Audit Info is on the claims principal... We would still need logic to help people determine which one to pull. Look at RequestHeader first, then Claims Principal.
// QUESTION: We still need an API for accessing SAML token and AuditInfo. Can this be the Token Generator?
// QUESTION: How much of the WIF settings can be added to the Website Root for Inheritance?
// QUESTION: How can we call Claims Mapper Service without a SAML token. - it hasn't been created yet. Or can we create a temporary one here????
List<Claim> claims = new List<Claim>();
if( emailClaim != null)
{
var emailAddress = emailClaim.Value;
var realm = details.Realm.ToString();
var applicationName = realm.Substring(realm.IndexOf(":")+1);
// call claims mapper and add additional claims...
claims.Add(new Claim("AuditInfo", "Test AuditInfo Value"));
}
else
{
claims.Add(new Claim("STSClaimsLoadError", "Could not determine the partner and/or application. Make sure the realm has the application name and IdP provides the partner claim."));
}
claimsIdentity.AddClaims(claims);
return claimsIdentity.Claims;
*/
}
private ActionResult RedirectToOAuth2IdentityProvider(IdentityProvider ip, SignInRequestMessage request)
{
var ctx = new OAuth2Context
{
Wctx = request.Context,
Realm = request.Realm,
IdP = ip.ID
};
SetOAuthContextCookie(ctx);
var oauth2 = new OAuth2Client(GetProviderTypeFromOAuthProfileTypes(ip.ProviderType.Value), ip.ClientID, ip.ClientSecret);
switch (ip.ProviderType)
{
case OAuth2ProviderTypes.Google:
return new OAuth2ActionResult(oauth2, ProviderType.Google, null);
case OAuth2ProviderTypes.Facebook:
return new OAuth2ActionResult(oauth2, ProviderType.Facebook, null);
case OAuth2ProviderTypes.Live:
return new OAuth2ActionResult(oauth2, ProviderType.Live, null);
case OAuth2ProviderTypes.LinkedIn:
return new OAuth2ActionResult(oauth2, ProviderType.LinkedIn, null);
}
return View("Error");
}
private ActionResult RedirectToWSFedIdentityProvider(IdentityProvider identityProvider, SignInRequestMessage request)
{
var message = new SignInRequestMessage(new Uri(identityProvider.WSFederationEndpoint), ConfigurationRepository.Global.IssuerUri);
SetContextCookie(request.Context, request.Realm, identityProvider.WSFederationEndpoint);
return new RedirectResult(message.WriteQueryString());
}
public ActionResult Update(IdentityProvider model, IPCertInputModel cert, string action)
{
if (action == "delete")
{
this.identityProviderRepository.Delete(model.ID);
TempData["Message"] = Resources.IPController.IdentityProvidersDeleted;
return RedirectToAction("Index");
}
if (cert != null && cert.Cert != null)
{
model.IssuerThumbprint = cert.Cert.Thumbprint;
ModelState["IssuerThumbprint"].Errors.Clear();
}
if (ModelState.IsValid)
{
try
{
this.identityProviderRepository.Update(model);
TempData["Message"] = Resources.IPController.IdentityProviderUpdated; ;
return RedirectToAction("IP", new { id = model.ID });
}
catch (ValidationException ex)
{
ModelState.AddModelError("", ex.Message);
}
catch
{
ModelState.AddModelError("", Resources.IPController.ErrorUpdatingIdentityProvider);
}
}
return View("IP", model);
}
public void Update(IdentityProvider item)
{
_apiClient.Put<IdentityProvider>("api/identityproviders", item);
}
public void Add(IdentityProvider item)
{
_apiClient.Post<IdentityProvider>("api/identityproviders", item);
}
public IEnumerable<Claim> ProcessClaims(ClaimsPrincipal incomingPrincipal, IdentityProvider identityProvider, RequestDetails details)
{
return incomingPrincipal.Claims;
}
public ActionResult Update(IdentityProvider model, IPCertInputModel cert)
{
if (cert != null && cert.Cert != null)
{
model.IssuerThumbprint = cert.Cert.Thumbprint;
ModelState["IssuerThumbprint"].Errors.Clear();
}
if (ModelState.IsValid)
{
try
{
this.identityProviderRepository.Update(model);
TempData["Message"] = "Identity Provider Updated"; ;
return RedirectToAction("IP", new { id = model.ID });
}
catch (ValidationException ex)
{
ModelState.AddModelError("", ex.Message);
}
catch
{
ModelState.AddModelError("", "Error updating identity provider.");
}
}
return View("IP", model);
}
private ActionResult RedirectToOpenIdIdentityProvider(IdentityProvider ip, SignInRequestMessage request)
{
return new ExternalLoginResult(ip.OpenIdProviderType.ToString(), ("~/" + Thinktecture.IdentityServer.Endpoints.Paths.OAuth2Callback + "?ReturnUrl=" + HttpUtility.UrlEncode(request.Reply)).ToLower());
}
public IEnumerable<Claim> ProcessClaims(ClaimsPrincipal incomingPrincipal, IdentityProvider identityProvider, RequestDetails details)
{
var claims = incomingPrincipal.FindAll(c => c.Type != Constants.Claims.IdentityProvider);
return claims;
}
