public ActionResult Create(IdentityProvider model, IPCertInputModel cert) { if (cert != null && cert.Cert != null) { model.IssuerThumbprint = cert.Cert.Thumbprint; if (model.IssuerThumbprint != null) { ModelState["IssuerThumbprint"].Errors.Clear(); ModelState["IssuerThumbprint"].Value = new ValueProviderResult(model.IssuerThumbprint, model.IssuerThumbprint, ModelState["IssuerThumbprint"].Value.Culture); } } if (ModelState.IsValid) { try { this.identityProviderRepository.Add(model); TempData["Message"] = Resources.IPController.IdentityProviderCreated; return RedirectToAction("IP", new { id=model.ID }); } catch (ValidationException ex) { ModelState.AddModelError("", ex.Message); } catch { ModelState.AddModelError("", Resources.IPController.ErrorCreatingIdentityProvider); } } // if we're here, then we should clear name so the view thinks it's new model.ID = 0; return View("IP", model); }
public bool TryGet(string name, out IdentityProvider identityProvider) { identityProvider = null; IEnumerable<IdentityProvider> idps = this.GetAll(); identityProvider = idps.First(_ => _.Name == name); return (identityProvider != null); }
public void RegisterOpenIdIdentityProvider(IdentityProvider identityProvider) { AuthenticationClientData client; switch (identityProvider.OpenIdProviderType) { case OpenIdProviderTypes.Google: if (!OAuthWebSecurity.TryGetOAuthClientData(identityProvider.OpenIdProviderType.ToString(), out client)) { OAuthWebSecurity.RegisterGoogleClient(identityProvider.OAuth2ProviderType.ToString()); } break; } }
public void RemoveIdentityProvider(IdentityProvider identityProvider) { //OAuthWebSecurity.TryGetOAuthClientData( //foreach (var registeredIdentityProvider in OAuthWebSecurity.TryGetOAuthClientData.RegisteredClientData) //{ // if (registeredIdentityProvider.DisplayName == identityProvider.ProviderType.ToString()) // { // registeredIdentityProvider.AuthenticationClient. // } //} }
public void RegisterOauth2IdentityProvider(IdentityProvider identityProvider) { AuthenticationClientData client; switch (identityProvider.OAuth2ProviderType) { case OAuth2ProviderTypes.Facebook: if (!OAuthWebSecurity.TryGetOAuthClientData(identityProvider.OAuth2ProviderType.ToString(), out client)) { OAuthWebSecurity.RegisterFacebookClient(identityProvider.ClientID, identityProvider.ClientSecret, identityProvider.OAuth2ProviderType.ToString()); } break; case OAuth2ProviderTypes.Microsoft: if (!OAuthWebSecurity.TryGetOAuthClientData(identityProvider.OAuth2ProviderType.ToString(), out client)) { var newClient = new ExtendedMicrosoftClient(identityProvider.ClientID, identityProvider.ClientSecret, "wl.signin%20wl.emails"); OAuthWebSecurity.RegisterClient(newClient, identityProvider.OAuth2ProviderType.ToString(), null); //OAuthWebSecurity.RegisterMicrosoftClient(identityProvider.ClientID, identityProvider.ClientSecret, identityProvider.ProviderType.ToString()); } break; case OAuth2ProviderTypes.LinkedIn: if (!OAuthWebSecurity.TryGetOAuthClientData(identityProvider.OAuth2ProviderType.ToString(), out client)) { OAuthWebSecurity.RegisterLinkedInClient(identityProvider.ClientID, identityProvider.ClientSecret, identityProvider.OAuth2ProviderType.ToString()); } break; case OAuth2ProviderTypes.Twitter: if (!OAuthWebSecurity.TryGetOAuthClientData(identityProvider.OAuth2ProviderType.ToString(), out client)) { OAuthWebSecurity.RegisterTwitterClient(identityProvider.ClientID, identityProvider.ClientSecret, identityProvider.OAuth2ProviderType.ToString()); } break; case OAuth2ProviderTypes.Yahoo: if (!OAuthWebSecurity.TryGetOAuthClientData(identityProvider.OAuth2ProviderType.ToString(), out client)) { OAuthWebSecurity.RegisterYahooClient(identityProvider.OAuth2ProviderType.ToString()); } break; case OAuth2ProviderTypes.Thinktecture: if (!OAuthWebSecurity.TryGetOAuthClientData(identityProvider.OAuth2ProviderType.ToString(), out client)) { var newClient = new ThinktectureClient(identityProvider.ClientID, identityProvider.ClientSecret, identityProvider.Scope, "bccidentityprovideropensource.local:44300"); OAuthWebSecurity.RegisterClient(newClient, identityProvider.OAuth2ProviderType.ToString(), null); //OAuthWebSecurity.RegisterMicrosoftClient(identityProvider.ClientID, identityProvider.ClientSecret, identityProvider.ProviderType.ToString()); } break; } }
/// <summary> /// Process Saml2 sigin Request /// </summary> /// <param name="ip"></param> /// <param name="request"></param> /// <returns></returns> private ActionResult ProcessSaml2SignIn(IdentityProvider ip, SignInRequestMessage request) { if (ip.Enabled) { var saml2ProtocolSerializer = new Saml2ProtocolSerializer(); var protocolBinding = ProtocolBindings.HttpRedirect; HttpBindingSerializer httpBindingSerializer = new HttpRedirectBindingSerializer(saml2ProtocolSerializer); var authenticationRequest = new AuthenticationRequest { Issuer = new Microsoft.IdentityModel.Tokens.Saml2.Saml2NameIdentifier(request.Realm.TrimEnd('/'), new Uri(ip.WSFederationEndpoint)), Destination = new Uri(ip.WSFederationEndpoint) }; //Provide Service provider default signin home page - hardcoded for testing purpose var messageContainer = new MessageContainer(authenticationRequest, new ProtocolEndpoint(protocolBinding, new Uri(ip.WSFederationEndpoint + "/signon.ashx"))); var httpMessage = httpBindingSerializer.Serialize(messageContainer); httpBindingSerializer.WriteHttpMessage(new HttpResponseWrapper(System.Web.HttpContext.Current.Response), httpMessage); ControllerContext.HttpContext.ApplicationInstance.CompleteRequest(); } return View("Error"); }
public IEnumerable<Claim> ProcessClaims(ClaimsPrincipal incomingPrincipal, IdentityProvider identityProvider, RequestDetails details) { var audienceUri = details.Realm.Uri.AbsoluteUri; var newClaimsPrincipal = (ClaimsIdentity)incomingPrincipal.Identity; newClaimsPrincipal.AddClaim(new Claim("http://schemas.fcsamerica.com/claims/PartnerApps/audienceuri", audienceUri)); return newClaimsPrincipal.Claims; /* Prototype code to test loading Claims Mapper Claims from STS. ClaimsIdentity claimsIdentity = incomingPrincipal.Identity as ClaimsIdentity; var emailClaim = incomingPrincipal.Claims.FirstOrDefault(_ => _.Type.Equals(ClaimTypes.Email)); // var partnerClaim = incomingPrincipal.Claims.FirstOrDefault(_ => _.Type.Con) // NOTE: McGruff has a Get Partner Name from Host Header Method. // QUESTION: How will we store the STS generated SAML token on the claims principal? It isn't rewritten yet. We will need to generate it here? // QUESTION: If the Audit Info is on the claims principal... We would still need logic to help people determine which one to pull. Look at RequestHeader first, then Claims Principal. // QUESTION: We still need an API for accessing SAML token and AuditInfo. Can this be the Token Generator? // QUESTION: How much of the WIF settings can be added to the Website Root for Inheritance? // QUESTION: How can we call Claims Mapper Service without a SAML token. - it hasn't been created yet. Or can we create a temporary one here???? List<Claim> claims = new List<Claim>(); if( emailClaim != null) { var emailAddress = emailClaim.Value; var realm = details.Realm.ToString(); var applicationName = realm.Substring(realm.IndexOf(":")+1); // call claims mapper and add additional claims... claims.Add(new Claim("AuditInfo", "Test AuditInfo Value")); } else { claims.Add(new Claim("STSClaimsLoadError", "Could not determine the partner and/or application. Make sure the realm has the application name and IdP provides the partner claim.")); } claimsIdentity.AddClaims(claims); return claimsIdentity.Claims; */ }
private ActionResult RedirectToOAuth2IdentityProvider(IdentityProvider ip, SignInRequestMessage request) { var ctx = new OAuth2Context { Wctx = request.Context, Realm = request.Realm, IdP = ip.ID }; SetOAuthContextCookie(ctx); var oauth2 = new OAuth2Client(GetProviderTypeFromOAuthProfileTypes(ip.ProviderType.Value), ip.ClientID, ip.ClientSecret); switch (ip.ProviderType) { case OAuth2ProviderTypes.Google: return new OAuth2ActionResult(oauth2, ProviderType.Google, null); case OAuth2ProviderTypes.Facebook: return new OAuth2ActionResult(oauth2, ProviderType.Facebook, null); case OAuth2ProviderTypes.Live: return new OAuth2ActionResult(oauth2, ProviderType.Live, null); case OAuth2ProviderTypes.LinkedIn: return new OAuth2ActionResult(oauth2, ProviderType.LinkedIn, null); } return View("Error"); }
private ActionResult RedirectToWSFedIdentityProvider(IdentityProvider identityProvider, SignInRequestMessage request) { var message = new SignInRequestMessage(new Uri(identityProvider.WSFederationEndpoint), ConfigurationRepository.Global.IssuerUri); SetContextCookie(request.Context, request.Realm, identityProvider.WSFederationEndpoint); return new RedirectResult(message.WriteQueryString()); }
public ActionResult Update(IdentityProvider model, IPCertInputModel cert, string action) { if (action == "delete") { this.identityProviderRepository.Delete(model.ID); TempData["Message"] = Resources.IPController.IdentityProvidersDeleted; return RedirectToAction("Index"); } if (cert != null && cert.Cert != null) { model.IssuerThumbprint = cert.Cert.Thumbprint; ModelState["IssuerThumbprint"].Errors.Clear(); } if (ModelState.IsValid) { try { this.identityProviderRepository.Update(model); TempData["Message"] = Resources.IPController.IdentityProviderUpdated; ; return RedirectToAction("IP", new { id = model.ID }); } catch (ValidationException ex) { ModelState.AddModelError("", ex.Message); } catch { ModelState.AddModelError("", Resources.IPController.ErrorUpdatingIdentityProvider); } } return View("IP", model); }
public void Update(IdentityProvider item) { _apiClient.Put<IdentityProvider>("api/identityproviders", item); }
public void Add(IdentityProvider item) { _apiClient.Post<IdentityProvider>("api/identityproviders", item); }
public IEnumerable<Claim> ProcessClaims(ClaimsPrincipal incomingPrincipal, IdentityProvider identityProvider, RequestDetails details) { return incomingPrincipal.Claims; }
public ActionResult Update(IdentityProvider model, IPCertInputModel cert) { if (cert != null && cert.Cert != null) { model.IssuerThumbprint = cert.Cert.Thumbprint; ModelState["IssuerThumbprint"].Errors.Clear(); } if (ModelState.IsValid) { try { this.identityProviderRepository.Update(model); TempData["Message"] = "Identity Provider Updated"; ; return RedirectToAction("IP", new { id = model.ID }); } catch (ValidationException ex) { ModelState.AddModelError("", ex.Message); } catch { ModelState.AddModelError("", "Error updating identity provider."); } } return View("IP", model); }
private ActionResult RedirectToOpenIdIdentityProvider(IdentityProvider ip, SignInRequestMessage request) { return new ExternalLoginResult(ip.OpenIdProviderType.ToString(), ("~/" + Thinktecture.IdentityServer.Endpoints.Paths.OAuth2Callback + "?ReturnUrl=" + HttpUtility.UrlEncode(request.Reply)).ToLower()); }
public IEnumerable<Claim> ProcessClaims(ClaimsPrincipal incomingPrincipal, IdentityProvider identityProvider, RequestDetails details) { var claims = incomingPrincipal.FindAll(c => c.Type != Constants.Claims.IdentityProvider); return claims; }