public async Task <IActionResult> PreValidate(string domainHint)
{
IActionResult invalidJson(string errorMessageKey, Exception ex = null)
{
Response.StatusCode = ex == null ? 400 : 500;
return(Json(new ErrorResponseModel(_i18nService.T(errorMessageKey))
{
ExceptionMessage = ex?.Message,
ExceptionStackTrace = ex?.StackTrace,
InnerExceptionMessage = ex?.InnerException?.Message,
}));
}
try
{
// Validate domain_hint provided
if (string.IsNullOrWhiteSpace(domainHint))
{
return(invalidJson("NoOrganizationIdentifierProvidedError"));
}
// Validate organization exists from domain_hint
var organization = await _organizationRepository.GetByIdentifierAsync(domainHint);
if (organization == null)
{
return(invalidJson("OrganizationNotFoundByIdentifierError"));
}
if (!organization.UseSso)
{
return(invalidJson("SsoNotAllowedForOrganizationError"));
}
// Validate SsoConfig exists and is Enabled
var ssoConfig = await _ssoConfigRepository.GetByIdentifierAsync(domainHint);
if (ssoConfig == null)
{
return(invalidJson("SsoConfigurationNotFoundForOrganizationError"));
}
if (!ssoConfig.Enabled)
{
return(invalidJson("SsoNotEnabledForOrganizationError"));
}
// Validate Authentication Scheme exists and is loaded (cache)
var scheme = await _schemeProvider.GetSchemeAsync(organization.Id.ToString());
if (scheme == null || !(scheme is IDynamicAuthenticationScheme dynamicScheme))
{
return(invalidJson("NoSchemeOrHandlerForSsoConfigurationFoundError"));
}
// Run scheme validation
try
{
await dynamicScheme.Validate();
}
catch (Exception ex)
{
var translatedException = _i18nService.GetLocalizedHtmlString(ex.Message);
var errorKey = "InvalidSchemeConfigurationError";
if (!translatedException.ResourceNotFound)
{
errorKey = ex.Message;
}
return(invalidJson(errorKey, translatedException.ResourceNotFound ? ex : null));
}
}
catch (Exception ex)
{
return(invalidJson("PreValidationError", ex));
}
// Everything is good!
return(new EmptyResult());
}
public async Task <IActionResult> PreValidate(string domainHint)
{
try
{
// Validate domain_hint provided
if (string.IsNullOrWhiteSpace(domainHint))
{
return(InvalidJson("NoOrganizationIdentifierProvidedError"));
}
// Validate organization exists from domain_hint
var organization = await _organizationRepository.GetByIdentifierAsync(domainHint);
if (organization == null)
{
return(InvalidJson("OrganizationNotFoundByIdentifierError"));
}
if (!organization.UseSso)
{
return(InvalidJson("SsoNotAllowedForOrganizationError"));
}
// Validate SsoConfig exists and is Enabled
var ssoConfig = await _ssoConfigRepository.GetByIdentifierAsync(domainHint);
if (ssoConfig == null)
{
return(InvalidJson("SsoConfigurationNotFoundForOrganizationError"));
}
if (!ssoConfig.Enabled)
{
return(InvalidJson("SsoNotEnabledForOrganizationError"));
}
// Validate Authentication Scheme exists and is loaded (cache)
var scheme = await _schemeProvider.GetSchemeAsync(organization.Id.ToString());
if (scheme == null || !(scheme is IDynamicAuthenticationScheme dynamicScheme))
{
return(InvalidJson("NoSchemeOrHandlerForSsoConfigurationFoundError"));
}
// Run scheme validation
try
{
await dynamicScheme.Validate();
}
catch (Exception ex)
{
var translatedException = _i18nService.GetLocalizedHtmlString(ex.Message);
var errorKey = "InvalidSchemeConfigurationError";
if (!translatedException.ResourceNotFound)
{
errorKey = ex.Message;
}
return(InvalidJson(errorKey, translatedException.ResourceNotFound ? ex : null));
}
var tokenable = new SsoTokenable(organization, _globalSettings.Sso.SsoTokenLifetimeInSeconds);
var token = _dataProtector.Protect(tokenable);
return(new SsoPreValidateResponseModel(token));
}
catch (Exception ex)
{
return(InvalidJson("PreValidationError", ex));
}
}