public async virtual Task SignOutAsync(AuthenticationProperties properties) { var target = ResolveTarget(Options.ForwardSignOut); if (target != null) { await Context.SignOutAsync(target, properties); return; } string authenticationRequestId = Guid.NewGuid().ToString(); var requestProperties = new AuthenticationProperties(); requestProperties.Load(Request, Options.StateDataFormat); // Extract the user state from properties and reset. var idpName = requestProperties.GetIdentityProviderName(); var subjectNameId = requestProperties.GetSubjectNameId(); var sessionIndex = requestProperties.GetSessionIndex(); var idp = Options.IdentityProviders.FirstOrDefault(i => i.Name == idpName); var securityTokenCreatingContext = await _eventsHandler.HandleSecurityTokenCreatingContext(Context, Scheme, Options, properties, authenticationRequestId); var message = SamlHandler.GetLogoutRequest( authenticationRequestId, securityTokenCreatingContext.TokenOptions.EntityId, securityTokenCreatingContext.TokenOptions.Certificate, idp, subjectNameId, sessionIndex); var(redirectHandled, afterRedirectMessage) = await _eventsHandler.HandleRedirectToIdentityProviderForSignOut(Context, Scheme, Options, properties, message); if (redirectHandled) { return; } message = afterRedirectMessage; properties.SetLogoutRequest(message); properties.Save(Response, Options.StateDataFormat); await _requestGenerator.HandleRequest(message, message.ID, securityTokenCreatingContext.TokenOptions.Certificate, idp.SingleSignOutServiceUrl, idp.Method); }
protected override async Task HandleChallengeAsync(AuthenticationProperties properties) { // Save the original challenge URI so we can redirect back to it when we're done. if (string.IsNullOrEmpty(properties.RedirectUri)) { properties.RedirectUri = OriginalPathBase + OriginalPath + Request.QueryString; } // Create the SPID request id string authenticationRequestId = Guid.NewGuid().ToString(); // Select the Identity Provider var idpName = Request.Query["idpName"]; var idp = Options.IdentityProviders.FirstOrDefault(x => x.Name == idpName); var securityTokenCreatingContext = await _eventsHandler.HandleSecurityTokenCreatingContext(Context, Scheme, Options, properties, authenticationRequestId); // Create the signed SAML request var message = SamlHandler.GetAuthnRequest( authenticationRequestId, securityTokenCreatingContext.TokenOptions.EntityId, securityTokenCreatingContext.TokenOptions.AssertionConsumerServiceIndex, securityTokenCreatingContext.TokenOptions.AttributeConsumingServiceIndex, securityTokenCreatingContext.TokenOptions.Certificate, idp); GenerateCorrelationId(properties); var(redirectHandled, afterRedirectMessage) = await _eventsHandler.HandleRedirectToIdentityProviderForAuthentication(Context, Scheme, Options, properties, message); if (redirectHandled) { return; } message = afterRedirectMessage; properties.SetIdentityProviderName(idpName); properties.SetAuthenticationRequest(message); properties.Save(Response, Options.StateDataFormat); await _requestGenerator.HandleRequest(message, message.ID, securityTokenCreatingContext.TokenOptions.Certificate, idp.SingleSignOnServiceUrl, idp.Method); }
public async Task HandleRequest <T>(T message, string messageId, X509Certificate2 certificate, string signOnUrl, RequestMethod method) where T : class { var messageGuid = messageId.Replace("_", string.Empty); if (method == RequestMethod.Post) { var signedSerializedMessage = SamlHandler.SignRequest(message, certificate, messageId); await HandlePostRequest(signedSerializedMessage, signOnUrl, messageGuid); } else { var unsignedSerializedMessage = SamlHandler.SerializeMessage(message); HandleRedirectRequest(unsignedSerializedMessage, certificate, signOnUrl, messageGuid); } }