protected override void OnLoad(EventArgs e)
{
string action = this.Request.QueryString[WSFederationConstants.Parameters.Action];
if (action == WSFederationConstants.Actions.SignIn)
{
// Process signin request.
this.Response.Redirect("~/Federation.aspx?" + this.Request.QueryString, false);
}
else if (action == WSFederationConstants.Actions.SignOut || action == WSFederationConstants.Actions.SignOutCleanup)
{
// Process signout request.
WSFederationMessage requestMessage = WSFederationMessage.CreateFromUri(this.Request.Url);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignOutRequest(requestMessage, this.User, null, this.Response);
this.ActionExplanationLabel.Text = @"Sign out from the issuer has been requested.";
var signedInUrls = SingleSignOnManager.SignOutRelyingParties();
if (signedInUrls.Length > 0)
{
this.RelyingPartyLabel.Visible = true;
foreach (string url in signedInUrls)
{
this.RelyingPartySignOutLinks.Controls.Add(
new LiteralControl(string.Format("<p><a href='{0}'>{0}</a> <img src='{0}?wa=wsignoutcleanup1.0' title='Signout request: {0}?wa=wsignoutcleanup1.0'/></p>", url)));
}
}
signedInUrls = SingleSignOnManager.SignOutIssuers();
if (signedInUrls.Length > 0)
{
this.IssuerLabel.Visible = true;
foreach (string url in signedInUrls)
{
this.IssuerSignOutLinks.Controls.Add(
new LiteralControl(string.Format("<p>{0} <img src='{0}?wa=wsignoutcleanup1.0' title='Signout request: {0}?wa=wsignoutcleanup1.0'/></p>", url)));
}
}
SingleSignOnManager.Clear();
}
else
{
throw new InvalidOperationException(
String.Format(
CultureInfo.InvariantCulture,
"The action '{0}' (Request.QueryString['{1}']) is unexpected. Expected actions are: '{2}' or '{3}'.",
String.IsNullOrEmpty(action) ? "<EMPTY>" : action,
WSFederationConstants.Parameters.Action,
WSFederationConstants.Actions.SignIn,
WSFederationConstants.Actions.SignOut));
}
base.OnLoad(e);
}
protected override IClaimsIdentity GetOutputClaimsIdentity(IClaimsPrincipal principal, RequestSecurityToken request, Scope scope)
{
var output = new ClaimsIdentity();
if (null == principal)
{
throw new InvalidRequestException("The caller's principal is null.");
}
SingleSignOnManager.RegisterRelyingParty(scope.ReplyToAddress);
var input = (ClaimsIdentity)principal.Identity;
var issuer = input.Claims.First().Issuer;
switch (issuer.ToUpperInvariant())
{
case "ADATUM":
var adatumClaimTypesToCopy = new[]
{
WSIdentityConstants.ClaimTypes.Name,
ClaimTypes.GivenName,
ClaimTypes.Surname,
ClaimTypes.StreetAddress,
ClaimTypes.StateOrProvince,
ClaimTypes.Country
};
CopyClaims(input, adatumClaimTypesToCopy, output);
TransformClaims(input, AllOrganizations.ClaimTypes.Group, Adatum.Groups.CustomerService, ClaimTypes.Role, Fabrikam.Roles.ShipmentCreator, output);
TransformClaims(input, AllOrganizations.ClaimTypes.Group, Adatum.Groups.OrderFulfillments, ClaimTypes.Role, Fabrikam.Roles.ShipmentCreator, output);
TransformClaims(input, AllOrganizations.ClaimTypes.Group, Adatum.Groups.OrderFulfillments, ClaimTypes.Role, Fabrikam.Roles.ShipmentManager, output);
TransformClaims(input, AllOrganizations.ClaimTypes.Group, Adatum.Groups.ItAdmins, ClaimTypes.Role, Fabrikam.Roles.Administrator, output);
TransformClaims(input, Adatum.ClaimTypes.CostCenter, "*", Fabrikam.ClaimTypes.CostCenter, "*", output);
output.Claims.Add(new Claim(Fabrikam.ClaimTypes.Organization, Adatum.OrganizationName));
SingleSignOnManager.RegisterIssuer("https://localhost/Adatum.SimulatedIssuer.3/");
break;
case "LITWARE":
var litwareClaimTypesToCopy = new[]
{
WSIdentityConstants.ClaimTypes.Name,
ClaimTypes.GivenName,
ClaimTypes.Surname,
ClaimTypes.StreetAddress,
ClaimTypes.StateOrProvince,
ClaimTypes.Country
};
CopyClaims(input, litwareClaimTypesToCopy, output);
TransformClaims(input, AllOrganizations.ClaimTypes.Group, Litware.Groups.Sales, ClaimTypes.Role, Fabrikam.Roles.ShipmentCreator, output);
TransformClaims(input, Litware.ClaimTypes.CostCenter, "*", Fabrikam.ClaimTypes.CostCenter, "*", output);
output.Claims.Add(new Claim(Fabrikam.ClaimTypes.Organization, Litware.OrganizationName));
SingleSignOnManager.RegisterIssuer("https://localhost/Litware.SimulatedIssuer.3/");
break;
case "FABRIKAM-SIMPLE":
var fabrikamSimpleClaimTypesToCopy = new[]
{
WSIdentityConstants.ClaimTypes.Name,
ClaimTypes.GivenName,
ClaimTypes.Surname,
ClaimTypes.StreetAddress,
ClaimTypes.StateOrProvince,
ClaimTypes.Country
};
CopyClaims(input, fabrikamSimpleClaimTypesToCopy, output);
switch (input.Name.ToUpperInvariant())
{
// In a production environment, all the claims for the users are taken from claim
// mappings where the user name is the input claim and all the claims added here
// are output claims.
case "*****@*****.**":
output.Claims.AddRange(new List <Claim>
{
new Claim(ClaimTypes.Role, Fabrikam.Roles.Administrator),
new Claim(ClaimTypes.Role, Fabrikam.Roles.ShipmentManager),
new Claim(ClaimTypes.Role, Fabrikam.Roles.ShipmentCreator),
new Claim(Fabrikam.ClaimTypes.CostCenter, Contoso.CostCenters.SingleCostCenter),
new Claim(Fabrikam.ClaimTypes.Organization, Contoso.OrganizationName)
});
break;
}
SingleSignOnManager.RegisterIssuer("https://localhost/Fabrikam.SimulatedIssuer.3/");
break;
default:
throw new InvalidOperationException("Issuer not trusted.");
}
return(output);
}
