public ActionResult SingleSignOn(string attributes, string targetUrl, string partnerSP)
{
try
{
// Initiate single sign-on to the service provider (IdP-initiated SSO)]
// by sending a SAML response containing a SAML assertion to the SP.
// get the member id (was IWS number) from the database
var member = Services.MemberService.GetByUsername(User.Identity.Name);
Trace.TraceInformation(DateTime.Now.ToShortTimeString() + ":" + string.Format("---------------------USER '{0}' initiated the SSO---------------------", member.Username));
// Create a dictionary of attributes to add to the SAML assertion
var attribs = new Dictionary <string, string>();
/////////////////////////////////////////////////////////////////////////
// SAML Parameter Configurations
/////////////////////////////////////////////////////////////////////////
// Attributes for StatDoctors
if (partnerSP == "StatDoctors")
{
string AccountUniqueContactId = member.GetValue("yNumber").ToString();
string AccountFamilyId = member.GetValue("yNumber").ToString();
if (AccountFamilyId.Length > 7)
{
AccountFamilyId = AccountFamilyId.Substring(0, 7);
}
string FamilyDependentId = member.GetValue("yNumber").ToString();
if (FamilyDependentId.Length > 7)
{
FamilyDependentId = FamilyDependentId.Substring(7, 2);
}
{
// Create attribute list an populate with needed data
var attrib = new Dictionary <string, string>
{
{ "AccountUniqueContactId", AccountUniqueContactId },
{ "AccountFamilyId", AccountFamilyId },
{ "FamilyDependentId", FamilyDependentId },
{ "PartnerId", "AC4134" },
{ "PartnerAccountId", "" },
{ "ReturnUrl", "" }
};
// Send an IdP initiated SAML assertion
SAMLIdentityProvider.InitiateSSO(
Response,
member.GetValue("yNumber").ToString(),
attrib,
"",
partnerSP);
}
}
// Attributes for US Script
if (partnerSP == "USScript")
{
string yNumber = member.GetValue("yNumber").ToString();
if (yNumber.Length > 7)
{
yNumber = yNumber.Substring(0, 7);
}
var samlAttributes = new Dictionary <string, string>
{
{ "urn:uss:saml:attrib::id", yNumber },
{ "urn:uss:saml:attrib::firstname", member.GetValue("msFirstName").ToString() },
{ "urn:uss:saml:attrib::lastname", member.GetValue("msLastName").ToString() },
{ "urn:uss:saml:attrib::groupid", member.GetValue("groupId").ToString() },
{ "urn:uss:saml:attrib::dateofbirth", Convert.ToDateTime(member.GetValue("birthday")).ToString("yyyy-MM-dd") },
{ "urn:uss:saml:attrib::email", member.Email }
};
PgpSAML20Assertion.GuideSSO(Response, partnerSP, String.Empty, samlAttributes);
}
// Attributes for MagnaCare
if (partnerSP == "MagnaCare")
{
var samlAttributes = new Dictionary <string, string>
{
{ "member:id", member.GetValue("yNumber").ToString() },
{ "member:first_name", member.GetValue("msFirstName").ToString() },
{ "member:last_name", member.GetValue("msLastName").ToString() },
{ "member:product", member.GetValue("healthPlanName").ToString() }
};
SAML20Assertion.GuideSSO(Response, partnerSP, member.GetValue("yNumber").ToString(), samlAttributes);
}
// Attributes for HealthX
if (partnerSP == "https://secure.healthx.com/PublicService/SSO/AutoLogin.aspx" ||
partnerSP == "https://secure.healthx.com/PublicService/SSO/AutoLogin.aspx?mobile=1")
{
// Create attribute list an populate with needed data
var attrib = new List <SAMLAttribute>
{
// Version 1 is constant value set by HealthX
new SAMLAttribute("Version", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", "Version",
"xs:string", "1"),
// This is the site ID and is redundant since it is in the Assertion consumer url. I added this for completeness
new SAMLAttribute("ServiceId", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", "ServiceID",
"xs:string", "d99bfe58-3896-4eb6-9586-d2f9ae673052"),
// This is the service ID and is redundant since it is in the Assertion consumer url. I added this for completeness
new SAMLAttribute("SiteId", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", "SiteId", "xs:string",
"e6fa832c-fbd3-48c7-860f-e4f04b22bab7"),
new SAMLAttribute("RelationshipCode", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
"RelationshipCode", "xs:string", "18"),
new SAMLAttribute("UserId", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", "UserId", "xs:string",
member.GetValue("yNumber").ToString().ToUpper()),
new SAMLAttribute("MemberLastName", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
"MemberLastName", "xs:string", member.GetValue("msLastName").ToString().ToUpper()),
new SAMLAttribute("MemberFirstName", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
"MemberFirstName", "xs:string", member.GetValue("msFirstName").ToString().ToUpper()),
new SAMLAttribute("UserLastName", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", "UserLastName",
"xs:string", member.GetValue("msLastName").ToString().ToUpper()),
new SAMLAttribute("UserFirstName", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
"UserFirstName", "xs:string", member.GetValue("msFirstName").ToString().ToUpper())
};
// Nest a node named ServiceId in the RedirectInfo attribute
// Add a serializer to allow the nesting of the serviceid attribute without it being url encoded
if (!AttributeType.IsAttributeValueSerializerRegistered("RedirectInfo", null))
{
AttributeType.RegisterAttributeValueSerializer("RedirectInfo", null, new XmlAttributeValueSerializer());
}
// Add Redirect Info xml
var xmlRedirectInfo = new XmlDocument {
PreserveWhitespace = true
};
xmlRedirectInfo.LoadXml(targetUrl);
var attrRedirectInfo = new SAMLAttribute("RedirectInfo", "urn:oasis:names:tc:SAML:2.0:attrname-format:basic", "RedirectInfo");
attrRedirectInfo.Values.Add(new AttributeValue(xmlRedirectInfo.DocumentElement));
attrib.Add(attrRedirectInfo);
// Send an IdP initiated SAML assertion
SAMLIdentityProvider.InitiateSSO(
Response,
member.GetValue("yNumber").ToString(),
attrib.ToArray(),
"",
partnerSP);
}
// Attributes for Morneau Shapell
if (partnerSP == "SBCSystems")
{
// Replace the template variables in the url
if (targetUrl.IndexOf("<%PLANID%>") != -1)
{
targetUrl = targetUrl.Replace("<%PLANID%>", member.GetValue("healthplanid").ToString());
}
// Replace "initialEnrollment" with "specialEnrollmentSelect" if outside of 11/15-3/31
if (targetUrl.Contains("initialEnrollment") && !IsInInitialEnrollmentPeriod())
{
targetUrl = targetUrl.Replace("initialEnrollment", "specialEnrollmentSelect");
}
// Send an IdP initiated SAML assertion
SAMLIdentityProvider.InitiateSSO(
Response,
member.GetValue("memberId").ToString(),
attribs,
targetUrl,
partnerSP);
}
// Add the response to the ViewBag so we can access it on the front end if we need to
ViewBag.Response = Response;
TempData["response"] = Response;
// Return an empty response since we wait for the SAML consumer to send us the requested page
return(new EmptyResult());
}
catch (Exception ex)
{
// Create an error message with sufficient info to contact the user
string additionalInfo = "SSO Error for user " + User.Identity.Name + ". Partner: " + partnerSP + ". TargetUrl: " + targetUrl + ".";
// Add the error message to the log4net output
log4net.GlobalContext.Properties["additionalInfo"] = additionalInfo;
// Log the error
logger.Error("Unable to use SSO", ex);
return(new EmptyResult());
}
}
