protected virtual ClaimsIdentity GetExternalOutputClaims(ClaimsPrincipal principal,
RequestDetails requestDetails)
{
var idpClaim =
principal.FindFirst(
c => c.Type == Constants.Claims.IdentityProvider && c.Issuer == Constants.InternalIssuer);
if (idpClaim == null)
{
throw new InvalidOperationException("No identity provider claim found.");
}
IdentityProvider idp = null;
if (IdentityProviderRepository.TryGet(idpClaim.Value, out idp))
{
var transformedClaims =
ClaimsTransformationRulesRepository.ProcessClaims(SanitizeInternalClaims(principal), idp,
requestDetails);
var id = new ClaimsIdentity(transformedClaims, "External");
id.AddClaim(new Claim(Constants.Claims.IdentityProvider, idp.Name));
return(id);
}
throw new InvalidRequestException("Invalid identity provider.");
}
public void GetIdentityProvidersInvalidTenantTest()
{
var idpRepository = new IdentityProviderRepository();
var providers = idpRepository.GetIdentityProviders(Guid.NewGuid().ToString());
Assert.IsNotNull(providers, "Providers response should not be null.");
Assert.AreEqual(0, providers.IdentityProviders.Count, "The providers count is invalid.");
}
public void GetIdentityProvidersNullAndEmptyTenantTest()
{
var idpRepository = new IdentityProviderRepository();
Assert.That(() => idpRepository.GetIdentityProviders(null),
Throws.TypeOf <ArgumentNullException>().And.Property("ParamName").EqualTo("tenant"));
Assert.That(() => idpRepository.GetIdentityProviders(string.Empty),
Throws.TypeOf <ArgumentNullException>().And.Property("ParamName").EqualTo("tenant"));
}
/// <summary>
/// Need to implement if more than saml2 type provider is available.
/// Get Identity provider based on Incoming Request.
/// </summary>
public X509Certificate2 GetCertificate(StoreName name, StoreLocation location)
{
IdentityProvider idp = null;
var idps = IdentityProviderRepository.GetAll();
foreach (var identityProvider in idps)
{
if (identityProvider.Type == IdentityProviderTypes.Saml2)
{
idp = identityProvider;
}
}
if (idp == null)
{
return(null);
}
//IdentityProviderRepository.TryGet("OIOSAML", out idp);
var store = new X509Store(name, location);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
try
{
var certificateCollection = store.Certificates.Find(X509FindType.FindByThumbprint, idp.IssuerThumbprint, true);
if (certificateCollection[0] == null)
{
throw new ApplicationException(string.Format("No certificate was found for subject Name"));
}
return(certificateCollection[0]);
}
finally
{
store.Close();
}
}
public void GetIdentityProvidersValidTenantTest(bool enabled)
{
var oidcProvider1 = new OidcIdentityProvider
{
Name = "TestProvider1 " + Guid.NewGuid(),
IsProviderEnabled = enabled,
ProviderOrdinal = 100
};
oidcProvider1.Save();
var oidcProvider2 = new OidcIdentityProvider
{
Name = "TestProvider2 " + Guid.NewGuid(),
IsProviderEnabled = enabled,
ProviderOrdinal = 200
};
oidcProvider2.Save();
var idpRepository = new IdentityProviderRepository();
var context = RequestContext.GetContext();
var providers = idpRepository.GetIdentityProviders(context.Tenant.Name);
Assert.IsNotNull(providers, "Providers response should not be null.");
Assert.AreEqual(enabled ? 3 : 1, providers.IdentityProviders.Count, "The providers count is invalid.");
var provider1 = providers.IdentityProviders.FirstOrDefault(i => i.Id == oidcProvider1.Id);
if (enabled)
{
Assert.IsNotNull(provider1, "Provider 1 was not found.");
Assert.AreEqual(oidcProvider1.Name, provider1.Name, "Provider 1 name is invalid.");
Assert.AreEqual(oidcProvider1.ProviderOrdinal, provider1.Ordinal, "Provider 1 ordinal is invalid.");
Assert.AreEqual(oidcProvider1.IsOfType[0].Alias, provider1.TypeAlias, "Provider 1 type alias is invalid.");
}
else
{
Assert.IsNull(provider1, "Provider 1 was found.");
}
var provider2 = providers.IdentityProviders.FirstOrDefault(i => i.Id == oidcProvider2.Id);
if (enabled)
{
Assert.IsNotNull(provider2, "Provider 2 was not found.");
Assert.AreEqual(oidcProvider2.Name, provider2.Name, "Provider 2 name is invalid.");
Assert.AreEqual(oidcProvider2.ProviderOrdinal, provider2.Ordinal, "Provider 2 ordinal is invalid.");
Assert.AreEqual(oidcProvider2.IsOfType[0].Alias, provider2.TypeAlias, "Provider 2 type alias is invalid.");
}
else
{
Assert.IsNull(provider2, "Provider 2 was found.");
}
var readiNowProviderEntity = Entity.Get <ReadiNowIdentityProvider>(WellKnownAliases.CurrentTenant.ReadiNowIdentityProviderInstance);
var readiNowProvider = providers.IdentityProviders.FirstOrDefault(i => i.Id == readiNowProviderEntity.Id);
Assert.IsNotNull(readiNowProvider, "ReadiNow provider was not found.");
Assert.AreEqual(readiNowProviderEntity.Name, readiNowProvider.Name, "ReadiNow provider name is invalid.");
Assert.AreEqual(readiNowProviderEntity.ProviderOrdinal, readiNowProvider.Ordinal, "ReadiNow provider ordinal is invalid.");
Assert.AreEqual(readiNowProviderEntity.IsOfType[0].Alias, readiNowProvider.TypeAlias, "ReadiNow provider type alias is invalid.");
}
