protected override void OnLoad(EventArgs e)
{
string action = this.Request.QueryString[WSFederationConstants.Parameters.Action];
if (action == WSFederationConstants.Actions.SignIn)
{
// Process signin request.
this.Response.Redirect("~/HomeRealmDiscovery.aspx" + "?" + this.Request.QueryString, false);
}
else if (action == WSFederationConstants.Actions.SignOut || action == WSFederationConstants.Actions.SignOutCleanup)
{
// Process signout request.
WSFederationMessage requestMessage = WSFederationMessage.CreateFromUri(this.Request.Url);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignOutRequest(requestMessage, this.User, null, this.Response);
this.ActionExplanationLabel.Text = @"Sign out from the issuer has been requested.";
var signedInUrls = SingleSignOnManager.SignOutRelyingParties();
if (signedInUrls.Length > 0)
{
this.RelyingPartyLabel.Visible = true;
foreach (string url in signedInUrls)
{
this.RelyingPartySignOutLinks.Controls.Add(
new LiteralControl(string.Format("<p><a href='{0}'>{0}</a> <img src='{0}?wa=wsignoutcleanup1.0' title='Signout request: {0}?wa=wsignoutcleanup1.0'/></p>", url)));
}
}
signedInUrls = SingleSignOnManager.SignOutIssuers();
if (signedInUrls.Length > 0)
{
this.IssuerLabel.Visible = true;
foreach (string url in signedInUrls)
{
this.IssuerSignOutLinks.Controls.Add(
new LiteralControl(string.Format("<p>{0} <img src='{0}?wa=wsignoutcleanup1.0' title='Signout request: {0}?wa=wsignoutcleanup1.0'/></p>", url)));
}
}
SingleSignOnManager.Clear();
}
else
{
throw new InvalidOperationException(
String.Format(
CultureInfo.InvariantCulture,
"The action '{0}' (Request.QueryString['{1}']) is unexpected. Expected actions are: '{2}' or '{3}'.",
String.IsNullOrEmpty(action) ? "<EMPTY>" : action,
WSFederationConstants.Parameters.Action,
WSFederationConstants.Actions.SignIn,
WSFederationConstants.Actions.SignOut));
}
base.OnLoad(e);
}
protected override IClaimsIdentity GetOutputClaimsIdentity(IClaimsPrincipal principal, RequestSecurityToken request, Scope scope)
{
var output = new ClaimsIdentity();
if (null == principal)
{
throw new InvalidRequestException("The caller's principal is null.");
}
SingleSignOnManager.RegisterRelyingParty(scope.ReplyToAddress);
var input = (ClaimsIdentity)principal.Identity;
var issuer = input.Claims.First().Issuer.ToUpperInvariant();
switch (issuer)
{
case "LITWARE":
CopyClaims(input, new[] { WSIdentityConstants.ClaimTypes.Name }, output);
TransformClaims(input, AllOrganizations.ClaimTypes.Group, Litware.Groups.Sales, ClaimTypes.Role, Adatum.Roles.OrderTracker, output);
output.Claims.Add(new Claim(Adatum.ClaimTypes.Organization, Litware.OrganizationName));
SingleSignOnManager.RegisterIssuer("https://localhost/Litware.SimulatedIssuer.6/");
break;
case "ADATUM":
output = input;
SingleSignOnManager.RegisterIssuer("https://localhost/Adatum.SimulatedIssuer.6");
break;
default:
if (issuer == TrustedIssuers.Instance.AcsIssuerName.ToUpperInvariant())
{
CopySocialClaims(input, output);
output.Claims.Add(new Claim(ClaimTypes.Role, Adatum.Roles.OrderTracker));
output.Claims.Add(new Claim(Adatum.ClaimTypes.Organization, "MaryInc"));
SingleSignOnManager.RegisterIssuer(TrustedIssuers.Instance.AcsIssuerEndpoint);
}
else
{
throw new InvalidOperationException("Issuer not trusted.");
}
break;
}
return(output);
}
