public WsFederationRequestValidationResult(ValidatedWsFederationRequest request, string error, string errorDescription = null)
{
ValidatedRequest = request;
IsError = true;
Error = error;
ErrorDescription = errorDescription;
}
public WsFederationRequestValidationResult(ValidatedWsFederationRequest request)
{
ValidatedRequest = request;
IsError = false;
}
public async Task <WsFederationRequestValidationResult> ValidateAsync(WsFederationMessage message, ClaimsPrincipal user)
{
_logger.LogDebug("Start WsFederation signin request validator.");
var validatedRequest = new ValidatedWsFederationRequest
{
RequestMessage = message,
Subject = user
};
if (string.IsNullOrEmpty(message.Wa))
{
_logger.LogError("Wa is missing from the request.", validatedRequest);
return(new WsFederationRequestValidationResult(validatedRequest, "Missing wa", "No 'wa' was specified as part of the request."));
}
if (string.IsNullOrEmpty(message.Wtrealm))
{
_logger.LogError("Wtrealm is missing from the request.", validatedRequest);
return(new WsFederationRequestValidationResult(validatedRequest, "Missing Wtrealm.", "Wtrealm was not passed in as a parameter."));
}
var client = await _clients.FindEnabledClientByIdAsync(message.Wtrealm);
if (client == null)
{
_logger.LogError("There is no client configured that matches the wtrealm parameter of the incoming request.", validatedRequest);
return(new WsFederationRequestValidationResult(validatedRequest, "No Client", "There is no client configured that matches the wtrealm parameter of the incoming request."));
}
message.Wreply = message.Wreply ?? client.RedirectUris.First();
if (string.IsNullOrEmpty(message.Wreply))
{
_logger.LogError("Wreply is missing from the request.", validatedRequest);
return(new WsFederationRequestValidationResult(validatedRequest, "Missing Wreply.", "Wreply was not passed in as a parameter."));
}
if (!client.RedirectUris.Contains(message.Wreply))
{
_logger.LogError("The passed in redirect url is not valid for the given client.", validatedRequest);
return(new WsFederationRequestValidationResult(validatedRequest, "Invalid redirect uri.", "The passed in redirect url is not valid for the given client."));
}
validatedRequest.SetClient(client);
if (validatedRequest.Client.ProtocolType != IdentityServerConstants.ProtocolTypes.WsFederation)
{
_logger.LogError("The client identified by the wtrealm does not support WsFederation.", validatedRequest);
return(new WsFederationRequestValidationResult(validatedRequest, "Invalid protocol.", "The client identified by the wtrealm does not support WsFederation."));
}
switch (message.Wa)
{
case Microsoft.IdentityModel.Protocols.WsFederation.WsFederationConstants.WsFederationActions.SignIn:
{
_logger.LogTrace("WsFederation signin request validation successful.");
return(new WsFederationRequestValidationResult(validatedRequest));
}
case Microsoft.IdentityModel.Protocols.WsFederation.WsFederationConstants.WsFederationActions.SignOut:
{
_logger.LogTrace("WsFederation signout request validation successful.");
return(new WsFederationRequestValidationResult(validatedRequest));
}
default:
{
_logger.LogError("Unsupported action.", validatedRequest);
return(new WsFederationRequestValidationResult(validatedRequest, "Unsupported action.", $"Only {Microsoft.IdentityModel.Protocols.WsFederation.WsFederationConstants.WsFederationActions.SignIn} is supported at this time."));
}
}
}
