/// <summary> /// Initiates a new authentication process and returns to the ADFS system. /// </summary> /// <param name="identityClaim">Claim information from the ADFS</param> /// <param name="request">The HTTP request</param> /// <param name="authContext">The context for the authentication</param> /// <returns>new instance of IAdapterPresentationForm</returns> public IAdapterPresentation BeginAuthentication(Claim identityClaim, HttpListenerRequest request, IAuthenticationContext authContext) { if (identityClaim is null) { identityClaim = new Claim(Metadata.IdentityClaims[0], "*****@*****.**"); } if (authContext is null) { authContext = new AuthenticationContext(); } #if DEBUG Debug.WriteLine($"{Helper.debugPrefix} BeginAuthentication() claim value {identityClaim.Value}"); #endif // check whether SSL validation is disabled in the config if (!ssl) { #pragma warning disable CA5359 // Do Not Disable Certificate Validation ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, sslPolicyErrors) => true; #pragma warning restore CA5359 // Do Not Disable Certificate Validation } // trigger challenge otp_prov = new OTPprovider(privacyIDEAurl); // get a new admin token for all requests if an admin password is defined if (!string.IsNullOrEmpty(admin_pw) && !string.IsNullOrEmpty(admin_user)) { token = otp_prov.GetAuthToken(admin_user, admin_pw); // trigger a challenge (SMS, Mail ...) for the the user if (otp_prov.HasToken(identityClaim.Value, privacyIDEArealm, token)) { transaction_id = otp_prov.TriggerChallenge(identityClaim.Value, privacyIDEArealm, token); authContext.Data.Add("transaction_id", transaction_id); } else { // register a token, get QR code Dictionary <string, string> QR = otp_prov.EnrollTOTPToken(identityClaim.Value, privacyIDEArealm, token); #if DEBUG Debug.WriteLine($"{Helper.debugPrefix} BeginAuthentication() QR {Helper.ToDebugString(QR)}"); #endif if (QR.ContainsKey("googleurl")) { authContext.Data.Add("qrcode", QR["googleurl"]); } } } authContext.Data.Add("userid", identityClaim.Value); authContext.Data.Add("realm", privacyIDEArealm); return(new AdapterPresentationForm(uidefinition, authContext)); }