protected override async Task HandleChallengeAsync(AuthenticationProperties properties)
{
// Save the original challenge URI so we can redirect back to it when we're done.
if (string.IsNullOrEmpty(properties.RedirectUri))
{
properties.RedirectUri = OriginalPathBase + OriginalPath + Request.QueryString;
}
// Create the SPID request id
string authenticationRequestId = Guid.NewGuid().ToString();
// Select the Identity Provider
var idpName = Request.Query["idpName"];
var idp = Options.IdentityProviders.FirstOrDefault(x => x.Name == idpName);
var securityTokenCreatingContext = await _eventsHandler.HandleSecurityTokenCreatingContext(Context, Scheme, Options, properties, authenticationRequestId);
// Create the signed SAML request
var message = SamlHandler.GetAuthnRequest(
authenticationRequestId,
securityTokenCreatingContext.TokenOptions.EntityId,
securityTokenCreatingContext.TokenOptions.AssertionConsumerServiceIndex,
securityTokenCreatingContext.TokenOptions.AttributeConsumingServiceIndex,
securityTokenCreatingContext.TokenOptions.Certificate,
idp);
GenerateCorrelationId(properties);
var(redirectHandled, afterRedirectMessage) = await _eventsHandler.HandleRedirectToIdentityProviderForAuthentication(Context, Scheme, Options, properties, message);
if (redirectHandled)
{
return;
}
message = afterRedirectMessage;
properties.SetIdentityProviderName(idpName);
properties.SetAuthenticationRequest(message);
properties.Save(Response, Options.StateDataFormat);
await _requestGenerator.HandleRequest(message,
message.ID,
securityTokenCreatingContext.TokenOptions.Certificate,
idp.SingleSignOnServiceUrl,
idp.Method);
}
