protected override async Task HandleChallengeAsync(AuthenticationProperties properties) { // Save the original challenge URI so we can redirect back to it when we're done. if (string.IsNullOrEmpty(properties.RedirectUri)) { properties.RedirectUri = OriginalPathBase + OriginalPath + Request.QueryString; } // Create the SPID request id string authenticationRequestId = Guid.NewGuid().ToString(); // Select the Identity Provider var idpName = Request.Query["idpName"]; var idp = Options.IdentityProviders.FirstOrDefault(x => x.Name == idpName); var securityTokenCreatingContext = await _eventsHandler.HandleSecurityTokenCreatingContext(Context, Scheme, Options, properties, authenticationRequestId); // Create the signed SAML request var message = SamlHandler.GetAuthnRequest( authenticationRequestId, securityTokenCreatingContext.TokenOptions.EntityId, securityTokenCreatingContext.TokenOptions.AssertionConsumerServiceIndex, securityTokenCreatingContext.TokenOptions.AttributeConsumingServiceIndex, securityTokenCreatingContext.TokenOptions.Certificate, idp); GenerateCorrelationId(properties); var(redirectHandled, afterRedirectMessage) = await _eventsHandler.HandleRedirectToIdentityProviderForAuthentication(Context, Scheme, Options, properties, message); if (redirectHandled) { return; } message = afterRedirectMessage; properties.SetIdentityProviderName(idpName); properties.SetAuthenticationRequest(message); properties.Save(Response, Options.StateDataFormat); await _requestGenerator.HandleRequest(message, message.ID, securityTokenCreatingContext.TokenOptions.Certificate, idp.SingleSignOnServiceUrl, idp.Method); }