public async Task <IActionResult> SingleSignOnService()
{
// receive the request from SP (SP-initialed SSO)
await _samlIdentityProvider.ReceiveSsoAsync();
if (User.Identity.IsAuthenticated)
{
var userName = User.Identity.Name;
var attributes = new List <SamlAttribute>()
{
new SamlAttribute(ClaimTypes.Email, User.FindFirst(ClaimTypes.Email)?.Value),
new SamlAttribute(ClaimTypes.GivenName, User.FindFirst(ClaimTypes.GivenName)?.Value),
new SamlAttribute(ClaimTypes.Surname, User.FindFirst(ClaimTypes.Surname)?.Value)
};
// sent to SP
await _samlIdentityProvider.SendSsoAsync(userName, attributes);
return(new EmptyResult());
}
else
{
return(RedirectToAction("SingleSignOnServiceCompletion"));
}
}
/*public async Task<IActionResult> SingleLogoutService()
* {
* // Receive the single logout request or response.
* // If a request is received then single logout is being initiated by a partner service provider.
* // If a response is received then this is in response to single logout having been initiated by the identity provider.
* var sloResult = await _samlIdentityProvider.ReceiveSloAsync();
*
* if (sloResult.IsResponse)
* {
* if (sloResult.HasCompleted)
* {
* // IdP-initiated SLO has completed.
* if (!string.IsNullOrEmpty(sloResult.RelayState))
* {
* return LocalRedirect(sloResult.RelayState);
* }
*
* return RedirectToPage("/Index");
* }
* }
* else
* {
* // Logout locally.
* await _signInManager.SignOutAsync();
*
* // Respond to the SP-initiated SLO request indicating successful logout.
* await _samlIdentityProvider.SendSloAsync();
* }
*
* return new EmptyResult();
* }*/
private Task CompleteSsoAsync()
{
// Get the name of the logged in user.
var userName = User.Identity.Name;
// For demonstration purposes, include some claims.
var attributes = new List <SamlAttribute>()
{
new SamlAttribute(ClaimTypes.Email, User.FindFirst(ClaimTypes.Email)?.Value),
new SamlAttribute(ClaimTypes.GivenName, User.FindFirst(ClaimTypes.GivenName)?.Value),
new SamlAttribute(ClaimTypes.Surname, User.FindFirst(ClaimTypes.Surname)?.Value),
};
// The user is logged in at the identity provider.
// Respond to the authn request by sending a SAML response containing a SAML assertion to the SP.
return(_samlIdentityProvider.SendSsoAsync(userName, attributes));
}
public async Task <ActionResult> SingleSignOnServiceCompletion()
{
// Get the name of the logged in user.
var userName = User.Identity.Name;
// For demonstration purposes, include some claims.
var attributes = new List <SamlAttribute>()
{
new SamlAttribute(ClaimTypes.GivenName, ((ClaimsIdentity)User.Identity).FindFirst(ClaimTypes.GivenName).Value),
new SamlAttribute(ClaimTypes.Surname, ((ClaimsIdentity)User.Identity).FindFirst(ClaimTypes.Surname).Value)
};
// The user is logged in at the identity provider.
// Respond to the authn request by sending a SAML response containing a SAML assertion to the SP.
await _samlIdentityProvider.SendSsoAsync(userName, attributes);
return(new EmptyResult());
}
public async Task CompleteSsoAsync(ClaimsPrincipal principal)
{
var status = await samlIdentityProvider.GetStatusAsync();
logger.LogInformation("Completing SAML SSO call");
// Get the name of the logged in user.
var userName = principal.Identity.Name;
// Include claims as SAML attributes.
var attributes = new List <SamlAttribute>();
string email = userName;
foreach (var claim in ((ClaimsIdentity)principal.Identity).Claims)
{
if (claim.Type == "email")
{
userName = claim.Value;
}
}
// The user is logged in at the identity provider.
// Respond to the authn request by sending a SAML response containing a SAML assertion to the SP.
await samlIdentityProvider.SendSsoAsync(userName, attributes);
}