public string BuildSignOutRedirectUrl()
{
string rc = null;
var logger = SAML2.Logging.LoggerProvider.LoggerFor(typeof(SamlMessage));
var selectionUtil = new IdpSelectionUtil(logger);
var allparams = BuildParams(form, context.Request.Query);
var idp = selectionUtil.RetrieveIDP(allparams, BuildParams(context.Request.Query), config, s => rc = s);
if (rc != null)
{
return(rc); // IDP selection screen
}
if (idp == null)
{
logger.DebugFormat(TraceMessages.IdentityProviderRedirect);
throw new NotImplementedException("Selection of IDP not yet done (probably need a map call on middleware extension method)");
}
var logoutRequest = Saml20LogoutRequest.GetDefault(config);
return(LogoutRequestForIdp(idp, logoutRequest, context, config));
}
private void TransferClient(IDPEndPoint endpoint, HttpContext context)
{
Trace.TraceMethodCalled(GetType(), "TransferClient()");
Saml20LogoutRequest request = Saml20LogoutRequest.GetDefault();
AuditLogging.AssertionId = request.ID;
AuditLogging.IdpId = endpoint.Id;
// Determine which endpoint to use from the configuration file or the endpoint metadata.
IDPEndPointElement destination =
DetermineEndpointConfiguration(SAMLBinding.REDIRECT, endpoint.SLOEndpoint, endpoint.metadata.SLOEndpoints());
request.Destination = destination.Url;
string nameIdFormat = context.Session[IDPNameIdFormat].ToString();
request.SubjectToLogOut.Format = nameIdFormat;
if (destination.Binding == SAMLBinding.POST)
{
HttpPostBindingBuilder builder = new HttpPostBindingBuilder(destination);
request.Destination = destination.Url;
request.Reason = Saml20Constants.Reasons.User;
request.SubjectToLogOut.Value = context.Session[IDPNameId].ToString();
request.SessionIndex = context.Session[IDPSessionIdKey].ToString();
XmlDocument requestDocument = request.GetXml();
XmlSignatureUtils.SignDocument(requestDocument, request.ID);
builder.Request = requestDocument.OuterXml;
if(Trace.ShouldTrace(TraceEventType.Information))
Trace.TraceData(TraceEventType.Information, string.Format(Tracing.SendLogoutRequest, "POST", endpoint.Id, requestDocument.OuterXml));
AuditLogging.logEntry(Direction.OUT, Operation.LOGOUTREQUEST, "Binding: POST");
builder.GetPage().ProcessRequest(context);
context.Response.End();
return;
}
if(destination.Binding == SAMLBinding.REDIRECT)
{
HttpRedirectBindingBuilder builder = new HttpRedirectBindingBuilder();
builder.signingKey = FederationConfig.GetConfig().SigningCertificate.GetCertificate().PrivateKey;
request.Destination = destination.Url;
request.Reason = Saml20Constants.Reasons.User;
request.SubjectToLogOut.Value = context.Session[IDPNameId].ToString();
request.SessionIndex = context.Session[IDPSessionIdKey].ToString();
builder.Request = request.GetXml().OuterXml;
string redirectUrl = destination.Url + "?" + builder.ToQuery();
if (Trace.ShouldTrace(TraceEventType.Information))
Trace.TraceData(TraceEventType.Information, string.Format(Tracing.SendLogoutRequest, "REDIRECT", endpoint.Id, redirectUrl));
AuditLogging.logEntry(Direction.OUT, Operation.LOGOUTREQUEST, "Binding: Redirect");
context.Response.Redirect(redirectUrl, true);
return;
}
if(destination.Binding == SAMLBinding.ARTIFACT)
{
if (Trace.ShouldTrace(TraceEventType.Information))
Trace.TraceData(TraceEventType.Information, string.Format(Tracing.SendLogoutRequest, "ARTIFACT", endpoint.Id, string.Empty));
request.Destination = destination.Url;
request.Reason = Saml20Constants.Reasons.User;
request.SubjectToLogOut.Value = context.Session[IDPNameId].ToString();
request.SessionIndex = context.Session[IDPSessionIdKey].ToString();
HttpArtifactBindingBuilder builder = new HttpArtifactBindingBuilder(context);
AuditLogging.logEntry(Direction.OUT, Operation.LOGOUTREQUEST, "Method: Artifact");
builder.RedirectFromLogout(destination, request, Guid.NewGuid().ToString("N"));
}
HandleError(context, Resources.BindingError);
}
/// <summary>
/// Transfers the client.
/// </summary>
/// <param name="idp">The identity provider.</param>
/// <param name="context">The context.</param>
private void TransferClient(IdentityProvider idp, HttpContext context, Saml2Configuration config)
{
var request = Saml20LogoutRequest.GetDefault(config);
// Determine which endpoint to use from the configuration file or the endpoint metadata.
var destination = IdpSelectionUtil.DetermineEndpointConfiguration(BindingType.Redirect, idp.Endpoints.DefaultLogoutEndpoint, idp.Metadata.IDPSLOEndpoints);
request.Destination = destination.Url;
var nameIdFormat = (string)context.Session[IdpNameIdFormat];
request.SubjectToLogOut.Format = nameIdFormat;
// Handle POST binding
if (destination.Binding == BindingType.Post)
{
var builder = new HttpPostBindingBuilder(destination);
request.Destination = destination.Url;
request.Reason = Saml20Constants.Reasons.User;
request.SubjectToLogOut.Value = (string)context.Session[IdpNameId];
request.SessionIndex = (string)context.Session[IdpSessionIdKey];
var requestDocument = request.GetXml();
XmlSignatureUtils.SignDocument(requestDocument, request.Id, config);
builder.Request = requestDocument.OuterXml;
Logger.DebugFormat(TraceMessages.LogoutRequestSent, idp.Id, "POST", builder.Request);
context.Response.Write(builder.GetPage());
context.Response.End();
return;
}
// Handle Redirect binding
if (destination.Binding == BindingType.Redirect)
{
request.Destination = destination.Url;
request.Reason = Saml20Constants.Reasons.User;
request.SubjectToLogOut.Value = (string)context.Session[IdpNameId];
request.SessionIndex = (string)context.Session[IdpSessionIdKey];
var builder = new HttpRedirectBindingBuilder
{
Request = request.GetXml().OuterXml,
SigningKey = config.ServiceProvider.SigningCertificate.PrivateKey
};
var redirectUrl = destination.Url + "?" + builder.ToQuery();
Logger.DebugFormat(TraceMessages.LogoutRequestSent, idp.Id, "REDIRECT", redirectUrl);
context.Response.Redirect(redirectUrl, true);
return;
}
// Handle Artifact binding
if (destination.Binding == BindingType.Artifact)
{
request.Destination = destination.Url;
request.Reason = Saml20Constants.Reasons.User;
request.SubjectToLogOut.Value = (string)context.Session[IdpNameId];
request.SessionIndex = (string)context.Session[IdpSessionIdKey];
Logger.DebugFormat(TraceMessages.LogoutRequestSent, idp.Id, "ARTIFACT", request.GetXml().OuterXml);
var builder = GetBuilder(context);
builder.RedirectFromLogout(destination, request, Guid.NewGuid().ToString("N"), (s, o) => context.Cache.Insert(s, o, null, DateTime.Now.AddMinutes(1), Cache.NoSlidingExpiration));
}
Logger.Error(ErrorMessages.EndpointBindingInvalid);
throw new Saml20Exception(ErrorMessages.EndpointBindingInvalid);
}
/// <summary>
/// Transfers the client.
/// </summary>
/// <param name="idp">The identity provider.</param>
/// <param name="context">The context.</param>
private void TransferClient(IdentityProviderElement idp, HttpContext context)
{
var request = Saml20LogoutRequest.GetDefault();
// Determine which endpoint to use from the configuration file or the endpoint metadata.
var destination = DetermineEndpointConfiguration(BindingType.Redirect, idp.Endpoints.LogoutEndpoint, idp.Metadata.IDPSLOEndpoints);
request.Destination = destination.Url;
var nameIdFormat = StateService.Get <string>(IdpNameIdFormat);
request.SubjectToLogOut.Format = nameIdFormat;
// Handle POST binding
if (destination.Binding == BindingType.Post)
{
var builder = new HttpPostBindingBuilder(destination);
request.Destination = destination.Url;
request.Reason = Saml20Constants.Reasons.User;
request.SubjectToLogOut.Value = StateService.Get <string>(IdpNameId);
request.SessionIndex = StateService.Get <string>(IdpSessionIdKey);
var requestDocument = request.GetXml();
XmlSignatureUtils.SignDocument(requestDocument, request.Id);
builder.Request = requestDocument.OuterXml;
Logger.DebugFormat(TraceMessages.LogoutRequestSent, idp.Id, "POST", builder.Request);
builder.GetPage().ProcessRequest(context);
context.Response.End();
return;
}
// Handle Redirect binding
if (destination.Binding == BindingType.Redirect)
{
request.Destination = destination.Url;
request.Reason = Saml20Constants.Reasons.User;
request.SubjectToLogOut.Value = StateService.Get <string>(IdpNameId);
request.SessionIndex = StateService.Get <string>(IdpSessionIdKey);
var builder = new HttpRedirectBindingBuilder
{
Request = request.GetXml().OuterXml,
SigningKey = Saml2Config.GetConfig().ServiceProvider.SigningCertificate.GetCertificate().PrivateKey
};
var redirectUrl = destination.Url + "?" + builder.ToQuery();
Logger.DebugFormat(TraceMessages.LogoutRequestSent, idp.Id, "REDIRECT", redirectUrl);
context.Response.Redirect(redirectUrl, true);
return;
}
// Handle Artifact binding
if (destination.Binding == BindingType.Artifact)
{
request.Destination = destination.Url;
request.Reason = Saml20Constants.Reasons.User;
request.SubjectToLogOut.Value = StateService.Get <string>(IdpNameId);
request.SessionIndex = StateService.Get <string>(IdpSessionIdKey);
Logger.DebugFormat(TraceMessages.LogoutRequestSent, idp.Id, "ARTIFACT", request.GetXml().OuterXml);
var builder = new HttpArtifactBindingBuilder(context);
builder.RedirectFromLogout(destination, request, Guid.NewGuid().ToString("N"));
}
Logger.Error(ErrorMessages.EndpointBindingInvalid);
throw new Saml20Exception(ErrorMessages.EndpointBindingInvalid);
}