protected override void OnLoad(EventArgs e) { string action = this.Request.QueryString[WSFederationConstants.Parameters.Action]; if (action == WSFederationConstants.Actions.SignIn) { // Process signin request. this.Response.Redirect("~/HomeRealmDiscovery.aspx" + "?" + this.Request.QueryString, false); } else if (action == WSFederationConstants.Actions.SignOut || action == WSFederationConstants.Actions.SignOutCleanup) { // Process signout request. WSFederationMessage requestMessage = WSFederationMessage.CreateFromUri(this.Request.Url); FederatedPassiveSecurityTokenServiceOperations.ProcessSignOutRequest(requestMessage, this.User, null, this.Response); this.ActionExplanationLabel.Text = @"Sign out from the issuer has been requested."; var signedInUrls = SingleSignOnManager.SignOutRelyingParties(); if (signedInUrls.Length > 0) { this.RelyingPartyLabel.Visible = true; foreach (string url in signedInUrls) { this.RelyingPartySignOutLinks.Controls.Add( new LiteralControl(string.Format("<p><a href='{0}'>{0}</a> <img src='{0}?wa=wsignoutcleanup1.0' title='Signout request: {0}?wa=wsignoutcleanup1.0'/></p>", url))); } } signedInUrls = SingleSignOnManager.SignOutIssuers(); if (signedInUrls.Length > 0) { this.IssuerLabel.Visible = true; foreach (string url in signedInUrls) { this.IssuerSignOutLinks.Controls.Add( new LiteralControl(string.Format("<p>{0} <img src='{0}?wa=wsignoutcleanup1.0' title='Signout request: {0}?wa=wsignoutcleanup1.0'/></p>", url))); } } SingleSignOnManager.Clear(); } else { throw new InvalidOperationException( String.Format( CultureInfo.InvariantCulture, "The action '{0}' (Request.QueryString['{1}']) is unexpected. Expected actions are: '{2}' or '{3}'.", String.IsNullOrEmpty(action) ? "<EMPTY>" : action, WSFederationConstants.Parameters.Action, WSFederationConstants.Actions.SignIn, WSFederationConstants.Actions.SignOut)); } base.OnLoad(e); }
protected override IClaimsIdentity GetOutputClaimsIdentity(IClaimsPrincipal principal, RequestSecurityToken request, Scope scope) { var output = new ClaimsIdentity(); if (null == principal) { throw new InvalidRequestException("The caller's principal is null."); } SingleSignOnManager.RegisterRelyingParty(scope.ReplyToAddress); var input = (ClaimsIdentity)principal.Identity; var issuer = input.Claims.First().Issuer.ToUpperInvariant(); switch (issuer) { case "LITWARE": CopyClaims(input, new[] { WSIdentityConstants.ClaimTypes.Name }, output); TransformClaims(input, AllOrganizations.ClaimTypes.Group, Litware.Groups.Sales, ClaimTypes.Role, Adatum.Roles.OrderTracker, output); output.Claims.Add(new Claim(Adatum.ClaimTypes.Organization, Litware.OrganizationName)); SingleSignOnManager.RegisterIssuer("https://localhost/Litware.SimulatedIssuer.6/"); break; case "ADATUM": output = input; SingleSignOnManager.RegisterIssuer("https://localhost/Adatum.SimulatedIssuer.6"); break; default: if (issuer == TrustedIssuers.Instance.AcsIssuerName.ToUpperInvariant()) { CopySocialClaims(input, output); output.Claims.Add(new Claim(ClaimTypes.Role, Adatum.Roles.OrderTracker)); output.Claims.Add(new Claim(Adatum.ClaimTypes.Organization, "MaryInc")); SingleSignOnManager.RegisterIssuer(TrustedIssuers.Instance.AcsIssuerEndpoint); } else { throw new InvalidOperationException("Issuer not trusted."); } break; } return(output); }