protected override void OnLoad(EventArgs e) { string action = this.Request.QueryString[WSFederationConstants.Parameters.Action]; if (action == WSFederationConstants.Actions.SignIn) { // Process signin request. this.Response.Redirect("~/Federation.aspx?" + this.Request.QueryString, false); } else if (action == WSFederationConstants.Actions.SignOut || action == WSFederationConstants.Actions.SignOutCleanup) { // Process signout request. WSFederationMessage requestMessage = WSFederationMessage.CreateFromUri(this.Request.Url); FederatedPassiveSecurityTokenServiceOperations.ProcessSignOutRequest(requestMessage, this.User, null, this.Response); this.ActionExplanationLabel.Text = @"Sign out from the issuer has been requested."; var signedInUrls = SingleSignOnManager.SignOutRelyingParties(); if (signedInUrls.Length > 0) { this.RelyingPartyLabel.Visible = true; foreach (string url in signedInUrls) { this.RelyingPartySignOutLinks.Controls.Add( new LiteralControl(string.Format("<p><a href='{0}'>{0}</a> <img src='{0}?wa=wsignoutcleanup1.0' title='Signout request: {0}?wa=wsignoutcleanup1.0'/></p>", url))); } } signedInUrls = SingleSignOnManager.SignOutIssuers(); if (signedInUrls.Length > 0) { this.IssuerLabel.Visible = true; foreach (string url in signedInUrls) { this.IssuerSignOutLinks.Controls.Add( new LiteralControl(string.Format("<p>{0} <img src='{0}?wa=wsignoutcleanup1.0' title='Signout request: {0}?wa=wsignoutcleanup1.0'/></p>", url))); } } SingleSignOnManager.Clear(); } else { throw new InvalidOperationException( String.Format( CultureInfo.InvariantCulture, "The action '{0}' (Request.QueryString['{1}']) is unexpected. Expected actions are: '{2}' or '{3}'.", String.IsNullOrEmpty(action) ? "<EMPTY>" : action, WSFederationConstants.Parameters.Action, WSFederationConstants.Actions.SignIn, WSFederationConstants.Actions.SignOut)); } base.OnLoad(e); }
protected override IClaimsIdentity GetOutputClaimsIdentity(IClaimsPrincipal principal, RequestSecurityToken request, Scope scope) { var output = new ClaimsIdentity(); if (null == principal) { throw new InvalidRequestException("The caller's principal is null."); } SingleSignOnManager.RegisterRelyingParty(scope.ReplyToAddress); var input = (ClaimsIdentity)principal.Identity; var issuer = input.Claims.First().Issuer; switch (issuer.ToUpperInvariant()) { case "ADATUM": var adatumClaimTypesToCopy = new[] { WSIdentityConstants.ClaimTypes.Name, ClaimTypes.GivenName, ClaimTypes.Surname, ClaimTypes.StreetAddress, ClaimTypes.StateOrProvince, ClaimTypes.Country }; CopyClaims(input, adatumClaimTypesToCopy, output); TransformClaims(input, AllOrganizations.ClaimTypes.Group, Adatum.Groups.CustomerService, ClaimTypes.Role, Fabrikam.Roles.ShipmentCreator, output); TransformClaims(input, AllOrganizations.ClaimTypes.Group, Adatum.Groups.OrderFulfillments, ClaimTypes.Role, Fabrikam.Roles.ShipmentCreator, output); TransformClaims(input, AllOrganizations.ClaimTypes.Group, Adatum.Groups.OrderFulfillments, ClaimTypes.Role, Fabrikam.Roles.ShipmentManager, output); TransformClaims(input, AllOrganizations.ClaimTypes.Group, Adatum.Groups.ItAdmins, ClaimTypes.Role, Fabrikam.Roles.Administrator, output); TransformClaims(input, Adatum.ClaimTypes.CostCenter, "*", Fabrikam.ClaimTypes.CostCenter, "*", output); output.Claims.Add(new Claim(Fabrikam.ClaimTypes.Organization, Adatum.OrganizationName)); SingleSignOnManager.RegisterIssuer("https://localhost/Adatum.SimulatedIssuer.3/"); break; case "LITWARE": var litwareClaimTypesToCopy = new[] { WSIdentityConstants.ClaimTypes.Name, ClaimTypes.GivenName, ClaimTypes.Surname, ClaimTypes.StreetAddress, ClaimTypes.StateOrProvince, ClaimTypes.Country }; CopyClaims(input, litwareClaimTypesToCopy, output); TransformClaims(input, AllOrganizations.ClaimTypes.Group, Litware.Groups.Sales, ClaimTypes.Role, Fabrikam.Roles.ShipmentCreator, output); TransformClaims(input, Litware.ClaimTypes.CostCenter, "*", Fabrikam.ClaimTypes.CostCenter, "*", output); output.Claims.Add(new Claim(Fabrikam.ClaimTypes.Organization, Litware.OrganizationName)); SingleSignOnManager.RegisterIssuer("https://localhost/Litware.SimulatedIssuer.3/"); break; case "FABRIKAM-SIMPLE": var fabrikamSimpleClaimTypesToCopy = new[] { WSIdentityConstants.ClaimTypes.Name, ClaimTypes.GivenName, ClaimTypes.Surname, ClaimTypes.StreetAddress, ClaimTypes.StateOrProvince, ClaimTypes.Country }; CopyClaims(input, fabrikamSimpleClaimTypesToCopy, output); switch (input.Name.ToUpperInvariant()) { // In a production environment, all the claims for the users are taken from claim // mappings where the user name is the input claim and all the claims added here // are output claims. case "*****@*****.**": output.Claims.AddRange(new List <Claim> { new Claim(ClaimTypes.Role, Fabrikam.Roles.Administrator), new Claim(ClaimTypes.Role, Fabrikam.Roles.ShipmentManager), new Claim(ClaimTypes.Role, Fabrikam.Roles.ShipmentCreator), new Claim(Fabrikam.ClaimTypes.CostCenter, Contoso.CostCenters.SingleCostCenter), new Claim(Fabrikam.ClaimTypes.Organization, Contoso.OrganizationName) }); break; } SingleSignOnManager.RegisterIssuer("https://localhost/Fabrikam.SimulatedIssuer.3/"); break; default: throw new InvalidOperationException("Issuer not trusted."); } return(output); }