public WsFederationRequestValidationResult(ValidatedWsFederationRequest request, string error, string errorDescription = null)
 {
     ValidatedRequest = request;
     IsError          = true;
     Error            = error;
     ErrorDescription = errorDescription;
 }
 public WsFederationRequestValidationResult(ValidatedWsFederationRequest request)
 {
     ValidatedRequest = request;
     IsError          = false;
 }
        public async Task <WsFederationRequestValidationResult> ValidateAsync(WsFederationMessage message, ClaimsPrincipal user)
        {
            _logger.LogDebug("Start WsFederation signin request validator.");

            var validatedRequest = new ValidatedWsFederationRequest
            {
                RequestMessage = message,
                Subject        = user
            };

            if (string.IsNullOrEmpty(message.Wa))
            {
                _logger.LogError("Wa is missing from the request.", validatedRequest);
                return(new WsFederationRequestValidationResult(validatedRequest, "Missing wa", "No 'wa' was specified as part of the request."));
            }

            if (string.IsNullOrEmpty(message.Wtrealm))
            {
                _logger.LogError("Wtrealm is missing from the request.", validatedRequest);
                return(new WsFederationRequestValidationResult(validatedRequest, "Missing Wtrealm.", "Wtrealm was not passed in as a parameter."));
            }

            var client = await _clients.FindEnabledClientByIdAsync(message.Wtrealm);

            if (client == null)
            {
                _logger.LogError("There is no client configured that matches the wtrealm parameter of the incoming request.", validatedRequest);
                return(new WsFederationRequestValidationResult(validatedRequest, "No Client", "There is no client configured that matches the wtrealm parameter of the incoming request."));
            }

            message.Wreply = message.Wreply ?? client.RedirectUris.First();
            if (string.IsNullOrEmpty(message.Wreply))
            {
                _logger.LogError("Wreply is missing from the request.", validatedRequest);
                return(new WsFederationRequestValidationResult(validatedRequest, "Missing Wreply.", "Wreply was not passed in as a parameter."));
            }

            if (!client.RedirectUris.Contains(message.Wreply))
            {
                _logger.LogError("The passed in redirect url is not valid for the given client.", validatedRequest);
                return(new WsFederationRequestValidationResult(validatedRequest, "Invalid redirect uri.", "The passed in redirect url is not valid for the given client."));
            }
            validatedRequest.SetClient(client);

            if (validatedRequest.Client.ProtocolType != IdentityServerConstants.ProtocolTypes.WsFederation)
            {
                _logger.LogError("The client identified by the wtrealm does not support WsFederation.", validatedRequest);
                return(new WsFederationRequestValidationResult(validatedRequest, "Invalid protocol.", "The client identified by the wtrealm does not support WsFederation."));
            }

            switch (message.Wa)
            {
            case Microsoft.IdentityModel.Protocols.WsFederation.WsFederationConstants.WsFederationActions.SignIn:
            {
                _logger.LogTrace("WsFederation signin request validation successful.");
                return(new WsFederationRequestValidationResult(validatedRequest));
            }

            case Microsoft.IdentityModel.Protocols.WsFederation.WsFederationConstants.WsFederationActions.SignOut:
            {
                _logger.LogTrace("WsFederation signout request validation successful.");
                return(new WsFederationRequestValidationResult(validatedRequest));
            }

            default:
            {
                _logger.LogError("Unsupported action.", validatedRequest);
                return(new WsFederationRequestValidationResult(validatedRequest, "Unsupported action.", $"Only {Microsoft.IdentityModel.Protocols.WsFederation.WsFederationConstants.WsFederationActions.SignIn} is supported at this time."));
            }
            }
        }