예제 #1
0
 public WsFederationSignoutValidationResult(ValidatedWsFederationSignoutRequest request, string error, string errorDescription = null)
 {
     ValidatedRequest = request;
     IsError          = true;
     Error            = error;
     ErrorDescription = errorDescription;
 }
예제 #2
0
        public async Task <WsFederationSignoutValidationResult> ValidateAsync(WsFederationMessage message)
        {
            _logger.LogDebug("Start WsFederation signout request validator.");

            var validatedRequest = new ValidatedWsFederationSignoutRequest
            {
                RequestMessage = message
            };

            validatedRequest.SessionId = await _userSession.GetSessionIdAsync();

            validatedRequest.ClientIds = await _userSession.GetClientListAsync();

            IEnumerable <string> postLogoutRedirectUris;

            //Wtrealm is not really part of the standard for signout, but it appears that some implementations include it.
            //If the wtrealm is specified, respect it. Otherwise, search all of the user's known clients for the wreply.
            if (!string.IsNullOrEmpty(message.Wtrealm))
            {
                _logger.LogDebug("Wtrealm was specified. Using PostLogoutRedirectUris for only that client.", validatedRequest);
                var client = await _clients.FindEnabledClientByIdAsync(message.Wtrealm);

                if (client == null)
                {
                    _logger.LogError("There is no client configured that matches the wtrealm parameter of the incoming request.", validatedRequest);
                    return(new WsFederationSignoutValidationResult(validatedRequest, "No Client.", "There is no client configured that matches the wtrealm parameter of the incoming request."));
                }
                postLogoutRedirectUris = client.PostLogoutRedirectUris;
            }
            else
            {
                _logger.LogDebug("Wtrealm was not specified. Using PostLogoutRedirectUris for all clients that the user has authenticated with.", validatedRequest);
                var tasks   = validatedRequest.ClientIds.Select(async c => await _clients.FindEnabledClientByIdAsync(c)).ToList();
                var clients = await Task.WhenAll(tasks);

                postLogoutRedirectUris = clients.SelectMany(c => c.PostLogoutRedirectUris).Where(uri => !string.IsNullOrEmpty(uri));
            }

            //This behavior might be odd. If the user is authenticated with multiple clients, it's probably bad to redirect them to a random client....
            if (string.IsNullOrEmpty(message.Wreply))
            {
                _logger.LogInformation("Wreply is missing from the request. Using the defualt wreply.", validatedRequest);
                validatedRequest.PostLogOutUri = postLogoutRedirectUris.FirstOrDefault();
            }
            else if (postLogoutRedirectUris.Contains(message.Wreply))
            {
                validatedRequest.PostLogOutUri = message.Wreply;
            }
            else
            {
                _logger.LogError("The passed in redirect url is not valid for the given client.", validatedRequest);
                return(new WsFederationSignoutValidationResult(validatedRequest, "Invalid redirect uri.", "The passed in redirect url is not valid for the given client."));
            }
            _logger.LogTrace("WsFederation signout request validation successful.");
            return(new WsFederationSignoutValidationResult(validatedRequest));
        }
예제 #3
0
 public WsFederationSignoutValidationResult(ValidatedWsFederationSignoutRequest request)
 {
     ValidatedRequest = request;
     IsError          = false;
 }