/// <summary> /// Trigger challenges for the given user using a service account. /// </summary> /// <param name="username">username to trigger challenges for</param> /// <param name="domain">optional domain which can be mapped to a privacyIDEA realm</param> /// <returns>PIResponse object or null on error</returns> public PIResponse TriggerChallenges(string username, string domain = null) { if (!GetAuthToken()) { Error("Unable to trigger challenges without an auth token!"); return(null); } var parameters = new Dictionary <string, string> { { "user", username } }; AddRealmForDomain(domain, parameters); string response = SendRequest("/validate/triggerchallenge", parameters); PIResponse ret = PIResponse.FromJSON(response, this); return(ret); }
/// <summary> /// Authenticate using the /validate/check endpoint with the username and OTP value. /// Optionally, a transaction id can be provided if authentication is done using challenge-response. /// </summary> /// <param name="user">username</param> /// <param name="otp">OTP</param> /// <param name="transactionid">optional transaction id to refer to a challenge</param> /// <param name="domain">optional domain which can be mapped to a privacyIDEA realm</param> /// <returns>PIResponse object or null on error</returns> public PIResponse ValidateCheck(string user, string otp, string transactionid = null, string domain = null) { var parameters = new Dictionary <string, string> { { "user", user }, { "pass", otp } }; if (transactionid != null) { parameters.Add("transaction_id", transactionid); } AddRealmForDomain(domain, parameters); string response = SendRequest("/validate/check", parameters, new List <KeyValuePair <string, string> >()); return(PIResponse.FromJSON(response, this)); }
/// <summary> /// Authenticate at the /validate/check endpoint using a WebAuthn token instead of the usual OTP value. /// This requires the WebAuthnSignResponse and the Origin from the browser. /// </summary> /// <param name="user">username</param> /// <param name="transactionid">transaction id of the webauthn challenge</param> /// <param name="webAuthnSignResponse">the WebAuthnSignResponse string in json format as returned from the browser</param> /// <param name="origin">origin also returned by the browser</param> /// <param name="domain">optional domain which can be mapped to a privacyIDEA realm</param> /// <returns>PIResponse object or null on error</returns> public PIResponse ValidateCheckWebAuthn(string user, string transactionid, string webAuthnSignResponse, string origin, string domain = null) { if (string.IsNullOrEmpty(user) || string.IsNullOrEmpty(transactionid) || string.IsNullOrEmpty(webAuthnSignResponse) || string.IsNullOrEmpty(origin)) { Log("ValidateCheckWebAuthn called with missing parameter: user="******", transactionid=" + transactionid + ", WebAuthnSignResponse=" + webAuthnSignResponse + ", origin=" + origin); return(null); } // Parse the WebAuthnSignResponse and add mandatory parameters JToken root; try { root = JToken.Parse(webAuthnSignResponse); } catch (JsonReaderException jex) { Error("WebAuthnSignRequest does not have the required format! " + jex.Message); return(null); } string credentialid = (string)root["credentialid"]; string clientdata = (string)root["clientdata"]; string signaturedata = (string)root["signaturedata"]; string authenticatordata = (string)root["authenticatordata"]; var parameters = new Dictionary <string, string> { { "user", user }, { "pass", "" }, { "transaction_id", transactionid }, { "credentialid", credentialid }, { "clientdata", clientdata }, { "signaturedata", signaturedata }, { "authenticatordata", authenticatordata } }; // Optionally add UserHandle and AssertionClientExtensions string userhandle = (string)root["userhandle"]; if (!string.IsNullOrEmpty(userhandle)) { parameters.Add("userhandle", userhandle); } string ace = (string)root["assertionclientextensions"]; if (!string.IsNullOrEmpty(ace)) { parameters.Add("assertionclientextensions", ace); } AddRealmForDomain(domain, parameters); // The origin has to be set in the header for WebAuthn authentication var headers = new List <KeyValuePair <string, string> > { new KeyValuePair <string, string>("Origin", origin) }; string response = SendRequest("/validate/check", parameters, headers); return(PIResponse.FromJSON(response, this)); }