private HttpResponseMessage ProcessJwtRequest(TokenRequest request) { if (string.IsNullOrEmpty(request.Assertion)) { Tracing.Error("ADFS integration authentication request (JWT) with empty assertion"); return(OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidGrant)); } Tracing.Information("Starting ADFS integration authentication request (JWT) for scope: " + request.Scope); var bridge = new AdfsBridge(ConfigurationRepository); GenericXmlSecurityToken token; try { Tracing.Verbose("Starting ADFS integration authentication request (JWT) for assertion: " + request.Assertion); token = bridge.AuthenticateJwt(request.Assertion, request.Scope); } catch (Exception ex) { Tracing.Error("Error while communicating with ADFS: " + ex.ToString()); return(OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidRequest)); } var response = CreateTokenResponse(token, request.Scope); Tracing.Verbose("ADFS integration JWT authentication successful"); return(response); }
private HttpResponseMessage ProcessUserNameRequest(TokenRequest request) { if (string.IsNullOrEmpty(request.UserName) || string.IsNullOrEmpty(request.Password)) { Tracing.Error("ADFS integration username authentication request with empty username or password"); return(OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidGrant)); } Tracing.Information("Starting ADFS integration username authentication request for scope: " + request.Scope); var bridge = new AdfsBridge(ConfigurationRepository); GenericXmlSecurityToken token; try { Tracing.Verbose("ADFS integration username authentication request for user: "******"Error while communicating with ADFS: " + ex.ToString()); return(OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidRequest)); } var response = CreateTokenResponse(token, request.Scope); Tracing.Verbose("ADFS integration username authentication request successful"); return(response); }
private HttpResponseMessage CreateTokenResponse(GenericXmlSecurityToken token, string scope) { var response = new TokenResponse(); if (ConfigurationRepository.AdfsIntegration.PassThruAuthenticationToken) { response.AccessToken = token.TokenXml.OuterXml; response.ExpiresIn = (int)(token.ValidTo.Subtract(DateTime.UtcNow).TotalSeconds); } else { var bridge = new AdfsBridge(ConfigurationRepository); if (ConfigurationRepository.Keys.DecryptionCertificate != null) { var configuration = new SecurityTokenHandlerConfiguration { AudienceRestriction = { AudienceMode = AudienceUriMode.Never }, CertificateValidationMode = X509CertificateValidationMode.None, RevocationMode = X509RevocationMode.NoCheck, CertificateValidator = X509CertificateValidator.None, ServiceTokenResolver = SecurityTokenResolver.CreateDefaultSecurityTokenResolver( new ReadOnlyCollection <SecurityToken>(new SecurityToken[] { new X509SecurityToken(ConfigurationRepository.Keys.DecryptionCertificate) }), false) }; var handler = SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection(configuration); response = bridge.ConvertSamlToJwt(token.ToSecurityToken(handler), scope); } else { response = bridge.ConvertSamlToJwt(token.ToSecurityToken(), scope); } } return(Request.CreateResponse <TokenResponse>(HttpStatusCode.OK, response)); }
private HttpResponseMessage ProcessJwtRequest(TokenRequest request) { if (string.IsNullOrEmpty(request.Assertion)) { Tracing.Error("ADFS integration authentication request (JWT) with empty assertion"); return OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidGrant); } Tracing.Information("Starting ADFS integration authentication request (JWT) for scope: " + request.Scope); var bridge = new AdfsBridge(ConfigurationRepository); GenericXmlSecurityToken token; try { Tracing.Verbose("Starting ADFS integration authentication request (JWT) for assertion: " + request.Assertion); token = bridge.AuthenticateJwt(request.Assertion, request.Scope); } catch (Exception ex) { Tracing.Error("Error while communicating with ADFS: " + ex.ToString()); return OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidRequest); } var response = CreateTokenResponse(token, request.Scope); Tracing.Verbose("ADFS integration JWT authentication successful"); return response; }
private HttpResponseMessage CreateTokenResponse(GenericXmlSecurityToken token, string scope) { var response = new TokenResponse(); if (ConfigurationRepository.AdfsIntegration.PassThruAuthenticationToken) { response.AccessToken = token.TokenXml.OuterXml; response.ExpiresIn = (int)(token.ValidTo.Subtract(DateTime.UtcNow).TotalSeconds); } else { var bridge = new AdfsBridge(ConfigurationRepository); response = bridge.ConvertSamlToJwt(token.ToSecurityToken(), scope); } return(Request.CreateResponse <TokenResponse>(HttpStatusCode.OK, response)); }
private HttpResponseMessage ProcessSamlRequest(TokenRequest request) { if (string.IsNullOrEmpty(request.Assertion)) { Tracing.Error("ADFS integration SAML authentication request with empty assertion"); return(OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidGrant)); } // un-base64 saml token string string incomingSamlToken; try { incomingSamlToken = Encoding.UTF8.GetString(Convert.FromBase64String(request.Assertion)); } catch { Tracing.Error("ADFS integration SAML authentication request with malformed SAML assertion: " + request.Assertion); return(OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidGrant)); } Tracing.Information("Starting ADFS integration SAML authentication request for scope: " + request.Scope); var bridge = new AdfsBridge(ConfigurationRepository); GenericXmlSecurityToken token; try { Tracing.Verbose("ADFS integration SAML authentication request for assertion: " + request.Assertion); token = bridge.AuthenticateSaml(incomingSamlToken, request.Scope); } catch (Exception ex) { Tracing.Error("Error while communicating with ADFS: " + ex.ToString()); return(OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidRequest)); } var response = CreateTokenResponse(token, request.Scope); Tracing.Verbose("ADFS integration SAML authentication request successful"); return(response); }
private HttpResponseMessage CreateTokenResponse(GenericXmlSecurityToken token, string scope) { var response = new TokenResponse(); if (ConfigurationRepository.AdfsIntegration.PassThruAuthenticationToken) { response.AccessToken = token.TokenXml.OuterXml; response.ExpiresIn = (int)(token.ValidTo.Subtract(DateTime.UtcNow).TotalSeconds); } else { var bridge = new AdfsBridge(ConfigurationRepository); response = bridge.ConvertSamlToJwt(token.ToSecurityToken(), scope); } return Request.CreateResponse<TokenResponse>(HttpStatusCode.OK, response); }
private HttpResponseMessage ProcessUserNameRequest(TokenRequest request) { if (string.IsNullOrEmpty(request.UserName) || string.IsNullOrEmpty(request.Password)) { Tracing.Error("ADFS integration username authentication request with empty username or password"); return OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidGrant); } Tracing.Information("Starting ADFS integration username authentication request for scope: " + request.Scope); var bridge = new AdfsBridge(ConfigurationRepository); GenericXmlSecurityToken token; try { Tracing.Verbose("ADFS integration username authentication request for user: "******"Error while communicating with ADFS: " + ex.ToString()); return OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidRequest); } var response = CreateTokenResponse(token, request.Scope); Tracing.Verbose("ADFS integration username authentication request successful"); return response; }
private HttpResponseMessage ProcessSamlRequest(TokenRequest request) { if (string.IsNullOrEmpty(request.Assertion)) { Tracing.Error("ADFS integration SAML authentication request with empty assertion"); return OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidGrant); } // un-base64 saml token string string incomingSamlToken; try { incomingSamlToken = Encoding.UTF8.GetString(Convert.FromBase64String(request.Assertion)); } catch { Tracing.Error("ADFS integration SAML authentication request with malformed SAML assertion: " + request.Assertion); return OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidGrant); } Tracing.Information("Starting ADFS integration SAML authentication request for scope: " + request.Scope); var bridge = new AdfsBridge(ConfigurationRepository); GenericXmlSecurityToken token; try { Tracing.Verbose("ADFS integration SAML authentication request for assertion: " + request.Assertion); token = bridge.AuthenticateSaml(incomingSamlToken, request.Scope); } catch (Exception ex) { Tracing.Error("Error while communicating with ADFS: " + ex.ToString()); return OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidRequest); } var response = CreateTokenResponse(token, request.Scope); Tracing.Verbose("ADFS integration SAML authentication request successful"); return response; }
private HttpResponseMessage CreateTokenResponse(GenericXmlSecurityToken token, string scope) { var response = new TokenResponse(); if (ConfigurationRepository.AdfsIntegration.PassThruAuthenticationToken) { response.AccessToken = token.TokenXml.OuterXml; response.ExpiresIn = (int)(token.ValidTo.Subtract(DateTime.UtcNow).TotalSeconds); } else { var bridge = new AdfsBridge(ConfigurationRepository); if (ConfigurationRepository.Keys.DecryptionCertificate != null) { var configuration = new SecurityTokenHandlerConfiguration { AudienceRestriction = { AudienceMode = AudienceUriMode.Never }, CertificateValidationMode = X509CertificateValidationMode.None, RevocationMode = X509RevocationMode.NoCheck, CertificateValidator = X509CertificateValidator.None, ServiceTokenResolver = SecurityTokenResolver.CreateDefaultSecurityTokenResolver( new ReadOnlyCollection<SecurityToken>(new SecurityToken[] { new X509SecurityToken(ConfigurationRepository.Keys.DecryptionCertificate) }), false) }; var handler = SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection(configuration); response = bridge.ConvertSamlToJwt(token.ToSecurityToken(handler), scope); } else { response = bridge.ConvertSamlToJwt(token.ToSecurityToken(), scope); } } return Request.CreateResponse<TokenResponse>(HttpStatusCode.OK, response); }