private async Task <bool> HandleSignOut()
{
if (!Request.Path.Value.EndsWith(Options.SingleLogoutServiceUrl, StringComparison.OrdinalIgnoreCase))
{
return(false);
}
_logger.LogDebug($"Entering {nameof(HandleSignOut)}");
if (!_httpRedirectBinding.IsValid(Context.Request))
{
return(false);
}
var uri = new Uri(Context.Request.GetEncodedUrl());
if (_httpRedirectBinding.IsLogoutRequest(Context.Request)
) //idp initiated logout. TODO: BUG:Context.User and cookies are not populated
{
var logoutReponse = _samlService.GetLogoutReponse(uri);
if (logoutReponse.StatusCode != Saml2Constants.StatusCodes.Success ||
Context.User.Identity.IsAuthenticated)
{
return(false);
}
var relayState = _httpRedirectBinding.GetCompressedRelayState(Context.Request);
var url = _samlService.GetLogoutResponseUrl(logoutReponse, relayState);
await Context.SignOutAsync(Options.SignOutScheme, new AuthenticationProperties());
Context.Response.Redirect(url, true);
return(true);
}
//sp initiated logout
var response = _httpRedirectBinding.GetResponse(Context.Request);
var authenticationProperties =
Options.StateDataFormat.Unprotect(response.RelayState) ?? new AuthenticationProperties();
var initialLogoutRequestId = GetRequestId();
if (!_samlService.IsLogoutResponseValid(uri, initialLogoutRequestId))
{
return(false);
}
await Context.SignOutAsync(Options.SignOutScheme, authenticationProperties);
var cookieOptions = Options.RequestIdCookie.Build(Context, Clock.UtcNow);
Context.Response.DeleteAllRequestIdCookies(Context.Request, cookieOptions);
var redirectUrl = GetRedirectUrl(authenticationProperties);
_logger.LogDebug(
$"Method={nameof(HandleSignOut)}. Received and handled sp initiated logout response. Redirecting to {redirectUrl}");
Context.Response.Redirect(redirectUrl, true);
return(true);
}
private async Task <bool> HandleSignIn()
{
if (!Request.Path.Value.EndsWith(Options.AssertionConsumerServiceUrl, StringComparison.OrdinalIgnoreCase) ||
!_httpRedirectBinding.IsValid(Context.Request))
{
return(false);
}
_logger.LogDebug($"Entering {nameof(HandleSignIn)}");
var properties = await _sessionStore.LoadAsync <AuthenticationProperties>() ?? new AuthenticationProperties();
properties.Items.TryGetValue(AuthnRequestIdKey, out var initialAuthnRequestId);
var result = _httpRedirectBinding.GetResponse(Context.Request);
var base64EncodedSamlResponse = result.Response;
var assertion = _samlService.HandleHttpRedirectResponse(base64EncodedSamlResponse, initialAuthnRequestId);
await SignIn(assertion, properties);
await _sessionStore.RemoveAsync <AuthenticationProperties>();
var redirectUrl = GetRedirectUrl(properties);
_logger.LogDebug(
$"Method={nameof(HandleSignIn)}. Received and handled SSO redirect response. Redirecting to {redirectUrl}");
Context.Response.Redirect(redirectUrl, true);
return(true);
}
public Task <Saml2Assertion> ReceiveHttpRedirectAuthnResponseAsync(string initialRequestId)
{
var result = _httpRedirectBinding.GetResponse();
var samlResponseDocument = _xmlProvider.GetDecodedSamlResponse(result);
var response = samlResponseDocument.DocumentElement;
var isValid = _validator.Validate(response, initialRequestId);
if (isValid)
{
return(Task.FromResult(_validator.GetValidatedAssertion(response)));
}
throw new InvalidOperationException("The received samlAssertion is invalid");
}
