private async Task <bool> HandleSignOut() { if (!Request.Path.Value.EndsWith(Options.SingleLogoutServiceUrl, StringComparison.OrdinalIgnoreCase)) { return(false); } _logger.LogDebug($"Entering {nameof(HandleSignOut)}"); if (!_httpRedirectBinding.IsValid(Context.Request)) { return(false); } var uri = new Uri(Context.Request.GetEncodedUrl()); if (_httpRedirectBinding.IsLogoutRequest(Context.Request) ) //idp initiated logout. TODO: BUG:Context.User and cookies are not populated { var logoutReponse = _samlService.GetLogoutReponse(uri); if (logoutReponse.StatusCode != Saml2Constants.StatusCodes.Success || Context.User.Identity.IsAuthenticated) { return(false); } var relayState = _httpRedirectBinding.GetCompressedRelayState(Context.Request); var url = _samlService.GetLogoutResponseUrl(logoutReponse, relayState); await Context.SignOutAsync(Options.SignOutScheme, new AuthenticationProperties()); Context.Response.Redirect(url, true); return(true); } //sp initiated logout var response = _httpRedirectBinding.GetResponse(Context.Request); var authenticationProperties = Options.StateDataFormat.Unprotect(response.RelayState) ?? new AuthenticationProperties(); var initialLogoutRequestId = GetRequestId(); if (!_samlService.IsLogoutResponseValid(uri, initialLogoutRequestId)) { return(false); } await Context.SignOutAsync(Options.SignOutScheme, authenticationProperties); var cookieOptions = Options.RequestIdCookie.Build(Context, Clock.UtcNow); Context.Response.DeleteAllRequestIdCookies(Context.Request, cookieOptions); var redirectUrl = GetRedirectUrl(authenticationProperties); _logger.LogDebug( $"Method={nameof(HandleSignOut)}. Received and handled sp initiated logout response. Redirecting to {redirectUrl}"); Context.Response.Redirect(redirectUrl, true); return(true); }
private async Task <bool> HandleSignIn() { if (!Request.Path.Value.EndsWith(Options.AssertionConsumerServiceUrl, StringComparison.OrdinalIgnoreCase) || !_httpRedirectBinding.IsValid(Context.Request)) { return(false); } _logger.LogDebug($"Entering {nameof(HandleSignIn)}"); var properties = await _sessionStore.LoadAsync <AuthenticationProperties>() ?? new AuthenticationProperties(); properties.Items.TryGetValue(AuthnRequestIdKey, out var initialAuthnRequestId); var result = _httpRedirectBinding.GetResponse(Context.Request); var base64EncodedSamlResponse = result.Response; var assertion = _samlService.HandleHttpRedirectResponse(base64EncodedSamlResponse, initialAuthnRequestId); await SignIn(assertion, properties); await _sessionStore.RemoveAsync <AuthenticationProperties>(); var redirectUrl = GetRedirectUrl(properties); _logger.LogDebug( $"Method={nameof(HandleSignIn)}. Received and handled SSO redirect response. Redirecting to {redirectUrl}"); Context.Response.Redirect(redirectUrl, true); return(true); }
public Task <Saml2Assertion> ReceiveHttpRedirectAuthnResponseAsync(string initialRequestId) { var result = _httpRedirectBinding.GetResponse(); var samlResponseDocument = _xmlProvider.GetDecodedSamlResponse(result); var response = samlResponseDocument.DocumentElement; var isValid = _validator.Validate(response, initialRequestId); if (isValid) { return(Task.FromResult(_validator.GetValidatedAssertion(response))); } throw new InvalidOperationException("The received samlAssertion is invalid"); }