public void processLogoutResponse(XmlDocument xml, HttpContext context, XmlReader reader)
{
// desserializar xml para LogoutRequestType
XmlSerializer serializer = new XmlSerializer(typeof(LogoutResponseType));
LogoutResponseType response = (LogoutResponseType)serializer.Deserialize(reader);
// verificar validade temporal:
int validTimeFrame = 5;
if (Math.Abs(response.IssueInstant.Subtract(DateTime.UtcNow).TotalMinutes) > validTimeFrame)
{
throw new Exception("SAML Response fora do intervalo de validade - validade da resposta: " + response.IssueInstant);
}
// TODO: efectar restantes verificações da origem, do ID a que se refere a resposta, etc
if ("urn:oasis:names:tc:SAML:2.0:status:Success".CompareTo(response.Status.StatusCode.Value) != 0)
{
// TODO: redireccionar para página de login...
throw new Exception("Autenticação sem sucesso: " + response.Status.StatusCode.Value + " - " + response.Status.StatusMessage);
}
context.Response.Redirect("~/Default.aspx");
context.Response.End();
}
/// <summary>
/// Check the validity of IdP logout response
/// </summary>
/// <param name="response"></param>
/// <param name="request"></param>
/// <returns>True if valid, false otherwise</returns>
public static bool ValidateLogoutResponse(LogoutResponseType response, LogoutRequestType request)
{
var xmlDoc = response.SerializeToXmlDoc();
BusinessValidation.ValidationCondition(() => XmlHelpers.VerifySignature(xmlDoc), ErrorLocalization.InvalidSignature);
return(response.InResponseTo == request.ID);
}
public void Execute()
{
if (String.IsNullOrEmpty(this.ApiRequest.SessionID))
{
throw new ApplicationException("Invalid call to Logout. The SessionID is null or empty.");
}
if (String.IsNullOrEmpty(this.ApiRequest.SessionData))
{
throw new ApplicationException("Invalid call to Logout. The SessionData is null or empty.");
}
Logger.Log(LogLevel.Info, "Logging out from ClientAlerts...");
string url = String.Format(this.UrlBase + @"?callname=Logout&SessionID={0}&SessionData={1}"
, this.EscapeParam(this.ApiRequest.SessionID)
, this.EscapeParam(this.ApiRequest.SessionData));
if (this.ApiRequest.MessageID != null)
{
url += String.Format(@"&MessageID={0}", this.EscapeParam(this.ApiRequest.MessageID));
}
string responseJson = null;
try
{
responseJson = this.JsonWebService.Call(url);
}
catch
{
this.Logger.Log(LogLevel.Error, "An exception occurred while calling the Login web service.");
throw;
}
try
{
JsonDeserializer deserializer = new JsonDeserializer();
this.ApiResponse = deserializer.DeSerialiseObject <LogoutResponseType>(responseJson);
}
catch
{
Logger.Log(LogLevel.Error, "Failed to deserialise the following: {0}", responseJson);
throw;
}
Logger.Log(LogLevel.Debug, "Logout Ack {0}", this.ApiResponse.Ack);
}
private SAMLLogoutResponse ExtractLogoutResponseValues(XmlDocument doc)
{
SAMLLogoutResponse context = new SAMLLogoutResponse(SAMLConstants.ErrorCodes.VALID);
XmlReader reader = new XmlTextReader(new StringReader(doc.OuterXml));
LogoutResponseType response = Deserialize <LogoutResponseType>(reader);
context.InResponseTo = response.InResponseTo;
int statusCode = SAMLConstants.StatusCode.GetStatusCodeFromDesc(
response.Status.StatusCode.Value);
if (statusCode < 0 && response.Status.StatusCode.StatusCode != null)
{
context.StatusCode = SAMLConstants.StatusCode.GetStatusCodeFromDesc(
response.Status.StatusCode.StatusCode.Value);
}
else
{
context.StatusCode = statusCode;
}
if (Math.Abs(response.IssueInstant.Subtract(DateTime.UtcNow).TotalMinutes) > validTimeframe)
{
context.ErrorCode = SAMLConstants.ErrorCodes.EXPIRED;
return(context);
}
if (statusCode != SAMLConstants.StatusCode.SUCCESS)
{
int subStatusCode = SAMLConstants.StatusCode.GetStatusCodeFromDesc(
response.Status.StatusCode.StatusCode.Value);
if (subStatusCode != -1)
{
context.SubStatusCode = subStatusCode;
context.StatusMessage = response.Status.StatusMessage;
}
return(context);
}
return(context);
}
private SamlBodyResponse ProcessLogoutResponse(SamlBodyResponse samlBodyRes, XmlDocument xml, XmlReader reader)
{
// desserializar xml para LogoutRequestType
XmlSerializer serializer = new XmlSerializer(typeof(LogoutResponseType));
LogoutResponseType response = (LogoutResponseType)serializer.Deserialize(reader);
// verificar validade temporal:
int validTimeFrame = 5;
if (Math.Abs(response.IssueInstant.Subtract(DateTime.UtcNow).TotalMinutes) > validTimeFrame)
{
return(AddResponseError(samlBodyRes, "SAML Response fora do intervalo de validade - validade da resposta: " + response.IssueInstant));
}
if ("urn:oasis:names:tc:SAML:2.0:status:Success".CompareTo(response.Status.StatusCode.Value) != 0)
{
return(AddResponseError(samlBodyRes, "Autenticação sem sucesso: " + response.Status.StatusCode.Value + " - " + response.Status.StatusMessage));
}
samlBodyRes.Success = true;
samlBodyRes.Action = Enums.SamlResponseAction.Logout;
return(samlBodyRes);
}
public NexoLogout() : base(MessageCategoryEnumeration.Logout)
{
RequestItem = new LogoutRequestType();
ReplyItem = new LogoutResponseType();
}
public async Task <RemoteSignOutContext> HandleRemoteSignOut(HttpContext context, AuthenticationScheme scheme, SpidOptions options, LogoutResponseType message)
{
var remoteSignOutContext = new RemoteSignOutContext(context, scheme, options, message);
await _events.RemoteSignOut(remoteSignOutContext);
return(remoteSignOutContext);
}
/// <summary>
///
/// </summary>
/// <param name="context"></param>
/// <param name="scheme"></param>
/// <param name="options"></param>
/// <param name="message"></param>
public RemoteSignOutContext(HttpContext context, AuthenticationScheme scheme, SpidOptions options, LogoutResponseType message)
: base(context, scheme, options, new AuthenticationProperties())
=> ProtocolMessage = message;
