public void processLogoutResponse(XmlDocument xml, HttpContext context, XmlReader reader) { // desserializar xml para LogoutRequestType XmlSerializer serializer = new XmlSerializer(typeof(LogoutResponseType)); LogoutResponseType response = (LogoutResponseType)serializer.Deserialize(reader); // verificar validade temporal: int validTimeFrame = 5; if (Math.Abs(response.IssueInstant.Subtract(DateTime.UtcNow).TotalMinutes) > validTimeFrame) { throw new Exception("SAML Response fora do intervalo de validade - validade da resposta: " + response.IssueInstant); } // TODO: efectar restantes verificações da origem, do ID a que se refere a resposta, etc if ("urn:oasis:names:tc:SAML:2.0:status:Success".CompareTo(response.Status.StatusCode.Value) != 0) { // TODO: redireccionar para página de login... throw new Exception("Autenticação sem sucesso: " + response.Status.StatusCode.Value + " - " + response.Status.StatusMessage); } context.Response.Redirect("~/Default.aspx"); context.Response.End(); }
/// <summary> /// Check the validity of IdP logout response /// </summary> /// <param name="response"></param> /// <param name="request"></param> /// <returns>True if valid, false otherwise</returns> public static bool ValidateLogoutResponse(LogoutResponseType response, LogoutRequestType request) { var xmlDoc = response.SerializeToXmlDoc(); BusinessValidation.ValidationCondition(() => XmlHelpers.VerifySignature(xmlDoc), ErrorLocalization.InvalidSignature); return(response.InResponseTo == request.ID); }
public void Execute() { if (String.IsNullOrEmpty(this.ApiRequest.SessionID)) { throw new ApplicationException("Invalid call to Logout. The SessionID is null or empty."); } if (String.IsNullOrEmpty(this.ApiRequest.SessionData)) { throw new ApplicationException("Invalid call to Logout. The SessionData is null or empty."); } Logger.Log(LogLevel.Info, "Logging out from ClientAlerts..."); string url = String.Format(this.UrlBase + @"?callname=Logout&SessionID={0}&SessionData={1}" , this.EscapeParam(this.ApiRequest.SessionID) , this.EscapeParam(this.ApiRequest.SessionData)); if (this.ApiRequest.MessageID != null) { url += String.Format(@"&MessageID={0}", this.EscapeParam(this.ApiRequest.MessageID)); } string responseJson = null; try { responseJson = this.JsonWebService.Call(url); } catch { this.Logger.Log(LogLevel.Error, "An exception occurred while calling the Login web service."); throw; } try { JsonDeserializer deserializer = new JsonDeserializer(); this.ApiResponse = deserializer.DeSerialiseObject <LogoutResponseType>(responseJson); } catch { Logger.Log(LogLevel.Error, "Failed to deserialise the following: {0}", responseJson); throw; } Logger.Log(LogLevel.Debug, "Logout Ack {0}", this.ApiResponse.Ack); }
private SAMLLogoutResponse ExtractLogoutResponseValues(XmlDocument doc) { SAMLLogoutResponse context = new SAMLLogoutResponse(SAMLConstants.ErrorCodes.VALID); XmlReader reader = new XmlTextReader(new StringReader(doc.OuterXml)); LogoutResponseType response = Deserialize <LogoutResponseType>(reader); context.InResponseTo = response.InResponseTo; int statusCode = SAMLConstants.StatusCode.GetStatusCodeFromDesc( response.Status.StatusCode.Value); if (statusCode < 0 && response.Status.StatusCode.StatusCode != null) { context.StatusCode = SAMLConstants.StatusCode.GetStatusCodeFromDesc( response.Status.StatusCode.StatusCode.Value); } else { context.StatusCode = statusCode; } if (Math.Abs(response.IssueInstant.Subtract(DateTime.UtcNow).TotalMinutes) > validTimeframe) { context.ErrorCode = SAMLConstants.ErrorCodes.EXPIRED; return(context); } if (statusCode != SAMLConstants.StatusCode.SUCCESS) { int subStatusCode = SAMLConstants.StatusCode.GetStatusCodeFromDesc( response.Status.StatusCode.StatusCode.Value); if (subStatusCode != -1) { context.SubStatusCode = subStatusCode; context.StatusMessage = response.Status.StatusMessage; } return(context); } return(context); }
private SamlBodyResponse ProcessLogoutResponse(SamlBodyResponse samlBodyRes, XmlDocument xml, XmlReader reader) { // desserializar xml para LogoutRequestType XmlSerializer serializer = new XmlSerializer(typeof(LogoutResponseType)); LogoutResponseType response = (LogoutResponseType)serializer.Deserialize(reader); // verificar validade temporal: int validTimeFrame = 5; if (Math.Abs(response.IssueInstant.Subtract(DateTime.UtcNow).TotalMinutes) > validTimeFrame) { return(AddResponseError(samlBodyRes, "SAML Response fora do intervalo de validade - validade da resposta: " + response.IssueInstant)); } if ("urn:oasis:names:tc:SAML:2.0:status:Success".CompareTo(response.Status.StatusCode.Value) != 0) { return(AddResponseError(samlBodyRes, "Autenticação sem sucesso: " + response.Status.StatusCode.Value + " - " + response.Status.StatusMessage)); } samlBodyRes.Success = true; samlBodyRes.Action = Enums.SamlResponseAction.Logout; return(samlBodyRes); }
public NexoLogout() : base(MessageCategoryEnumeration.Logout) { RequestItem = new LogoutRequestType(); ReplyItem = new LogoutResponseType(); }
public async Task <RemoteSignOutContext> HandleRemoteSignOut(HttpContext context, AuthenticationScheme scheme, SpidOptions options, LogoutResponseType message) { var remoteSignOutContext = new RemoteSignOutContext(context, scheme, options, message); await _events.RemoteSignOut(remoteSignOutContext); return(remoteSignOutContext); }
/// <summary> /// /// </summary> /// <param name="context"></param> /// <param name="scheme"></param> /// <param name="options"></param> /// <param name="message"></param> public RemoteSignOutContext(HttpContext context, AuthenticationScheme scheme, SpidOptions options, LogoutResponseType message) : base(context, scheme, options, new AuthenticationProperties()) => ProtocolMessage = message;