private async Task <IActionResult> LogoutRequestAsync <T>(SamlDownParty party, Saml2Binding <T> binding) { var samlConfig = await saml2ConfigurationLogic.GetSamlDownConfigAsync(party); var saml2LogoutRequest = new Saml2LogoutRequest(samlConfig); binding.ReadSamlRequest(HttpContext.Request.ToGenericHttpRequest(), saml2LogoutRequest); logger.ScopeTrace(() => $"SAML Logout request '{saml2LogoutRequest.XmlDocument.OuterXml}'.", traceType: TraceTypes.Message); try { ValidateLogoutRequest(party, saml2LogoutRequest); try { binding.Unbind(HttpContext.Request.ToGenericHttpRequest(), saml2LogoutRequest); logger.ScopeTrace(() => "Down, SAML Logout request accepted.", triggerEvent: true); } catch (Exception ex) { var isex = saml2ConfigurationLogic.GetInvalidSignatureValidationCertificateException(samlConfig, ex); if (isex != null) { throw isex; } throw; } await sequenceLogic.SaveSequenceDataAsync(new SamlDownSequenceData { Id = saml2LogoutRequest.Id.Value, RelayState = binding.RelayState }); var type = RouteBinding.ToUpParties.First().Type; logger.ScopeTrace(() => $"Request, Up type '{type}'."); switch (type) { case PartyTypes.Login: return(await serviceProvider.GetService <LogoutUpLogic>().LogoutRedirect(RouteBinding.ToUpParties.First(), GetLogoutRequest(party, saml2LogoutRequest))); case PartyTypes.OAuth2: throw new NotImplementedException(); case PartyTypes.Oidc: return(await serviceProvider.GetService <OidcRpInitiatedLogoutUpLogic <OidcUpParty, OidcUpClient> >().EndSessionRequestRedirectAsync(RouteBinding.ToUpParties.First(), GetLogoutRequest(party, saml2LogoutRequest))); case PartyTypes.Saml2: return(await serviceProvider.GetService <SamlLogoutUpLogic>().LogoutRequestRedirectAsync(RouteBinding.ToUpParties.First(), GetSamlLogoutRequest(party, saml2LogoutRequest))); default: throw new NotSupportedException($"Party type '{type}' not supported."); } } catch (SamlRequestException ex) { logger.Error(ex); return(await LogoutResponseAsync(party, samlConfig, saml2LogoutRequest.Id.Value, binding.RelayState, ex.Status)); } }
private async Task <IActionResult> LogoutRequestAsync <T>(SamlDownParty party, Saml2Binding <T> binding) { var samlConfig = saml2ConfigurationLogic.GetSamlDownConfig(party); var saml2LogoutRequest = new Saml2LogoutRequest(samlConfig); binding.ReadSamlRequest(HttpContext.Request.ToGenericHttpRequest(), saml2LogoutRequest); logger.ScopeTrace($"SAML Logout request '{saml2LogoutRequest.XmlDocument.OuterXml}'."); try { ValidateLogoutRequest(party, saml2LogoutRequest); binding.Unbind(HttpContext.Request.ToGenericHttpRequest(), saml2LogoutRequest); logger.ScopeTrace("Down, SAML Logout request accepted.", triggerEvent: true); await sequenceLogic.SaveSequenceDataAsync(new SamlDownSequenceData { Id = saml2LogoutRequest.Id.Value, RelayState = binding.RelayState, ResponseUrl = party.LoggedOutUrl, }); await formActionLogic.CreateFormActionByUrlAsync(party.LoggedOutUrl); var type = RouteBinding.ToUpParties.First().Type; logger.ScopeTrace($"Request, Up type '{type}'."); switch (type) { case PartyTypes.Login: return(await serviceProvider.GetService <LogoutUpLogic>().LogoutRedirect(RouteBinding.ToUpParties.First(), new LogoutRequest { DownParty = party, SessionId = saml2LogoutRequest.SessionIndex, RequireLogoutConsent = false, PostLogoutRedirect = true, })); case PartyTypes.OAuth2: throw new NotImplementedException(); case PartyTypes.Oidc: throw new NotImplementedException(); case PartyTypes.Saml2: return(await serviceProvider.GetService <SamlLogoutUpLogic>().LogoutAsync(RouteBinding.ToUpParties.First(), GetSamlUpLogoutRequest(saml2LogoutRequest, party))); default: throw new NotSupportedException($"Party type '{type}' not supported."); } } catch (SamlRequestException ex) { logger.Error(ex); return(await LogoutResponseAsync(party.Id, samlConfig, saml2LogoutRequest.Id.Value, binding.RelayState, saml2LogoutRequest.Destination?.OriginalString, party.AuthnBinding.ResponseBinding, ex.Status)); } }
private async Task <IActionResult> SingleLogoutRequestAsync <T>(SamlUpParty party, Saml2Binding <T> binding) { var samlConfig = saml2ConfigurationLogic.GetSamlUpConfig(party); var saml2LogoutRequest = new Saml2LogoutRequest(samlConfig); binding.ReadSamlRequest(HttpContext.Request.ToGenericHttpRequest(), saml2LogoutRequest); try { logger.ScopeTrace($"SAML Single Logout request '{saml2LogoutRequest.XmlDocument.OuterXml}'."); logger.ScopeTrace("Up, SAML Single Logout request.", triggerEvent: true); binding.Unbind(HttpContext.Request.ToGenericHttpRequest(), saml2LogoutRequest); logger.ScopeTrace("Up, Successful SAML Single Logout request.", triggerEvent: true); var session = await sessionUpPartyLogic.DeleteSessionAsync(); await oauthRefreshTokenGrantLogic.DeleteRefreshTokenGrantsAsync(session.SessionId); await sequenceLogic.SaveSequenceDataAsync(new SamlUpSequenceData { ExternalInitiatedSingleLogout = true, Id = saml2LogoutRequest.IdAsString, UpPartyId = party.Id, RelayState = binding.RelayState, SessionId = saml2LogoutRequest.SessionIndex }); if (party.DisableSingleLogout) { return(await SingleLogoutResponseAsync(party, samlConfig, saml2LogoutRequest.Id.Value, binding.RelayState)); } else { (var doSingleLogout, var singleLogoutSequenceData) = await singleLogoutDownLogic.InitializeSingleLogoutAsync(new UpPartyLink { Name = party.Name, Type = party.Type }, null, session.DownPartyLinks, session.Claims); if (doSingleLogout) { return(await singleLogoutDownLogic.StartSingleLogoutAsync(singleLogoutSequenceData)); } else { return(await SingleLogoutResponseAsync(party, samlConfig, saml2LogoutRequest.Id.Value, binding.RelayState)); } } } catch (SamlRequestException ex) { logger.Error(ex); return(await SingleLogoutResponseAsync(party, samlConfig, saml2LogoutRequest.Id.Value, binding.RelayState, ex.Status)); } }
private async Task <IActionResult> SingleLogoutRequestAsync <T>(SamlUpParty party, Saml2Binding <T> binding) { var samlConfig = await saml2ConfigurationLogic.GetSamlUpConfigAsync(party); var saml2LogoutRequest = new Saml2LogoutRequest(samlConfig); binding.ReadSamlRequest(HttpContext.Request.ToGenericHttpRequest(), saml2LogoutRequest); try { logger.ScopeTrace(() => $"SAML Single Logout request '{saml2LogoutRequest.XmlDocument.OuterXml}'.", traceType: TraceTypes.Message); logger.ScopeTrace(() => "Up, SAML Single Logout request.", triggerEvent: true); try { binding.Unbind(HttpContext.Request.ToGenericHttpRequest(), saml2LogoutRequest); logger.ScopeTrace(() => "Up, Successful SAML Single Logout request.", triggerEvent: true); } catch (Exception ex) { var isex = saml2ConfigurationLogic.GetInvalidSignatureValidationCertificateException(samlConfig, ex); if (isex != null) { throw isex; } throw; } var sequenceData = await sequenceLogic.SaveSequenceDataAsync(new SamlUpSequenceData { ExternalInitiatedSingleLogout = true, Id = saml2LogoutRequest.IdAsString, UpPartyId = party.Id, RelayState = binding.RelayState, SessionId = saml2LogoutRequest.SessionIndex }); if (binding is Saml2Binding <Saml2PostBinding> ) { return(HttpContext.GetUpPartyUrl(party.Name, Constants.Routes.SamlController, Constants.Endpoints.UpJump.SingleLogoutRequestJump, includeSequence: true, partyBindingPattern: party.PartyBindingPattern).ToRedirectResult()); } else { return(await SingleLogoutRequestAsync(party, sequenceData)); } } catch (SamlRequestException ex) { logger.Error(ex); return(await SingleLogoutResponseAsync(party, samlConfig, saml2LogoutRequest.Id.Value, binding.RelayState, ex.Status)); } }
private async Task <IActionResult> AuthnRequestAsync <T>(SamlDownParty party, Saml2Binding <T> binding) { var samlConfig = saml2ConfigurationLogic.GetSamlDownConfig(party); var request = HttpContext.Request; var saml2AuthnRequest = new Saml2AuthnRequest(samlConfig); binding.ReadSamlRequest(request.ToGenericHttpRequest(), saml2AuthnRequest); logger.ScopeTrace($"SAML Authn request '{saml2AuthnRequest.XmlDocument.OuterXml}'."); try { ValidateAuthnRequest(party, saml2AuthnRequest); binding.Unbind(request.ToGenericHttpRequest(), saml2AuthnRequest); logger.ScopeTrace("Down, SAML Auth request accepted.", triggerEvent: true); var responseUrl = GetAcsUrl(party, saml2AuthnRequest); await sequenceLogic.SaveSequenceDataAsync(new SamlDownSequenceData { Id = saml2AuthnRequest.Id.Value, RelayState = binding.RelayState, ResponseUrl = responseUrl, }); await formActionLogic.CreateFormActionByUrlAsync(responseUrl); var type = RouteBinding.ToUpParties.First().Type; logger.ScopeTrace($"Request, Up type '{type}'."); switch (type) { case PartyTypes.Login: return(await serviceProvider.GetService <LoginUpLogic>().LoginRedirectAsync(RouteBinding.ToUpParties.First(), GetLoginRequestAsync(party, saml2AuthnRequest))); case PartyTypes.OAuth2: throw new NotImplementedException(); case PartyTypes.Oidc: return(await serviceProvider.GetService <OidcAuthUpLogic <OidcDownParty, OidcDownClient, OidcDownScope, OidcDownClaim> >().AuthenticationRequestAsync(RouteBinding.ToUpParties.First())); case PartyTypes.Saml2: return(await serviceProvider.GetService <SamlAuthnUpLogic>().AuthnRequestAsync(RouteBinding.ToUpParties.First(), GetLoginRequestAsync(party, saml2AuthnRequest))); default: throw new NotSupportedException($"Party type '{type}' not supported."); } } catch (SamlRequestException ex) { logger.Error(ex); return(await AuthnResponseAsync(party.Id, samlConfig, saml2AuthnRequest.Id.Value, binding.RelayState, GetAcsUrl(party, saml2AuthnRequest), party.AuthnBinding.ResponseBinding, ex.Status)); } }
private string ReadRelyingPartyFromLogoutRequest <T>(Saml2Binding <T> binding) { return(binding.ReadSamlRequest(Request.ToGenericHttpRequest(), new Saml2LogoutRequest(saml2Config))?.Issuer); }
/// <summary> /// Read the unique app issuer from the request /// </summary> /// <typeparam name="T"></typeparam> /// <param name="binding"></param> /// <returns></returns> private string ReadAppFromRequest <T>(Saml2Binding <T> binding) { return(binding.ReadSamlRequest(Request.ToGenericHttpRequest(), new Saml2AuthnRequest(_samlConfig))?.Issuer); }
/// <summary> /// Reads the relying party from login request. /// </summary> /// <typeparam name="T"></typeparam> /// <param name="binding">The binding.</param> /// <returns></returns> private Uri ReadRelyingPartyFromLoginRequest <T>(Saml2Binding <T> binding) { return(binding.ReadSamlRequest(Request.ToGenericHttpRequest(), new Saml2AuthnRequest(config.IDP))?.Issuer); }