private void LogError(string message, SignInValidationResult result)
{
//var log = new SignInValidationLog(result);
//Logger.ErrorFormat("{0}\n{1}", message, log.ToString());
}
private void LogSuccess(SignInValidationResult result)
{
//var log = new SignInValidationLog(result);
//Logger.InfoFormat("End WS-Federation signin request validation\n{0}", log.ToString());
}
public async Task <SignInValidationResult> ValidateAsync(WsFederationMessage message, ClaimsPrincipal user)
{
//Logger.Info("Start WS-Federation signin request validation");
var result = new SignInValidationResult
{
WsFederationMessage = message
};
// check client
var client = await _clients.FindEnabledClientByIdAsync(message.Wtrealm);
if (client == null)
{
LogError("Client not found: " + message.Wtrealm, result);
return(new SignInValidationResult
{
Error = "invalid_relying_party"
});
}
if (client.ProtocolType != IdentityServerConstants.ProtocolTypes.WsFederation)
{
LogError("Client is not configured for WS-Federation", result);
return(new SignInValidationResult
{
Error = "invalid_relying_party"
});
}
result.Client = client;
result.ReplyUrl = client.RedirectUris.First();
// check if additional relying party settings exist
var rp = await _relyingParties.FindRelyingPartyByRealm(message.Wtrealm);
if (rp == null)
{
rp = new RelyingParty
{
TokenType = _options.DefaultTokenType,
SignatureAlgorithm = _options.DefaultSignatureAlgorithm,
DigestAlgorithm = _options.DefaultDigestAlgorithm,
SamlNameIdentifierFormat = _options.DefaultSamlNameIdentifierFormat,
ClaimMapping = _options.DefaultClaimMapping
};
}
result.RelyingParty = rp;
if (user == null ||
user.Identity.IsAuthenticated == false)
{
result.SignInRequired = true;
}
result.User = user;
LogSuccess(result);
return(result);
}
public async Task <SignInValidationResult> ValidateAsync(WsFederationMessage message, ClaimsPrincipal user)
{
_logger.LogInformation("Start WS-Federation signin request validation");
var result = new SignInValidationResult
{
WsFederationMessage = message
};
// check client
var client = await _clients.FindEnabledClientByIdAsync(message.Wtrealm);
if (client == null)
{
LogError("Client not found: " + message.Wtrealm, result);
return(new SignInValidationResult
{
Error = "invalid_relying_party"
});
}
if (client.Enabled == false)
{
LogError("Client is disabled: " + message.Wtrealm, result);
return(new SignInValidationResult
{
Error = "invalid_relying_party"
});
}
if (client.ProtocolType != IdentityServerConstants.ProtocolTypes.WsFederation)
{
LogError("Client is not configured for WS-Federation", result);
return(new SignInValidationResult
{
Error = "invalid_relying_party"
});
}
result.Client = client;
result.ReplyUrl = client.RedirectUris.First();
// check if additional relying party settings exist
var rp = await _relyingParties.FindRelyingPartyByRealm(message.Wtrealm);
if (rp == null)
{
rp = new RelyingParty
{
TokenType = _options.DefaultTokenType,
SignatureAlgorithm = _options.DefaultSignatureAlgorithm,
DigestAlgorithm = _options.DefaultDigestAlgorithm,
SamlNameIdentifierFormat = _options.DefaultSamlNameIdentifierFormat,
ClaimMapping = _options.DefaultClaimMapping
};
}
result.RelyingParty = rp;
if (user == null ||
user.Identity.IsAuthenticated == false)
{
result.SignInRequired = true;
return(result);
}
result.User = user;
if (!string.IsNullOrEmpty(message.Wfresh))
{
if (int.TryParse(message.Wfresh, out int maxAgeInMinutes))
{
if (maxAgeInMinutes == 0)
{
_logger.LogInformation("Showing login: Requested wfresh=0.");
message.Wfresh = null;
result.SignInRequired = true;
return(result);
}
var authTime = user.GetAuthenticationTime();
if (_clock.UtcNow.UtcDateTime > authTime.AddMinutes(maxAgeInMinutes))
{
_logger.LogInformation("Showing login: Requested wfresh time exceeded.");
result.SignInRequired = true;
return(result);
}
}
}
LogSuccess(result);
return(result);
}
private void LogError(string message, SignInValidationResult result)
{
// var log = JsonConvert.SerializeObject(result, Formatting.Indented);
// _logger.LogError("{0}\n{1}", message, log.ToString());
}
private void LogSuccess(SignInValidationResult result)
{
// var log = JsonConvert.SerializeObject(result, Formatting.Indented);
// _logger.LogInformation("End WS-Federation signin request validation\n{0}", log.ToString());
}
