public WsFederationSignoutValidationResult(ValidatedWsFederationSignoutRequest request, string error, string errorDescription = null) { ValidatedRequest = request; IsError = true; Error = error; ErrorDescription = errorDescription; }
public async Task <WsFederationSignoutValidationResult> ValidateAsync(WsFederationMessage message) { _logger.LogDebug("Start WsFederation signout request validator."); var validatedRequest = new ValidatedWsFederationSignoutRequest { RequestMessage = message }; validatedRequest.SessionId = await _userSession.GetSessionIdAsync(); validatedRequest.ClientIds = await _userSession.GetClientListAsync(); IEnumerable <string> postLogoutRedirectUris; //Wtrealm is not really part of the standard for signout, but it appears that some implementations include it. //If the wtrealm is specified, respect it. Otherwise, search all of the user's known clients for the wreply. if (!string.IsNullOrEmpty(message.Wtrealm)) { _logger.LogDebug("Wtrealm was specified. Using PostLogoutRedirectUris for only that client.", validatedRequest); var client = await _clients.FindEnabledClientByIdAsync(message.Wtrealm); if (client == null) { _logger.LogError("There is no client configured that matches the wtrealm parameter of the incoming request.", validatedRequest); return(new WsFederationSignoutValidationResult(validatedRequest, "No Client.", "There is no client configured that matches the wtrealm parameter of the incoming request.")); } postLogoutRedirectUris = client.PostLogoutRedirectUris; } else { _logger.LogDebug("Wtrealm was not specified. Using PostLogoutRedirectUris for all clients that the user has authenticated with.", validatedRequest); var tasks = validatedRequest.ClientIds.Select(async c => await _clients.FindEnabledClientByIdAsync(c)).ToList(); var clients = await Task.WhenAll(tasks); postLogoutRedirectUris = clients.SelectMany(c => c.PostLogoutRedirectUris).Where(uri => !string.IsNullOrEmpty(uri)); } //This behavior might be odd. If the user is authenticated with multiple clients, it's probably bad to redirect them to a random client.... if (string.IsNullOrEmpty(message.Wreply)) { _logger.LogInformation("Wreply is missing from the request. Using the defualt wreply.", validatedRequest); validatedRequest.PostLogOutUri = postLogoutRedirectUris.FirstOrDefault(); } else if (postLogoutRedirectUris.Contains(message.Wreply)) { validatedRequest.PostLogOutUri = message.Wreply; } else { _logger.LogError("The passed in redirect url is not valid for the given client.", validatedRequest); return(new WsFederationSignoutValidationResult(validatedRequest, "Invalid redirect uri.", "The passed in redirect url is not valid for the given client.")); } _logger.LogTrace("WsFederation signout request validation successful."); return(new WsFederationSignoutValidationResult(validatedRequest)); }
public WsFederationSignoutValidationResult(ValidatedWsFederationSignoutRequest request) { ValidatedRequest = request; IsError = false; }