/// <summary>
/// Action performed during logout.
/// </summary>
/// <param name="handler">The handler.</param>
/// <param name="context">The context.</param>
/// <param name="IdPInitiated">During IdP initiated logout some actions such as redirecting should not be performed</param>
public void LogoutAction(AbstractEndpointHandler handler, HttpContext context, bool IdPInitiated)
{
if (!IdPInitiated)
{
handler.DoRedirect(context);
}
}
public void LoginAction(AbstractEndpointHandler handler, HttpContext context, Saml20Assertion assertion)
{
if (handler == null)
{
Logging.Instance.Error("SamlPrincipalAction - LogOnAction handler is null");
throw new ArgumentNullException("handler");
}
if (context == null)
{
Logging.Instance.Error("SamlPrincipalAction - LogOnAction context is null");
throw new ArgumentNullException("context");
}
if (assertion == null)
{
Logging.Instance.Error("SamlPrincipalAction - LogOnAction assertion is null");
throw new ArgumentNullException("assertion");
}
Saml2SecurityTokenHandler securityTokenHandler =
this.sessionAuthModule.FederationConfiguration.IdentityConfiguration.SecurityTokenHandlers[
typeof(Saml2SecurityToken)] as Saml2SecurityTokenHandler;
//Generate bootstraptoken from assertion xml
if (securityTokenHandler != null)
{
var assertionXml = assertion.XmlAssertion;
using (System.IO.StringReader reader = new System.IO.StringReader(assertionXml.OuterXml))
{
XmlReader xReader = XmlReader.Create(reader);
var bootstraptoken = securityTokenHandler.ReadToken(xReader);
HttpContext.Current.Session["boostraptoken"] = bootstraptoken;
}
}
BuildClaimsPrincipal(assertion);
}
/// <summary>
/// Action performed during login.
/// </summary>
/// <param name="handler">The handler initiating the call.</param>
/// <param name="context">The current http context.</param>
/// <param name="assertion">The saml assertion of the currently logged in user.</param>
public void LoginAction(AbstractEndpointHandler handler, SamlHttpContext context, Saml20Assertion assertion)
{
string idpKey = Saml20PrincipalCache.GetSaml20AssertionLite().Issuer;
Saml20SignonHandler h = (Saml20SignonHandler)handler;
IDPEndPoint ep = h.RetrieveIDPConfiguration(idpKey);
if (ep.CDC.ExtraSettings != null)
{
List <KeyValue> values = ep.CDC.ExtraSettings.KeyValues;
KeyValue idpEndpoint = values.Find(delegate(KeyValue kv) { return(kv.Key == IDPCookieWriterEndPoint); });
if (idpEndpoint == null)
{
throw new Saml20Exception(@"Please specify """ + IDPCookieWriterEndPoint +
@""" in Settings element.");
}
KeyValue localReturnPoint = values.Find(delegate(KeyValue kv) { return(kv.Key == LocalReturnUrl); });
if (localReturnPoint == null)
{
throw new Saml20Exception(@"Please specify """ + LocalReturnUrl +
@""" in Settings element.");
}
string url = idpEndpoint.Value + "?" + TargetResource + "=" + localReturnPoint.Value;
context.Response.Redirect(url);
}
else
{
handler.DoRedirect(context);
}
}
/// <summary>
/// Action performed during login.
/// </summary>
/// <param name="handler">The handler initiating the call.</param>
/// <param name="context">The current http context.</param>
/// <param name="assertion">The saml assertion of the currently logged in user.</param>
public void LoginAction(AbstractEndpointHandler handler, HttpContext context, Saml20Assertion assertion)
{
Saml20SignonHandler signonhandler = (Saml20SignonHandler)handler;
IPrincipal prince = Saml20Identity.InitSaml20Identity(assertion, signonhandler.RetrieveIDPConfiguration((string)context.Session[Saml20AbstractEndpointHandler.IDPTempSessionKey]));
Saml20PrincipalCache.AddPrincipal(prince);
FormsAuthentication.SetAuthCookie(prince.Identity.Name, false);
}
public void LogoutAction(AbstractEndpointHandler handler, HttpContext context,
bool IdPInitiated)
{
if (context == null)
{
throw new ArgumentNullException("context");
}
// Example of logging required by the requirements SLO1 ("Id of internal user account")
// Since FormsAuthentication is used in this sample, the user name to log can be found in context.User.Identity.Name
// The login will be not be cleared until next redirect due to the way FormsAuthentication works, so we will have to check Saml20Identity.IsInitialized() too
AuditLogging.logEntry(Direction.IN, Operation.LOGOUT, "ServiceProvider logout",
"SP local user id: " + (context.User.Identity.IsAuthenticated ? context.User.Identity.Name : "none") +
" login status: " + Saml20Identity.IsInitialized());
}
/// <summary>
/// Action performed during SignOn.
/// </summary>
/// <param name="handler">The handler initiating the call.</param>
/// <param name="context">The current http context.</param>
/// <param name="assertion">The SAML assertion of the currently logged in user.</param>
public void SignOnAction(AbstractEndpointHandler handler, HttpContext context, Saml20Assertion assertion)
{
var idpKey = _stateService.Get <string>(Saml20SignonHandler.IdpLoginSessionKey);
var signOnHandler = handler as Saml20SignonHandler;
if (signOnHandler == null)
{
throw new ArgumentException("Endpoint handler must be of type Saml20SignonHandler.", "handler");
}
var identityProvider = signOnHandler.RetrieveIDPConfiguration(idpKey);
if (identityProvider.CommonDomainCookie != null)
{
var values = identityProvider.CommonDomainCookie.AllKeys;
var idpEndpoint = values.FirstOrDefault(x => x == IDPCookieWriterEndPoint);
if (idpEndpoint == null)
{
throw new Saml20Exception(@"Please specify """ + IDPCookieWriterEndPoint + @""" in CommonDomainCookie element.");
}
var localReturnPoint = values.FirstOrDefault(x => x == LocalReturnUrl);
if (localReturnPoint == null)
{
throw new Saml20Exception(@"Please specify """ + LocalReturnUrl + @""" in CommonDomainCookie element.");
}
context.Response.Redirect(idpEndpoint + "?" + TargetResource + "=" + localReturnPoint);
}
else
{
handler.DoRedirect(context);
}
}
/// <summary>
/// Action performed during logout.
/// </summary>
/// <param name="handler">The handler.</param>
/// <param name="context">The context.</param>
/// <param name="IdPInitiated">During IdP initiated logout some actions such as redirecting should not be performed</param>
public void LogoutAction(AbstractEndpointHandler handler, HttpContext context, bool IdPInitiated)
{
FormsAuthentication.SignOut();
Saml20PrincipalCache.Clear();
}
/// <summary>
/// Action performed during logout.
/// </summary>
/// <param name="handler">The handler.</param>
/// <param name="context">The context.</param>
/// <param name="idpInitiated">During IdP initiated logout some actions such as redirecting should not be performed</param>
public void LogoutAction(AbstractEndpointHandler handler, HttpContext context, bool idpInitiated)
{
FormsAuthentication.SignOut();
}
/// <summary>
/// Action performed during SignOn.
/// </summary>
/// <param name="handler">The handler initiating the call.</param>
/// <param name="context">The current http context.</param>
/// <param name="assertion">The SAML assertion of the currently logged in user.</param>
public void SignOnAction(AbstractEndpointHandler handler, HttpContext context, Saml20Assertion assertion)
{
FormsAuthentication.SetAuthCookie(Saml20PrincipalCache.GetPrincipal().Identity.Name, false);
}
/// <summary>
/// Action performed during login.
/// </summary>
/// <param name="handler">The handler initiating the call.</param>
/// <param name="context">The current http context.</param>
/// <param name="assertion">The saml assertion of the currently logged in user.</param>
public void LoginAction(AbstractEndpointHandler handler, HttpContext context, Saml20Assertion assertion)
{
handler.DoRedirect(context);
}
/// <summary>
/// <see cref="IAction.SoapLogoutAction"/>
/// </summary>
public void SoapLogoutAction(AbstractEndpointHandler handler, SamlHttpContext context, string userId)
{
// Do nothing
}
/// <summary>
/// <see cref="IAction.SoapLogoutAction"/>
/// </summary>
public void SoapLogoutAction(AbstractEndpointHandler handler, HttpContext context, string userId)
{
AuditLogging.logEntry(Direction.IN, Operation.LOGOUT, "ServiceProvider SOAP logout",
"IdP user id: " + userId + " login status: " + Saml20Identity.IsInitialized());
}
/// <summary>
/// Action performed during logout.
/// </summary>
/// <param name="handler">The handler.</param>
/// <param name="context">The context.</param>
/// <param name="IdPInitiated">During IdP initiated logout some actions such as redirecting should not be performed</param>
public void LogoutAction(AbstractEndpointHandler handler, HttpContext context, bool IdPInitiated)
{
FormsAuthentication.SignOut();
HttpContext.Current.User = new GenericPrincipal(new GenericIdentity(string.Empty), null); // Makes User.Identity.IsAuthenticated false in the current request.
}
public void LogoutAction(AbstractEndpointHandler handler, HttpContext context, bool IdPInitiated)
{
AuditLogging.logEntry(Direction.IN, Operation.LOGOUT, "ServiceProvider logout",
"SP local user id: " + (context.User.Identity.IsAuthenticated ? context.User.Identity.Name : "none") + " login status: " + Saml20Identity.IsInitialized());
}
/// <summary>
/// Action performed during logout.
/// </summary>
/// <param name="handler">The handler.</param>
/// <param name="context">The context.</param>
/// <param name="idpInitiated">During IdP initiated logout some actions such as redirecting should not be performed</param>
public void LogoutAction(AbstractEndpointHandler handler, HttpContext context, bool idpInitiated)
{
Saml20PrincipalCache.Clear();
}
/// <summary>
/// Action performed during SignOn.
/// </summary>
/// <param name="handler">The handler initiating the call.</param>
/// <param name="context">The current http context.</param>
/// <param name="assertion">The SAML assertion of the currently logged in user.</param>
public void SignOnAction(AbstractEndpointHandler handler, HttpContext context, Saml20Assertion assertion)
{
var signonhandler = (Saml20SignonHandler)handler;
Saml20PrincipalCache.AddPrincipal(Saml20Identity.InitSaml20Identity(assertion, signonhandler.RetrieveIDPConfiguration(_stateService.Get <string>(Saml20AbstractEndpointHandler.IdpTempSessionKey))));
}
