private async Task SecurityTokenValidated(SecurityTokenValidatedNotification <WsFederationMessage, WsFederationAuthenticationOptions> notification, IProviderCommitmentsLogger logger,
AuthenticationOrchestrator orchestrator, AccountOrchestrator accountOrchestrator)
{
logger.Info("SecurityTokenValidated notification called");
var identity = notification.AuthenticationTicket.Identity;
var id = identity.Claims.FirstOrDefault(claim => claim.Type == (DasClaimTypes.Upn))?.Value;
var displayName = identity.Claims.FirstOrDefault(claim => claim.Type == (DasClaimTypes.DisplayName))?.Value;
var ukprn = identity.Claims.FirstOrDefault(claim => claim.Type == (DasClaimTypes.Ukprn))?.Value;
var email = identity.Claims.FirstOrDefault(claim => claim.Type == (DasClaimTypes.Email))?.Value;
long parsedUkprn;
if (!long.TryParse(ukprn, out parsedUkprn))
{
logger.Info($"Unable to parse Ukprn \"{ukprn}\" from claims for user \"{id}\"");
return;
}
var showReservations = await accountOrchestrator.ProviderHasPermission(parsedUkprn, Operation.CreateCohort);
identity.AddClaim(new Claim(DasClaimTypes.ShowReservations, showReservations.ToString(), "bool"));
identity.MapClaimToRoles();
await orchestrator.SaveIdentityAttributes(id, parsedUkprn, displayName, email);
}
