private static IFabricPrincipal CreateGroupPrincipal(FabricGraphApiGroup groupEntry)
{
var result = new FabricPrincipal
{
SubjectId = groupEntry.Group.DisplayName,
ExternalIdentifier = groupEntry.Group.Id,
TenantId = groupEntry.TenantId,
DisplayName = groupEntry.Group.DisplayName,
IdentityProvider = IdentityProviders.AzureActiveDirectory,
PrincipalType = PrincipalType.Group
};
return(result);
}
private ICollection <FabricPrincipal> SearchLdap(string ldapQuery)
{
var users = new List <FabricPrincipal>();
using (var ldapConnection = _ldapConnectionProvider.GetConnection())
{
if (ldapConnection == null)
{
_logger.Warning("Could not get an LDAP connection.");
return(users);
}
_logger.Debug("Searching LDAP with query: {ldapQuery} and BaseDN: {baseDn}.", ldapQuery, _ldapConnectionProvider.BaseDn);
var results = ldapConnection.Search(_ldapConnectionProvider.BaseDn, LdapConnection.SCOPE_SUB, ldapQuery, null, false);
while (results.hasMore())
{
try
{
var next = results.next();
_logger.Debug("Found entry with DN: {DN}", next.DN);
var attributeSet = next.getAttributeSet();
var user = new FabricPrincipal
{
LastName = attributeSet.getAttribute("SN") == null
? string.Empty
: attributeSet.getAttribute("SN").StringValue,
FirstName = attributeSet.getAttribute("GIVENNAME") == null
? string.Empty
: attributeSet.getAttribute("GIVENNAME").StringValue,
MiddleName = attributeSet.getAttribute("MIDDLENAME") == null
? string.Empty
: attributeSet.getAttribute("MIDDLENAME").StringValue,
SubjectId = GetSubjectId(attributeSet.getAttribute("SAMACCOUNTNAME")?.StringValue, next.DN)
};
users.Add(user);
_logger.Debug("User: {@user}", user);
}
catch (LdapReferralException ex)
{
//log error but don't throw as this is not a fatal error.
_logger.Debug(ex, "Error querying LDAP, referral exception: {failedReferral}, {@data}", ex.FailedReferral, ex.Data);
}
}
return(users);
}
}
private static IFabricPrincipal CreateUserPrincipal(FabricGraphApiUser userEntry)
{
var principal = new FabricPrincipal
{
UserPrincipal = userEntry.User.UserPrincipalName,
TenantId = userEntry.TenantId,
FirstName = userEntry.User.GivenName ?? userEntry.User.DisplayName,
LastName = userEntry.User.Surname,
MiddleName = string.Empty, // this value does not exist in the graph api
IdentityProvider = IdentityProviders.AzureActiveDirectory,
PrincipalType = PrincipalType.User,
SubjectId = userEntry.User.Id,
IdentityProviderUserPrincipalName = userEntry.User.UserPrincipalName
};
principal.DisplayName = $"{principal.FirstName} {principal.LastName}";
return(principal);
}
private static IFabricPrincipal CreateUserPrincipal(IFabricPrincipal userEntry)
{
var principal = new FabricPrincipal
{
UserPrincipal = userEntry.UserPrincipal,
TenantId = userEntry.TenantId,
FirstName = userEntry.FirstName,
LastName = userEntry.LastName,
MiddleName = userEntry.MiddleName,
IdentityProvider = IdentityProviders.ActiveDirectory,
PrincipalType = PrincipalType.User,
SubjectId = userEntry.SubjectId,
IdentityProviderUserPrincipalName = userEntry.SubjectId
};
principal.DisplayName = $"{principal.FirstName} {principal.LastName}";
return(principal);
}
private IFabricPrincipal CreateUserPrincipal(IDirectoryEntry userEntry)
{
var subjectId = GetSubjectId(userEntry.SamAccountName);
var principal = new FabricPrincipal
{
SubjectId = subjectId,
DisplayName = $"{userEntry.FirstName} {userEntry.LastName}",
FirstName = userEntry.FirstName,
LastName = userEntry.LastName,
MiddleName = userEntry.MiddleName,
IdentityProvider = IdentityProviders.ActiveDirectory,
PrincipalType = PrincipalType.User,
IdentityProviderUserPrincipalName = subjectId
};
principal.DisplayName = $"{principal.FirstName} {principal.LastName}";
return(principal);
}
private static FabricPrincipal CreateUserPrincipal(FabricPrincipal userEntry)
{
var principal = new FabricPrincipal
{
UserPrincipal = userEntry.UserPrincipal,
TenantId = userEntry.TenantId,
FirstName = userEntry.FirstName,
LastName = userEntry.LastName,
MiddleName = userEntry.MiddleName,
IdentityProvider = FabricIdentityConstants.SearchIdentityProviders.ActiveDirectory,
PrincipalType = FabricIdentityEnums.PrincipalType.User,
SubjectId = userEntry.SubjectId,
IdentityProviderUserPrincipalName = userEntry.SubjectId,
Email = userEntry.Email
};
principal.DisplayName = $"{principal.FirstName} {principal.LastName}";
return(principal);
}
private static FabricPrincipal CreateUserPrincipal(FabricGraphApiUser userEntry)
{
var principal = new FabricPrincipal
{
UserPrincipal = userEntry.User.UserPrincipalName,
TenantId = userEntry.TenantId,
TenantAlias = userEntry.TenantAlias ?? userEntry.TenantId,
FirstName = userEntry.User.GivenName ?? userEntry.User.DisplayName,
LastName = userEntry.User.Surname,
MiddleName = string.Empty, // this value does not exist in the graph api
IdentityProvider = FabricIdentityConstants.SearchIdentityProviders.AzureActiveDirectory,
PrincipalType = FabricIdentityEnums.PrincipalType.User,
SubjectId = userEntry.User.Id,
IdentityProviderUserPrincipalName = string.IsNullOrEmpty(userEntry.User.Mail)
? userEntry.User.UserPrincipalName
: userEntry.User.Mail
};
principal.Email = principal.IdentityProviderUserPrincipalName;
principal.DisplayName = $"{principal.FirstName} {principal.LastName}";
return(principal);
}
public async Task <FabricPrincipal> FindUserBySubjectIdAsync(string subjectId)
{
if (!_appConfig.IdentityProviderSearchSettings.IsEnabled)
{
_logger.Information("Identity provider search service is disabled");
return(null);
}
FabricPrincipal user = null;
try
{
user = await _policyProvider.IdPSearchServicePolicy.ExecuteAsync(() => SearchForUser(subjectId));
_logger.Information("Successfully retrieved user from external IdP: " + user);
}
catch (BrokenCircuitException ex)
{
// catch and log the error so we degrade gracefully when we can't connect to the service
_logger.Error(ex, "Identity Provider Search Service circuit breaker is in an open state, not attempting to connect to the service");
}
return(user);
}
