/// <summary>
/// Called when an authentication request is about to be sent.
/// </summary>
/// <param name="request">The request.</param>
/// <remarks>
/// Implementations should be prepared to be called multiple times on the same outgoing message
/// without malfunctioning.
/// </remarks>
void IRelyingPartyBehavior.OnOutgoingAuthenticationRequest(RelyingParty.IAuthenticationRequest request)
{
// Don't create AX extensions for OpenID 1.x messages, since AX requires OpenID 2.0.
if (request.Provider.Version.Major >= 2)
{
request.SpreadSregToAX(this.AXFormats);
}
}
IDictionary <string, string> IExtensionRequest.Serialize(RelyingParty.IAuthenticationRequest authenticationRequest)
{
var fields = new Dictionary <string, string> {
{ "mode", Mode },
};
FetchResponse.SerializeAttributes(fields, attributesProvided);
return(fields);
}
public static void SpreadSregToAX(this RelyingParty.IAuthenticationRequest request, AXAttributeFormats attributeFormats)
{
Contract.Requires <ArgumentNullException>(request != null);
var req = (RelyingParty.AuthenticationRequest)request;
var sreg = req.AppliedExtensions.OfType <ClaimsRequest>().SingleOrDefault();
if (sreg == null)
{
Logger.OpenId.Debug("No Simple Registration (ClaimsRequest) extension present in the request to spread to AX.");
return;
}
if (req.DiscoveryResult.IsExtensionSupported <ClaimsRequest>())
{
Logger.OpenId.Debug("Skipping generation of AX request because the Identifier advertises the Provider supports the Sreg extension.");
return;
}
var ax = req.AppliedExtensions.OfType <FetchRequest>().SingleOrDefault();
if (ax == null)
{
ax = new FetchRequest();
req.AddExtension(ax);
}
// Try to use just one AX Type URI format if we can figure out which type the OP accepts.
AXAttributeFormats detectedFormat;
if (TryDetectOPAttributeFormat(request, out detectedFormat))
{
Logger.OpenId.Debug("Detected OP support for AX but not for Sreg. Removing Sreg extension request and using AX instead.");
attributeFormats = detectedFormat;
req.Extensions.Remove(sreg);
}
else
{
Logger.OpenId.Debug("Could not determine whether OP supported Sreg or AX. Using both extensions.");
}
foreach (AXAttributeFormats format in ForEachFormat(attributeFormats))
{
FetchAttribute(ax, format, WellKnownAttributes.BirthDate.WholeBirthDate, sreg.BirthDate);
FetchAttribute(ax, format, WellKnownAttributes.Contact.HomeAddress.Country, sreg.Country);
FetchAttribute(ax, format, WellKnownAttributes.Contact.Email, sreg.Email);
FetchAttribute(ax, format, WellKnownAttributes.Name.FullName, sreg.FullName);
FetchAttribute(ax, format, WellKnownAttributes.Person.Gender, sreg.Gender);
FetchAttribute(ax, format, WellKnownAttributes.Preferences.Language, sreg.Language);
FetchAttribute(ax, format, WellKnownAttributes.Name.Alias, sreg.Nickname);
FetchAttribute(ax, format, WellKnownAttributes.Contact.HomeAddress.PostalCode, sreg.PostalCode);
FetchAttribute(ax, format, WellKnownAttributes.Preferences.TimeZone, sreg.TimeZone);
}
}
/// <summary>
/// Adds a description of the information the relying party site would like
/// the Provider to include with a positive authentication assertion as an
/// extension to an authentication request.
/// </summary>
IDictionary <string, string> IExtensionRequest.Serialize(RelyingParty.IAuthenticationRequest request)
{
var fields = new Dictionary <string, string>();
if (PolicyUrl != null)
{
fields.Add(Constants.policy_url, PolicyUrl.AbsoluteUri);
}
fields.Add(Constants.required, string.Join(",", assembleProfileFields(DemandLevel.Require)));
fields.Add(Constants.optional, string.Join(",", assembleProfileFields(DemandLevel.Request)));
return(fields);
}
IDictionary <string, string> IExtensionRequest.Serialize(RelyingParty.IAuthenticationRequest authenticationRequest)
{
var fields = new Dictionary <string, string> {
{ "mode", Mode },
};
if (UpdateUrl != null)
{
fields.Add("update_url", UpdateUrl.AbsoluteUri);
}
List <string> requiredAliases = new List <string>(), optionalAliases = new List <string>();
AliasManager aliasManager = new AliasManager();
foreach (var att in attributesRequested)
{
string alias = aliasManager.GetAlias(att.TypeUri);
// define the alias<->typeUri mapping
fields.Add("type." + alias, att.TypeUri);
// set how many values the relying party wants max
fields.Add("count." + alias, att.Count.ToString(CultureInfo.InvariantCulture));
if (att.IsRequired)
{
requiredAliases.Add(alias);
}
else
{
optionalAliases.Add(alias);
}
}
// Set optional/required lists
if (optionalAliases.Count > 0)
{
fields.Add("if_available", string.Join(",", optionalAliases.ToArray()));
}
if (requiredAliases.Count > 0)
{
fields.Add("required", string.Join(",", requiredAliases.ToArray()));
}
return(fields);
}
/// <summary>
/// Called when an authentication request is about to be sent.
/// </summary>
/// <param name="request">The request.</param>
void IRelyingPartyBehavior.OnOutgoingAuthenticationRequest(RelyingParty.IAuthenticationRequest request)
{
RelyingParty.AuthenticationRequest requestInternal = (RelyingParty.AuthenticationRequest)request;
ErrorUtilities.VerifyProtocol(string.Equals(request.Realm.Scheme, Uri.UriSchemeHttps, StringComparison.Ordinal) || DisableSslRequirement, BehaviorStrings.RealmMustBeHttps);
var pape = requestInternal.AppliedExtensions.OfType <PolicyRequest>().SingleOrDefault();
if (pape == null)
{
request.AddExtension(pape = new PolicyRequest());
}
if (!pape.PreferredPolicies.Contains(AuthenticationPolicies.PrivatePersonalIdentifier))
{
pape.PreferredPolicies.Add(AuthenticationPolicies.PrivatePersonalIdentifier);
}
if (!pape.PreferredPolicies.Contains(AuthenticationPolicies.USGovernmentTrustLevel1))
{
pape.PreferredPolicies.Add(AuthenticationPolicies.USGovernmentTrustLevel1);
}
if (!AllowPersonallyIdentifiableInformation && !pape.PreferredPolicies.Contains(AuthenticationPolicies.NoPersonallyIdentifiableInformation))
{
pape.PreferredPolicies.Add(AuthenticationPolicies.NoPersonallyIdentifiableInformation);
}
if (pape.PreferredPolicies.Contains(AuthenticationPolicies.NoPersonallyIdentifiableInformation))
{
ErrorUtilities.VerifyProtocol(
(!requestInternal.AppliedExtensions.OfType <ClaimsRequest>().Any() &&
!requestInternal.AppliedExtensions.OfType <FetchRequest>().Any()),
BehaviorStrings.PiiIncludedWithNoPiiPolicy);
}
Reporting.RecordEventOccurrence(this, "RP");
}
/// <summary>
/// Tries to find the exact format of AX attribute Type URI supported by the Provider.
/// </summary>
/// <param name="request">The authentication request.</param>
/// <param name="attributeFormat">The attribute formats the RP will try if this discovery fails.</param>
/// <returns>The AX format(s) to use based on the Provider's advertised AX support.</returns>
private static bool TryDetectOPAttributeFormat(RelyingParty.IAuthenticationRequest request, out AXAttributeFormats attributeFormat)
{
Contract.Requires <ArgumentNullException>(request != null);
attributeFormat = DetectAXFormat(request.DiscoveryResult.Capabilities);
return(attributeFormat != AXAttributeFormats.None);
}
/// <summary>
/// Called when an authentication request is about to be sent.
/// </summary>
/// <param name="request">The request.</param>
/// <remarks>
/// Implementations should be prepared to be called multiple times on the same outgoing message
/// without malfunctioning.
/// </remarks>
void IRelyingPartyBehavior.OnOutgoingAuthenticationRequest(RelyingParty.IAuthenticationRequest request)
{
request.SpreadSregToAX(AXFormats);
}
/// <summary>
/// Tries to find the exact format of AX attribute Type URI supported by the Provider.
/// </summary>
/// <param name="request">The authentication request.</param>
/// <param name="attributeFormat">The attribute formats the RP will try if this discovery fails.</param>
/// <returns>The AX format(s) to use based on the Provider's advertised AX support.</returns>
private static bool TryDetectOPAttributeFormat(RelyingParty.IAuthenticationRequest request, out AXAttributeFormats attributeFormat)
{
Requires.NotNull(request, "request");
attributeFormat = OpenIdExtensionsInteropHelper.DetectAXFormat(request.DiscoveryResult.Capabilities);
return(attributeFormat != AXAttributeFormats.None);
}
