/// <summary> /// Called when an authentication request is about to be sent. /// </summary> /// <param name="request">The request.</param> /// <remarks> /// Implementations should be prepared to be called multiple times on the same outgoing message /// without malfunctioning. /// </remarks> void IRelyingPartyBehavior.OnOutgoingAuthenticationRequest(RelyingParty.IAuthenticationRequest request) { // Don't create AX extensions for OpenID 1.x messages, since AX requires OpenID 2.0. if (request.Provider.Version.Major >= 2) { request.SpreadSregToAX(this.AXFormats); } }
IDictionary <string, string> IExtensionRequest.Serialize(RelyingParty.IAuthenticationRequest authenticationRequest) { var fields = new Dictionary <string, string> { { "mode", Mode }, }; FetchResponse.SerializeAttributes(fields, attributesProvided); return(fields); }
public static void SpreadSregToAX(this RelyingParty.IAuthenticationRequest request, AXAttributeFormats attributeFormats) { Contract.Requires <ArgumentNullException>(request != null); var req = (RelyingParty.AuthenticationRequest)request; var sreg = req.AppliedExtensions.OfType <ClaimsRequest>().SingleOrDefault(); if (sreg == null) { Logger.OpenId.Debug("No Simple Registration (ClaimsRequest) extension present in the request to spread to AX."); return; } if (req.DiscoveryResult.IsExtensionSupported <ClaimsRequest>()) { Logger.OpenId.Debug("Skipping generation of AX request because the Identifier advertises the Provider supports the Sreg extension."); return; } var ax = req.AppliedExtensions.OfType <FetchRequest>().SingleOrDefault(); if (ax == null) { ax = new FetchRequest(); req.AddExtension(ax); } // Try to use just one AX Type URI format if we can figure out which type the OP accepts. AXAttributeFormats detectedFormat; if (TryDetectOPAttributeFormat(request, out detectedFormat)) { Logger.OpenId.Debug("Detected OP support for AX but not for Sreg. Removing Sreg extension request and using AX instead."); attributeFormats = detectedFormat; req.Extensions.Remove(sreg); } else { Logger.OpenId.Debug("Could not determine whether OP supported Sreg or AX. Using both extensions."); } foreach (AXAttributeFormats format in ForEachFormat(attributeFormats)) { FetchAttribute(ax, format, WellKnownAttributes.BirthDate.WholeBirthDate, sreg.BirthDate); FetchAttribute(ax, format, WellKnownAttributes.Contact.HomeAddress.Country, sreg.Country); FetchAttribute(ax, format, WellKnownAttributes.Contact.Email, sreg.Email); FetchAttribute(ax, format, WellKnownAttributes.Name.FullName, sreg.FullName); FetchAttribute(ax, format, WellKnownAttributes.Person.Gender, sreg.Gender); FetchAttribute(ax, format, WellKnownAttributes.Preferences.Language, sreg.Language); FetchAttribute(ax, format, WellKnownAttributes.Name.Alias, sreg.Nickname); FetchAttribute(ax, format, WellKnownAttributes.Contact.HomeAddress.PostalCode, sreg.PostalCode); FetchAttribute(ax, format, WellKnownAttributes.Preferences.TimeZone, sreg.TimeZone); } }
/// <summary> /// Adds a description of the information the relying party site would like /// the Provider to include with a positive authentication assertion as an /// extension to an authentication request. /// </summary> IDictionary <string, string> IExtensionRequest.Serialize(RelyingParty.IAuthenticationRequest request) { var fields = new Dictionary <string, string>(); if (PolicyUrl != null) { fields.Add(Constants.policy_url, PolicyUrl.AbsoluteUri); } fields.Add(Constants.required, string.Join(",", assembleProfileFields(DemandLevel.Require))); fields.Add(Constants.optional, string.Join(",", assembleProfileFields(DemandLevel.Request))); return(fields); }
IDictionary <string, string> IExtensionRequest.Serialize(RelyingParty.IAuthenticationRequest authenticationRequest) { var fields = new Dictionary <string, string> { { "mode", Mode }, }; if (UpdateUrl != null) { fields.Add("update_url", UpdateUrl.AbsoluteUri); } List <string> requiredAliases = new List <string>(), optionalAliases = new List <string>(); AliasManager aliasManager = new AliasManager(); foreach (var att in attributesRequested) { string alias = aliasManager.GetAlias(att.TypeUri); // define the alias<->typeUri mapping fields.Add("type." + alias, att.TypeUri); // set how many values the relying party wants max fields.Add("count." + alias, att.Count.ToString(CultureInfo.InvariantCulture)); if (att.IsRequired) { requiredAliases.Add(alias); } else { optionalAliases.Add(alias); } } // Set optional/required lists if (optionalAliases.Count > 0) { fields.Add("if_available", string.Join(",", optionalAliases.ToArray())); } if (requiredAliases.Count > 0) { fields.Add("required", string.Join(",", requiredAliases.ToArray())); } return(fields); }
/// <summary> /// Called when an authentication request is about to be sent. /// </summary> /// <param name="request">The request.</param> void IRelyingPartyBehavior.OnOutgoingAuthenticationRequest(RelyingParty.IAuthenticationRequest request) { RelyingParty.AuthenticationRequest requestInternal = (RelyingParty.AuthenticationRequest)request; ErrorUtilities.VerifyProtocol(string.Equals(request.Realm.Scheme, Uri.UriSchemeHttps, StringComparison.Ordinal) || DisableSslRequirement, BehaviorStrings.RealmMustBeHttps); var pape = requestInternal.AppliedExtensions.OfType <PolicyRequest>().SingleOrDefault(); if (pape == null) { request.AddExtension(pape = new PolicyRequest()); } if (!pape.PreferredPolicies.Contains(AuthenticationPolicies.PrivatePersonalIdentifier)) { pape.PreferredPolicies.Add(AuthenticationPolicies.PrivatePersonalIdentifier); } if (!pape.PreferredPolicies.Contains(AuthenticationPolicies.USGovernmentTrustLevel1)) { pape.PreferredPolicies.Add(AuthenticationPolicies.USGovernmentTrustLevel1); } if (!AllowPersonallyIdentifiableInformation && !pape.PreferredPolicies.Contains(AuthenticationPolicies.NoPersonallyIdentifiableInformation)) { pape.PreferredPolicies.Add(AuthenticationPolicies.NoPersonallyIdentifiableInformation); } if (pape.PreferredPolicies.Contains(AuthenticationPolicies.NoPersonallyIdentifiableInformation)) { ErrorUtilities.VerifyProtocol( (!requestInternal.AppliedExtensions.OfType <ClaimsRequest>().Any() && !requestInternal.AppliedExtensions.OfType <FetchRequest>().Any()), BehaviorStrings.PiiIncludedWithNoPiiPolicy); } Reporting.RecordEventOccurrence(this, "RP"); }
/// <summary> /// Tries to find the exact format of AX attribute Type URI supported by the Provider. /// </summary> /// <param name="request">The authentication request.</param> /// <param name="attributeFormat">The attribute formats the RP will try if this discovery fails.</param> /// <returns>The AX format(s) to use based on the Provider's advertised AX support.</returns> private static bool TryDetectOPAttributeFormat(RelyingParty.IAuthenticationRequest request, out AXAttributeFormats attributeFormat) { Contract.Requires <ArgumentNullException>(request != null); attributeFormat = DetectAXFormat(request.DiscoveryResult.Capabilities); return(attributeFormat != AXAttributeFormats.None); }
/// <summary> /// Called when an authentication request is about to be sent. /// </summary> /// <param name="request">The request.</param> /// <remarks> /// Implementations should be prepared to be called multiple times on the same outgoing message /// without malfunctioning. /// </remarks> void IRelyingPartyBehavior.OnOutgoingAuthenticationRequest(RelyingParty.IAuthenticationRequest request) { request.SpreadSregToAX(AXFormats); }
/// <summary> /// Tries to find the exact format of AX attribute Type URI supported by the Provider. /// </summary> /// <param name="request">The authentication request.</param> /// <param name="attributeFormat">The attribute formats the RP will try if this discovery fails.</param> /// <returns>The AX format(s) to use based on the Provider's advertised AX support.</returns> private static bool TryDetectOPAttributeFormat(RelyingParty.IAuthenticationRequest request, out AXAttributeFormats attributeFormat) { Requires.NotNull(request, "request"); attributeFormat = OpenIdExtensionsInteropHelper.DetectAXFormat(request.DiscoveryResult.Capabilities); return(attributeFormat != AXAttributeFormats.None); }