private async Task <IActionResult> LogoutRequestAsync <T>(SamlDownParty party, Saml2Binding <T> binding)
{
var samlConfig = await saml2ConfigurationLogic.GetSamlDownConfigAsync(party);
var saml2LogoutRequest = new Saml2LogoutRequest(samlConfig);
binding.ReadSamlRequest(HttpContext.Request.ToGenericHttpRequest(), saml2LogoutRequest);
logger.ScopeTrace(() => $"SAML Logout request '{saml2LogoutRequest.XmlDocument.OuterXml}'.", traceType: TraceTypes.Message);
try
{
ValidateLogoutRequest(party, saml2LogoutRequest);
try
{
binding.Unbind(HttpContext.Request.ToGenericHttpRequest(), saml2LogoutRequest);
logger.ScopeTrace(() => "Down, SAML Logout request accepted.", triggerEvent: true);
}
catch (Exception ex)
{
var isex = saml2ConfigurationLogic.GetInvalidSignatureValidationCertificateException(samlConfig, ex);
if (isex != null)
{
throw isex;
}
throw;
}
await sequenceLogic.SaveSequenceDataAsync(new SamlDownSequenceData
{
Id = saml2LogoutRequest.Id.Value,
RelayState = binding.RelayState
});
var type = RouteBinding.ToUpParties.First().Type;
logger.ScopeTrace(() => $"Request, Up type '{type}'.");
switch (type)
{
case PartyTypes.Login:
return(await serviceProvider.GetService <LogoutUpLogic>().LogoutRedirect(RouteBinding.ToUpParties.First(), GetLogoutRequest(party, saml2LogoutRequest)));
case PartyTypes.OAuth2:
throw new NotImplementedException();
case PartyTypes.Oidc:
return(await serviceProvider.GetService <OidcRpInitiatedLogoutUpLogic <OidcUpParty, OidcUpClient> >().EndSessionRequestRedirectAsync(RouteBinding.ToUpParties.First(), GetLogoutRequest(party, saml2LogoutRequest)));
case PartyTypes.Saml2:
return(await serviceProvider.GetService <SamlLogoutUpLogic>().LogoutRequestRedirectAsync(RouteBinding.ToUpParties.First(), GetSamlLogoutRequest(party, saml2LogoutRequest)));
default:
throw new NotSupportedException($"Party type '{type}' not supported.");
}
}
catch (SamlRequestException ex)
{
logger.Error(ex);
return(await LogoutResponseAsync(party, samlConfig, saml2LogoutRequest.Id.Value, binding.RelayState, ex.Status));
}
}
private async Task <IActionResult> LogoutRequestAsync <T>(SamlDownParty party, Saml2Binding <T> binding)
{
var samlConfig = saml2ConfigurationLogic.GetSamlDownConfig(party);
var saml2LogoutRequest = new Saml2LogoutRequest(samlConfig);
binding.ReadSamlRequest(HttpContext.Request.ToGenericHttpRequest(), saml2LogoutRequest);
logger.ScopeTrace($"SAML Logout request '{saml2LogoutRequest.XmlDocument.OuterXml}'.");
try
{
ValidateLogoutRequest(party, saml2LogoutRequest);
binding.Unbind(HttpContext.Request.ToGenericHttpRequest(), saml2LogoutRequest);
logger.ScopeTrace("Down, SAML Logout request accepted.", triggerEvent: true);
await sequenceLogic.SaveSequenceDataAsync(new SamlDownSequenceData
{
Id = saml2LogoutRequest.Id.Value,
RelayState = binding.RelayState,
ResponseUrl = party.LoggedOutUrl,
});
await formActionLogic.CreateFormActionByUrlAsync(party.LoggedOutUrl);
var type = RouteBinding.ToUpParties.First().Type;
logger.ScopeTrace($"Request, Up type '{type}'.");
switch (type)
{
case PartyTypes.Login:
return(await serviceProvider.GetService <LogoutUpLogic>().LogoutRedirect(RouteBinding.ToUpParties.First(), new LogoutRequest
{
DownParty = party,
SessionId = saml2LogoutRequest.SessionIndex,
RequireLogoutConsent = false,
PostLogoutRedirect = true,
}));
case PartyTypes.OAuth2:
throw new NotImplementedException();
case PartyTypes.Oidc:
throw new NotImplementedException();
case PartyTypes.Saml2:
return(await serviceProvider.GetService <SamlLogoutUpLogic>().LogoutAsync(RouteBinding.ToUpParties.First(), GetSamlUpLogoutRequest(saml2LogoutRequest, party)));
default:
throw new NotSupportedException($"Party type '{type}' not supported.");
}
}
catch (SamlRequestException ex)
{
logger.Error(ex);
return(await LogoutResponseAsync(party.Id, samlConfig, saml2LogoutRequest.Id.Value, binding.RelayState, saml2LogoutRequest.Destination?.OriginalString, party.AuthnBinding.ResponseBinding, ex.Status));
}
}
private async Task <IActionResult> SingleLogoutRequestAsync <T>(SamlUpParty party, Saml2Binding <T> binding)
{
var samlConfig = saml2ConfigurationLogic.GetSamlUpConfig(party);
var saml2LogoutRequest = new Saml2LogoutRequest(samlConfig);
binding.ReadSamlRequest(HttpContext.Request.ToGenericHttpRequest(), saml2LogoutRequest);
try
{
logger.ScopeTrace($"SAML Single Logout request '{saml2LogoutRequest.XmlDocument.OuterXml}'.");
logger.ScopeTrace("Up, SAML Single Logout request.", triggerEvent: true);
binding.Unbind(HttpContext.Request.ToGenericHttpRequest(), saml2LogoutRequest);
logger.ScopeTrace("Up, Successful SAML Single Logout request.", triggerEvent: true);
var session = await sessionUpPartyLogic.DeleteSessionAsync();
await oauthRefreshTokenGrantLogic.DeleteRefreshTokenGrantsAsync(session.SessionId);
await sequenceLogic.SaveSequenceDataAsync(new SamlUpSequenceData
{
ExternalInitiatedSingleLogout = true,
Id = saml2LogoutRequest.IdAsString,
UpPartyId = party.Id,
RelayState = binding.RelayState,
SessionId = saml2LogoutRequest.SessionIndex
});
if (party.DisableSingleLogout)
{
return(await SingleLogoutResponseAsync(party, samlConfig, saml2LogoutRequest.Id.Value, binding.RelayState));
}
else
{
(var doSingleLogout, var singleLogoutSequenceData) = await singleLogoutDownLogic.InitializeSingleLogoutAsync(new UpPartyLink { Name = party.Name, Type = party.Type }, null, session.DownPartyLinks, session.Claims);
if (doSingleLogout)
{
return(await singleLogoutDownLogic.StartSingleLogoutAsync(singleLogoutSequenceData));
}
else
{
return(await SingleLogoutResponseAsync(party, samlConfig, saml2LogoutRequest.Id.Value, binding.RelayState));
}
}
}
catch (SamlRequestException ex)
{
logger.Error(ex);
return(await SingleLogoutResponseAsync(party, samlConfig, saml2LogoutRequest.Id.Value, binding.RelayState, ex.Status));
}
}
private async Task <IActionResult> SingleLogoutRequestAsync <T>(SamlUpParty party, Saml2Binding <T> binding)
{
var samlConfig = await saml2ConfigurationLogic.GetSamlUpConfigAsync(party);
var saml2LogoutRequest = new Saml2LogoutRequest(samlConfig);
binding.ReadSamlRequest(HttpContext.Request.ToGenericHttpRequest(), saml2LogoutRequest);
try
{
logger.ScopeTrace(() => $"SAML Single Logout request '{saml2LogoutRequest.XmlDocument.OuterXml}'.", traceType: TraceTypes.Message);
logger.ScopeTrace(() => "Up, SAML Single Logout request.", triggerEvent: true);
try
{
binding.Unbind(HttpContext.Request.ToGenericHttpRequest(), saml2LogoutRequest);
logger.ScopeTrace(() => "Up, Successful SAML Single Logout request.", triggerEvent: true);
}
catch (Exception ex)
{
var isex = saml2ConfigurationLogic.GetInvalidSignatureValidationCertificateException(samlConfig, ex);
if (isex != null)
{
throw isex;
}
throw;
}
var sequenceData = await sequenceLogic.SaveSequenceDataAsync(new SamlUpSequenceData
{
ExternalInitiatedSingleLogout = true,
Id = saml2LogoutRequest.IdAsString,
UpPartyId = party.Id,
RelayState = binding.RelayState,
SessionId = saml2LogoutRequest.SessionIndex
});
if (binding is Saml2Binding <Saml2PostBinding> )
{
return(HttpContext.GetUpPartyUrl(party.Name, Constants.Routes.SamlController, Constants.Endpoints.UpJump.SingleLogoutRequestJump, includeSequence: true, partyBindingPattern: party.PartyBindingPattern).ToRedirectResult());
}
else
{
return(await SingleLogoutRequestAsync(party, sequenceData));
}
}
catch (SamlRequestException ex)
{
logger.Error(ex);
return(await SingleLogoutResponseAsync(party, samlConfig, saml2LogoutRequest.Id.Value, binding.RelayState, ex.Status));
}
}
private async Task <IActionResult> AuthnRequestAsync <T>(SamlDownParty party, Saml2Binding <T> binding)
{
var samlConfig = saml2ConfigurationLogic.GetSamlDownConfig(party);
var request = HttpContext.Request;
var saml2AuthnRequest = new Saml2AuthnRequest(samlConfig);
binding.ReadSamlRequest(request.ToGenericHttpRequest(), saml2AuthnRequest);
logger.ScopeTrace($"SAML Authn request '{saml2AuthnRequest.XmlDocument.OuterXml}'.");
try
{
ValidateAuthnRequest(party, saml2AuthnRequest);
binding.Unbind(request.ToGenericHttpRequest(), saml2AuthnRequest);
logger.ScopeTrace("Down, SAML Auth request accepted.", triggerEvent: true);
var responseUrl = GetAcsUrl(party, saml2AuthnRequest);
await sequenceLogic.SaveSequenceDataAsync(new SamlDownSequenceData
{
Id = saml2AuthnRequest.Id.Value,
RelayState = binding.RelayState,
ResponseUrl = responseUrl,
});
await formActionLogic.CreateFormActionByUrlAsync(responseUrl);
var type = RouteBinding.ToUpParties.First().Type;
logger.ScopeTrace($"Request, Up type '{type}'.");
switch (type)
{
case PartyTypes.Login:
return(await serviceProvider.GetService <LoginUpLogic>().LoginRedirectAsync(RouteBinding.ToUpParties.First(), GetLoginRequestAsync(party, saml2AuthnRequest)));
case PartyTypes.OAuth2:
throw new NotImplementedException();
case PartyTypes.Oidc:
return(await serviceProvider.GetService <OidcAuthUpLogic <OidcDownParty, OidcDownClient, OidcDownScope, OidcDownClaim> >().AuthenticationRequestAsync(RouteBinding.ToUpParties.First()));
case PartyTypes.Saml2:
return(await serviceProvider.GetService <SamlAuthnUpLogic>().AuthnRequestAsync(RouteBinding.ToUpParties.First(), GetLoginRequestAsync(party, saml2AuthnRequest)));
default:
throw new NotSupportedException($"Party type '{type}' not supported.");
}
}
catch (SamlRequestException ex)
{
logger.Error(ex);
return(await AuthnResponseAsync(party.Id, samlConfig, saml2AuthnRequest.Id.Value, binding.RelayState, GetAcsUrl(party, saml2AuthnRequest), party.AuthnBinding.ResponseBinding, ex.Status));
}
}
private string ReadRelyingPartyFromLogoutRequest <T>(Saml2Binding <T> binding)
{
return(binding.ReadSamlRequest(Request.ToGenericHttpRequest(), new Saml2LogoutRequest(saml2Config))?.Issuer);
}
/// <summary>
/// Read the unique app issuer from the request
/// </summary>
/// <typeparam name="T"></typeparam>
/// <param name="binding"></param>
/// <returns></returns>
private string ReadAppFromRequest <T>(Saml2Binding <T> binding)
{
return(binding.ReadSamlRequest(Request.ToGenericHttpRequest(), new Saml2AuthnRequest(_samlConfig))?.Issuer);
}
/// <summary>
/// Reads the relying party from login request.
/// </summary>
/// <typeparam name="T"></typeparam>
/// <param name="binding">The binding.</param>
/// <returns></returns>
private Uri ReadRelyingPartyFromLoginRequest <T>(Saml2Binding <T> binding)
{
return(binding.ReadSamlRequest(Request.ToGenericHttpRequest(), new Saml2AuthnRequest(config.IDP))?.Issuer);
}