public async virtual Task SignOutAsync(AuthenticationProperties properties)
{
var target = ResolveTarget(Options.ForwardSignOut);
if (target != null)
{
await Context.SignOutAsync(target, properties);
return;
}
string authenticationRequestId = Guid.NewGuid().ToString();
var requestProperties = new AuthenticationProperties();
requestProperties.Load(Request, Options.StateDataFormat);
// Extract the user state from properties and reset.
var idpName = requestProperties.GetIdentityProviderName();
var subjectNameId = requestProperties.GetSubjectNameId();
var sessionIndex = requestProperties.GetSessionIndex();
var idp = Options.IdentityProviders.FirstOrDefault(i => i.Name == idpName);
var securityTokenCreatingContext = await _eventsHandler.HandleSecurityTokenCreatingContext(Context, Scheme, Options, properties, authenticationRequestId);
var message = SamlHandler.GetLogoutRequest(
authenticationRequestId,
securityTokenCreatingContext.TokenOptions.EntityId,
securityTokenCreatingContext.TokenOptions.Certificate,
idp,
subjectNameId,
sessionIndex);
var(redirectHandled, afterRedirectMessage) = await _eventsHandler.HandleRedirectToIdentityProviderForSignOut(Context, Scheme, Options, properties, message);
if (redirectHandled)
{
return;
}
message = afterRedirectMessage;
properties.SetLogoutRequest(message);
properties.Save(Response, Options.StateDataFormat);
await _requestGenerator.HandleRequest(message,
message.ID,
securityTokenCreatingContext.TokenOptions.Certificate,
idp.SingleSignOutServiceUrl,
idp.Method);
}
protected override async Task HandleChallengeAsync(AuthenticationProperties properties)
{
// Save the original challenge URI so we can redirect back to it when we're done.
if (string.IsNullOrEmpty(properties.RedirectUri))
{
properties.RedirectUri = OriginalPathBase + OriginalPath + Request.QueryString;
}
// Create the SPID request id
string authenticationRequestId = Guid.NewGuid().ToString();
// Select the Identity Provider
var idpName = Request.Query["idpName"];
var idp = Options.IdentityProviders.FirstOrDefault(x => x.Name == idpName);
var securityTokenCreatingContext = await _eventsHandler.HandleSecurityTokenCreatingContext(Context, Scheme, Options, properties, authenticationRequestId);
// Create the signed SAML request
var message = SamlHandler.GetAuthnRequest(
authenticationRequestId,
securityTokenCreatingContext.TokenOptions.EntityId,
securityTokenCreatingContext.TokenOptions.AssertionConsumerServiceIndex,
securityTokenCreatingContext.TokenOptions.AttributeConsumingServiceIndex,
securityTokenCreatingContext.TokenOptions.Certificate,
idp);
GenerateCorrelationId(properties);
var(redirectHandled, afterRedirectMessage) = await _eventsHandler.HandleRedirectToIdentityProviderForAuthentication(Context, Scheme, Options, properties, message);
if (redirectHandled)
{
return;
}
message = afterRedirectMessage;
properties.SetIdentityProviderName(idpName);
properties.SetAuthenticationRequest(message);
properties.Save(Response, Options.StateDataFormat);
await _requestGenerator.HandleRequest(message,
message.ID,
securityTokenCreatingContext.TokenOptions.Certificate,
idp.SingleSignOnServiceUrl,
idp.Method);
}
public async Task HandleRequest <T>(T message,
string messageId,
X509Certificate2 certificate,
string signOnUrl,
RequestMethod method)
where T : class
{
var messageGuid = messageId.Replace("_", string.Empty);
if (method == RequestMethod.Post)
{
var signedSerializedMessage = SamlHandler.SignRequest(message, certificate, messageId);
await HandlePostRequest(signedSerializedMessage, signOnUrl, messageGuid);
}
else
{
var unsignedSerializedMessage = SamlHandler.SerializeMessage(message);
HandleRedirectRequest(unsignedSerializedMessage, certificate, signOnUrl, messageGuid);
}
}
