public void ProcessRequest(HttpContext context)
{
var returnUrl = "/";
//protect against no httpcontext or cs context
try
{
//exclude logout and register urls from setting the return url
//grab the invitation key
Guid?invitationKey = null;
Guid parsedInvitationKey;
//add user invitation guid if present...
var i = SamlHelpers.GetInvitationKey();
if (i != null)
{
if (Guid.TryParse(i, out parsedInvitationKey))
{
invitationKey = parsedInvitationKey;
}
}
//note we still have the case where the invitation may be in the return url
var returnUrlParam = context.Request.QueryString[SamlHelpers.ReturnUrlParameterName];
if (string.IsNullOrEmpty(returnUrlParam))
{
returnUrl = SamlHelpers.GetReturnUrl();
}
else if (IsValidReturnUrl(returnUrlParam)) //ignores pages like logout or register or errors
{
returnUrl = context.Request[SamlHelpers.ReturnUrlParameterName];
//if there is more than one return url, just use the first
returnUrl = returnUrl.Split(',')[0];
}
SamlHelpers.SetCookieReturnUrl(returnUrl, invitationKey);
}
catch (Exception ex)
{
Apis.Get <IEventLog>().Write("Error Creating SAML return URL cookie:" + ex, new EventLogEntryWriteOptions {
Category = "SAML", EventType = "Error", EventId = 1000
});
}
var samlPlugin = PluginManager.GetSingleton <SamlOAuthClient>();
if (samlPlugin == null)
{
throw new InvalidOperationException("Unable to load the SamlAuthentication plugin; saml logins are not supported in the current configuration");
}
var requestId = "_" + Guid.NewGuid().ToString();
var issuerUrl = Apis.Get <IUrl>().Absolute(Apis.Get <ICoreUrls>().Home());
//if (samlPlugin.IdpBindingType == SamlBinding.SAML11_POST && (samlPlugin.IdpAuthRequestType != AuthnBinding.IDP_Initiated) || (samlPlugin.IdpAuthRequestType != AuthnBinding.WSFededation))
// throw new NotSupportedException("Only bare get requests (without querystring or signature) are supported by the SAML 11 AuthN handler at this time");
switch (samlPlugin.IdpAuthRequestType)
{
case AuthnBinding.WSFededation:
context.Response.Redirect(string.Format(WsFederationSignInTemplate, samlPlugin.IdpUrl, HttpUtility.UrlEncode(Apis.Get <IUrl>().Absolute("~/")), HttpUtility.UrlEncode(Apis.Get <IUrl>().Absolute("~/samlresponse"))));
HttpContext.Current.ApplicationInstance.CompleteRequest();
break;
case AuthnBinding.IDP_Initiated:
context.Response.Redirect(samlPlugin.IdpUrl, false);
HttpContext.Current.ApplicationInstance.CompleteRequest();
break;
case AuthnBinding.Redirect: //untested
context.Response.Redirect(samlPlugin.IdpUrl + "?SAMLRequest=" + HttpUtility.UrlEncode(System.Text.Encoding.Default.GetString(ZipStr(GetSamlAuthnBase64(requestId, samlPlugin.IdpUrl, issuerUrl)))) + "&RelayState=" + HttpUtility.UrlEncode("/SamlLogin?ReturnUrl=" + returnUrl), false);
HttpContext.Current.ApplicationInstance.CompleteRequest();
break;
case AuthnBinding.SignedRedirect:
var redirectThumbprint = samlPlugin.AuthNCertThumbrint;
if (string.IsNullOrEmpty(redirectThumbprint))
{
throw new ArgumentNullException("Invalid configuration, the SAML Plugin is set to sign AuthN requests, but no certificate thumbprint is configured", "samlPlugin.AuthNCertThumbrint");
}
throw new NotImplementedException();
//break;
case AuthnBinding.POST:
var authXML = GetSamlAuthnXml(requestId, samlPlugin.IdpUrl, issuerUrl);
ValidateXML(authXML);
POSTAuthNRequest(samlPlugin.IdpUrl, authXML);
break;
case AuthnBinding.SignedPOST:
var postThumbprint = samlPlugin.AuthNCertThumbrint;
if (string.IsNullOrEmpty(postThumbprint))
{
throw new ArgumentNullException("Invalid configuration, the SAML Plugin is set to sign AuthN requests, but no certificate thumbprint is configured", "samlPlugin.AuthNCertThumbrint");
}
var signedAuthXML = GetSamlAuthnXml(requestId, samlPlugin.IdpUrl, issuerUrl, postThumbprint);
ValidateXML(signedAuthXML);
POSTAuthNRequest(samlPlugin.IdpUrl, signedAuthXML);
break;
}
}
