public void ProcessRequest(HttpContext context) { var returnUrl = "/"; //protect against no httpcontext or cs context try { //exclude logout and register urls from setting the return url //grab the invitation key Guid?invitationKey = null; Guid parsedInvitationKey; //add user invitation guid if present... var i = SamlHelpers.GetInvitationKey(); if (i != null) { if (Guid.TryParse(i, out parsedInvitationKey)) { invitationKey = parsedInvitationKey; } } //note we still have the case where the invitation may be in the return url var returnUrlParam = context.Request.QueryString[SamlHelpers.ReturnUrlParameterName]; if (string.IsNullOrEmpty(returnUrlParam)) { returnUrl = SamlHelpers.GetReturnUrl(); } else if (IsValidReturnUrl(returnUrlParam)) //ignores pages like logout or register or errors { returnUrl = context.Request[SamlHelpers.ReturnUrlParameterName]; //if there is more than one return url, just use the first returnUrl = returnUrl.Split(',')[0]; } SamlHelpers.SetCookieReturnUrl(returnUrl, invitationKey); } catch (Exception ex) { Apis.Get <IEventLog>().Write("Error Creating SAML return URL cookie:" + ex, new EventLogEntryWriteOptions { Category = "SAML", EventType = "Error", EventId = 1000 }); } var samlPlugin = PluginManager.GetSingleton <SamlOAuthClient>(); if (samlPlugin == null) { throw new InvalidOperationException("Unable to load the SamlAuthentication plugin; saml logins are not supported in the current configuration"); } var requestId = "_" + Guid.NewGuid().ToString(); var issuerUrl = Apis.Get <IUrl>().Absolute(Apis.Get <ICoreUrls>().Home()); //if (samlPlugin.IdpBindingType == SamlBinding.SAML11_POST && (samlPlugin.IdpAuthRequestType != AuthnBinding.IDP_Initiated) || (samlPlugin.IdpAuthRequestType != AuthnBinding.WSFededation)) // throw new NotSupportedException("Only bare get requests (without querystring or signature) are supported by the SAML 11 AuthN handler at this time"); switch (samlPlugin.IdpAuthRequestType) { case AuthnBinding.WSFededation: context.Response.Redirect(string.Format(WsFederationSignInTemplate, samlPlugin.IdpUrl, HttpUtility.UrlEncode(Apis.Get <IUrl>().Absolute("~/")), HttpUtility.UrlEncode(Apis.Get <IUrl>().Absolute("~/samlresponse")))); HttpContext.Current.ApplicationInstance.CompleteRequest(); break; case AuthnBinding.IDP_Initiated: context.Response.Redirect(samlPlugin.IdpUrl, false); HttpContext.Current.ApplicationInstance.CompleteRequest(); break; case AuthnBinding.Redirect: //untested context.Response.Redirect(samlPlugin.IdpUrl + "?SAMLRequest=" + HttpUtility.UrlEncode(System.Text.Encoding.Default.GetString(ZipStr(GetSamlAuthnBase64(requestId, samlPlugin.IdpUrl, issuerUrl)))) + "&RelayState=" + HttpUtility.UrlEncode("/SamlLogin?ReturnUrl=" + returnUrl), false); HttpContext.Current.ApplicationInstance.CompleteRequest(); break; case AuthnBinding.SignedRedirect: var redirectThumbprint = samlPlugin.AuthNCertThumbrint; if (string.IsNullOrEmpty(redirectThumbprint)) { throw new ArgumentNullException("Invalid configuration, the SAML Plugin is set to sign AuthN requests, but no certificate thumbprint is configured", "samlPlugin.AuthNCertThumbrint"); } throw new NotImplementedException(); //break; case AuthnBinding.POST: var authXML = GetSamlAuthnXml(requestId, samlPlugin.IdpUrl, issuerUrl); ValidateXML(authXML); POSTAuthNRequest(samlPlugin.IdpUrl, authXML); break; case AuthnBinding.SignedPOST: var postThumbprint = samlPlugin.AuthNCertThumbrint; if (string.IsNullOrEmpty(postThumbprint)) { throw new ArgumentNullException("Invalid configuration, the SAML Plugin is set to sign AuthN requests, but no certificate thumbprint is configured", "samlPlugin.AuthNCertThumbrint"); } var signedAuthXML = GetSamlAuthnXml(requestId, samlPlugin.IdpUrl, issuerUrl, postThumbprint); ValidateXML(signedAuthXML); POSTAuthNRequest(samlPlugin.IdpUrl, signedAuthXML); break; } }