public void ProcessRequest(HttpContext context) { try { if (!SetupInfo.IsVisibleSettings(ManagementType.SingleSignOnSettings.ToString())) { _log.DebugFormat("Single sign-on settings are disabled"); context.Response.Redirect(AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsDisabled), false); context.ApplicationInstance.CompleteRequest(); return; } var settings = SettingsManager.Instance.LoadSettings <SsoSettings>(TenantProvider.CurrentTenantID); if (!settings.EnableSso) { _log.DebugFormat("Single sign-on is disabled"); context.Response.Redirect(AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsDisabled), false); context.ApplicationInstance.CompleteRequest(); return; } if (context.User.Identity.IsAuthenticated) { _log.DebugFormat("User {0} already authenticated"); context.Response.Redirect(CommonLinkUtility.GetDefault(), false); context.ApplicationInstance.CompleteRequest(); return; } UserInfo userInfo; if (settings.TokenType != TokenTypes.SAML) { _log.Error("Settings TokenType is not SAML"); context.Response.Redirect(AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsEnexpectedTokenType), false); context.ApplicationInstance.CompleteRequest(); return; } if (context.Request["auth"] == "true") { SamlRequest req = new SamlRequest(settings); string assertionConsumerServiceUrl = context.Request.Url.AbsoluteUri.Substring(0, context.Request.Url.AbsoluteUri.IndexOf("?")); context.Response.Redirect(settings.SsoEndPoint + "?" + req.GetRequest(SamlRequestFormat.Base64, assertionConsumerServiceUrl, Path.Combine(context.Request.PhysicalApplicationPath, "App_Data\\certificates\\sp.pfx"), ConfigurationManager.AppSettings["saml.request.certificate.password"] ?? PASSWORD), false); context.ApplicationInstance.CompleteRequest(); return; } var samlEncodedString = context.Request.Form[SAML_RESPONSE]; if (string.IsNullOrWhiteSpace(samlEncodedString)) { _log.Error("SAML response is null or empty"); context.Response.Redirect(AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsEmptyToken), false); context.ApplicationInstance.CompleteRequest(); return; } _log.Debug("Trying to authenticate using SAML"); SamlResponse samlResponse = new SamlResponse(settings); samlResponse.LoadXmlFromBase64(samlEncodedString); if (!samlResponse.IsValid()) { _log.Error("SAML response is not valid"); context.Response.Redirect(AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsNotValidToken), false); context.ApplicationInstance.CompleteRequest(); return; } SamlUserCreator userCreator = new SamlUserCreator(); userInfo = userCreator.CreateUserInfo(samlResponse); if (userInfo == Constants.LostUser) { _log.Error("Can't create userInfo using current SAML response"); context.Response.Redirect(AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsCantCreateUser), false); context.ApplicationInstance.CompleteRequest(); return; } if (userInfo.Status == EmployeeStatus.Terminated) { _log.Error("Current user is terminated"); context.Response.Redirect(AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsUserTerminated), false); context.ApplicationInstance.CompleteRequest(); return; } AddUser(samlResponse, userInfo); MessageService.Send(context.Request, MessageAction.LoginSuccessViaSSO); context.Response.Redirect(CommonLinkUtility.GetDefault(), false); context.ApplicationInstance.CompleteRequest(); } catch (Exception e) { _log.ErrorFormat("Unexpected error. {0}", e); context.Response.Redirect(AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(e.Message), false); context.ApplicationInstance.CompleteRequest(); } }