public void ProcessRequest(HttpContext context)
{
try
{
if (!SetupInfo.IsVisibleSettings(ManagementType.SingleSignOnSettings.ToString()))
{
_log.DebugFormat("Single sign-on settings are disabled");
context.Response.Redirect(AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsDisabled), false);
context.ApplicationInstance.CompleteRequest();
return;
}
var settings = SettingsManager.Instance.LoadSettings <SsoSettings>(TenantProvider.CurrentTenantID);
if (!settings.EnableSso)
{
_log.DebugFormat("Single sign-on is disabled");
context.Response.Redirect(AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsDisabled), false);
context.ApplicationInstance.CompleteRequest();
return;
}
if (context.User.Identity.IsAuthenticated)
{
_log.DebugFormat("User {0} already authenticated");
context.Response.Redirect(CommonLinkUtility.GetDefault(), false);
context.ApplicationInstance.CompleteRequest();
return;
}
UserInfo userInfo;
if (settings.TokenType != TokenTypes.SAML)
{
_log.Error("Settings TokenType is not SAML");
context.Response.Redirect(AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsEnexpectedTokenType), false);
context.ApplicationInstance.CompleteRequest();
return;
}
if (context.Request["auth"] == "true")
{
SamlRequest req = new SamlRequest(settings);
string assertionConsumerServiceUrl = context.Request.Url.AbsoluteUri.Substring(0,
context.Request.Url.AbsoluteUri.IndexOf("?"));
context.Response.Redirect(settings.SsoEndPoint + "?" +
req.GetRequest(SamlRequestFormat.Base64,
assertionConsumerServiceUrl,
Path.Combine(context.Request.PhysicalApplicationPath, "App_Data\\certificates\\sp.pfx"),
ConfigurationManager.AppSettings["saml.request.certificate.password"] ?? PASSWORD),
false);
context.ApplicationInstance.CompleteRequest();
return;
}
var samlEncodedString = context.Request.Form[SAML_RESPONSE];
if (string.IsNullOrWhiteSpace(samlEncodedString))
{
_log.Error("SAML response is null or empty");
context.Response.Redirect(AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsEmptyToken), false);
context.ApplicationInstance.CompleteRequest();
return;
}
_log.Debug("Trying to authenticate using SAML");
SamlResponse samlResponse = new SamlResponse(settings);
samlResponse.LoadXmlFromBase64(samlEncodedString);
if (!samlResponse.IsValid())
{
_log.Error("SAML response is not valid");
context.Response.Redirect(AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsNotValidToken), false);
context.ApplicationInstance.CompleteRequest();
return;
}
SamlUserCreator userCreator = new SamlUserCreator();
userInfo = userCreator.CreateUserInfo(samlResponse);
if (userInfo == Constants.LostUser)
{
_log.Error("Can't create userInfo using current SAML response");
context.Response.Redirect(AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsCantCreateUser), false);
context.ApplicationInstance.CompleteRequest();
return;
}
if (userInfo.Status == EmployeeStatus.Terminated)
{
_log.Error("Current user is terminated");
context.Response.Redirect(AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsUserTerminated), false);
context.ApplicationInstance.CompleteRequest();
return;
}
AddUser(samlResponse, userInfo);
MessageService.Send(context.Request, MessageAction.LoginSuccessViaSSO);
context.Response.Redirect(CommonLinkUtility.GetDefault(), false);
context.ApplicationInstance.CompleteRequest();
}
catch (Exception e)
{
_log.ErrorFormat("Unexpected error. {0}", e);
context.Response.Redirect(AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(e.Message), false);
context.ApplicationInstance.CompleteRequest();
}
}
