public string GetSpidAuthRequest(SpidProviderConfiguration spidProviderConfiguration) { string result = ""; AuthRequestOptions requestOptions = new AuthRequestOptions() { AssertionConsumerServiceIndex = spidProviderConfiguration.LoginAssertionConsumerServiceIndex, AttributeConsumingServiceIndex = spidProviderConfiguration.LoginAttributeConsumingServiceIndex, Destination = spidProviderConfiguration.IdentityProviderLoginPostUrl, SPIDLevel = spidProviderConfiguration.LoginSPIDLevel, SPUID = spidProviderConfiguration.ServiceProviderId, UUID = Guid.NewGuid().ToString() }; AuthRequest request = new AuthRequest(requestOptions); try { X509Certificate2 signinCert = new X509Certificate2(_appEnvironment.ContentRootPath + spidProviderConfiguration.ServiceProviderCertPath, spidProviderConfiguration.ServiceProviderCertPassword, X509KeyStorageFlags.MachineKeySet); if (string.IsNullOrEmpty(spidProviderConfiguration.ServiceProviderPrivatekey)) { result = request.GetSignedAuthRequest(signinCert); } else { result = request.GetSignedAuthRequest(signinCert, spidProviderConfiguration.ServiceProviderPrivatekey); } } catch (Exception ex) { _logger.LogError(ex, "Error creating SAML Request for {0}", spidProviderConfiguration.IdentityProviderId); } return(result); }
public string GetSpidAuthRequest(SpidProviderConfiguration spidProviderConfiguration) { string result = ""; AuthRequestOptions requestOptions = new AuthRequestOptions() { AssertionConsumerServiceIndex = 0, AttributeConsumingServiceIndex = 2, Destination = spidProviderConfiguration.IdentityProviderLoginPostUrl, SPIDLevel = SPIDLevel.SPIDL1, SPUID = spidProviderConfiguration.ServiceProviderId, UUID = Guid.NewGuid().ToString() }; AuthRequest request = new AuthRequest(requestOptions); X509Certificate2 signinCert = new X509Certificate2(_appEnvironment.ContentRootPath + spidProviderConfiguration.ServiceProviderCertPath, spidProviderConfiguration.ServiceProviderCertPassword, X509KeyStorageFlags.Exportable); if (string.IsNullOrEmpty(spidProviderConfiguration.ServiceProviderPrivatekey)) { result = request.GetSignedAuthRequest(signinCert); } else { result = request.GetSignedAuthRequest(signinCert, spidProviderConfiguration.ServiceProviderPrivatekey); } return(result); }
public string GetSpidLogoutRequest(SpidProviderConfiguration spidProviderConfiguration) { string result = ""; string sessionId = HttpContext.User.FindFirst("SessionId").Value ?? ""; string nameId = HttpContext.User.FindFirst("SubjectNameId").Value ?? ""; LogoutRequestOptions requestOptions = new LogoutRequestOptions() { Destination = spidProviderConfiguration.IdentityProviderLogoutPostUrl, LogoutLevel = LogoutLevel.User, SPUID = spidProviderConfiguration.ServiceProviderId, UUID = Guid.NewGuid().ToString(), SessionId = sessionId, SubjectNameId = nameId }; LogoutRequest request = new LogoutRequest(requestOptions); X509Certificate2 signinCert = new X509Certificate2(_appEnvironment.ContentRootPath + spidProviderConfiguration.ServiceProviderCertPath, spidProviderConfiguration.ServiceProviderCertPassword, X509KeyStorageFlags.Exportable); if (string.IsNullOrEmpty(spidProviderConfiguration.ServiceProviderPrivatekey)) { result = request.GetSignedLogoutRequest(signinCert); } else { result = request.GetSignedLogoutRequest(signinCert, spidProviderConfiguration.ServiceProviderPrivatekey); } return(result); }
public async Task <IActionResult> Logout(string providerId) { var scheme = "SPIDCookie"; await AuthenticationHttpContextExtensions.SignOutAsync(HttpContext, scheme); providerId = Request.Cookies["SpidIdp"]; var spidProviderConfiguration = new SpidProviderConfiguration(); _configuration.GetSection("Spid:" + providerId).Bind(spidProviderConfiguration); string spidLogoutRequest = GetSpidLogoutRequest(spidProviderConfiguration); string redirectUri = Request.Headers["Referer"].ToString();// Request.QueryString["RedirectUrl"]; Dictionary <string, string> parameters = new Dictionary <string, string>(); parameters.Add("SAMLRequest", System.Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(spidLogoutRequest))); parameters.Add("RelayState", System.Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(redirectUri))); var inputs = new StringBuilder(); foreach (var parameter in parameters) { var name = (parameter.Key); var value = (parameter.Value); var input = string.Format(CultureInfo.InvariantCulture, InputTagFormat, name, value); inputs.AppendLine(input); } var content = string.Format(CultureInfo.InvariantCulture, HtmlFormFormat, spidProviderConfiguration.IdentityProviderLogoutPostUrl, inputs); var buffer = Encoding.UTF8.GetBytes(content); Response.ContentLength = buffer.Length; Response.ContentType = "text/html;charset=UTF-8"; // Emit Cache-Control=no-cache to prevent client caching. Response.Headers[HeaderNames.CacheControl] = "no-cache"; Response.Headers[HeaderNames.Pragma] = "no-cache"; Response.Headers[HeaderNames.Expires] = "-1"; await Response.Body.WriteAsync(buffer, 0, buffer.Length); return(Ok()); //return RedirectToAction("Index","Home"); }