/// <summary>
/// Complete the Federated Login
/// </summary>
/// <param name="session">Server session</param>
/// <returns>Federated Login message collection</returns>
protected virtual TDSMessageCollection OnFederatedAuthenticationCompleted(ITDSServerSession session, byte[] ticket)
{
// Delegate to successful authentication routine
TDSMessageCollection responseMessageCollection = OnAuthenticationCompleted(session);
// Get the last message
TDSMessage targetMessage = responseMessageCollection.Last();
IFederatedAuthenticationTicket decryptedTicket = null;
try
{
// Get the Federated Authentication ticket using RPS
decryptedTicket = FederatedAuthenticationTicketService.DecryptTicket((session as GenericTDSServerSession).FederatedAuthenticationLibrary, ticket);
if (decryptedTicket is RpsTicket)
{
TDSUtilities.Log(Arguments.Log, "RPS ticket session key: ", (decryptedTicket as RpsTicket).sessionKey);
}
else if (decryptedTicket is JwtTicket)
{
TDSUtilities.Log(Arguments.Log, "JWT Ticket Received", null);
}
}
catch (Exception ex)
{
// Prepare ERROR token
TDSErrorToken errorToken = new TDSErrorToken(54879, 1, 20, "Authentication error in Federated Authentication Ticket Service: " + ex.Message, Arguments.ServerName);
// Log response
TDSUtilities.Log(Arguments.Log, "Response", errorToken);
// Create DONE token
TDSDoneToken doneToken = new TDSDoneToken(TDSDoneTokenStatusType.Final | TDSDoneTokenStatusType.Error);
// Log response
TDSUtilities.Log(Arguments.Log, "Response", doneToken);
// Return the message and stop processing request
return(new TDSMessageCollection(new TDSMessage(TDSMessageType.Response, errorToken, doneToken)));
}
// Create federated authentication extension option
TDSFeatureExtAckFederatedAuthenticationOption federatedAuthenticationOption;
if ((session as GenericTDSServerSession).FederatedAuthenticationLibrary == TDSFedAuthLibraryType.MSAL)
{
// For the time being, fake fedauth tokens are used for ADAL, so decryptedTicket is null.
federatedAuthenticationOption =
new TDSFeatureExtAckFederatedAuthenticationOption((session as GenericTDSServerSession).ClientNonce, null);
}
else
{
federatedAuthenticationOption =
new TDSFeatureExtAckFederatedAuthenticationOption((session as GenericTDSServerSession).ClientNonce,
decryptedTicket.GetSignature((session as GenericTDSServerSession).ClientNonce));
}
// Look for feature extension token
TDSFeatureExtAckToken featureExtActToken = (TDSFeatureExtAckToken)targetMessage.Where(t => t is TDSFeatureExtAckToken).FirstOrDefault();
// Check if response already contains federated authentication
if (featureExtActToken == null)
{
// Create Feature extension Ack token
featureExtActToken = new TDSFeatureExtAckToken(federatedAuthenticationOption);
// Serialize feature extension token into the response
// The last token is Done token, so we should put feautureextack token before done token
targetMessage.Insert(targetMessage.Count - 1, featureExtActToken);
}
else
{
// Update
featureExtActToken.Options.Add(federatedAuthenticationOption);
}
// Log response
TDSUtilities.Log(Arguments.Log, "Response", federatedAuthenticationOption);
// Wrap a message with a collection
return(responseMessageCollection);
}
