private async Task <IActionResult> LogoutRequestAsync <T>(SamlDownParty party, Saml2Binding <T> binding) { var samlConfig = saml2ConfigurationLogic.GetSamlDownConfig(party); var saml2LogoutRequest = new Saml2LogoutRequest(samlConfig); binding.ReadSamlRequest(HttpContext.Request.ToGenericHttpRequest(), saml2LogoutRequest); logger.ScopeTrace($"SAML Logout request '{saml2LogoutRequest.XmlDocument.OuterXml}'."); try { ValidateLogoutRequest(party, saml2LogoutRequest); binding.Unbind(HttpContext.Request.ToGenericHttpRequest(), saml2LogoutRequest); logger.ScopeTrace("Down, SAML Logout request accepted.", triggerEvent: true); await sequenceLogic.SaveSequenceDataAsync(new SamlDownSequenceData { Id = saml2LogoutRequest.Id.Value, RelayState = binding.RelayState, ResponseUrl = party.LoggedOutUrl, }); await formActionLogic.CreateFormActionByUrlAsync(party.LoggedOutUrl); var type = RouteBinding.ToUpParties.First().Type; logger.ScopeTrace($"Request, Up type '{type}'."); switch (type) { case PartyTypes.Login: return(await serviceProvider.GetService <LogoutUpLogic>().LogoutRedirect(RouteBinding.ToUpParties.First(), new LogoutRequest { DownParty = party, SessionId = saml2LogoutRequest.SessionIndex, RequireLogoutConsent = false, PostLogoutRedirect = true, })); case PartyTypes.OAuth2: throw new NotImplementedException(); case PartyTypes.Oidc: throw new NotImplementedException(); case PartyTypes.Saml2: return(await serviceProvider.GetService <SamlLogoutUpLogic>().LogoutAsync(RouteBinding.ToUpParties.First(), GetSamlUpLogoutRequest(saml2LogoutRequest, party))); default: throw new NotSupportedException($"Party type '{type}' not supported."); } } catch (SamlRequestException ex) { logger.Error(ex); return(await LogoutResponseAsync(party.Id, samlConfig, saml2LogoutRequest.Id.Value, binding.RelayState, saml2LogoutRequest.Destination?.OriginalString, party.AuthnBinding.ResponseBinding, ex.Status)); } }
private async Task <IActionResult> AuthnRequestAsync <T>(SamlDownParty party, Saml2Binding <T> binding) { var samlConfig = saml2ConfigurationLogic.GetSamlDownConfig(party); var request = HttpContext.Request; var saml2AuthnRequest = new Saml2AuthnRequest(samlConfig); binding.ReadSamlRequest(request.ToGenericHttpRequest(), saml2AuthnRequest); logger.ScopeTrace($"SAML Authn request '{saml2AuthnRequest.XmlDocument.OuterXml}'."); try { ValidateAuthnRequest(party, saml2AuthnRequest); binding.Unbind(request.ToGenericHttpRequest(), saml2AuthnRequest); logger.ScopeTrace("Down, SAML Auth request accepted.", triggerEvent: true); var responseUrl = GetAcsUrl(party, saml2AuthnRequest); await sequenceLogic.SaveSequenceDataAsync(new SamlDownSequenceData { Id = saml2AuthnRequest.Id.Value, RelayState = binding.RelayState, ResponseUrl = responseUrl, }); await formActionLogic.CreateFormActionByUrlAsync(responseUrl); var type = RouteBinding.ToUpParties.First().Type; logger.ScopeTrace($"Request, Up type '{type}'."); switch (type) { case PartyTypes.Login: return(await serviceProvider.GetService <LoginUpLogic>().LoginRedirectAsync(RouteBinding.ToUpParties.First(), GetLoginRequestAsync(party, saml2AuthnRequest))); case PartyTypes.OAuth2: throw new NotImplementedException(); case PartyTypes.Oidc: return(await serviceProvider.GetService <OidcAuthUpLogic <OidcDownParty, OidcDownClient, OidcDownScope, OidcDownClaim> >().AuthenticationRequestAsync(RouteBinding.ToUpParties.First())); case PartyTypes.Saml2: return(await serviceProvider.GetService <SamlAuthnUpLogic>().AuthnRequestAsync(RouteBinding.ToUpParties.First(), GetLoginRequestAsync(party, saml2AuthnRequest))); default: throw new NotSupportedException($"Party type '{type}' not supported."); } } catch (SamlRequestException ex) { logger.Error(ex); return(await AuthnResponseAsync(party.Id, samlConfig, saml2AuthnRequest.Id.Value, binding.RelayState, GetAcsUrl(party, saml2AuthnRequest), party.AuthnBinding.ResponseBinding, ex.Status)); } }
private async Task <IActionResult> LogoutRequestAsync <T>(SamlDownParty party, Saml2Binding <T> binding) { var samlConfig = saml2ConfigurationLogic.GetSamlDownConfig(party); var saml2LogoutRequest = new Saml2LogoutRequest(samlConfig); binding.ReadSamlRequest(HttpContext.Request.ToGenericHttpRequest(), saml2LogoutRequest); logger.ScopeTrace($"SAML Logout request '{saml2LogoutRequest.XmlDocument.OuterXml}'."); try { ValidateLogoutRequest(party, saml2LogoutRequest); binding.Unbind(HttpContext.Request.ToGenericHttpRequest(), saml2LogoutRequest); logger.ScopeTrace("Down, SAML Logout request accepted.", triggerEvent: true); await sequenceLogic.SaveSequenceDataAsync(new SamlDownSequenceData { Id = saml2LogoutRequest.Id.Value, RelayState = binding.RelayState }); var type = RouteBinding.ToUpParties.First().Type; logger.ScopeTrace($"Request, Up type '{type}'."); switch (type) { case PartyTypes.Login: return(await serviceProvider.GetService <LogoutUpLogic>().LogoutRedirect(RouteBinding.ToUpParties.First(), GetLogoutRequest(party, saml2LogoutRequest))); case PartyTypes.OAuth2: throw new NotImplementedException(); case PartyTypes.Oidc: return(await serviceProvider.GetService <OidcRpInitiatedLogoutUpLogic <OidcUpParty, OidcUpClient> >().EndSessionRequestRedirectAsync(RouteBinding.ToUpParties.First(), GetLogoutRequest(party, saml2LogoutRequest))); case PartyTypes.Saml2: return(await serviceProvider.GetService <SamlLogoutUpLogic>().LogoutRequestRedirectAsync(RouteBinding.ToUpParties.First(), GetSamlLogoutRequest(party, saml2LogoutRequest))); default: throw new NotSupportedException($"Party type '{type}' not supported."); } } catch (SamlRequestException ex) { logger.Error(ex); return(await LogoutResponseAsync(party, samlConfig, saml2LogoutRequest.Id.Value, binding.RelayState, ex.Status)); } }
public async Task <IActionResult> IdPMetadataAsync(string partyId) { logger.ScopeTrace("Down, IdP Metadata request."); logger.SetScopeProperty("downPartyId", partyId); var party = await tenantRepository.GetAsync <SamlDownParty>(partyId); var samlConfig = saml2ConfigurationLogic.GetSamlDownConfig(party, true); var authnDestination = new Uri(UrlCombine.Combine(HttpContext.GetHost(), RouteBinding.TenantName, RouteBinding.TrackName, RouteBinding.PartyNameAndBinding, Constants.Routes.SamlController, Constants.Endpoints.SamlAuthn)); var logoutDestination = new Uri(UrlCombine.Combine(HttpContext.GetHost(), RouteBinding.TenantName, RouteBinding.TrackName, RouteBinding.PartyNameAndBinding, Constants.Routes.SamlController, Constants.Endpoints.SamlLogout)); var entityDescriptor = new EntityDescriptor(samlConfig); entityDescriptor.ValidUntil = new TimeSpan(0, 0, party.MetadataLifetime).Days; entityDescriptor.IdPSsoDescriptor = new IdPSsoDescriptor { SigningCertificates = new X509Certificate2[] { samlConfig.SigningCertificate }, //EncryptionCertificates = new X509Certificate2[] //{ // config.DecryptionCertificate //}, SingleSignOnServices = new SingleSignOnService[] { new SingleSignOnService { Binding = ToSamleBindingUri(party.AuthnBinding.RequestBinding), Location = authnDestination, }, }, }; if (party.LogoutBinding != null) { entityDescriptor.IdPSsoDescriptor.SingleLogoutServices = new SingleLogoutService[] { new SingleLogoutService { Binding = ToSamleBindingUri(party.LogoutBinding.RequestBinding), Location = logoutDestination }, }; } return(new Saml2Metadata(entityDescriptor).CreateMetadata().ToActionResult()); }