public async Task<SignInValidationResult> ValidateAsync(SignInRequestMessage message, ClaimsPrincipal subject) { var result = new SignInValidationResult(); // todo: wfresh handling? if (!subject.Identity.IsAuthenticated) { return new SignInValidationResult { IsSignInRequired = true, }; }; var rp = await _relyingParties.GetByRealmAsync(message.Realm); if (rp == null || rp.Enabled == false) { return new SignInValidationResult { IsError = true, Error = "invalid_relying_party" }; } // todo: check wreply against list of allowed reply URLs result.ReplyUrl = rp.ReplyUrl; result.RelyingParty = rp; result.SignInRequestMessage = message; result.Subject = subject; return result; }
private async Task<ClaimsIdentity> CreateSubjectAsync(SignInValidationResult validationResult) { var claims = await _users.GetProfileDataAsync( validationResult.Subject.GetSubjectId(), validationResult.RelyingParty.ClaimMappings.Keys); var mappedClaims = new List<Claim>(); foreach (var claim in claims) { string mappedType; if (validationResult.RelyingParty.ClaimMappings.TryGetValue(claim.Type, out mappedType)) { mappedClaims.Add(new Claim(mappedType, claim.Value)); } } // todo: do complete mapping if (validationResult.Subject.GetAuthenticationMethod() == Constants.AuthenticationMethods.Password) { mappedClaims.Add(new Claim(ClaimTypes.AuthenticationMethod, AuthenticationMethods.Password)); mappedClaims.Add(AuthenticationInstantClaim.Now); } return new ClaimsIdentity(mappedClaims, "idsrv"); }
public async Task<SignInResponseMessage> GenerateResponseAsync(SignInValidationResult validationResult) { // create subject var outgoingSubject = await CreateSubjectAsync(validationResult); // create token for user var token = CreateSecurityToken(validationResult, outgoingSubject); // return response var rstr = new RequestSecurityTokenResponse { AppliesTo = new EndpointReference(validationResult.RelyingParty.Realm), Context = validationResult.SignInRequestMessage.Context, ReplyTo = validationResult.ReplyUrl, RequestedSecurityToken = new RequestedSecurityToken(token) }; var serializer = new WSFederationSerializer( new WSTrust13RequestSerializer(), new WSTrust13ResponseSerializer()); var responseMessage = new SignInResponseMessage( new Uri(validationResult.ReplyUrl), rstr, serializer, new WSTrustSerializationContext()); return responseMessage; }
public async Task <SignInValidationResult> ValidateAsync(SignInRequestMessage message, ClaimsPrincipal subject) { Logger.Info("Validating WS-Federation signin request"); var result = new SignInValidationResult(); if (message.HomeRealm.IsPresent()) { Logger.Info("Setting home realm to: " + message.HomeRealm); result.HomeRealm = message.HomeRealm; } // todo: wfresh handling? if (!subject.Identity.IsAuthenticated) { result.IsSignInRequired = true; return(result); } ; var rp = await _relyingParties.GetByRealmAsync(message.Realm); if (rp == null || rp.Enabled == false) { Logger.Error("Relying party not found: " + rp.Realm); return(new SignInValidationResult { IsError = true, Error = "invalid_relying_party" }); } Logger.InfoFormat("Relying party registration found: {0} / {1}", rp.Realm, rp.Name); result.ReplyUrl = rp.ReplyUrl; Logger.InfoFormat("Reply URL set to: " + result.ReplyUrl); result.RelyingParty = rp; result.SignInRequestMessage = message; result.Subject = subject; return(result); }
public async Task <SignInValidationResult> ValidateAsync(SignInRequestMessage message, ClaimsPrincipal subject) { var result = new SignInValidationResult(); if (message.HomeRealm.IsPresent()) { result.HomeRealm = message.HomeRealm; } // todo: wfresh handling? if (!subject.Identity.IsAuthenticated) { result.IsSignInRequired = true; return(result); } ; var rp = await _relyingParties.GetByRealmAsync(message.Realm); if (rp == null || rp.Enabled == false) { return(new SignInValidationResult { IsError = true, Error = "invalid_relying_party" }); } // todo: check wreply against list of allowed reply URLs result.ReplyUrl = rp.ReplyUrl; result.RelyingParty = rp; result.SignInRequestMessage = message; result.Subject = subject; return(result); }
IHttpActionResult RedirectToLogin(CoreSettings settings, SignInValidationResult result) { var message = new SignInMessage(); message.ReturnUrl = Request.RequestUri.AbsoluteUri; if (result.HomeRealm.IsPresent()) { message.IdP = result.HomeRealm; } return new LoginResult(message, this.Request, settings, _internalConfig); }
private SecurityToken CreateSecurityToken(SignInValidationResult validationResult, ClaimsIdentity outgoingSubject) { var descriptor = new SecurityTokenDescriptor { AppliesToAddress = validationResult.RelyingParty.Realm, Lifetime = new Lifetime(DateTime.UtcNow, DateTime.UtcNow.AddMinutes(validationResult.RelyingParty.TokenLifeTime)), ReplyToAddress = validationResult.ReplyUrl, SigningCredentials = new X509SigningCredentials(_settings.GetSigningCertificate()), Subject = outgoingSubject, TokenIssuerName = _settings.GetIssuerUri(), TokenType = validationResult.RelyingParty.TokenType }; return CreateSupportedSecurityTokenHandler().CreateToken(descriptor); }