Created
April 19, 2017 18:30
-
-
Save dmarlow/665648db89ab648e0f7916a5fe48a284 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
private const string ssoPendingSessionKey = "ssoPending"; | |
private const string ssoSPSessionKey = "partnerSP"; | |
public ActionResult SSOService() { | |
// Either an authn request has been received or login has just completed in response to a previous authn request. | |
// The SSO pending session flag is false if an authn request is expected. Otherwise, it is true if | |
// a login has just completed and control is being returned to this page. | |
bool ssoPending = Session[ssoPendingSessionKey] != null && (bool)Session[ssoPendingSessionKey] == true; | |
string partnerSP = null; | |
if (!(ssoPending && User.Identity.IsAuthenticated)) { | |
// Receive the authn request from the service provider (SP-initiated SSO). | |
SAMLIdentityProvider.ReceiveSSO(Request, out partnerSP); | |
// If the user isn't logged in at the identity provider, force the user to login. | |
if (!User.Identity.IsAuthenticated) { | |
Session[ssoPendingSessionKey] = true; | |
FormsAuthentication.RedirectToLoginPage(); | |
return new EmptyResult(); | |
} | |
} | |
// Clear pending here.. | |
Session[ssoPendingSessionKey] = null; | |
// Check/respond to SSO | |
return RedirectToAction("SSOService2", "SAMLController", | |
new | |
{ | |
partnerSP = partnerSP | |
}); | |
} | |
public ActionResult SSOService2(string partnerSP) { | |
if (!Allowed(partnerSP)) | |
{ | |
// Ask user to approve and return back | |
return RedirectToAction("Index", "Approve", | |
new | |
{ | |
returnUrl = "/saml/ssoservice2?partnerSP=" + HttpUtility.UrlEncode(partnerSP) | |
}); | |
} | |
// The user is logged in at the identity provider. | |
// Respond to the authn request by sending a SAML response containing a SAML assertion to the SP. | |
// Use the configured or logged in user name as the user name to send to the service provider (SP). | |
// Include some user attributes. | |
string userName = GetUsername(); | |
// Get partner SP attributes, this uses the attribute names the SP expects | |
IDictionary<string, string> attributes = GetAttributes(partnerSP); | |
SAMLIdentityProvider.SendSSO(Response, userName, attributes); | |
return new EmptyResult(); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment