dmarlow/SAMLController2.cs

## SAMLController2.cs
private const string ssoPendingSessionKey = "ssoPending";
private const string ssoSPSessionKey = "partnerSP";

public ActionResult SSOService() {
    // Either an authn request has been received or login has just completed in response to a previous authn request.
    // The SSO pending session flag is false if an authn request is expected. Otherwise, it is true if
    // a login has just completed and control is being returned to this page.
    bool ssoPending = Session[ssoPendingSessionKey] != null && (bool)Session[ssoPendingSessionKey] == true;
	string partnerSP = null;

    if (!(ssoPending && User.Identity.IsAuthenticated)) {
        // Receive the authn request from the service provider (SP-initiated SSO).
        SAMLIdentityProvider.ReceiveSSO(Request, out partnerSP);

        Session[ssoSPSessionKey] = partnerSP;

        // If the user isn't logged in at the identity provider, force the user to login.
        if (!User.Identity.IsAuthenticated) {
            Session[ssoPendingSessionKey] = true;
            FormsAuthentication.RedirectToLoginPage();
            return new EmptyResult();
        }
    }

    partnerSP = (string)Session[ssoSPSessionKey];

    if (!Allowed(partnerSP))
    {
	// Ask user to approve and return back
        return RedirectToAction("Index", "Approve",
	    new
		{
		    returnUrl = "/saml/ssoservice"
		});
    }

    Session[ssoPendingSessionKey] = null;

    // The user is logged in at the identity provider.
    // Respond to the authn request by sending a SAML response containing a SAML assertion to the SP.
    // Use the configured or logged in user name as the user name to send to the service provider (SP).
    // Include some user attributes.
    string userName = GetUsername();

    // Get partner SP attributes, this uses the attribute names the SP expects
    IDictionary<string, string> attributes = GetAttributes(partnerSP);

    SAMLIdentityProvider.SendSSO(Response, userName, attributes);

    return new EmptyResult();
}
	private const string ssoPendingSessionKey = "ssoPending";
	private const string ssoSPSessionKey = "partnerSP";

	public ActionResult SSOService() {
	// Either an authn request has been received or login has just completed in response to a previous authn request.
	// The SSO pending session flag is false if an authn request is expected. Otherwise, it is true if
	// a login has just completed and control is being returned to this page.
	bool ssoPending = Session[ssoPendingSessionKey] != null && (bool)Session[ssoPendingSessionKey] == true;
	string partnerSP = null;

	if (!(ssoPending && User.Identity.IsAuthenticated)) {
	// Receive the authn request from the service provider (SP-initiated SSO).
	SAMLIdentityProvider.ReceiveSSO(Request, out partnerSP);

	Session[ssoSPSessionKey] = partnerSP;

	// If the user isn't logged in at the identity provider, force the user to login.
	if (!User.Identity.IsAuthenticated) {
	Session[ssoPendingSessionKey] = true;
	FormsAuthentication.RedirectToLoginPage();
	return new EmptyResult();
	}
	}

	partnerSP = (string)Session[ssoSPSessionKey];

	if (!Allowed(partnerSP))
	{
	// Ask user to approve and return back
	return RedirectToAction("Index", "Approve",
	new
	{
	returnUrl = "/saml/ssoservice"
	});
	}

	Session[ssoPendingSessionKey] = null;

	// The user is logged in at the identity provider.
	// Respond to the authn request by sending a SAML response containing a SAML assertion to the SP.
	// Use the configured or logged in user name as the user name to send to the service provider (SP).
	// Include some user attributes.
	string userName = GetUsername();

	// Get partner SP attributes, this uses the attribute names the SP expects
	IDictionary<string, string> attributes = GetAttributes(partnerSP);

	SAMLIdentityProvider.SendSSO(Response, userName, attributes);

	return new EmptyResult();
	}