Skip to content

Instantly share code, notes, and snippets.

@karbyninc
Created October 17, 2018 21:36
Show Gist options
  • Save karbyninc/f8121bf101c079b53e8e18be89132933 to your computer and use it in GitHub Desktop.
Save karbyninc/f8121bf101c079b53e8e18be89132933 to your computer and use it in GitHub Desktop.
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.IdentityModel.Protocols;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.Notifications;
using Microsoft.Owin.Security.OpenIdConnect;
using Owin;
using Sitecore.Owin.Authentication.Configuration;
using Sitecore.Owin.Authentication.Pipelines.IdentityProviders;
using Sitecore.Owin.Authentication.Services;
using System.Collections.Generic;
using Microsoft.Owin;
namespace Foundation.Authentication
{
public class IdentityProviderProcessor : IdentityProvidersProcessor
{
private readonly FederatedAuthenticationConfiguration _configuration;
//This was the identifier we specified in the configuration file.
//Again, this can be whatever you wish to call it.
protected override string IdentityProviderName => "idsrv";
public IdentityProviderProcessor(FederatedAuthenticationConfiguration federatedAuthenticationConfiguration) : base(federatedAuthenticationConfiguration)
{
_configuration = federatedAuthenticationConfiguration;
}
protected override void ProcessCore(IdentityProvidersArgs args)
{
var identityProvider = GetIdentityProvider();
var authenticationType = GetAuthenticationType();
var clientId = Sitecore.Configuration.Settings.GetSetting("ClientId");
var authority = Sitecore.Configuration.Settings.GetSetting("AuthenticationAuthority");
var redirectUri = Sitecore.Configuration.Settings.GetSetting("AuthenticationRedirectUri");
args.App.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
Caption = identityProvider.Caption,
Scope = "openid profile roles memberships functionalities",
AuthenticationType = authenticationType,
AuthenticationMode = AuthenticationMode.Active,
ResponseType = "code id_token token",
SignInAsAuthenticationType = "Cookies",
ClientId = clientId,
Authority = authority,
RedirectUri = redirectUri,
TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
{
ValidateIssuer = true,
ValidIssuer = authority
},
Notifications = new OpenIdConnectAuthenticationNotifications
{
//SecurityTokenValidated allows you to write code after a token has passed validation and you have a Claims Identity
SecurityTokenValidated = async n =>
{
var nid = new ClaimsIdentity(n.AuthenticationTicket.Identity.AuthenticationType, "name", "role");
/*
I wanted to get additional userinfo data by using our access token to retrieve data from the authority's /connect/userinfo endpoint.
*/
var userInfoClient = new Thinktecture.IdentityModel.Client.UserInfoClient(new System.Uri(n.Options.Authority + "/connect/userinfo"), n.ProtocolMessage.AccessToken);
var userInfo = await userInfoClient.GetAsync();
var sidentity = n.AuthenticationTicket.Identity;
userInfo.Claims.ToList().ForEach(ui => sidentity.AddClaim(new Claim(ui.Item1, ui.Item2)));
//Retrieve the first and last name, and then the goal is to concatenate them for a "full name" property
var firstName = "";
var lastName = "";
//Retrieve the claim given_name, and assign to first_name
if (userInfo.Claims.ToList().FirstOrDefault(k => k.Item1 == "given_name") != null)
firstName = userInfo.Claims.ToList().FirstOrDefault(k => k.Item1 == "given_name").Item2;
//The claim "family_name" is what was getting returned from the info
if (userInfo.Claims.ToList().FirstOrDefault(k => k.Item1 == "family_name") != null)
lastName = userInfo.Claims.ToList().FirstOrDefault(k => k.Item1 == "family_name").Item2;
//Add a custom claim, which is then transformed to the Sitecore FullName field.
sidentity.AddClaim(new Claim("UserFullName", firstName + " " + lastName));
//Add another custom claim for comments, just to further demonstrate this:
sidentity.AddClaim(new Claim("xComment", "My custom comment from claims that I added!"));
//Apply transformations using our rules in the Sitecore.Owin.Authentication.Enabler.config
foreach (var claimTransformationService in identityProvider.Transformations)
claimTransformationService.Transform(sidentity, new TransformationContext(_configuration, identityProvider));
n.AuthenticationTicket = new AuthenticationTicket(sidentity, n.AuthenticationTicket.Properties);
},
RedirectToIdentityProvider = n =>
{
if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.LogoutRequest)
{
var idTokenHint = n.OwinContext.Authentication.User.FindFirst("id_token");
if (idTokenHint != null)
{
n.ProtocolMessage.IdTokenHint = idTokenHint.Value;
n.OwinContext.Authentication.SignOut();
}
}
return Task.FromResult(0);
}
}
});
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment