Created
June 8, 2017 19:09
-
-
Save lloydkevin/8d1dc487d5a55d56345eedacec86c55c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
public class CustomAuthenticationProvidersInitializer : AuthenticationProvidersInitializer | |
{ | |
public override Dictionary<string, Action<IAppBuilder, string, AuthenticationProviderElement>> GetAdditionalIdentityProviders() | |
{ | |
var providers = base.GetAdditionalIdentityProviders(); | |
// 'CustomSTS' is the name of the external authentication provider as configured in the Advanced settings | |
providers.Add("CustomSTS", (IAppBuilder app, string signInAsType, AuthenticationProviderElement providerConfig) => | |
{ | |
// You can add any parameter in the configuration. We use this as an example. | |
var clientId = providerConfig.GetParameter("clientId"); | |
var options = new OpenIdConnectAuthenticationOptions() | |
{ | |
ClientId = clientId, | |
Authority = "http://localhost:5000/", | |
AuthenticationType = providerConfig.Name, | |
SignInAsAuthenticationType = signInAsType, | |
// you can change the 'signin-customsts' part | |
CallbackPath = new PathString("/Sitefinity/Authenticate/OpenID/signin-customsts"), | |
RedirectUri = "http://localhost:60876/Sitefinity/Authenticate/OpenID/signin-customsts", | |
//RedirectUri = "http://localhost:60876/", | |
PostLogoutRedirectUri = "http://localhost:60876/", | |
ResponseType = "id_token token", | |
Scope = "openid profile jetbridge.public email roles", | |
Notifications = new OpenIdConnectAuthenticationNotifications() | |
{ | |
SecurityTokenValidated = n => this.SecurityTokenValidatedInternal(n), | |
AuthenticationFailed = AuthenticationFailed, | |
AuthorizationCodeReceived = AuthorizationCodeReceived, | |
RedirectToIdentityProvider = RedirectToIdentityProvider, | |
MessageReceived = MessageReceived, | |
SecurityTokenReceived = SecurityTokenReceived | |
} | |
}; | |
app.UseOpenIdConnectAuthentication(options); | |
}); | |
return providers; | |
} | |
private Task SecurityTokenReceived(SecurityTokenReceivedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> securityTokenReceivedNotification) | |
{ | |
return Task.FromResult(0); | |
} | |
private Task MessageReceived(MessageReceivedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> messageReceivedNotification) | |
{ | |
return Task.FromResult(0); | |
} | |
private Task RedirectToIdentityProvider(RedirectToIdentityProviderNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> redirectToIdentityProviderNotification) | |
{ | |
return Task.FromResult(0); | |
} | |
private Task AuthorizationCodeReceived(AuthorizationCodeReceivedNotification authorizationCodeReceivedNotification) | |
{ | |
return Task.FromResult(0); | |
} | |
private Task AuthenticationFailed(AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> authenticationFailedNotification) | |
{ | |
return Task.FromResult(0); | |
} | |
private Task SecurityTokenValidatedInternal(SecurityTokenValidatedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification) | |
{ | |
// We have to enhance the identity, because the local STS works only with the following claims: | |
// SitefinityClaimTypes.ExternalUserEmail | |
// SitefinityClaimTypes.ExternalUserId | |
// SitefinityClaimTypes.ExternalUserName | |
// SitefinityClaimTypes.ExternalUserPictureUrl | |
// Note that only the SitefinityClaimTypes.ExternalUserEmail is required for successful authentication. The rest are optional. | |
var identity = notification.AuthenticationTicket.Identity; | |
var externalUserEmail = identity.FindFirst("email"); | |
if (externalUserEmail != null) | |
identity.AddClaim(new Claim(SitefinityClaimTypes.ExternalUserEmail, externalUserEmail.Value)); | |
else | |
identity.AddClaim(new Claim(SitefinityClaimTypes.ExternalUserEmail, "fake@fake.com")); | |
var externalUserId = identity.FindFirst("sub"); | |
if (externalUserId != null) | |
identity.AddClaim(new Claim(SitefinityClaimTypes.ExternalUserId, externalUserId.Value)); | |
else | |
identity.AddClaim(new Claim(SitefinityClaimTypes.ExternalUserId, "sub")); | |
var externalUserName = identity.FindFirst("name"); | |
if (externalUserName != null) | |
identity.AddClaim(new Claim(SitefinityClaimTypes.ExternalUserName, externalUserName.Value)); | |
else | |
identity.AddClaim(new Claim(SitefinityClaimTypes.ExternalUserName, "name")); | |
var externalUserPicture = identity.FindFirst("picture"); | |
if (externalUserPicture != null) | |
identity.AddClaim(new Claim(SitefinityClaimTypes.ExternalUserPictureUrl, externalUserPicture.Value)); | |
identity.AddClaim(new Claim("access_token", notification.ProtocolMessage.AccessToken)); | |
return Task.FromResult(0); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment