Created
July 9, 2019 15:22
-
-
Save ssartell/fb2dd9ec070434495917264956116c0d to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
public class AzureAdB2cIdentityProvider : IdentityProvidersProcessor | |
{ | |
public AzureAdB2cIdentityProvider(FederatedAuthenticationConfiguration federatedAuthenticationConfiguration, ICookieManager cookieManager, BaseSettings settings) : base(federatedAuthenticationConfiguration, cookieManager, settings) | |
{ | |
} | |
protected override string IdentityProviderName => "AzureAdB2cExtranet"; | |
protected override void ProcessCore(IdentityProvidersArgs args) | |
{ | |
Assert.ArgumentNotNull(args, nameof(args)); | |
var identityProvider = this.GetIdentityProvider(); | |
var authenticationType = this.GetAuthenticationType(); | |
string aadInstance = this.Settings.GetSetting("AzureAdB2cExtranet.AadInstance"); | |
string policy = this.Settings.GetSetting("AzureAdB2cExtranet.Policy"); | |
string tenant = this.Settings.GetSetting("AzureAdB2cExtranet.Tenant"); | |
string clientId = this.Settings.GetSetting("AzureAdB2cExtranet.ClientId"); | |
string postLogoutRedirectUri = this.Settings.GetSetting("AzureAdB2cExtranet.PostLogoutRedirectURI"); | |
string redirectUri = this.Settings.GetSetting("AzureAdB2cExtranet.RedirectURI"); | |
var authenticationOptions = new OpenIdConnectAuthenticationOptions | |
{ | |
MetadataAddress = string.Format(CultureInfo.InvariantCulture, aadInstance, tenant, policy), | |
Caption = identityProvider.Caption, | |
AuthenticationType = authenticationType, | |
AuthenticationMode = AuthenticationMode.Passive, | |
ClientId = clientId, | |
PostLogoutRedirectUri = postLogoutRedirectUri, | |
RedirectUri = redirectUri, | |
Scope = "openid", | |
ResponseType = "id_token", | |
Notifications = new OpenIdConnectAuthenticationNotifications() | |
{ | |
SecurityTokenValidated = message => | |
{ | |
var identity = message.AuthenticationTicket.Identity; | |
var claims = message.AuthenticationTicket.Identity.Claims.ToList(); | |
// needed for external logout | |
identity.AddClaim(new Claim("id_token", message.ProtocolMessage.IdToken)); | |
// apply Sitecore claims tranformations | |
message.AuthenticationTicket.Identity.ApplyClaimsTransformations(new TransformationContext(this.FederatedAuthenticationConfiguration, identityProvider)); | |
message.AuthenticationTicket = new AuthenticationTicket(identity, message.AuthenticationTicket.Properties); | |
return Task.FromResult(0); | |
}, | |
RedirectToIdentityProvider = message => | |
{ | |
// format redirect URI so Sitecore cleans up after itself | |
var revokeProperties = message.OwinContext.Authentication.AuthenticationResponseRevoke?.Properties?.Dictionary; | |
if (revokeProperties != null && revokeProperties.ContainsKey("nonce")) | |
{ | |
var uri = new Uri(message.ProtocolMessage.PostLogoutRedirectUri); | |
var host = uri.GetComponents(UriComponents.SchemeAndServer, UriFormat.Unescaped); | |
var path = "/" + uri.GetComponents(UriComponents.Path, UriFormat.Unescaped); | |
var nonce = revokeProperties["nonce"]; | |
// for single sign-out, Sitecore expects the URI used below with the nonce in the query string | |
// this URI was found in Sitecore.Owin.Authentication.Pipelines.Initialize.HandlePostLogoutUrl | |
message.ProtocolMessage.PostLogoutRedirectUri = $"{host}/identity/postexternallogout?ReturnUrl={path}&nonce={nonce}"; | |
} | |
return Task.FromResult(0); | |
} | |
} | |
}; | |
args.App.UseOpenIdConnectAuthentication(authenticationOptions); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment