Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
public class AzureAdB2cIdentityProvider : IdentityProvidersProcessor
{
public AzureAdB2cIdentityProvider(FederatedAuthenticationConfiguration federatedAuthenticationConfiguration, ICookieManager cookieManager, BaseSettings settings) : base(federatedAuthenticationConfiguration, cookieManager, settings)
{
}
protected override string IdentityProviderName => "AzureAdB2cExtranet";
protected override void ProcessCore(IdentityProvidersArgs args)
{
Assert.ArgumentNotNull(args, nameof(args));
var identityProvider = this.GetIdentityProvider();
var authenticationType = this.GetAuthenticationType();
string aadInstance = this.Settings.GetSetting("AzureAdB2cExtranet.AadInstance");
string policy = this.Settings.GetSetting("AzureAdB2cExtranet.Policy");
string tenant = this.Settings.GetSetting("AzureAdB2cExtranet.Tenant");
string clientId = this.Settings.GetSetting("AzureAdB2cExtranet.ClientId");
string postLogoutRedirectUri = this.Settings.GetSetting("AzureAdB2cExtranet.PostLogoutRedirectURI");
string redirectUri = this.Settings.GetSetting("AzureAdB2cExtranet.RedirectURI");
var authenticationOptions = new OpenIdConnectAuthenticationOptions
{
MetadataAddress = string.Format(CultureInfo.InvariantCulture, aadInstance, tenant, policy),
Caption = identityProvider.Caption,
AuthenticationType = authenticationType,
AuthenticationMode = AuthenticationMode.Passive,
ClientId = clientId,
PostLogoutRedirectUri = postLogoutRedirectUri,
RedirectUri = redirectUri,
Scope = "openid",
ResponseType = "id_token",
Notifications = new OpenIdConnectAuthenticationNotifications()
{
SecurityTokenValidated = message =>
{
var identity = message.AuthenticationTicket.Identity;
var claims = message.AuthenticationTicket.Identity.Claims.ToList();
// needed for external logout
identity.AddClaim(new Claim("id_token", message.ProtocolMessage.IdToken));
// apply Sitecore claims tranformations
message.AuthenticationTicket.Identity.ApplyClaimsTransformations(new TransformationContext(this.FederatedAuthenticationConfiguration, identityProvider));
message.AuthenticationTicket = new AuthenticationTicket(identity, message.AuthenticationTicket.Properties);
return Task.FromResult(0);
},
RedirectToIdentityProvider = message =>
{
// format redirect URI so Sitecore cleans up after itself
var revokeProperties = message.OwinContext.Authentication.AuthenticationResponseRevoke?.Properties?.Dictionary;
if (revokeProperties != null && revokeProperties.ContainsKey("nonce"))
{
var uri = new Uri(message.ProtocolMessage.PostLogoutRedirectUri);
var host = uri.GetComponents(UriComponents.SchemeAndServer, UriFormat.Unescaped);
var path = "/" + uri.GetComponents(UriComponents.Path, UriFormat.Unescaped);
var nonce = revokeProperties["nonce"];
// for single sign-out, Sitecore expects the URI used below with the nonce in the query string
// this URI was found in Sitecore.Owin.Authentication.Pipelines.Initialize.HandlePostLogoutUrl
message.ProtocolMessage.PostLogoutRedirectUri = $"{host}/identity/postexternallogout?ReturnUrl={path}&nonce={nonce}";
}
return Task.FromResult(0);
}
}
};
args.App.UseOpenIdConnectAuthentication(authenticationOptions);
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.