Last active
April 27, 2018 21:10
-
-
Save vbookie/bb36a069e8cd210c2f68d04b3368fd57 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Collections.Generic; | |
using System.Security.Claims; | |
using System.Threading.Tasks; | |
using Microsoft.IdentityModel.Protocols; | |
using Microsoft.Owin; | |
using Microsoft.Owin.Security.Notifications; | |
using Microsoft.Owin.Security.OpenIdConnect; | |
using Owin; | |
using Telerik.Sitefinity.Authentication; | |
using Telerik.Sitefinity.Authentication.Configuration.SecurityTokenService.ExternalProviders; | |
using Telerik.Sitefinity.Security.Claims; | |
namespace SitefinityWebApp.ExternalAuth | |
{ | |
public class CustomAuthenticationProvidersInitializer : AuthenticationProvidersInitializer | |
{ | |
public override Dictionary<string, Action<IAppBuilder, string, AuthenticationProviderElement>> GetAdditionalIdentityProviders() | |
{ | |
var providers = base.GetAdditionalIdentityProviders(); | |
// 'CustomSTS' is the name of the external authentication provider as configured in the Advanced settings | |
providers.Add("CustomSTS", (IAppBuilder app, string signInAsType, AuthenticationProviderElement providerConfig) => | |
{ | |
// You can add any parameter in the configuration. We use this as an example. | |
var clientId = providerConfig.GetParameter("clientId"); | |
var options = new OpenIdConnectAuthenticationOptions() | |
{ | |
ClientId = clientId, | |
Authority = "https://external-sts-address/", | |
AuthenticationType = providerConfig.Name, | |
SignInAsAuthenticationType = signInAsType, | |
// you can change the 'signin-customsts' part | |
CallbackPath = new PathString("/Sitefinity/Authenticate/OpenID/signin-customsts"), | |
RedirectUri = "http://yoursitefinitysite/Sitefinity/Authenticate/OpenID/signin-customsts", | |
PostLogoutRedirectUri = "http://yoursitefinitysite/", | |
ResponseType = "id_token", | |
Scope = "openid profile email", | |
Notifications = new OpenIdConnectAuthenticationNotifications() | |
{ | |
SecurityTokenValidated = n => this.SecurityTokenValidatedInternal(n), | |
} | |
}; | |
app.UseOpenIdConnectAuthentication(options); | |
}); | |
return providers; | |
} | |
private Task SecurityTokenValidatedInternal(SecurityTokenValidatedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification) | |
{ | |
// We have to enhance the identity, because the local STS works only with the following claims: | |
// SitefinityClaimTypes.ExternalUserEmail | |
// SitefinityClaimTypes.ExternalUserId | |
// SitefinityClaimTypes.ExternalUserName | |
// SitefinityClaimTypes.ExternalUserPictureUrl | |
// Note that only the SitefinityClaimTypes.ExternalUserEmail is required for successful authentication. The rest are optional. | |
var identity = notification.AuthenticationTicket.Identity; | |
var externalUserEmail = identity.FindFirst("email"); | |
if (externalUserEmail != null) | |
identity.AddClaim(new Claim(SitefinityClaimTypes.ExternalUserEmail, externalUserEmail.Value)); | |
var externalUserId = identity.FindFirst("sub"); | |
if (externalUserId != null) | |
identity.AddClaim(new Claim(SitefinityClaimTypes.ExternalUserId, externalUserId.Value)); | |
var externalUserName = identity.FindFirst("name"); | |
if (externalUserName != null) | |
identity.AddClaim(new Claim(SitefinityClaimTypes.ExternalUserName, externalUserName.Value)); | |
var externalUserPicture = identity.FindFirst("picture"); | |
if (externalUserPicture != null) | |
identity.AddClaim(new Claim(SitefinityClaimTypes.ExternalUserPictureUrl, externalUserPicture.Value)); | |
return Task.FromResult(0); | |
} | |
} | |
} | |
// Register the initializer the following way: | |
public class Global : System.Web.HttpApplication | |
{ | |
protected void Application_Start(object sender, EventArgs e) | |
{ | |
SystemManager.ApplicationStart += SystemManager_ApplicationStart; | |
} | |
private void SystemManager_ApplicationStart(object sender, EventArgs e) | |
{ | |
ObjectFactory.Container.RegisterType<AuthenticationProvidersInitializer, CustomAuthenticationProvidersInitializer>(new ContainerControlledLifetimeManager()); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment