Created
October 17, 2018 21:36
-
-
Save karbyninc/f8121bf101c079b53e8e18be89132933 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System.Linq; | |
| using System.Security.Claims; | |
| using System.Threading.Tasks; | |
| using Microsoft.IdentityModel.Protocols; | |
| using Microsoft.Owin.Security; | |
| using Microsoft.Owin.Security.Notifications; | |
| using Microsoft.Owin.Security.OpenIdConnect; | |
| using Owin; | |
| using Sitecore.Owin.Authentication.Configuration; | |
| using Sitecore.Owin.Authentication.Pipelines.IdentityProviders; | |
| using Sitecore.Owin.Authentication.Services; | |
| using System.Collections.Generic; | |
| using Microsoft.Owin; | |
| namespace Foundation.Authentication | |
| { | |
| public class IdentityProviderProcessor : IdentityProvidersProcessor | |
| { | |
| private readonly FederatedAuthenticationConfiguration _configuration; | |
| //This was the identifier we specified in the configuration file. | |
| //Again, this can be whatever you wish to call it. | |
| protected override string IdentityProviderName => "idsrv"; | |
| public IdentityProviderProcessor(FederatedAuthenticationConfiguration federatedAuthenticationConfiguration) : base(federatedAuthenticationConfiguration) | |
| { | |
| _configuration = federatedAuthenticationConfiguration; | |
| } | |
| protected override void ProcessCore(IdentityProvidersArgs args) | |
| { | |
| var identityProvider = GetIdentityProvider(); | |
| var authenticationType = GetAuthenticationType(); | |
| var clientId = Sitecore.Configuration.Settings.GetSetting("ClientId"); | |
| var authority = Sitecore.Configuration.Settings.GetSetting("AuthenticationAuthority"); | |
| var redirectUri = Sitecore.Configuration.Settings.GetSetting("AuthenticationRedirectUri"); | |
| args.App.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions | |
| { | |
| Caption = identityProvider.Caption, | |
| Scope = "openid profile roles memberships functionalities", | |
| AuthenticationType = authenticationType, | |
| AuthenticationMode = AuthenticationMode.Active, | |
| ResponseType = "code id_token token", | |
| SignInAsAuthenticationType = "Cookies", | |
| ClientId = clientId, | |
| Authority = authority, | |
| RedirectUri = redirectUri, | |
| TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters | |
| { | |
| ValidateIssuer = true, | |
| ValidIssuer = authority | |
| }, | |
| Notifications = new OpenIdConnectAuthenticationNotifications | |
| { | |
| //SecurityTokenValidated allows you to write code after a token has passed validation and you have a Claims Identity | |
| SecurityTokenValidated = async n => | |
| { | |
| var nid = new ClaimsIdentity(n.AuthenticationTicket.Identity.AuthenticationType, "name", "role"); | |
| /* | |
| I wanted to get additional userinfo data by using our access token to retrieve data from the authority's /connect/userinfo endpoint. | |
| */ | |
| var userInfoClient = new Thinktecture.IdentityModel.Client.UserInfoClient(new System.Uri(n.Options.Authority + "/connect/userinfo"), n.ProtocolMessage.AccessToken); | |
| var userInfo = await userInfoClient.GetAsync(); | |
| var sidentity = n.AuthenticationTicket.Identity; | |
| userInfo.Claims.ToList().ForEach(ui => sidentity.AddClaim(new Claim(ui.Item1, ui.Item2))); | |
| //Retrieve the first and last name, and then the goal is to concatenate them for a "full name" property | |
| var firstName = ""; | |
| var lastName = ""; | |
| //Retrieve the claim given_name, and assign to first_name | |
| if (userInfo.Claims.ToList().FirstOrDefault(k => k.Item1 == "given_name") != null) | |
| firstName = userInfo.Claims.ToList().FirstOrDefault(k => k.Item1 == "given_name").Item2; | |
| //The claim "family_name" is what was getting returned from the info | |
| if (userInfo.Claims.ToList().FirstOrDefault(k => k.Item1 == "family_name") != null) | |
| lastName = userInfo.Claims.ToList().FirstOrDefault(k => k.Item1 == "family_name").Item2; | |
| //Add a custom claim, which is then transformed to the Sitecore FullName field. | |
| sidentity.AddClaim(new Claim("UserFullName", firstName + " " + lastName)); | |
| //Add another custom claim for comments, just to further demonstrate this: | |
| sidentity.AddClaim(new Claim("xComment", "My custom comment from claims that I added!")); | |
| //Apply transformations using our rules in the Sitecore.Owin.Authentication.Enabler.config | |
| foreach (var claimTransformationService in identityProvider.Transformations) | |
| claimTransformationService.Transform(sidentity, new TransformationContext(_configuration, identityProvider)); | |
| n.AuthenticationTicket = new AuthenticationTicket(sidentity, n.AuthenticationTicket.Properties); | |
| }, | |
| RedirectToIdentityProvider = n => | |
| { | |
| if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.LogoutRequest) | |
| { | |
| var idTokenHint = n.OwinContext.Authentication.User.FindFirst("id_token"); | |
| if (idTokenHint != null) | |
| { | |
| n.ProtocolMessage.IdTokenHint = idTokenHint.Value; | |
| n.OwinContext.Authentication.SignOut(); | |
| } | |
| } | |
| return Task.FromResult(0); | |
| } | |
| } | |
| }); | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment