Skip to content

Commit

Permalink
Merge pull request #10 from dina-heidar/dev
Browse files Browse the repository at this point in the history 
Resolve Saml cookie name issue
  • Loading branch information
@dina-heidar
dina-heidar authored Jul 23, 2023
2 parents 5929904 + cf207c1 commit 60a5ce3
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 7 deletions.
13 changes: 7 additions & 6 deletions src/saml2.authentication/Saml2Handler.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -171,7 +171,7 @@ protected override async Task<HandleRequestResult> HandleRemoteAuthenticateAsync
//since this is a solicited login (sent from challenge)
// we must compare the incoming 'InResponseTo' what we have in the cookie
var requestCookies = Request.Cookies;
var inResponseToCookieValue = requestCookies[requestCookies.Keys.FirstOrDefault(key => key.StartsWith(Options.Saml2Cookie.Name))];
var inResponseToCookieValue = requestCookies[requestCookies.Keys.FirstOrDefault(key => key.StartsWith(Options.Saml2CookieName))];

//cleanup and remove existing saml cookies
Response.DeleteAllSaml2RequestCookies(Context.Request, Options.Saml2CookieName);
Expand Down Expand Up @@ -430,13 +430,14 @@ protected override async Task HandleChallengeAsync(AuthenticationProperties prop
Response.DeleteAllSaml2RequestCookies(Context.Request, Options.Saml2CookieName);

//create cookie
Options.Saml2Cookie.Name = $"{Options.Saml2CookieName}.{(uint)relayState.GetHashCode()}";
var cookieName = $"{Options.Saml2CookieName}.{(uint)relayState.GetHashCode()}";

// append it to response
Response.Cookies.Append(Options.Saml2Cookie.Name, authnRequestId.Base64Encode(),
Response.Cookies.Append(cookieName, authnRequestId.Base64Encode(),
Options.Saml2Cookie.Build(Context));

_logger.CreateSignInRequest();

var samlRequest = saml2Message.CreateSignInRequest(Options, authnRequestId, relayState);
_logger.SignInRequestCreated();

Expand Down Expand Up @@ -560,7 +561,7 @@ protected virtual async Task<bool> HandleSignOutCallbackAsync()
//since this is a solicited login (sent from challenge)
// we must compare the incoming 'InResponseTo' what we have in the cookie
var requestCookies = Request.Cookies;
var inResponseToCookieValue = requestCookies[requestCookies.Keys.FirstOrDefault(key => key.StartsWith(Options.Saml2Cookie.Name))];
var inResponseToCookieValue = requestCookies[requestCookies.Keys.FirstOrDefault(key => key.StartsWith(Options.Saml2CookieName))];

//validate it is not a replay attack by comparing inResponseTo values
saml2Message.CheckIfReplayAttack(responseToken.InResponseTo, inResponseToCookieValue);
Expand Down Expand Up @@ -650,10 +651,10 @@ public virtual async Task SignOutAsync(AuthenticationProperties properties)
Response.DeleteAllSaml2RequestCookies(Context.Request, Options.Saml2CookieName);

//create cookie
Options.Saml2Cookie.Name = $"{Options.Saml2CookieName}.{(uint)relayState.GetHashCode()}";
var cookieName = $"{Options.Saml2CookieName}.{(uint)relayState.GetHashCode()}";

// append it to response
Response.Cookies.Append(Options.Saml2Cookie.Name, logoutRequestId.Base64Encode(),
Response.Cookies.Append(cookieName, logoutRequestId.Base64Encode(),
Options.Saml2Cookie.Build(Context));

//if logout is redirect
Expand Down
2 changes: 1 addition & 1 deletion src/saml2.authentication/saml2.authentication.csproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@
<PackageProjectUrl>https://saml2-authentication.readthedocs.io/en/latest/getting-started</PackageProjectUrl>
<RepositoryUrl>https://github.com/dina-heidar/saml2-authentication</RepositoryUrl>
<NeutralLanguage>en</NeutralLanguage>
<PackageReleaseNotes>Updated libraries, fixed create metedata bug</PackageReleaseNotes>
<PackageReleaseNotes>Saml2.Authentication</PackageReleaseNotes>
<RepositoryType>Git</RepositoryType>
<Title>Saml2.Authentication</Title>
<Copyright>Copyright Dina Heidar</Copyright>
Expand Down

0 comments on commit 60a5ce3

Please sign in to comment.