From b41383551e53911278eb47699cc7629d4c852e08 Mon Sep 17 00:00:00 2001 From: sbidy Date: Thu, 10 Jan 2019 15:27:09 +0100 Subject: [PATCH] Fix for #14 and #15 - using IAuthenticationContext --- privacyIDEAADFSProvider/Adapter.cs | 23 +++++++++++-------- .../AdapterPresentationForm.cs | 16 ++----------- privacyIDEAADFSProvider/AuthError.html | 5 ++++ privacyIDEAADFSProvider/AuthPage.html | 5 ---- 4 files changed, 21 insertions(+), 28 deletions(-) diff --git a/privacyIDEAADFSProvider/Adapter.cs b/privacyIDEAADFSProvider/Adapter.cs index feac938..fef797e 100644 --- a/privacyIDEAADFSProvider/Adapter.cs +++ b/privacyIDEAADFSProvider/Adapter.cs @@ -6,6 +6,7 @@ using System.Xml; using System.Diagnostics; using System.Xml.Serialization; +using System.Collections.Generic; // old b6483f285cb7b6eb // new bf6bdb60967d5ecc 1.3.2 @@ -19,7 +20,6 @@ public class Adapter : IAuthenticationAdapter // TODO: Create a property class private string privacyIDEAurl; public string privacyIDEArealm; - public string username; string transaction_id = ""; private bool ssl = true; private string token; @@ -52,13 +52,14 @@ public IAdapterPresentation BeginAuthentication(Claim identityClaim, HttpListene // seperates the username from the domain // TODO: Map the domain to the ID3A realm string[] tmp = identityClaim.Value.Split('\\'); + string username = ""; if(tmp.Length > 1) username = tmp[1]; else username = tmp[0]; // check if ssl is disabled in the config // TODO: Delete for security reasons if (!ssl) ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, sslPolicyErrors) => true; - // trigger challenge + // trigger challenge otp_prov = new OTPprovider(privacyIDEAurl); // get a new admin token for all requests if the an admin pw is defined // #2 @@ -71,8 +72,12 @@ public IAdapterPresentation BeginAuthentication(Claim identityClaim, HttpListene #endif transaction_id = otp_prov.triggerChallenge(username, privacyIDEArealm, token); } + // set vars to context - fix for 14 and 15 + authContext.Data.Add("userid", username); + authContext.Data.Add("realm", privacyIDEArealm); + authContext.Data.Add("transaction_id", transaction_id); - return new AdapterPresentationForm(false, uidefinition, username, privacyIDEArealm, transaction_id); + return new AdapterPresentationForm(false, uidefinition); } // TODO remove ? @@ -123,7 +128,7 @@ public void OnAuthenticationPipelineUnload() /// new instance of IAdapterPresentationForm derived class public IAdapterPresentation OnError(HttpListenerRequest request, ExternalAuthenticationException ex) { - return new AdapterPresentationForm(true, uidefinition, username, privacyIDEArealm, transaction_id); + return new AdapterPresentationForm(true, uidefinition); } /// /// Function call after the user hits submit - it proofs the values (OTP pin) @@ -149,7 +154,7 @@ public IAdapterPresentation TryEndAuthentication(IAuthenticationContext authCont else { //authentication not complete - return new instance of IAdapterPresentationForm derived class and the generic error message - return new AdapterPresentationForm(true, uidefinition, username, privacyIDEArealm, transaction_id); + return new AdapterPresentationForm(true, uidefinition); } } @@ -164,10 +169,10 @@ bool ValidateProofData(IProofData proofData, IAuthenticationContext authContext) try { string otpvalue = (string)proofData.Properties["otpvalue"]; - // fix for #14 - string session_user = (string)proofData.Properties["username"]; - string session_realm = (string)proofData.Properties["realm"]; - string transaction_id = (string)proofData.Properties["transaction_id"]; + // fix for #14 and #15 + string session_user = (string)authContext.Data["userid"]; + string session_realm = (string)authContext.Data["realm"]; + string transaction_id = (string)authContext.Data["transaction_id"]; // end fix #if DEBUG Debug.WriteLine(debugPrefix+"OTP Code: " + otpvalue + " User: " + session_user + " Server: " + session_realm + " Transaction_id: " + transaction_id); diff --git a/privacyIDEAADFSProvider/AdapterPresentationForm.cs b/privacyIDEAADFSProvider/AdapterPresentationForm.cs index e744f9c..101d7e7 100644 --- a/privacyIDEAADFSProvider/AdapterPresentationForm.cs +++ b/privacyIDEAADFSProvider/AdapterPresentationForm.cs @@ -1,5 +1,4 @@ using Microsoft.IdentityServer.Web.Authentication.External; -using System.Diagnostics; namespace privacyIDEAADFSProvider { @@ -7,17 +6,11 @@ class AdapterPresentationForm : IAdapterPresentationForm { public ADFSinterface[] inter; private bool error = false; - private string username = ""; - private string realm = ""; - private string id = ""; - - public AdapterPresentationForm(bool error, ADFSinterface[] adfsinter, string username, string realm, string id) + + public AdapterPresentationForm(bool error, ADFSinterface[] adfsinter) { this.error = error; this.inter = adfsinter; - this.username = username; - this.id = id; - this.realm = realm; } /// Returns the HTML Form fragment that contains the adapter user interface. This data will be included in the web page that is presented @@ -46,11 +39,6 @@ public string GetFormHtml(int lcid) } } } - // fix for #14 and 15 - htmlTemplate = htmlTemplate.Replace("#USER#", this.username); - htmlTemplate = htmlTemplate.Replace("#REALM#", this.realm); - htmlTemplate = htmlTemplate.Replace("#ID#", this.id); - // end fix if (error) { htmlTemplate = htmlTemplate.Replace("#ERROR#", errormessage); diff --git a/privacyIDEAADFSProvider/AuthError.html b/privacyIDEAADFSProvider/AuthError.html index 082f84a..35a40d2 100644 --- a/privacyIDEAADFSProvider/AuthError.html +++ b/privacyIDEAADFSProvider/AuthError.html @@ -4,6 +4,11 @@ + + + + +

Wrong One-Time-Password. Please try again!

diff --git a/privacyIDEAADFSProvider/AuthPage.html b/privacyIDEAADFSProvider/AuthPage.html index 20fa31e..66098b7 100644 --- a/privacyIDEAADFSProvider/AuthPage.html +++ b/privacyIDEAADFSProvider/AuthPage.html @@ -3,11 +3,6 @@ - - - - -

#ERROR#