Skip to content
This repository has been archived by the owner on Jun 23, 2021. It is now read-only.

Commit

Permalink
Added possible solution for #15 - but really dirty !
Browse files Browse the repository at this point in the history
  • Loading branch information
@sbidy
sbidy committed Dec 19, 2018
1 parent 3fc31c7 commit 48ea1c6
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 12 deletions.
12 changes: 7 additions & 5 deletions privacyIDEAADFSProvider/Adapter.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ public IAuthenticationAdapterMetadata Metadata
/// <returns>new instance of IAdapterPresentationForm</returns>
public IAdapterPresentation BeginAuthentication(Claim identityClaim, HttpListenerRequest request, IAuthenticationContext authContext)
{
string transaction_id = "";
// seperates the username from the domain
// TODO: Map the domain to the PI3A realm
string[] tmp = identityClaim.Value.Split('\\');
Expand All @@ -52,7 +53,7 @@ public IAdapterPresentation BeginAuthentication(Claim identityClaim, HttpListene
// check if ssl is disabled in the config
// TODO: Delete for security reasons
if (!ssl) ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, sslPolicyErrors) => true;

// trigger challenge
OTPprovider otp_prov = new OTPprovider(privacyIDEAurl);
// get a new admin token for all requests if the an admin pw is defined
Expand All @@ -64,10 +65,10 @@ public IAdapterPresentation BeginAuthentication(Claim identityClaim, HttpListene
#if DEBUG
Debug.WriteLine(debugPrefix + " User: " + username + " Server: " + privacyIDEArealm);
#endif
otp_prov.triggerChallenge(username, privacyIDEArealm, token);
transaction_id = otp_prov.triggerChallenge(username, privacyIDEArealm, token);
}

return new AdapterPresentationForm(uidefinition, username, privacyIDEArealm);
return new AdapterPresentationForm(uidefinition, username, privacyIDEArealm, transaction_id);
}

// TODO remove ?
Expand Down Expand Up @@ -162,12 +163,13 @@ bool ValidateProofData(IProofData proofData, IAuthenticationContext authContext)
// fix for #14
string session_user = (string)proofData.Properties["username"];
string session_realm = (string)proofData.Properties["realm"];
string transaction_id = (string)proofData.Properties["transaction_id"];
// end fix
OTPprovider otp_prov = new OTPprovider(privacyIDEAurl);
#if DEBUG
Debug.WriteLine(debugPrefix+"OTP Code: " + otpvalue + " User: " + session_user + " Server: " + session_realm);
Debug.WriteLine(debugPrefix+"OTP Code: " + otpvalue + " User: " + session_user + " Server: " + session_realm + " Transaction_id" + transaction_id);
#endif
return otp_prov.getAuthOTP(username, otpvalue, session_realm);
return otp_prov.getAuthOTP(session_user, otpvalue, session_realm, transaction_id);
}
catch
{
Expand Down
7 changes: 5 additions & 2 deletions privacyIDEAADFSProvider/AdapterPresentationForm.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,16 +9,18 @@ class AdapterPresentationForm : IAdapterPresentationForm
private bool error = false;
private string username = "";
private string realm = "";
private string id = "";

public AdapterPresentationForm(bool error, ADFSinterface[] adfsinter)
{
this.error = error;
this.inter = adfsinter;
}
public AdapterPresentationForm(ADFSinterface[] adfsinter, string username, string realm)
public AdapterPresentationForm(ADFSinterface[] adfsinter, string username, string realm, string id)
{
this.inter = adfsinter;
this.username = username;
this.id = id;
this.realm = realm;
}

Expand Down Expand Up @@ -48,9 +50,10 @@ public string GetFormHtml(int lcid)
}
}
}
// fix for #14
// fix for #14 and 15
htmlTemplate = htmlTemplate.Replace("#USER#", this.username);
htmlTemplate = htmlTemplate.Replace("#REALM#", this.realm);
htmlTemplate = htmlTemplate.Replace("#ID#", this.id);
// end fix
if (error)
{
Expand Down
16 changes: 11 additions & 5 deletions privacyIDEAADFSProvider/OTPprovider.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ public OTPprovider(string privacyIDEAurl)
/// <param name="OTPpin">PIN for validation</param>
/// <param name="realm">Domain/realm name</param>
/// <returns>true if the pin is correct</returns>
public bool getAuthOTP(string OTPuser, string OTPpin, string realm)
public bool getAuthOTP(string OTPuser, string OTPpin, string realm, string transaction_id)
{
string responseString = "";
try
Expand All @@ -46,10 +46,10 @@ public bool getAuthOTP(string OTPuser, string OTPpin, string realm)
{
{"pass", OTPpin},
{"user", OTPuser},
{"realm", realm}
{"realm", realm},
{"transaction_id", transaction_id}
});
responseString = Encoding.UTF8.GetString(response);
Debug.WriteLine(debugPrefix+getJsonNode(responseString, "message"));
}
return (getJsonNode(responseString, "status") == "true" && getJsonNode(responseString, "value") == "true");
}
Expand All @@ -65,8 +65,9 @@ public bool getAuthOTP(string OTPuser, string OTPpin, string realm)
/// <param name="OTPuser">User name for the token</param>
/// <param name="realm">Domain/realm name</param>
/// <param name="token">Admin token</param>
public void triggerChallenge(string OTPuser, string realm, string token)
public string triggerChallenge(string OTPuser, string realm, string token)
{
string responseString = "";
try
{
using (WebClient client = new WebClient())
Expand All @@ -78,12 +79,17 @@ public void triggerChallenge(string OTPuser, string realm, string token)
{ "user", OTPuser},
{ "realm ", realm},
});
Debug.WriteLine(debugPrefix + getJsonNode(Encoding.UTF8.GetString(response), "messages"));
responseString = Encoding.UTF8.GetString(response);
string transaction_id = getJsonNode(responseString, "transaction_ids");
// ToDo - not realy a solution if multible tocken enrolled!! For #15
if (transaction_id.Length > 20) return transaction_id.Remove(20);
else return transaction_id;
}
}
catch (WebException wex)
{
Debug.WriteLine(debugPrefix + wex);
return "";
}

}
Expand Down

0 comments on commit 48ea1c6

Please sign in to comment.