Skip to content
This repository has been archived by the owner on Jun 23, 2021. It is now read-only.

Commit

Permalink
Feature for #23 and #25 added. UPN or SAM can be used.
Browse files Browse the repository at this point in the history 
Confi-Extension
  • Loading branch information
@sbidy
sbidy committed Nov 7, 2019
1 parent 336099a commit 3d05443
Show file tree
Hide file tree
Showing 5 changed files with 66 additions and 9 deletions.
54 changes: 46 additions & 8 deletions privacyIDEAADFSProvider/Adapter.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,9 @@
using Claim = System.Security.Claims.Claim;
using System.IO;
using System.Text;
using System.Xml;
using System.Diagnostics;
using System.Xml.Serialization;
using System.Collections.Generic;
using System.DirectoryServices.AccountManagement;

// old b6483f285cb7b6eb
// new bf6bdb60967d5ecc 1.3.2
Expand All @@ -25,6 +24,7 @@ public class Adapter : IAuthenticationAdapter
private string token;
private string admin_user;
private string admin_pw;
private bool use_upn = false;
public ADFSinterface[] uidefinition;
private OTPprovider otp_prov;

Expand All @@ -51,15 +51,35 @@ public IAdapterPresentation BeginAuthentication(Claim identityClaim, HttpListene
#endif
// seperates the username from the domain
// TODO: Map the domain to the ID3A realm
string username, domain, upn;
string[] tmp = identityClaim.Value.Split('\\');
string username = "";
if(tmp.Length > 1) username = tmp[1];
else username = tmp[0];

if (tmp.Length > 1)
{
username = tmp[1];
domain = tmp[0];
if (use_upn)
// get UPN from sAMAccountName
upn = GetUserPrincipalName(username, domain);
else upn = "not configured";
}
else
{
username = tmp[0];
upn = tmp[0];
domain = privacyIDEArealm;
}
#if DEBUG
Debug.WriteLine(debugPrefix + " UPN value: " + upn + " Domain value: "+domain);
#endif
// check if ssl is disabled in the config
// TODO: Delete for security reasons
if (!ssl) ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, sslPolicyErrors) => true;

// trigger challenge
// use upn or sam as loginname attribute
if (use_upn) username = upn;

// trigger challenge
otp_prov = new OTPprovider(privacyIDEAurl);
// get a new admin token for all requests if the an admin pw is defined
// #2
Expand Down Expand Up @@ -107,6 +127,7 @@ public void OnAuthenticationPipelineLoad(IAuthenticationMethodConfigData configD
admin_pw = server_config.adminpw;
admin_user = server_config.adminuser;
ssl = server_config.ssl.ToLower() == "false" ? false : true;
use_upn = server_config.upn.ToLower() == "false" ? false : true;
privacyIDEArealm = server_config.realm;
privacyIDEAurl = server_config.url;
uidefinition = server_config.@interface;
Expand Down Expand Up @@ -189,7 +210,24 @@ bool ValidateProofData(IProofData proofData, IAuthenticationContext authContext)
throw new ExternalAuthenticationException("Error - can't validate the otp value", authContext);
}
}



private string GetUserPrincipalName(string userName, string domain)
{
// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain, domain);

// find a user
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, userName);

if (user != null)
{
return user.UserPrincipalName;
}
else
{
return null;
}
}

}
}
2 changes: 1 addition & 1 deletion privacyIDEAADFSProvider/AuthPage.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
<!-- End inputs are required by the presentation framework. -->
<p id="pageIntroductionText" style="color:red">#ERROR#</p>
<label for="otpvalue" class="block">#MESSAGE#</label>
<input id="otpvalue" name="otpvalue" type="password" value="" class="text" placeholder="OTP Token" size="30" />
<input id="otpvalue" name="otpvalue" type="password" value="" class="text" placeholder="OTP Token" size="35" />
<div id="submissionArea" class="submitMargin">
<input id="submitButton" type="submit" name="Submit" value="Submit" />
</div>
Expand Down
15 changes: 15 additions & 0 deletions privacyIDEAADFSProvider/config.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ public partial class ADFSserver
private string sslField;
private string adminuserField;
private string adminpwField;
private string upnField;
private ADFSinterface[] interfaceField;

/// <remarks/>
Expand Down Expand Up @@ -74,6 +75,20 @@ public string ssl
}
}

/// <remarks/>
[System.Xml.Serialization.XmlElementAttribute(Form = System.Xml.Schema.XmlSchemaForm.Unqualified)]
public string upn
{
get
{
return this.upnField;
}
set
{
this.upnField = value;
}
}

/// <remarks/>
[System.Xml.Serialization.XmlElementAttribute(Form = System.Xml.Schema.XmlSchemaForm.Unqualified)]
public string adminuser
Expand Down
2 changes: 2 additions & 0 deletions privacyIDEAADFSProvider/config.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@
<realm>adfs</realm>
<!-- false = ssl cert check disable / true = ssl cert check enabled -->
<ssl>false</ssl>
<!-- use UPN as Loginname Attribute / false = sAMAccountName will be used -->
<upn>false</upn>
<!--
Provide a administrative user and password for the API.
Only needed if a challenge must be triggered (e.g. Email or SMS token)!
Expand Down
2 changes: 2 additions & 0 deletions privacyIDEAADFSProvider/privacyIDEAADFSProvider.csproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,8 @@
</Reference>
<Reference Include="System" />
<Reference Include="System.Core" />
<Reference Include="System.DirectoryServices" />
<Reference Include="System.DirectoryServices.AccountManagement" />
<Reference Include="System.Runtime.Serialization" />
<Reference Include="System.Xml.Linq" />
<Reference Include="System.Data.DataSetExtensions" />
Expand Down

0 comments on commit 3d05443

Please sign in to comment.