Skip to content

Commit

Permalink
Fix sign-in of users failing if LDAPCP configuration does not exist
Browse files Browse the repository at this point in the history
  • Loading branch information
@Yvand
Yvand committed Dec 13, 2018
1 parent f72cb63 commit 09b14aa
Showing 1 changed file with 25 additions and 19 deletions.
44 changes: 25 additions & 19 deletions LDAPCP/LDAPCP.cs
View file
Expand Up @@ -1695,15 +1695,17 @@ protected override void FillSchema(Microsoft.SharePoint.WebControls.SPProviderSc
/// <returns></returns>
public override string GetClaimTypeForUserKey()
{
ClaimsProviderLogging.LogDebug(String.Format("[{0}] GetClaimTypeForUserKey called", ProviderInternalName));

if (!Initialize(null, null))
return null;
// Initialization may fail because there is no yet configuration (fresh install)
// In this case, LDAPCP should not return null because it causes null exceptions in SharePoint when users sign-in
Initialize(null, null);

this.Lock_Config.EnterReadLock();
try
{
return IdentityClaimTypeConfig.ClaimType;
if (SPTrust == null)
return String.Empty;

return SPTrust.IdentityClaimTypeInformation.MappedClaimType;
}
catch (Exception ex)
{
Expand All @@ -1723,26 +1725,30 @@ public override string GetClaimTypeForUserKey()
/// <returns></returns>
protected override SPClaim GetUserKeyForEntity(SPClaim entity)
{
ClaimsProviderLogging.LogDebug(String.Format("[{0}] GetUserKeyForEntity called, incoming claim value: \"{1}\", claim type: \"{2}\", claim issuer: \"{3}\"", ProviderInternalName, entity.Value, entity.ClaimType, entity.OriginalIssuer));

if (!Initialize(null, null))
return null;

// There are 2 scenarios:
// 1: OriginalIssuer is "SecurityTokenService": Value looks like "05.t|yvanhost|yvand@yvanhost.local", claim type is "http://schemas.microsoft.com/sharepoint/2009/08/claims/userid" and it must be decoded properly
// 2: OriginalIssuer is LDAPCP: in this case incoming entity is valid and returned as is
if (String.Equals(entity.OriginalIssuer, IssuerName, StringComparison.InvariantCultureIgnoreCase))
return entity;

SPClaimProviderManager cpm = SPClaimProviderManager.Local;
SPClaim curUser = SPClaimProviderManager.DecodeUserIdentifierClaim(entity);
// Initialization may fail because there is no yet configuration (fresh install)
// In this case, LDAPCP should not return null because it causes null exceptions in SharePoint when users sign-in
bool initSucceeded = Initialize(null, null);

this.Lock_Config.EnterReadLock();
try
{
// If initialization failed but SPTrust is not null, rest of the method can be executed normally
// Otherwise return the entity
if (!initSucceeded && SPTrust == null)
return entity;

// There are 2 scenarios:
// 1: OriginalIssuer is "SecurityTokenService": Value looks like "05.t|yvanhost|yvand@yvanhost.local", claim type is "http://schemas.microsoft.com/sharepoint/2009/08/claims/userid" and it must be decoded properly
// 2: OriginalIssuer is LDAPCP: in this case incoming entity is valid and returned as is
if (String.Equals(entity.OriginalIssuer, IssuerName, StringComparison.InvariantCultureIgnoreCase))
return entity;

SPClaimProviderManager cpm = SPClaimProviderManager.Local;
SPClaim curUser = SPClaimProviderManager.DecodeUserIdentifierClaim(entity);

ClaimsProviderLogging.Log(String.Format("[{0}] Return user key for user \"{1}\"", ProviderInternalName, entity.Value),
TraceSeverity.Verbose, EventSeverity.Information, TraceCategory.Rehydration);
return CreateClaim(IdentityClaimTypeConfig.ClaimType, curUser.Value, curUser.ValueType);
return CreateClaim(SPTrust.IdentityClaimTypeInformation.MappedClaimType, curUser.Value, curUser.ValueType);
}
catch (Exception ex)
{
Expand Down

0 comments on commit 09b14aa

Please sign in to comment.