diff --git a/src/Web/Masa.Auth.Web.Sso/Infrastructure/Consts/ClaimTypeConsts.cs b/src/Web/Masa.Auth.Web.Sso/Infrastructure/Consts/ClaimTypeConsts.cs new file mode 100644 index 00000000..8ad59c8e --- /dev/null +++ b/src/Web/Masa.Auth.Web.Sso/Infrastructure/Consts/ClaimTypeConsts.cs @@ -0,0 +1,13 @@ +// Copyright (c) MASA Stack All rights reserved. +// Licensed under the Apache License. See LICENSE.txt in the project root for license information. + +namespace Masa.Auth.Web.Sso.Infrastructure.Consts; + +public static class ClaimTypeConsts +{ + public const string IMPERSONATOR_USER_ID = $"{DEFAULT_PREFIX}/impersonatorUserId"; + + public const string DOMAIN_NAME = $"{DEFAULT_PREFIX}/domainName"; + + private const string DEFAULT_PREFIX = "https://masastack.com/security/identity/claims"; +} diff --git a/src/Web/Masa.Auth.Web.Sso/Infrastructure/Validations/ImpersonationGrantValidator.cs b/src/Web/Masa.Auth.Web.Sso/Infrastructure/Validations/ImpersonationGrantValidator.cs index 2167e0a3..d5c20852 100644 --- a/src/Web/Masa.Auth.Web.Sso/Infrastructure/Validations/ImpersonationGrantValidator.cs +++ b/src/Web/Masa.Auth.Web.Sso/Infrastructure/Validations/ImpersonationGrantValidator.cs @@ -8,8 +8,6 @@ public class ImpersonationGrantValidator : IExtensionGrantValidator IAuthClient _authClient; public string GrantType { get; } = BuildingBlocks.Authentication.OpenIdConnect.Models.Constans.GrantType.IMPERSONATION; - const string IMPERSONATOR_USER_ID = "https://masastack.com/security/identity/claims/impersonatorUserId"; - public ImpersonationGrantValidator(IAuthClient authClient) { _authClient = authClient; @@ -54,7 +52,7 @@ public async Task ValidateAsync(ExtensionGrantValidationContext context) if (!cacheItem.IsBackToImpersonator) { - claims.Add(new Claim(IMPERSONATOR_USER_ID, cacheItem.ImpersonatorUserId.ToString())); + claims.Add(new Claim(ClaimTypeConsts.IMPERSONATOR_USER_ID, cacheItem.ImpersonatorUserId.ToString())); } context.Result = new GrantValidationResult(cacheItem.TargetUserId.ToString(), "impersonation", claims); diff --git a/src/Web/Masa.Auth.Web.Sso/Infrastructure/Validations/LdapGrantValidator.cs b/src/Web/Masa.Auth.Web.Sso/Infrastructure/Validations/LdapGrantValidator.cs index bd1005eb..052f8152 100644 --- a/src/Web/Masa.Auth.Web.Sso/Infrastructure/Validations/LdapGrantValidator.cs +++ b/src/Web/Masa.Auth.Web.Sso/Infrastructure/Validations/LdapGrantValidator.cs @@ -79,7 +79,12 @@ public async Task ValidateAsync(ExtensionGrantValidationContext context) }); } - context.Result = new GrantValidationResult(authUser.Id.ToString(), "ldap"); + var claims = new List + { + new Claim(ClaimTypeConsts.DOMAIN_NAME, ldapUser.SamAccountName) + }; + + context.Result = new GrantValidationResult(authUser.Id.ToString(), "ldap", claims); } catch (Exception ex) { diff --git a/src/Web/Masa.Auth.Web.Sso/_Imports.cs b/src/Web/Masa.Auth.Web.Sso/_Imports.cs index ccb1a7a3..372efe44 100644 --- a/src/Web/Masa.Auth.Web.Sso/_Imports.cs +++ b/src/Web/Masa.Auth.Web.Sso/_Imports.cs @@ -24,6 +24,7 @@ global using Masa.Auth.Web.Sso.Infrastructure; global using Masa.Auth.Web.Sso.Infrastructure.Aliyun; global using Masa.Auth.Web.Sso.Infrastructure.Attributes; +global using Masa.Auth.Web.Sso.Infrastructure.Consts; global using Masa.Auth.Web.Sso.Infrastructure.Events; global using Masa.Auth.Web.Sso.Infrastructure.Options; global using Masa.Auth.Web.Sso.Infrastructure.Services;