/// <summary> /// Removes an service provider from the list of recognized service providers. /// </summary> void removeBt_Command(object sender, CommandEventArgs e) { if (!string.IsNullOrEmpty(e.CommandName)) { IDPConfig.RemoveServiceProvider(e.CommandName); } }
private void CreateAuthenticationFailedResponse() { string entityId = request.Issuer.Value; Saml20MetadataDocument metadataDocument = IDPConfig.GetServiceProviderMetadata(entityId); IDPEndPointElement endpoint = metadataDocument.AssertionConsumerServiceEndpoints().Find(delegate(IDPEndPointElement e) { return(e.Binding == SAMLBinding.POST); }); if (endpoint == null) { Context.Response.Write(string.Format("'{0}' does not have a SSO endpoint that supports the POST binding.", entityId)); Context.Response.End(); return; } Response response = new Response(); response.Destination = endpoint.Url; response.Status = new Status(); response.Status.StatusCode = new StatusCode(); response.Status.StatusCode.Value = Saml20Constants.StatusCodes.Requester; response.Status.StatusCode.SubStatusCode = new StatusCode(); response.Status.StatusCode.SubStatusCode.Value = Saml20Constants.StatusCodes.AuthnFailed; response.Status.StatusMessage = "Authentication failed. Username and/or password was incorrect."; HttpPostBindingBuilder builder = new HttpPostBindingBuilder(endpoint); builder.Action = SAMLAction.SAMLResponse; builder.Response = Serialization.SerializeToXmlString(response); builder.GetPage().ProcessRequest(Context); Context.Response.End(); }
void button_Command(object sender, CommandEventArgs e) { X509Certificate2Collection certs = GetCertificates(); // find the right one. X509Certificate2 IDPCertificate = null; foreach (X509Certificate2 cert in certs) { if (cert.Thumbprint == e.CommandName) { IDPCertificate = cert; break; } } if (IDPCertificate == null) { WriteWarning("An unknown error occurred when retrieving the certificate."); return; } if (!hasAccessToPrivateKey(IDPCertificate)) { return; } IDPConfig.SetCertificate(IDPCertificate, GetSelectedEnum <StoreName>(CertificateStoreDropDown), GetSelectedEnum <StoreLocation>(StoreLocationDropDown)); Response.Redirect("../Control.aspx"); }
private void CreateAssertionResponse(User user) { string entityId = request.Issuer.Value; Saml20MetadataDocument metadataDocument = IDPConfig.GetServiceProviderMetadata(entityId); IDPEndPointElement endpoint = metadataDocument.AssertionConsumerServiceEndpoints().Find(delegate(IDPEndPointElement e) { return(e.Binding == SAMLBinding.POST); }); if (endpoint == null) { Context.Response.Write(string.Format("'{0}' does not have a SSO endpoint that supports the POST binding.", entityId)); Context.Response.End(); return; } UserSessionsHandler.AddLoggedInSession(entityId); Response response = new Response(); response.Destination = endpoint.Url; response.InResponseTo = request.ID; response.Status = new Status(); response.Status.StatusCode = new StatusCode(); response.Status.StatusCode.Value = Saml20Constants.StatusCodes.Success; Assertion assertion = CreateAssertion(user, entityId); response.Items = new object[] { assertion }; // Serialize the response. XmlDocument assertionDoc = new XmlDocument(); assertionDoc.XmlResolver = null; assertionDoc.PreserveWhitespace = true; assertionDoc.LoadXml(Serialization.SerializeToXmlString(response)); // Sign the assertion inside the response message. var signatureProvider = SignatureProviderFactory.CreateFromShaHashingAlgorithmName(ShaHashingAlgorithm.SHA256); signatureProvider.SignAssertion(assertionDoc, assertion.ID, IDPConfig.IDPCertificate); HttpPostBindingBuilder builder = new HttpPostBindingBuilder(endpoint); builder.Action = SAMLAction.SAMLResponse; builder.Response = assertionDoc.OuterXml; builder.GetPage().ProcessRequest(Context); Context.Response.End(); }
private void PopulateSPList() { ReadyPanel.Visible = true; ServiceProviderList.Controls.Clear(); foreach (string entityID in IDPConfig.GetServiceProviderIdentifiers()) { Panel p = new Panel(); p.Style.Add(HtmlTextWriterStyle.MarginLeft, "10px"); p.Style.Add(HtmlTextWriterStyle.MarginTop, "4px"); p.Style.Add(HtmlTextWriterStyle.Color, "green"); p.Controls.Add(new LiteralControl(" - " + entityID + " ")); LinkButton removeBt = new LinkButton(); removeBt.Text = "remove"; removeBt.Command += removeBt_Command; removeBt.CommandName = entityID; p.Controls.Add(removeBt); ServiceProviderList.Controls.Add(p); } }
protected void UploadButton_Click(object sender, EventArgs e) { if (_fileupload.HasFile) { XmlDocument doc; try { doc = new XmlDocument(); doc.PreserveWhitespace = true; doc.Load(new StreamReader(_fileupload.FileContent, Encoding.UTF8)); } catch (Exception) { _statusLabel.Text = "Unable to load metadata. File contents were not recognized as XML."; return; } // Apparently updating the metadata. Remove old version. IDPConfig.AddServiceProvider(doc); PopulateSPList(); } }
protected void ClearCert_Click(object sender, EventArgs e) { IDPConfig.ClearCertificate(); VerifyConfiguration(); }
private void CreateAssertionResponse(User user) { string entityId = request.Issuer.Value; Saml20MetadataDocument metadataDocument = IDPConfig.GetServiceProviderMetadata(entityId); IDPEndPointElement endpoint = metadataDocument.AssertionConsumerServiceEndpoints().Find(delegate(IDPEndPointElement e) { return(e.Binding == SAMLBinding.POST); }); if (endpoint == null) { Context.Response.Write(string.Format("'{0}' does not have a SSO endpoint that supports the POST binding.", entityId)); Context.Response.End(); return; } UserSessionsHandler.AddLoggedInSession(entityId); Response response = new Response(); response.Destination = endpoint.Url; response.InResponseTo = request.ID; response.Status = new Status(); response.Status.StatusCode = new StatusCode(); response.Status.StatusCode.Value = Saml20Constants.StatusCodes.Success; var nameIdFormat = metadataDocument.Entity.Items.OfType <SPSSODescriptor>().SingleOrDefault()?.NameIDFormat.SingleOrDefault() ?? Saml20Constants.NameIdentifierFormats.Persistent; Assertion assertion = CreateAssertion(user, entityId, nameIdFormat); var signatureProvider = SignatureProviderFactory.CreateFromShaHashingAlgorithmName(ShaHashingAlgorithm.SHA256); EncryptedAssertion encryptedAssertion = null; var keyDescriptors = metadataDocument.Keys.Where(x => x.use == KeyTypes.encryption); if (keyDescriptors.Any()) { foreach (KeyDescriptor keyDescriptor in keyDescriptors) { KeyInfo ki = (KeyInfo)keyDescriptor.KeyInfo; foreach (KeyInfoClause clause in ki) { if (clause is KeyInfoX509Data) { X509Certificate2 cert = XmlSignatureUtils.GetCertificateFromKeyInfo((KeyInfoX509Data)clause); var spec = new DefaultCertificateSpecification(); string error; if (spec.IsSatisfiedBy(cert, out error)) { AsymmetricAlgorithm key = XmlSignatureUtils.ExtractKey(clause); AssertionEncryptionUtility.AssertionEncryptionUtility encryptedAssertionUtil = new AssertionEncryptionUtility.AssertionEncryptionUtility((RSA)key, assertion); // Sign the assertion inside the response message. signatureProvider.SignAssertion(encryptedAssertionUtil.Assertion, assertion.ID, IDPConfig.IDPCertificate); encryptedAssertionUtil.Encrypt(); encryptedAssertion = Serialization.DeserializeFromXmlString <EncryptedAssertion>(encryptedAssertionUtil.EncryptedAssertion.OuterXml); break; } } } if (encryptedAssertion != null) { break; } } if (encryptedAssertion == null) { throw new Exception("Could not encrypt. No valid certificates found."); } } if (encryptedAssertion != null) { response.Items = new object[] { encryptedAssertion }; } else { response.Items = new object[] { assertion }; } // Serialize the response. XmlDocument responseDoc = new XmlDocument(); responseDoc.XmlResolver = null; responseDoc.PreserveWhitespace = true; responseDoc.LoadXml(Serialization.SerializeToXmlString(response)); if (encryptedAssertion == null) { // Sign the assertion inside the response message. signatureProvider.SignAssertion(responseDoc, assertion.ID, IDPConfig.IDPCertificate); } HttpPostBindingBuilder builder = new HttpPostBindingBuilder(endpoint); builder.Action = SAMLAction.SAMLResponse; builder.Response = responseDoc.OuterXml; builder.GetPage().ProcessRequest(Context); Context.Response.End(); }