/// <summary>
/// Initializes a new instance of the AuthnRequest class.
/// </summary>
/// <param name="identityProvider">
/// IdentityProvider to receive the AuthnRequest
/// </param>
/// <param name="serviceProvider">
/// ServiceProvider to issue the AuthnRequest
/// </param>
/// <param name="parameters">
/// NameValueCollection of varying parameters for use in the
/// construction of the AuthnRequest.
/// </param>
public AuthnRequest(IIdentityProvider identityProvider, IServiceProvider serviceProvider, NameValueCollection parameters)
{
m_xml = new XmlDocument {
PreserveWhitespace = true
};
m_nsMgr = new XmlNamespaceManager(m_xml.NameTable);
m_nsMgr.AddNamespace("saml", "urn:oasis:names:tc:SAML:2.0:assertion");
m_nsMgr.AddNamespace("samlp", "urn:oasis:names:tc:SAML:2.0:protocol");
Id = Saml2Utils.GenerateId();
IssueInstant = Saml2Utils.GenerateIssueInstant();
Issuer = serviceProvider.EntityId;
if (parameters != null)
{
AllowCreate = Saml2Utils.GetBoolean(parameters[Saml2Constants.AllowCreate]);
AssertionConsumerServiceIndex = parameters[Saml2Constants.AssertionConsumerServiceIndex];
Binding = parameters[Saml2Constants.Binding];
Consent = parameters[Saml2Constants.Consent];
Destination = parameters[Saml2Constants.Destination];
ForceAuthn = Saml2Utils.GetBoolean(parameters[Saml2Constants.ForceAuthn]);
IsPassive = Saml2Utils.GetBoolean(parameters[Saml2Constants.IsPassive]);
NameIDPolicyFormat = parameters[Saml2Constants.NameIDPolicyFormat];
}
if (string.IsNullOrEmpty(NameIDPolicyFormat))
{
NameIDPolicyFormat = Saml2Constants.NameIDPolicyFormatUnspecified;
}
string assertionConsumerSvcUrl = null;
if (!string.IsNullOrEmpty(Binding))
{
if (!string.IsNullOrEmpty(AssertionConsumerServiceIndex))
{
// find assertion consumer service location by binding and index.
assertionConsumerSvcUrl = serviceProvider.GetAssertionConsumerServiceLocation(Binding,
AssertionConsumerServiceIndex);
}
else
{
// find assertion consumer service location by binding only, using first found.
assertionConsumerSvcUrl = serviceProvider.GetAssertionConsumerServiceLocation(Binding);
}
}
// neither index nor binding, throw exception
if (string.IsNullOrEmpty(AssertionConsumerServiceIndex) && string.IsNullOrEmpty(assertionConsumerSvcUrl))
{
throw new Saml2Exception(Resources.AuthnRequestAssertionConsumerServiceNotDefined);
}
// If destination not specified, use SSO location by binding
if (string.IsNullOrEmpty(Destination))
{
Destination
= identityProvider.GetSingleSignOnServiceLocation(parameters[Saml2Constants.RequestBinding]);
if (string.IsNullOrEmpty(Destination))
{
// default to HttpRedirect
Destination = identityProvider.GetSingleSignOnServiceLocation(Saml2Constants.HttpRedirectProtocolBinding);
}
}
// Get RequestedAuthnContext if parameters are available...
RequestedAuthnContext reqAuthnContext = GetRequestedAuthnContext(serviceProvider, parameters);
// Generate the XML for the AuthnRequest...
var rawXml = new StringBuilder();
rawXml.Append("<samlp:AuthnRequest ");
rawXml.Append(" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"");
rawXml.Append(" ID=\"" + Id + "\"");
rawXml.Append(" Version=\"2.0\"");
rawXml.Append(" IssueInstant=\"" + IssueInstant + "\"");
rawXml.Append(" IsPassive=\"" + IsPassive.ToString().ToLower() + "\"");
rawXml.Append(" ForceAuthn=\"" + ForceAuthn.ToString().ToLower() + "\"");
if (!String.IsNullOrEmpty(Consent))
{
rawXml.Append(" Consent=\"" + Consent + "\"");
}
if (!String.IsNullOrEmpty(Destination))
{
rawXml.Append(" Destination=\"" + Destination + "\"");
}
if (!String.IsNullOrEmpty(assertionConsumerSvcUrl))
{
rawXml.Append(" ProtocolBinding=\"" + Binding + "\"");
rawXml.Append(" AssertionConsumerServiceURL=\"" + assertionConsumerSvcUrl + "\"");
}
else
{
rawXml.Append(" AssertionConsumerServiceIndex=\"" + AssertionConsumerServiceIndex + "\"");
}
rawXml.Append(">");
rawXml.Append("<saml:Issuer xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">" + serviceProvider.EntityId +
"</saml:Issuer>");
rawXml.Append("<samlp:NameIDPolicy Format=\"" + NameIDPolicyFormat + "\" AllowCreate=\"" + AllowCreate.ToString().ToLower() + "\" />");
if (reqAuthnContext != null)
{
rawXml.Append(reqAuthnContext.GenerateXmlString());
}
rawXml.Append("</samlp:AuthnRequest>");
m_xml.LoadXml(rawXml.ToString());
}
/// <summary>
/// Initializes a new instance of the AuthnRequest class.
/// </summary>
/// <param name="identityProvider">
/// IdentityProvider to receive the AuthnRequest
/// </param>
/// <param name="serviceProvider">
/// ServiceProvider to issue the AuthnRequest
/// </param>
/// <param name="parameters">
/// NameValueCollection of varying parameters for use in the
/// construction of the AuthnRequest.
/// </param>
/// <param name="saml2Utils">Utilities class</param>
public AuthnRequest(IIdentityProvider identityProvider, IServiceProvider serviceProvider, NameValueCollection parameters, Saml2Utils saml2Utils)
{
xml = new XmlDocument();
xml.PreserveWhitespace = true;
nsMgr = new XmlNamespaceManager(xml.NameTable);
nsMgr.AddNamespace("saml", "urn:oasis:names:tc:SAML:2.0:assertion");
nsMgr.AddNamespace("samlp", "urn:oasis:names:tc:SAML:2.0:protocol");
Id = saml2Utils.GenerateId();
IssueInstant = saml2Utils.GenerateIssueInstant();
Issuer = serviceProvider.EntityId;
if (parameters != null)
{
AllowCreate = saml2Utils.GetBoolean(parameters[Saml2Constants.AllowCreate]);
AssertionConsumerServiceIndex = parameters[Saml2Constants.AssertionConsumerServiceIndex];
Binding = parameters[Saml2Constants.Binding];
Consent = parameters[Saml2Constants.Consent];
Destination = parameters[Saml2Constants.Destination];
ForceAuthn = saml2Utils.GetBoolean(parameters[Saml2Constants.ForceAuthn]);
IsPassive = saml2Utils.GetBoolean(parameters[Saml2Constants.IsPassive]);
NameIDPolicyFormat = parameters[Saml2Constants.NameIDPolicyFormat];
}
string assertionConsumerSvcUrl = null;
if (!String.IsNullOrEmpty(Binding))
{
if (!String.IsNullOrEmpty(AssertionConsumerServiceIndex))
{
// find assertion consumer service location by binding and index.
assertionConsumerSvcUrl = serviceProvider.GetAssertionConsumerServiceLocation(Binding,
AssertionConsumerServiceIndex);
}
else
{
// find assertion consumer service location by binding only, using first found.
assertionConsumerSvcUrl = serviceProvider.GetAssertionConsumerServiceLocation(Binding);
}
}
// neither index nor binding, throw exception
if (String.IsNullOrEmpty(AssertionConsumerServiceIndex) && String.IsNullOrEmpty(assertionConsumerSvcUrl))
{
throw new Saml2Exception(Resources.AuthnRequestAssertionConsumerServiceNotDefined);
}
// If destination not specified, use SSO location by binding
if (string.IsNullOrEmpty(Destination))
{
Destination
= identityProvider.GetSingleSignOnServiceLocation(parameters[Saml2Constants.RequestBinding]);
if (string.IsNullOrEmpty(Destination))
{
// default to HttpRedirect
Destination = identityProvider.GetSingleSignOnServiceLocation(Saml2Constants.HttpRedirectProtocolBinding);
}
}
// Get RequestedAuthnContext if parameters are available...
RequestedAuthnContext reqAuthnContext = GetRequestedAuthnContext(serviceProvider, parameters);
// Generate the XML for the AuthnRequest...
var rawXml = new StringBuilder();
rawXml.Append("<samlp:AuthnRequest ");
rawXml.Append(" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"");
rawXml.Append(" ID=\"" + Id + "\"");
rawXml.Append(" Version=\"2.0\"");
rawXml.Append(" IssueInstant=\"" + IssueInstant + "\"");
rawXml.Append(" IsPassive=\"" + IsPassive.ToString().ToLower() + "\"");
rawXml.Append(" ForceAuthn=\"" + ForceAuthn.ToString().ToLower() + "\"");
if (!String.IsNullOrEmpty(Consent))
{
rawXml.Append(" Consent=\"" + Consent + "\"");
}
if (!String.IsNullOrEmpty(Destination))
{
rawXml.Append(" Destination=\"" + Destination + "\"");
}
if (!String.IsNullOrEmpty(assertionConsumerSvcUrl))
{
rawXml.Append(" ProtocolBinding=\"" + Binding + "\"");
rawXml.Append(" AssertionConsumerServiceURL=\"" + assertionConsumerSvcUrl + "\"");
}
else
{
rawXml.Append(" AssertionConsumerIndex=\"" + AssertionConsumerServiceIndex + "\"");
}
rawXml.Append(">");
rawXml.Append("<saml:Issuer xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">" + serviceProvider.EntityId +
"</saml:Issuer>");
rawXml.Append("<samlp:NameIDPolicy Format=\"" + NameIDPolicyFormat + "\" AllowCreate=\"" + AllowCreate.ToString().ToLower() + "\" />");
if (reqAuthnContext != null)
{
rawXml.Append(reqAuthnContext.GenerateXmlString());
}
rawXml.Append("</samlp:AuthnRequest>");
xml.LoadXml(rawXml.ToString());
}