private static IClaimsPrincipal GetClaimsIdentity(RequestSecurityTokenResponse rstr) { var rstrXml = rstr.RequestedSecurityToken.SecurityTokenXml; var xnm = new XmlNamespaceManager(rstrXml.OwnerDocument.NameTable); xnm.AddNamespace(Microsoft.IdentityModel.Tokens.Saml2.Saml2Constants.Prefix, Microsoft.IdentityModel.Tokens.Saml2.Saml2Constants.Namespace); XNamespace ast = "urn:oasis:names:tc:SAML:2.0:assertion"; var xElement = ToXElement(rstrXml); var xAssertionElement = xElement.Element(ast + "Assertion"); if (xAssertionElement != null) { var xAttributeStatement = xAssertionElement.Element(ast + "AttributeStatement"); if (xAttributeStatement != null) { var xAttributes = xAttributeStatement.Elements(ast + "Attribute"); IClaimsIdentity claimsIdentity = new Microsoft.IdentityModel.Claims.ClaimsIdentity(); foreach (var element in xAttributes) { var claimType = element.Attribute("NameFormat") + "/" + element.Attribute("Name"); var value = element.Value; var xAttribute = element.Attribute("Name"); if (xAttribute != null && xAttribute.Value == "urn:FirstName") { claimsIdentity.Claims.Add(new Microsoft.IdentityModel.Claims.Claim(ClaimTypes.Name, element.Value)); } claimsIdentity.Claims.Add(new Microsoft.IdentityModel.Claims.Claim(claimType, value ?? "")); } var claimsIdentitycol = new ClaimsIdentityCollection(new[] { claimsIdentity }); return(Microsoft.IdentityModel.Claims.ClaimsPrincipal.CreateFromIdentities(claimsIdentitycol)); } } return(null); }
public ActionResult IssueResponse() { if (Request.Form.HasKeys()) { if (Request.Form["SAMLResponse"] != null) { var samlResponse = Request.Form["SAMLResponse"]; var responseDecoded = Encoding.UTF8.GetString(Convert.FromBase64String(HttpUtility.HtmlDecode(samlResponse))); Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken token; using (var sr = new StringReader(responseDecoded)) { using (var reader = XmlReader.Create(sr)) { reader.ReadToFollowing("Assertion", "urn:oasis:names:tc:SAML:2.0:assertion"); var coll = Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection(); token = (Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken)coll.ReadToken(reader.ReadSubtree()); } } var realm = token.Assertion.Conditions.AudienceRestrictions[0].Audiences[0].ToString(); var issuer = token.Assertion.Issuer.Value; var rstr = new RequestSecurityTokenResponse { TokenType = Constants.TokenKeys.TokenType, RequestType = Constants.TokenKeys.RequestType, KeyType = Constants.TokenKeys.KeyType, Lifetime = new Lifetime(token.Assertion.IssueInstant, token.Assertion.Conditions.NotOnOrAfter), AppliesTo = new System.ServiceModel.EndpointAddress(new Uri(realm)), RequestedSecurityToken = new RequestedSecurityToken(GetElement(responseDecoded)) }; var principal = GetClaimsIdentity(rstr); if (principal != null) { var claimsPrinciple = Microsoft.IdentityModel.Claims.ClaimsPrincipal.CreateFromPrincipal(principal); var requestMessage = new Microsoft.IdentityModel.Protocols.WSFederation.SignInRequestMessage(new Uri("http://foo"), realm); var ipc = new SamlTokenServiceConfiguration(issuer); SecurityTokenService identityProvider = new SamlTokenService(ipc); var responseMessage = Microsoft.IdentityModel.Web.FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, claimsPrinciple, identityProvider); new SignInSessionsManager(HttpContext, _cookieName, ConfigurationRepository.Global.MaximumTokenLifetime).AddEndpoint(responseMessage.BaseUri.AbsoluteUri); Microsoft.IdentityModel.Web.FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, System.Web.HttpContext.Current.Response); } //return new EmptyResult(); } var fam = new WSFederationAuthenticationModule { FederationConfiguration = new FederationConfiguration() }; if (fam.CanReadSignInResponse(Request)) { var responseMessage = fam.GetSignInResponseMessage(Request); return ProcessSignInResponse(responseMessage, fam.GetSecurityToken(Request)); } } return View("Error"); }
private static IClaimsPrincipal GetClaimsIdentity(RequestSecurityTokenResponse rstr) { var rstrXml = rstr.RequestedSecurityToken.SecurityTokenXml; var xnm = new XmlNamespaceManager(rstrXml.OwnerDocument.NameTable); xnm.AddNamespace(Microsoft.IdentityModel.Tokens.Saml2.Saml2Constants.Prefix, Microsoft.IdentityModel.Tokens.Saml2.Saml2Constants.Namespace); XNamespace ast = "urn:oasis:names:tc:SAML:2.0:assertion"; var xElement = ToXElement(rstrXml); var xAssertionElement = xElement.Element(ast + "Assertion"); if (xAssertionElement != null) { var xAttributeStatement = xAssertionElement.Element(ast + "AttributeStatement"); if (xAttributeStatement != null) { var xAttributes = xAttributeStatement.Elements(ast + "Attribute"); IClaimsIdentity claimsIdentity = new Microsoft.IdentityModel.Claims.ClaimsIdentity(); foreach (var element in xAttributes) { var claimType = element.Attribute("NameFormat") + "/" + element.Attribute("Name"); var value = element.Value; var xAttribute = element.Attribute("Name"); if (xAttribute != null && xAttribute.Value == "urn:FirstName") claimsIdentity.Claims.Add(new Microsoft.IdentityModel.Claims.Claim(ClaimTypes.Name, element.Value)); claimsIdentity.Claims.Add(new Microsoft.IdentityModel.Claims.Claim(claimType, value ?? "")); } var claimsIdentitycol = new ClaimsIdentityCollection(new[] { claimsIdentity }); return Microsoft.IdentityModel.Claims.ClaimsPrincipal.CreateFromIdentities(claimsIdentitycol); } } return null; }
public ActionResult IssueResponse() { if (Request.Form.HasKeys()) { if (Request.Form["SAMLResponse"] != null) { var samlResponse = Request.Form["SAMLResponse"]; var responseDecoded = Encoding.UTF8.GetString(Convert.FromBase64String(HttpUtility.HtmlDecode(samlResponse))); Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken token; using (var sr = new StringReader(responseDecoded)) { using (var reader = XmlReader.Create(sr)) { reader.ReadToFollowing("Assertion", "urn:oasis:names:tc:SAML:2.0:assertion"); var coll = Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection(); token = (Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken)coll.ReadToken(reader.ReadSubtree()); } } var realm = token.Assertion.Conditions.AudienceRestrictions[0].Audiences[0].ToString(); var issuer = token.Assertion.Issuer.Value; var rstr = new RequestSecurityTokenResponse { TokenType = Constants.TokenKeys.TokenType, RequestType = Constants.TokenKeys.RequestType, KeyType = Constants.TokenKeys.KeyType, Lifetime = new Lifetime(token.Assertion.IssueInstant, token.Assertion.Conditions.NotOnOrAfter), AppliesTo = new System.ServiceModel.EndpointAddress(new Uri(realm)), RequestedSecurityToken = new RequestedSecurityToken(GetElement(responseDecoded)) }; var principal = GetClaimsIdentity(rstr); if (principal != null) { var claimsPrinciple = Microsoft.IdentityModel.Claims.ClaimsPrincipal.CreateFromPrincipal(principal); var requestMessage = new Microsoft.IdentityModel.Protocols.WSFederation.SignInRequestMessage(new Uri("http://foo"), realm); var ipc = new SamlTokenServiceConfiguration(issuer); SecurityTokenService identityProvider = new SamlTokenService(ipc); var responseMessage = Microsoft.IdentityModel.Web.FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, claimsPrinciple, identityProvider); new SignInSessionsManager(HttpContext, _cookieName, ConfigurationRepository.Global.MaximumTokenLifetime).AddEndpoint(responseMessage.BaseUri.AbsoluteUri); Microsoft.IdentityModel.Web.FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, System.Web.HttpContext.Current.Response); } //return new EmptyResult(); } var fam = new WSFederationAuthenticationModule { FederationConfiguration = new FederationConfiguration() }; if (fam.CanReadSignInResponse(Request)) { var responseMessage = fam.GetSignInResponseMessage(Request); return(ProcessSignInResponse(responseMessage, fam.GetSecurityToken(Request))); } } return(View("Error")); }