public XmlDocument EndpointMapSamlRequest(Endpoint endpoint)
{
AuthnRequestType request = new AuthnRequestType
{
ID = Helper.GuidAsIdString(endpoint.Id),
Version = Saml.Names.SAMLVersion,
ProviderName = endpoint.Description,
Destination = endpoint.Login,
IssueInstant = DateTime.UtcNow,
Issuer = new NameIDType {
Value = endpoint.Requestor
},
AssertionConsumerServiceURL = endpoint.Requestor,
ProtocolBinding = Saml.Names.SAMLNamesProtocolBindingPOST,
ForceAuthn = false, ForceAuthnSpecified = true, //When ForceAuthn true, user will be forced to re-authenticate, even if valid session
IsPassive = false, IsPassiveSpecified = true, //When IsPassive true, authenticate user silently, without user interaction, using the session cookie if one exists
Subject = new SubjectType
{
Items = new object[] {
new NameIDType {
Value = endpoint.Id, Format = Saml.Names.SAMLNamesFormatIssuerEntity
},
new SubjectConfirmationType
{
Method = Saml.Names.SAMLNamesSubjectConfirmationBaerer,
SubjectConfirmationData = new SubjectConfirmationDataType
{
NotOnOrAfter = DateTime.UtcNow.AddMinutes(Saml.Names.SAMLAssertionExpirationMinutes),
Recipient = endpoint.Requestor
}
}
}
},
Conditions = new ConditionsType
{
NotBefore = DateTime.UtcNow, NotBeforeSpecified = true,
NotOnOrAfter = DateTime.UtcNow.AddMinutes(Saml.Names.SAMLAssertionExpirationMinutes), NotOnOrAfterSpecified = true,
Items = new ConditionAbstractType[] { new AudienceRestrictionType {
Audience = new string[] { endpoint.Referrer }
} }
}
};
XmlDocument xmlRequest = Saml.Helper.SerializeAndSignSAMLType <AuthnRequestType>(request, request.ID);
return(xmlRequest);
}
public XmlDocument EndpointMapSamlResponseError(string statusMessage)
{
ResponseType response = new ResponseType
{
ID = Helper.GuidAsIdString(),
Version = Saml.Names.SAMLVersion,
IssueInstant = DateTime.UtcNow,
Issuer = new NameIDType {
Value = Saml.Names.SAMLMessageDefaultIssuer, Format = Saml.Names.SAMLNamesFormatBasic
},
Status = new StatusType {
StatusCode = new StatusCodeType {
Value = Saml.Names.SAMLNamesStatusFailed
}, StatusMessage = statusMessage
}
};
XmlDocument xmlResponse = Saml.Helper.SerializeAndSignSAMLType <ResponseType>(response, response.ID);
return(xmlResponse);
}
public XmlDocument EndpointMapSamlResponse(Endpoint endpoint, AttributeType[] claims)
{
string subjectId = claims.FirstOrDefault(c => c.FriendlyName == Names.MapCredentialUniqueId)?.AttributeValue[Names.DataSingleValue]?.ToString() ?? string.Empty;
AssertionType assertion = new AssertionType
{
ID = Helper.GuidAsIdString(endpoint.Id),
Version = Saml.Names.SAMLVersion,
IssueInstant = DateTime.UtcNow,
Issuer = new NameIDType {
Value = endpoint.Id, Format = Saml.Names.SAMLNamesFormatIssuerEntity
},
Conditions = new ConditionsType
{
NotBefore = DateTime.UtcNow, NotBeforeSpecified = true,
NotOnOrAfter = DateTime.UtcNow.AddMinutes(Saml.Names.SAMLAssertionExpirationMinutes), NotOnOrAfterSpecified = true,
Items = new ConditionAbstractType[] { new AudienceRestrictionType {
Audience = new[] { endpoint.Requestor }
}, new OneTimeUseType {
} }
},
Subject = new SubjectType
{
Items = new object[] {
new NameIDType {
Value = subjectId, Format = Saml.Names.SAMLNamesFormatIssuerEntity
},
new SubjectConfirmationType
{
Method = Saml.Names.SAMLNamesSubjectConfirmationBaerer,
SubjectConfirmationData = new SubjectConfirmationDataType
{
NotOnOrAfter = DateTime.UtcNow.AddMinutes(Saml.Names.SAMLAssertionExpirationMinutes),
Recipient = endpoint.Requestor
}
}
}
},
Items = new StatementAbstractType[] {
new AttributeStatementType {
Items = claims
},
new AuthnStatementType
{
AuthnInstant = DateTime.UtcNow,
SessionIndex = endpoint.Id,
AuthnContext = new AuthnContextType
{
Items = new object[] { Saml.Names.SAMLNamesContextClassPassword },
ItemsElementName = new[] { ItemsChoiceAuthnContext.AuthnContextClassRef }
}
}
}
};
ResponseType response = new ResponseType
{
ID = Helper.GuidAsIdString(),
Version = Saml.Names.SAMLVersion,
IssueInstant = DateTime.UtcNow,
Destination = endpoint.Requestor,
Issuer = new NameIDType {
Value = endpoint.Responder, Format = Saml.Names.SAMLNamesFormatIssuerEntity
},
Status = new StatusType {
StatusCode = new StatusCodeType {
Value = Saml.Names.SAMLNamesStatusSuccess
}
},
Items = new[] { assertion }
};
XmlDocument xmlResponse = Saml.Helper.SerializeAndSignSAMLType <ResponseType>(response, response.ID);
return(xmlResponse);
}
