/// <summary>
/// Creates a saml authentication request
/// </summary>
/// <param name="authnRequest">contains the authentication request properties</param>
/// <param name="signAlgorithm">algorithm to sign the saml request</param>
/// <returns>signed saml request</returns>
public string CreateSamlAuthnRequest(Saml2AuthnRequest authnRequest,
Cryptography.SigningAlgorithm signAlgorithm = Cryptography.SigningAlgorithm.SHA1withRSA)
{
if (!initialized)
{
throw new SamlCommunicationException("Init must be called first", SamlCommunicationType.SAMLCOMMUNICATION);
}
// load signing certificate
X509Certificate2 signingCertificate = certificate; // LoadCertificate();
// set creation time
TimeZone localZone = TimeZone.CurrentTimeZone;
authnRequest.IssueInstant = localZone.ToUniversalTime(DateTime.Now);
// make id -> hash the authn request make it unique
byte[] hash = crypto.Hash(authnRequest.ToXML(), Cryptography.HashTypes.SHA256);
authnRequest.ID = Convert.ToBase64String(hash);
// set signing algorithm
string signingAlgorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
if (signAlgorithm == Cryptography.SigningAlgorithm.SHA256withRSA)
{
signingAlgorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"; // TODO correct algorithm
}
string original;
string deflated = serializer.Deflate(authnRequest.ToXML(), out original);
// todo store authn request in storage!
archiver.SetObjectToArchive(authnRequest.ID, Convert.ToBase64String(Encoding.UTF8.GetBytes(authnRequest.ToXML())));
// SAMLResponse=value&RelayState=value&SigAlg=value
string toSign = "SAMLRequest=" + WebUtility.UrlEncode(deflated) // HttpUtility if in Webproject
+ "&RelayState=" + WebUtility.UrlEncode(authnRequest.ID)
+ "&SigAlg=" + WebUtility.UrlEncode(signingAlgorithm);
string signature = crypto.SignString(toSign, signingCertificate, signAlgorithm);
string request = authnRequest.Destination + "?" + toSign + "&Signature=" + WebUtility.UrlEncode(signature);
LogService.Log(LogService.LogType.Info, "CreateSamlAuthnRequest - authnRequest created: '" + request + "'");
return(request);
}
public void CreateAuthnRequstTest()
{
string xmlString = ReadFile(xmlFilename);
Saml2Serializer saml = new Saml2Serializer();
Cryptography crypto = new Cryptography();
Saml2AuthnRequest authn = new Saml2AuthnRequest();
AuthnRequest authnRequest = saml.ConvertXMLToAuthnRequestObject(xmlString);
authn.AssertionConsumerServiceURL = authnRequest.AssertionConsumerServiceURL;
authn.AttributeConsumingServiceIndex = authnRequest.AttributeConsumingServiceIndex;
authn.Destination = authnRequest.Destination;
authn.ForceAuthn = authnRequest.ForceAuthn;
authn.Issuer = authnRequest.Issuer;
authn.ProviderName = "HybridIssuer";
TimeZone localZone = TimeZone.CurrentTimeZone;
authn.IssueInstant = localZone.ToUniversalTime(DateTime.Now);
authn.ID = "65464-6546-6454889-3313";
string original;
string zipped = saml.Deflate(authn.ToXML(), out original);
string sigAlg = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
// SAMLResponse=value&RelayState=value&SigAlg=value
string toSign = "SAMLRequest=" + HttpUtility.UrlEncode(zipped, Encoding.UTF8)
+ "&RelayState=" + HttpUtility.UrlEncode("34bad366-f60b-4491-a462-230ea22423ad", Encoding.UTF8)
+ "&SigAlg=" + HttpUtility.UrlEncode(sigAlg, Encoding.UTF8);
//byte[] sig = saml.SignXML(xmlString);
//string signature = Convert.ToBase64String(sig);
string keystorePath = AppDomain.CurrentDomain.BaseDirectory + "\\Keys\\hybridissuer.pfx";
string keystorePassword = "******";
string friendlyName = "hybridissuer";
SamlCertificateController certController = new SamlCertificateController();
X509Certificate2 cert = certController.GetCertificate(friendlyName, keystorePath, keystorePassword);
string signature = crypto.SignString(toSign, cert, Cryptography.SigningAlgorithm.SHA1withRSA);
string request = authnRequest.Destination + "?" + toSign + "&Signature=" + HttpUtility.UrlEncode(signature, Encoding.UTF8);
}
