/// <summary> /// Retrieve the ArtifactResponse object with the given SAMLv2 /// artifact. /// </summary> /// <param name="artifact">SAMLv2 artifact</param> /// <returns>ArtifactResponse object</returns> public ArtifactResponse GetArtifactResponse(Artifact artifact) { ArtifactResolve artifactResolve = new ArtifactResolve(this.ServiceProvider, artifact); ArtifactResponse artifactResponse = null; IdentityProvider idp = this.GetIdpFromArtifact(artifact); if (idp == null) { throw new ServiceProviderUtilityException(Resources.ServiceProviderUtilityIdpNotDeterminedFromArtifact); } string artifactResolutionSvcLoc = idp.GetArtifactResolutionServiceLocation(Saml2Constants.HttpSoapProtocolBinding); if (artifactResolutionSvcLoc == null) { throw new ServiceProviderUtilityException(Resources.ServiceProviderUtilityIdpArtifactResSvcLocNotDefined); } HttpWebRequest request = null; HttpWebResponse response = null; try { Uri artifactResolutionSvcUri = new Uri(artifactResolutionSvcLoc); request = (HttpWebRequest)WebRequest.Create(artifactResolutionSvcUri); XmlDocument artifactResolveXml = (XmlDocument)artifactResolve.XmlDom; if (idp.WantArtifactResolveSigned) { if (string.IsNullOrEmpty(this.ServiceProvider.SigningCertificateAlias)) { throw new ServiceProviderUtilityException(Resources.ServiceProviderUtilitySignFailedNoCertAlias); } else { Saml2Utils.SignXml( this.ServiceProvider.SigningCertificateAlias, artifactResolveXml, artifactResolve.Id, true); } } string soapMessage = Saml2Utils.CreateSoapMessage(artifactResolveXml.InnerXml); byte[] byteArray = Encoding.UTF8.GetBytes(soapMessage); request.ContentType = "text/xml"; request.ContentLength = byteArray.Length; request.AllowAutoRedirect = false; request.Method = "POST"; Stream requestStream = request.GetRequestStream(); requestStream.Write(byteArray, 0, byteArray.Length); requestStream.Close(); StringBuilder logMessage = new StringBuilder(); logMessage.Append("ArtifactResolve:\r\n").Append(artifactResolveXml.OuterXml); FedletLogger.Info(logMessage.ToString()); response = (HttpWebResponse)request.GetResponse(); StreamReader streamReader = new StreamReader(response.GetResponseStream()); string responseContent = streamReader.ReadToEnd(); streamReader.Close(); XmlDocument soapResponse = new XmlDocument(); soapResponse.PreserveWhitespace = true; soapResponse.LoadXml(responseContent); XmlNamespaceManager soapNsMgr = new XmlNamespaceManager(soapResponse.NameTable); soapNsMgr.AddNamespace("soap", "http://schemas.xmlsoap.org/soap/envelope/"); soapNsMgr.AddNamespace("samlp", "urn:oasis:names:tc:SAML:2.0:protocol"); soapNsMgr.AddNamespace("saml", "urn:oasis:names:tc:SAML:2.0:assertion"); soapNsMgr.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#"); XmlElement root = soapResponse.DocumentElement; XmlNode responseXml = root.SelectSingleNode("/soap:Envelope/soap:Body/samlp:ArtifactResponse", soapNsMgr); string artifactResponseXml = responseXml.OuterXml; artifactResponse = new ArtifactResponse(artifactResponseXml); if (artifactResolve.Id != artifactResponse.InResponseTo) { throw new Saml2Exception(Resources.ArtifactResolutionInvalidInResponseTo); } } catch (WebException we) { throw new ServiceProviderUtilityException(Resources.ArtifactResolutionWebException, we); } finally { if (response != null) { response.Close(); } } return artifactResponse; }
/// <summary> /// Retrieve the ArtifactResponse object with the given SAMLv2 /// artifact. /// </summary> /// <param name="artifact">SAMLv2 artifact</param> /// <returns>ArtifactResponse object</returns> public ArtifactResponse GetArtifactResponse(Artifact artifact) { ArtifactResolve artifactResolve = new ArtifactResolve(this.ServiceProvider, artifact); ArtifactResponse artifactResponse = null; IdentityProvider idp = this.GetIdpFromArtifact(artifact); if (idp == null) { throw new ServiceProviderUtilityException(Resources.ServiceProviderUtilityIdpNotDeterminedFromArtifact); } string artifactResolutionSvcLoc = idp.GetArtifactResolutionServiceLocation(Saml2Constants.HttpSoapProtocolBinding); if (artifactResolutionSvcLoc == null) { throw new ServiceProviderUtilityException(Resources.ServiceProviderUtilityIdpArtifactResSvcLocNotDefined); } HttpWebRequest request = null; HttpWebResponse response = null; try { Uri artifactResolutionSvcUri = new Uri(artifactResolutionSvcLoc); if (artifactResolutionSvcUri.Scheme == "https") { System.Net.ServicePointManager.ServerCertificateValidationCallback += delegate(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certificate, System.Security.Cryptography.X509Certificates.X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors) { if (ServiceProvider.TrustAllCerts || sslPolicyErrors.HasFlag(System.Net.Security.SslPolicyErrors.None)) { return true; } StringBuilder logErrorMessage = new StringBuilder(); logErrorMessage.Append("SSLPolicyError: ").Append(sslPolicyErrors); FedletLogger.Error(logErrorMessage.ToString()); return false; }; } request = (HttpWebRequest)WebRequest.Create(artifactResolutionSvcUri); string authCertAlias = ConfigurationManager.AppSettings[Saml2Constants.MutualAuthCertAlias]; if (artifactResolutionSvcUri.Scheme == "https" && !string.IsNullOrWhiteSpace(authCertAlias)) { X509Certificate2 cert = FedletCertificateFactory.GetCertificateByFriendlyName(authCertAlias); if (cert != null) { request.ClientCertificates.Add(cert); } } XmlDocument artifactResolveXml = (XmlDocument)artifactResolve.XmlDom; if (idp.WantArtifactResolveSigned) { if (string.IsNullOrEmpty(this.ServiceProvider.SigningCertificateAlias)) { throw new ServiceProviderUtilityException(Resources.ServiceProviderUtilitySignFailedNoCertAlias); } else { Saml2Utils.SignXml( this.ServiceProvider.SigningCertificateAlias, artifactResolveXml, artifactResolve.Id, true, this.ServiceProvider); } } string soapMessage = Saml2Utils.CreateSoapMessage(artifactResolveXml.InnerXml); byte[] byteArray = Encoding.UTF8.GetBytes(soapMessage); request.ContentType = "text/xml"; request.ContentLength = byteArray.Length; request.AllowAutoRedirect = false; request.Method = "POST"; Stream requestStream = request.GetRequestStream(); requestStream.Write(byteArray, 0, byteArray.Length); requestStream.Close(); StringBuilder logMessage = new StringBuilder(); logMessage.Append("ArtifactResolve:\r\n").Append(artifactResolveXml.OuterXml); FedletLogger.Info(logMessage.ToString()); response = (HttpWebResponse)request.GetResponse(); StreamReader streamReader = new StreamReader(response.GetResponseStream()); string responseContent = streamReader.ReadToEnd(); streamReader.Close(); XmlDocument soapResponse = new XmlDocument(); soapResponse.PreserveWhitespace = true; soapResponse.LoadXml(responseContent); XmlNamespaceManager soapNsMgr = new XmlNamespaceManager(soapResponse.NameTable); soapNsMgr.AddNamespace("soap", "http://schemas.xmlsoap.org/soap/envelope/"); soapNsMgr.AddNamespace("samlp", "urn:oasis:names:tc:SAML:2.0:protocol"); soapNsMgr.AddNamespace("saml", "urn:oasis:names:tc:SAML:2.0:assertion"); soapNsMgr.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#"); XmlElement root = soapResponse.DocumentElement; XmlNode responseXml = root.SelectSingleNode("/soap:Envelope/soap:Body/samlp:ArtifactResponse", soapNsMgr); string artifactResponseXml = responseXml.OuterXml; artifactResponse = new ArtifactResponse(artifactResponseXml); if (artifactResolve.Id != artifactResponse.InResponseTo) { throw new Saml2Exception(Resources.ArtifactResolutionInvalidInResponseTo); } } catch (WebException we) { throw new ServiceProviderUtilityException(Resources.ArtifactResolutionWebException, we); } finally { if (response != null) { response.Close(); } } return artifactResponse; }