/// <summary>
/// Retrieve the ArtifactResponse object with the given SAMLv2
/// artifact.
/// </summary>
/// <param name="artifact">SAMLv2 artifact</param>
/// <returns>ArtifactResponse object</returns>
public ArtifactResponse GetArtifactResponse(Artifact artifact)
{
ArtifactResolve artifactResolve = new ArtifactResolve(this.ServiceProvider, artifact);
ArtifactResponse artifactResponse = null;
IdentityProvider idp = this.GetIdpFromArtifact(artifact);
if (idp == null)
{
throw new ServiceProviderUtilityException(Resources.ServiceProviderUtilityIdpNotDeterminedFromArtifact);
}
string artifactResolutionSvcLoc = idp.GetArtifactResolutionServiceLocation(Saml2Constants.HttpSoapProtocolBinding);
if (artifactResolutionSvcLoc == null)
{
throw new ServiceProviderUtilityException(Resources.ServiceProviderUtilityIdpArtifactResSvcLocNotDefined);
}
HttpWebRequest request = null;
HttpWebResponse response = null;
try
{
Uri artifactResolutionSvcUri = new Uri(artifactResolutionSvcLoc);
request = (HttpWebRequest)WebRequest.Create(artifactResolutionSvcUri);
XmlDocument artifactResolveXml = (XmlDocument)artifactResolve.XmlDom;
if (idp.WantArtifactResolveSigned)
{
if (string.IsNullOrEmpty(this.ServiceProvider.SigningCertificateAlias))
{
throw new ServiceProviderUtilityException(Resources.ServiceProviderUtilitySignFailedNoCertAlias);
}
else
{
Saml2Utils.SignXml(
this.ServiceProvider.SigningCertificateAlias,
artifactResolveXml,
artifactResolve.Id,
true);
}
}
string soapMessage = Saml2Utils.CreateSoapMessage(artifactResolveXml.InnerXml);
byte[] byteArray = Encoding.UTF8.GetBytes(soapMessage);
request.ContentType = "text/xml";
request.ContentLength = byteArray.Length;
request.AllowAutoRedirect = false;
request.Method = "POST";
Stream requestStream = request.GetRequestStream();
requestStream.Write(byteArray, 0, byteArray.Length);
requestStream.Close();
StringBuilder logMessage = new StringBuilder();
logMessage.Append("ArtifactResolve:\r\n").Append(artifactResolveXml.OuterXml);
FedletLogger.Info(logMessage.ToString());
response = (HttpWebResponse)request.GetResponse();
StreamReader streamReader = new StreamReader(response.GetResponseStream());
string responseContent = streamReader.ReadToEnd();
streamReader.Close();
XmlDocument soapResponse = new XmlDocument();
soapResponse.PreserveWhitespace = true;
soapResponse.LoadXml(responseContent);
XmlNamespaceManager soapNsMgr = new XmlNamespaceManager(soapResponse.NameTable);
soapNsMgr.AddNamespace("soap", "http://schemas.xmlsoap.org/soap/envelope/");
soapNsMgr.AddNamespace("samlp", "urn:oasis:names:tc:SAML:2.0:protocol");
soapNsMgr.AddNamespace("saml", "urn:oasis:names:tc:SAML:2.0:assertion");
soapNsMgr.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");
XmlElement root = soapResponse.DocumentElement;
XmlNode responseXml = root.SelectSingleNode("/soap:Envelope/soap:Body/samlp:ArtifactResponse", soapNsMgr);
string artifactResponseXml = responseXml.OuterXml;
artifactResponse = new ArtifactResponse(artifactResponseXml);
if (artifactResolve.Id != artifactResponse.InResponseTo)
{
throw new Saml2Exception(Resources.ArtifactResolutionInvalidInResponseTo);
}
}
catch (WebException we)
{
throw new ServiceProviderUtilityException(Resources.ArtifactResolutionWebException, we);
}
finally
{
if (response != null)
{
response.Close();
}
}
return artifactResponse;
}
/// <summary>
/// Retrieve the ArtifactResponse object with the given SAMLv2
/// artifact.
/// </summary>
/// <param name="artifact">SAMLv2 artifact</param>
/// <returns>ArtifactResponse object</returns>
public ArtifactResponse GetArtifactResponse(Artifact artifact)
{
ArtifactResolve artifactResolve = new ArtifactResolve(this.ServiceProvider, artifact);
ArtifactResponse artifactResponse = null;
IdentityProvider idp = this.GetIdpFromArtifact(artifact);
if (idp == null)
{
throw new ServiceProviderUtilityException(Resources.ServiceProviderUtilityIdpNotDeterminedFromArtifact);
}
string artifactResolutionSvcLoc = idp.GetArtifactResolutionServiceLocation(Saml2Constants.HttpSoapProtocolBinding);
if (artifactResolutionSvcLoc == null)
{
throw new ServiceProviderUtilityException(Resources.ServiceProviderUtilityIdpArtifactResSvcLocNotDefined);
}
HttpWebRequest request = null;
HttpWebResponse response = null;
try
{
Uri artifactResolutionSvcUri = new Uri(artifactResolutionSvcLoc);
if (artifactResolutionSvcUri.Scheme == "https")
{
System.Net.ServicePointManager.ServerCertificateValidationCallback +=
delegate(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certificate,
System.Security.Cryptography.X509Certificates.X509Chain chain,
System.Net.Security.SslPolicyErrors sslPolicyErrors)
{
if (ServiceProvider.TrustAllCerts
|| sslPolicyErrors.HasFlag(System.Net.Security.SslPolicyErrors.None))
{
return true;
}
StringBuilder logErrorMessage = new StringBuilder();
logErrorMessage.Append("SSLPolicyError: ").Append(sslPolicyErrors);
FedletLogger.Error(logErrorMessage.ToString());
return false;
};
}
request = (HttpWebRequest)WebRequest.Create(artifactResolutionSvcUri);
string authCertAlias = ConfigurationManager.AppSettings[Saml2Constants.MutualAuthCertAlias];
if (artifactResolutionSvcUri.Scheme == "https" && !string.IsNullOrWhiteSpace(authCertAlias))
{
X509Certificate2 cert = FedletCertificateFactory.GetCertificateByFriendlyName(authCertAlias);
if (cert != null)
{
request.ClientCertificates.Add(cert);
}
}
XmlDocument artifactResolveXml = (XmlDocument)artifactResolve.XmlDom;
if (idp.WantArtifactResolveSigned)
{
if (string.IsNullOrEmpty(this.ServiceProvider.SigningCertificateAlias))
{
throw new ServiceProviderUtilityException(Resources.ServiceProviderUtilitySignFailedNoCertAlias);
}
else
{
Saml2Utils.SignXml(
this.ServiceProvider.SigningCertificateAlias,
artifactResolveXml,
artifactResolve.Id,
true,
this.ServiceProvider);
}
}
string soapMessage = Saml2Utils.CreateSoapMessage(artifactResolveXml.InnerXml);
byte[] byteArray = Encoding.UTF8.GetBytes(soapMessage);
request.ContentType = "text/xml";
request.ContentLength = byteArray.Length;
request.AllowAutoRedirect = false;
request.Method = "POST";
Stream requestStream = request.GetRequestStream();
requestStream.Write(byteArray, 0, byteArray.Length);
requestStream.Close();
StringBuilder logMessage = new StringBuilder();
logMessage.Append("ArtifactResolve:\r\n").Append(artifactResolveXml.OuterXml);
FedletLogger.Info(logMessage.ToString());
response = (HttpWebResponse)request.GetResponse();
StreamReader streamReader = new StreamReader(response.GetResponseStream());
string responseContent = streamReader.ReadToEnd();
streamReader.Close();
XmlDocument soapResponse = new XmlDocument();
soapResponse.PreserveWhitespace = true;
soapResponse.LoadXml(responseContent);
XmlNamespaceManager soapNsMgr = new XmlNamespaceManager(soapResponse.NameTable);
soapNsMgr.AddNamespace("soap", "http://schemas.xmlsoap.org/soap/envelope/");
soapNsMgr.AddNamespace("samlp", "urn:oasis:names:tc:SAML:2.0:protocol");
soapNsMgr.AddNamespace("saml", "urn:oasis:names:tc:SAML:2.0:assertion");
soapNsMgr.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");
XmlElement root = soapResponse.DocumentElement;
XmlNode responseXml = root.SelectSingleNode("/soap:Envelope/soap:Body/samlp:ArtifactResponse", soapNsMgr);
string artifactResponseXml = responseXml.OuterXml;
artifactResponse = new ArtifactResponse(artifactResponseXml);
if (artifactResolve.Id != artifactResponse.InResponseTo)
{
throw new Saml2Exception(Resources.ArtifactResolutionInvalidInResponseTo);
}
}
catch (WebException we)
{
throw new ServiceProviderUtilityException(Resources.ArtifactResolutionWebException, we);
}
finally
{
if (response != null)
{
response.Close();
}
}
return artifactResponse;
}
