public void AttributeStatement_Invalid_Attribute()
{
Assertion saml20Assertion = AssertionUtil.GetBasicAssertion();
List<StatementAbstract> statements = new List<StatementAbstract>(saml20Assertion.Items);
AttributeStatement sas = new AttributeStatement();
sas.Items = new object[1] { new SamlAttribute() };
statements.Add(sas);
saml20Assertion.Items = statements.ToArray();
CreateSaml20Token(saml20Assertion);
}
private void ValidateAttributeStatement(AttributeStatement attributeStatement)
{
foreach (object attribute in attributeStatement.Items)
{
if (attribute is EncryptedElement)
throw new DKSaml20FormatException("The DK-SAML 2.0 profile does not allow encrypted attributes.");
if (!(attribute is SamlAttribute))
throw new NotImplementedException(string.Format("Unable to handle attribute of type \"{0}\"", attribute.GetType().FullName));
AttributeValidator.ValidateAttribute((SamlAttribute) attribute);
}
}
/// <summary>
/// [SAML2.0std] section 2.7.3
/// </summary>
/// <param name="statement"></param>
private void ValidateAttributeStatement(AttributeStatement statement)
{
if (statement.Items == null || statement.Items.Length == 0)
throw new Saml20FormatException("AttributeStatement MUST contain at least one Attribute or EncryptedAttribute");
foreach (object o in statement.Items)
{
if (o == null)
throw new Saml20FormatException("null-Attributes are not supported");
if (o is SamlAttribute)
AttributeValidator.ValidateAttribute((SamlAttribute) o);
else if (o is EncryptedElement)
AttributeValidator.ValidateEncryptedAttribute((EncryptedElement)o);
else
throw new Saml20FormatException(string.Format("Subelement {0} of AttributeStatement is not supported", o.GetType()));
}
}
/// <summary>
/// Merges the modified attributes into <code>AttributeStatement</code> of the assertion.
/// </summary>
private void InsertAttributes()
{
if (_assertionAttributes == null)
return;
// Generate the new AttributeStatement
AttributeStatement attributeStatement = new AttributeStatement();
List<object> statements = new List<object>(_encryptedAssertionAttributes.Count + _assertionAttributes.Count);
statements.AddRange(_assertionAttributes.ToArray());
statements.AddRange(_encryptedAssertionAttributes.ToArray());
attributeStatement.Items = statements.ToArray();
XmlNodeList list =
_samlAssertion.GetElementsByTagName(AttributeStatement.ELEMENT_NAME, Saml20Constants.ASSERTION);
if (list.Count > 0) // Remove the old AttributeStatement.
_samlAssertion.RemoveChild(list[0]);//FIX _samlAssertion.DocumentElement.RemoveChild(list[0]);
// Only insert a new AttributeStatement if there are attributes.
if (statements.Count > 0)
{
// Convert the new AttributeStatement to the Document Object Model and make a silent prayer that one day we will
// be able to make this transition in a more elegant way.
XmlDocument attributeStatementDoc = Serialization.Serialize(attributeStatement);
XmlNode attr = _samlAssertion.OwnerDocument.ImportNode(attributeStatementDoc.DocumentElement, true);
// Insert the new statement.
_samlAssertion.AppendChild(attr);
}
_encryptedAssertionAttributes = null;
_assertionAttributes = null;
}
/// <summary>
/// Assembles our basic test assertion
/// </summary>
/// <returns></returns>
public static Assertion GetBasicAssertion()
{
Assertion assertion = new Assertion();
{
assertion.Issuer = new NameID();
assertion.ID = "_b8977dc86cda41493fba68b32ae9291d";
assertion.IssueInstant = DateTime.UtcNow;
assertion.Version = "2.0";
assertion.Issuer.Value = GetBasicIssuer();
}
{
assertion.Subject = new Subject();
SubjectConfirmation subjectConfirmation = new SubjectConfirmation();
subjectConfirmation.Method = SubjectConfirmation.BEARER_METHOD;
subjectConfirmation.SubjectConfirmationData = new SubjectConfirmationData();
subjectConfirmation.SubjectConfirmationData.NotOnOrAfter = new DateTime(2008, 12, 31, 12, 0, 0, 0);
subjectConfirmation.SubjectConfirmationData.Recipient = "http://borger.dk";
assertion.Subject.Items = new object[] { subjectConfirmation };
}
{
assertion.Conditions = new Conditions();
assertion.Conditions.NotOnOrAfter = new DateTime(2008, 12, 31, 12, 0, 0, 0);
AudienceRestriction audienceRestriction = new AudienceRestriction();
audienceRestriction.Audience = GetAudiences();
assertion.Conditions.Items = new List<ConditionAbstract>(new ConditionAbstract[] { audienceRestriction });
}
AuthnStatement authnStatement;
{
authnStatement = new AuthnStatement();
assertion.Items = new StatementAbstract[] { authnStatement };
authnStatement.AuthnInstant = new DateTime(2008, 1, 8);
authnStatement.SessionIndex = "70225885";
authnStatement.AuthnContext = new AuthnContext();
authnStatement.AuthnContext.Items = new object[] { "urn:oasis:names:tc:SAML:2.0:ac:classes:X509", "http://www.safewhere.net/authncontext/declref" };
authnStatement.AuthnContext.ItemsElementName = new ItemsChoiceType5[] { ItemsChoiceType5.AuthnContextClassRef, ItemsChoiceType5.AuthnContextDeclRef};
}
AttributeStatement attributeStatement;
{
attributeStatement = new AttributeStatement();
SamlAttribute surName = new SamlAttribute();
surName.FriendlyName = "SurName";
surName.Name = "urn:oid:2.5.4.4";
surName.NameFormat = SamlAttribute.NAMEFORMAT_URI;
surName.AttributeValue = new string[] { "Fry" };
SamlAttribute commonName = new SamlAttribute();
commonName.FriendlyName = "CommonName";
commonName.Name = "urn:oid:2.5.4.3";
commonName.NameFormat = SamlAttribute.NAMEFORMAT_URI;
commonName.AttributeValue = new string[] { "Philip J. Fry" };
SamlAttribute userName = new SamlAttribute();
userName.Name = "urn:oid:0.9.2342.19200300.100.1.1";
userName.NameFormat = SamlAttribute.NAMEFORMAT_URI;
userName.AttributeValue = new string[] { "fry" };
SamlAttribute eMail = new SamlAttribute();
eMail.FriendlyName = "Email";
eMail.Name = "urn:oid:0.9.2342.19200300.100.1.3";
eMail.NameFormat = SamlAttribute.NAMEFORMAT_URI;
eMail.AttributeValue = new string[] { "*****@*****.**" };
attributeStatement.Items = new object[] { surName, commonName, userName, eMail };
}
assertion.Items = new StatementAbstract[] { authnStatement, attributeStatement };
return assertion;
}
private Assertion CreateAssertion(User user, string receiver)
{
Assertion assertion = new Assertion();
{ // Subject element
assertion.Subject = new Subject();
assertion.ID = "id" + Guid.NewGuid().ToString("N");
assertion.IssueInstant = DateTime.Now.AddMinutes(10);
assertion.Issuer = new NameID();
assertion.Issuer.Value = IDPConfig.ServerBaseUrl;
SubjectConfirmation subjectConfirmation = new SubjectConfirmation();
subjectConfirmation.Method = SubjectConfirmation.BEARER_METHOD;
subjectConfirmation.SubjectConfirmationData = new SubjectConfirmationData();
subjectConfirmation.SubjectConfirmationData.NotOnOrAfter = DateTime.Now.AddHours(1);
subjectConfirmation.SubjectConfirmationData.Recipient = receiver;
NameID nameId = new NameID();
nameId.Format = Saml20Constants.NameIdentifierFormats.Persistent;
nameId.Value = user.ppid;
assertion.Subject.Items = new object[] { nameId, subjectConfirmation };
}
{ // Conditions element
assertion.Conditions = new Conditions();
assertion.Conditions.Items = new List<ConditionAbstract>();
assertion.Conditions.NotOnOrAfter = DateTime.Now.AddHours(1);
AudienceRestriction audienceRestriction = new AudienceRestriction();
audienceRestriction.Audience = new List<string>();
audienceRestriction.Audience.Add(receiver);
assertion.Conditions.Items.Add(audienceRestriction);
}
List<StatementAbstract> statements = new List<StatementAbstract>(2);
{ // AuthnStatement element
AuthnStatement authnStatement = new AuthnStatement();
authnStatement.AuthnInstant = DateTime.Now;
authnStatement.SessionIndex = Convert.ToString(new Random().Next());
authnStatement.AuthnContext = new AuthnContext();
authnStatement.AuthnContext.Items =
new object[] {"urn:oasis:names:tc:SAML:2.0:ac:classes:X509"};
// Wow! Setting the AuthnContext is .... verbose.
authnStatement.AuthnContext.ItemsElementName =
new ItemsChoiceType5[] { ItemsChoiceType5.AuthnContextClassRef };
statements.Add(authnStatement);
}
{ // Generate attribute list.
AttributeStatement attributeStatement = new AttributeStatement();
List<SamlAttribute> attributes = new List<SamlAttribute>(user.Attributes.Count);
foreach (KeyValuePair<string, string> att in user.Attributes)
{
SamlAttribute attribute = new SamlAttribute();
attribute.Name = att.Key;
attribute.AttributeValue = new string[] { att.Value };
attribute.NameFormat = SamlAttribute.NAMEFORMAT_BASIC;
attributes.Add(attribute);
}
attributeStatement.Items = attributes.ToArray();
statements.Add(attributeStatement);
}
assertion.Items = statements.ToArray();
return assertion;
}
