// Create a SAML response with the user's local identity, if any, or indicating an error. private SAMLResponse CreateSAMLResponse(SSOState ssoState) { Trace.Write("IdP", "Creating SAML response"); SAMLResponse samlResponse = new SAMLResponse(); string issuerURL = CreateAbsoluteURL("~/"); Issuer issuer = new Issuer(issuerURL); samlResponse.Issuer = issuer; if (User.Identity.IsAuthenticated) { samlResponse.Status = new Status(SAMLIdentifiers.PrimaryStatusCodes.Success, null); SAMLAssertion samlAssertion = new SAMLAssertion(); samlAssertion.Issuer = issuer; Subject subject = new Subject(new NameID(User.Identity.Name)); SubjectConfirmation subjectConfirmation = new SubjectConfirmation(SAMLIdentifiers.SubjectConfirmationMethods.Bearer); SubjectConfirmationData subjectConfirmationData = new SubjectConfirmationData(); subjectConfirmationData.InResponseTo = ssoState.authnRequest.ID; subjectConfirmationData.Recipient = ssoState.assertionConsumerServiceURL; subjectConfirmation.SubjectConfirmationData = subjectConfirmationData; subject.SubjectConfirmations.Add(subjectConfirmation); samlAssertion.Subject = subject; AuthnStatement authnStatement = new AuthnStatement(); authnStatement.AuthnContext = new AuthnContext(); authnStatement.AuthnContext.AuthnContextClassRef = new AuthnContextClassRef(SAMLIdentifiers.AuthnContextClasses.Password); samlAssertion.Statements.Add(authnStatement); // Attributes may be included in the SAML assertion. AttributeStatement attributeStatement = new AttributeStatement(); attributeStatement.Attributes.Add(new SAMLAttribute("Membership", SAMLIdentifiers.AttributeNameFormats.Basic, null, "Gold")); samlAssertion.Statements.Add(attributeStatement); samlResponse.Assertions.Add(samlAssertion); } else { samlResponse.Status = new Status(SAMLIdentifiers.PrimaryStatusCodes.Responder, SAMLIdentifiers.SecondaryStatusCodes.AuthnFailed, "The user is not authenticated at the identity provider"); } Trace.Write("IdP", "Created SAML response"); return samlResponse; }
public Tx parse(SSOReader _reader) { if (_reader == null) { throw new SSOUserSyncException("SSOReader has to be initialized"); } reader = _reader; Tx tx = action.DoInitTx(DateTime.Now.Ticks.ToString()); string title = ""; while (reader.Read()) { try { string value; SSOState state = reader.CheckCondition(out value); action.DoAction((int)state, value); if (state == SSOState.getMemberID) { action.DoSetTitle(value); title = value; } } catch (Exception ex) { action.DoAction((int)SSOState.OnError, ex.Message); logger.Error(title + " handling error: " + ex.Message); reader.Eatup(); } } return(tx); }
public void encoding_and_decoding_state(string testString) { var state = new SSOState() { Path = testString }; var afterCoding = Coding.DecodeState(Coding.EncodeState(state)); Assert.AreEqual(testString, afterCoding.Path); }
protected void Page_Load(object sender, EventArgs e) { try { // Get the saved SSO state, if any. // If there isn't saved state then receive the authentication request. // If there is saved state then we've just completed a local login in response to a prior authentication request. SSOState ssoState = (SSOState)Session[ssoSessionKey]; if (ssoState == null) { Trace.Write("IdP", "SSO service"); // Receive the authentication request and relay state. AuthnRequest authnRequest = null; string relayState = null; ReceiveAuthnRequest(out authnRequest, out relayState); // Process the request. bool forceAuthn = authnRequest.ForceAuthn; ssoState = new SSOState(); ssoState.AuthnRequest = authnRequest; ssoState.RelayState = relayState; // Determine whether or not a local login is required. bool requireLocalLogin = IsLocalLoginRequired(forceAuthn); // If a local login is required then save the session state and initiate a local login. if (requireLocalLogin) { Session[ssoSessionKey] = ssoState; FormsAuthentication.RedirectToLoginPage(); return; } } // Create a SAML response with the user's local identity, if any. SAMLResponse samlResponse = CreateSAMLResponse(ssoState.AuthnRequest); // Send the SAML response to the service provider. SendSAMLResponse(samlResponse, ssoState.RelayState); // Clear the SSO state. Session[ssoSessionKey] = null; } catch (Exception exception) { Trace.Write("IdP", "Error in SSO service", exception); } }
// Create a SAML response with the user's local identity, if any, or indicating an error. private SAMLResponse CreateSAMLResponse(SSOState ssoState) { Trace.Write("IdP", "Creating SAML response"); SAMLResponse samlResponse = new SAMLResponse(); string issuerURL = CreateAbsoluteURL("~/"); Issuer issuer = new Issuer(issuerURL); samlResponse.Issuer = issuer; if (User.Identity.IsAuthenticated) { samlResponse.Status = new Status(SAMLIdentifiers.PrimaryStatusCodes.Success, null); SAMLAssertion samlAssertion = new SAMLAssertion(); samlAssertion.Issuer = issuer; Subject subject = new Subject(new NameID(User.Identity.Name)); SubjectConfirmation subjectConfirmation = new SubjectConfirmation(SAMLIdentifiers.SubjectConfirmationMethods.Bearer); SubjectConfirmationData subjectConfirmationData = new SubjectConfirmationData(); subjectConfirmationData.InResponseTo = ssoState.authnRequest.ID; subjectConfirmationData.Recipient = ssoState.assertionConsumerServiceURL; subjectConfirmation.SubjectConfirmationData = subjectConfirmationData; subject.SubjectConfirmations.Add(subjectConfirmation); samlAssertion.Subject = subject; AuthnStatement authnStatement = new AuthnStatement(); authnStatement.AuthnContext = new AuthnContext(); authnStatement.AuthnContext.AuthnContextClassRef = new AuthnContextClassRef(SAMLIdentifiers.AuthnContextClasses.Password); samlAssertion.Statements.Add(authnStatement); // Attributes may be included in the SAML assertion. AttributeStatement attributeStatement = new AttributeStatement(); attributeStatement.Attributes.Add(new SAMLAttribute("Membership", SAMLIdentifiers.AttributeNameFormats.Basic, null, "Gold")); samlAssertion.Statements.Add(attributeStatement); samlResponse.Assertions.Add(samlAssertion); } else { samlResponse.Status = new Status(SAMLIdentifiers.PrimaryStatusCodes.Responder, SAMLIdentifiers.SecondaryStatusCodes.AuthnFailed, "The user is not authenticated at the identity provider"); } Trace.Write("IdP", "Created SAML response"); return(samlResponse); }
// Send the SAML response over the specified binding. private void SendSAMLResponse(SAMLResponse samlResponse, SSOState ssoState) { Trace.Write("IdP", "Sending SAML response"); // Serialize the SAML response for transmission. XmlElement samlResponseXml = samlResponse.ToXml(); // Sign the SAML response X509Certificate2 x509Certificate = (X509Certificate2)Application[Global.IdPX509Certificate]; SAMLMessageSignature.Generate(samlResponseXml, x509Certificate.PrivateKey, x509Certificate); // Send the SAML response to the service provider. switch (ssoState.idpProtocolBinding) { case SAMLIdentifiers.Binding.HTTPPost: IdentityProvider.SendSAMLResponseByHTTPPost(Response, ssoState.assertionConsumerServiceURL, samlResponseXml, ssoState.relayState); break; case SAMLIdentifiers.Binding.HTTPArtifact: // Create the artifact. string identificationURL = CreateAbsoluteURL("~/"); HTTPArtifactType4 httpArtifact = new HTTPArtifactType4(HTTPArtifactType4.CreateSourceId(identificationURL), HTTPArtifactType4.CreateMessageHandle()); // Cache the authentication request for subsequent sending using the artifact resolution protocol. HTTPArtifactState httpArtifactState = new HTTPArtifactState(samlResponseXml, null); HTTPArtifactStateCache.Add(httpArtifact, httpArtifactState); // Send the artifact. IdentityProvider.SendArtifactByHTTPArtifact(Response, ssoState.assertionConsumerServiceURL, httpArtifact, ssoState.relayState, false); break; default: Trace.Write("IdP", "Invalid identity provider binding"); break; } Trace.Write("IdP", "Sent SAML response"); }
protected void Page_Load(object sender, EventArgs e) { try { Trace.Write("IdP", "SSO service"); // Get the saved SSO state, if any. // If there isn't saved state then receive the authentication request. // If there is saved state then we've just completed a local login in response // to a prior authentication request. SSOState ssoState = (SSOState) Session[ssoSessionKey]; if (ssoState == null) { // Receive the authentication request. AuthnRequest authnRequest = null; string relayState = null; ReceiveAuthnRequest(out authnRequest, out relayState); if (authnRequest == null) { Trace.Write("IdP", "No authentication request"); return; } // Process the authentication request. bool forceAuthn = authnRequest.ForceAuthn; ssoState = new SSOState(); ssoState.authnRequest = authnRequest; ssoState.relayState = relayState; if (!string.IsNullOrEmpty(authnRequest.ProtocolBinding)) { ssoState.idpProtocolBinding = SAMLIdentifiers.BindingURIs.URIToBinding(authnRequest.ProtocolBinding); } else { ssoState.idpProtocolBinding = SAMLIdentifiers.Binding.HTTPPost; } if (!string.IsNullOrEmpty(authnRequest.AssertionConsumerServiceURL)) { ssoState.assertionConsumerServiceURL = authnRequest.AssertionConsumerServiceURL; } else { ssoState.assertionConsumerServiceURL = WebConfigurationManager.AppSettings["spAssertionConsumerServiceURL"]; } // Determine whether or not a local login is required. bool requireLocalLogin = IsLocalLoginRequired(forceAuthn); // If a local login is required then save the authentication request // and initiate a local login. if (requireLocalLogin) { // Save the SSO state. Session[ssoSessionKey] = ssoState; // Initiate a local login. FormsAuthentication.RedirectToLoginPage(); return; } } // Create a SAML response with the user's local identity, if any. SAMLResponse samlResponse = CreateSAMLResponse(ssoState); // Send the SAML response to the service provider. SendSAMLResponse(samlResponse, ssoState); // Clear the SSO state. Session[ssoSessionKey] = null; } catch (Exception exception) { Trace.Write("IdP", "Error in SSO service", exception); } }
// Send the SAML response over the specified binding. private void SendSAMLResponse(SAMLResponse samlResponse, SSOState ssoState) { Trace.Write("IdP", "Sending SAML response"); // Serialize the SAML response for transmission. XmlElement samlResponseXml = samlResponse.ToXml(); // Sign the SAML response X509Certificate2 x509Certificate = (X509Certificate2) Application[Global.IdPX509Certificate]; SAMLMessageSignature.Generate(samlResponseXml, x509Certificate.PrivateKey, x509Certificate); // Send the SAML response to the service provider. switch (ssoState.idpProtocolBinding) { case SAMLIdentifiers.Binding.HTTPPost: IdentityProvider.SendSAMLResponseByHTTPPost(Response, ssoState.assertionConsumerServiceURL, samlResponseXml, ssoState.relayState); break; case SAMLIdentifiers.Binding.HTTPArtifact: // Create the artifact. string identificationURL = CreateAbsoluteURL("~/"); HTTPArtifactType4 httpArtifact = new HTTPArtifactType4(HTTPArtifactType4.CreateSourceId(identificationURL), HTTPArtifactType4.CreateMessageHandle()); // Cache the authentication request for subsequent sending using the artifact resolution protocol. HTTPArtifactState httpArtifactState = new HTTPArtifactState(samlResponseXml, null); HTTPArtifactStateCache.Add(httpArtifact, httpArtifactState); // Send the artifact. IdentityProvider.SendArtifactByHTTPArtifact(Response, ssoState.assertionConsumerServiceURL, httpArtifact, ssoState.relayState, false); break; default: Trace.Write("IdP", "Invalid identity provider binding"); break; } Trace.Write("IdP", "Sent SAML response"); }
// https://api.anytimefitness.com/Help/SSO#login-styling public static string EncodeState(SSOState state) { var json = JsonConvert.SerializeObject(state); return(Base64UrlEncoder.Encode(json)); }
protected void Page_Load(object sender, EventArgs e) { try { Trace.Write("IdP", "SSO service"); // Get the saved SSO state, if any. // If there isn't saved state then receive the authentication request. // If there is saved state then we've just completed a local login in response // to a prior authentication request. SSOState ssoState = (SSOState)Session[ssoSessionKey]; if (ssoState == null) { // Receive the authentication request. AuthnRequest authnRequest = null; string relayState = null; ReceiveAuthnRequest(out authnRequest, out relayState); if (authnRequest == null) { Trace.Write("IdP", "No authentication request"); return; } // Process the authentication request. bool forceAuthn = authnRequest.ForceAuthn; ssoState = new SSOState(); ssoState.authnRequest = authnRequest; ssoState.relayState = relayState; if (!string.IsNullOrEmpty(authnRequest.ProtocolBinding)) { ssoState.idpProtocolBinding = SAMLIdentifiers.BindingURIs.URIToBinding(authnRequest.ProtocolBinding); } else { ssoState.idpProtocolBinding = SAMLIdentifiers.Binding.HTTPPost; } if (!string.IsNullOrEmpty(authnRequest.AssertionConsumerServiceURL)) { ssoState.assertionConsumerServiceURL = authnRequest.AssertionConsumerServiceURL; } else { ssoState.assertionConsumerServiceURL = WebConfigurationManager.AppSettings["spAssertionConsumerServiceURL"]; } // Determine whether or not a local login is required. bool requireLocalLogin = IsLocalLoginRequired(forceAuthn); // If a local login is required then save the authentication request // and initiate a local login. if (requireLocalLogin) { // Save the SSO state. Session[ssoSessionKey] = ssoState; // Initiate a local login. FormsAuthentication.RedirectToLoginPage(); return; } } // Create a SAML response with the user's local identity, if any. SAMLResponse samlResponse = CreateSAMLResponse(ssoState); // Send the SAML response to the service provider. SendSAMLResponse(samlResponse, ssoState); // Clear the SSO state. Session[ssoSessionKey] = null; } catch (Exception exception) { Trace.Write("IdP", "Error in SSO service", exception); } }