Ejemplo n.º 1
1
        // Create a SAML response with the user's local identity, if any, or indicating an error.
        private SAMLResponse CreateSAMLResponse(SSOState ssoState)
        {
            Trace.Write("IdP", "Creating SAML response");

            SAMLResponse samlResponse = new SAMLResponse();
            string issuerURL = CreateAbsoluteURL("~/");
            Issuer issuer = new Issuer(issuerURL);
            samlResponse.Issuer = issuer;

            if (User.Identity.IsAuthenticated) {
                samlResponse.Status = new Status(SAMLIdentifiers.PrimaryStatusCodes.Success, null);

                SAMLAssertion samlAssertion = new SAMLAssertion();
                samlAssertion.Issuer = issuer;

                Subject subject = new Subject(new NameID(User.Identity.Name));
                SubjectConfirmation subjectConfirmation = new SubjectConfirmation(SAMLIdentifiers.SubjectConfirmationMethods.Bearer);
                SubjectConfirmationData subjectConfirmationData = new SubjectConfirmationData();
                subjectConfirmationData.InResponseTo = ssoState.authnRequest.ID;
                subjectConfirmationData.Recipient = ssoState.assertionConsumerServiceURL;
                subjectConfirmation.SubjectConfirmationData = subjectConfirmationData;
                subject.SubjectConfirmations.Add(subjectConfirmation);
                samlAssertion.Subject = subject;

                AuthnStatement authnStatement = new AuthnStatement();
                authnStatement.AuthnContext = new AuthnContext();
                authnStatement.AuthnContext.AuthnContextClassRef = new AuthnContextClassRef(SAMLIdentifiers.AuthnContextClasses.Password);
                samlAssertion.Statements.Add(authnStatement);

                // Attributes may be included in the SAML assertion.
                AttributeStatement attributeStatement = new AttributeStatement();
                attributeStatement.Attributes.Add(new SAMLAttribute("Membership", SAMLIdentifiers.AttributeNameFormats.Basic, null, "Gold"));
                samlAssertion.Statements.Add(attributeStatement);

                samlResponse.Assertions.Add(samlAssertion);
            } else {
                samlResponse.Status = new Status(SAMLIdentifiers.PrimaryStatusCodes.Responder, SAMLIdentifiers.SecondaryStatusCodes.AuthnFailed, "The user is not authenticated at the identity provider");
            }

            Trace.Write("IdP", "Created SAML response");

            return samlResponse;
        }
Ejemplo n.º 2
0
        public Tx parse(SSOReader _reader)
        {
            if (_reader == null)
            {
                throw new SSOUserSyncException("SSOReader has to be initialized");
            }
            reader = _reader;
            Tx     tx    = action.DoInitTx(DateTime.Now.Ticks.ToString());
            string title = "";

            while (reader.Read())
            {
                try
                {
                    string   value;
                    SSOState state = reader.CheckCondition(out value);
                    action.DoAction((int)state, value);
                    if (state == SSOState.getMemberID)
                    {
                        action.DoSetTitle(value); title = value;
                    }
                }
                catch (Exception ex)
                {
                    action.DoAction((int)SSOState.OnError, ex.Message);
                    logger.Error(title + " handling error: " + ex.Message);
                    reader.Eatup();
                }
            }
            return(tx);
        }
Ejemplo n.º 3
0
        public void encoding_and_decoding_state(string testString)
        {
            var state = new SSOState()
            {
                Path = testString
            };
            var afterCoding = Coding.DecodeState(Coding.EncodeState(state));

            Assert.AreEqual(testString, afterCoding.Path);
        }
Ejemplo n.º 4
0
        protected void Page_Load(object sender, EventArgs e)
        {
            try
            {
                // Get the saved SSO state, if any.
                // If there isn't saved state then receive the authentication request.
                // If there is saved state then we've just completed a local login in response to a prior authentication request.
                SSOState ssoState = (SSOState)Session[ssoSessionKey];

                if (ssoState == null)
                {
                    Trace.Write("IdP", "SSO service");

                    // Receive the authentication request and relay state.
                    AuthnRequest authnRequest = null;
                    string       relayState   = null;

                    ReceiveAuthnRequest(out authnRequest, out relayState);

                    // Process the request.
                    bool forceAuthn = authnRequest.ForceAuthn;

                    ssoState = new SSOState();
                    ssoState.AuthnRequest = authnRequest;
                    ssoState.RelayState   = relayState;

                    // Determine whether or not a local login is required.
                    bool requireLocalLogin = IsLocalLoginRequired(forceAuthn);

                    // If a local login is required then save the session state and initiate a local login.
                    if (requireLocalLogin)
                    {
                        Session[ssoSessionKey] = ssoState;
                        FormsAuthentication.RedirectToLoginPage();

                        return;
                    }
                }

                // Create a SAML response with the user's local identity, if any.
                SAMLResponse samlResponse = CreateSAMLResponse(ssoState.AuthnRequest);

                // Send the SAML response to the service provider.
                SendSAMLResponse(samlResponse, ssoState.RelayState);

                // Clear the SSO state.
                Session[ssoSessionKey] = null;
            }

            catch (Exception exception)
            {
                Trace.Write("IdP", "Error in SSO service", exception);
            }
        }
Ejemplo n.º 5
0
        protected void Page_Load(object sender, EventArgs e)
        {
            try {
                // Get the saved SSO state, if any.
                // If there isn't saved state then receive the authentication request.
                // If there is saved state then we've just completed a local login in response to a prior authentication request.
                SSOState ssoState = (SSOState)Session[ssoSessionKey];

                if (ssoState == null) {
                    Trace.Write("IdP", "SSO service");

                    // Receive the authentication request and relay state.
                    AuthnRequest authnRequest = null;
                    string relayState = null;

                    ReceiveAuthnRequest(out authnRequest, out relayState);

                    // Process the request.
                    bool forceAuthn = authnRequest.ForceAuthn;

                    ssoState = new SSOState();
                    ssoState.AuthnRequest = authnRequest;
                    ssoState.RelayState = relayState;

                    // Determine whether or not a local login is required.
                    bool requireLocalLogin = IsLocalLoginRequired(forceAuthn);

                    // If a local login is required then save the session state and initiate a local login.
                    if (requireLocalLogin) {
                        Session[ssoSessionKey] = ssoState;
                        FormsAuthentication.RedirectToLoginPage();

                        return;
                    }
                }

                // Create a SAML response with the user's local identity, if any.
                SAMLResponse samlResponse = CreateSAMLResponse(ssoState.AuthnRequest);

                // Send the SAML response to the service provider.
                SendSAMLResponse(samlResponse, ssoState.RelayState);

                // Clear the SSO state.
                Session[ssoSessionKey] = null;
            }

            catch (Exception exception) {
                Trace.Write("IdP", "Error in SSO service", exception);
            }
        }
        // Create a SAML response with the user's local identity, if any, or indicating an error.
        private SAMLResponse CreateSAMLResponse(SSOState ssoState)
        {
            Trace.Write("IdP", "Creating SAML response");

            SAMLResponse samlResponse = new SAMLResponse();
            string       issuerURL    = CreateAbsoluteURL("~/");
            Issuer       issuer       = new Issuer(issuerURL);

            samlResponse.Issuer = issuer;

            if (User.Identity.IsAuthenticated)
            {
                samlResponse.Status = new Status(SAMLIdentifiers.PrimaryStatusCodes.Success, null);

                SAMLAssertion samlAssertion = new SAMLAssertion();
                samlAssertion.Issuer = issuer;

                Subject                 subject                 = new Subject(new NameID(User.Identity.Name));
                SubjectConfirmation     subjectConfirmation     = new SubjectConfirmation(SAMLIdentifiers.SubjectConfirmationMethods.Bearer);
                SubjectConfirmationData subjectConfirmationData = new SubjectConfirmationData();
                subjectConfirmationData.InResponseTo        = ssoState.authnRequest.ID;
                subjectConfirmationData.Recipient           = ssoState.assertionConsumerServiceURL;
                subjectConfirmation.SubjectConfirmationData = subjectConfirmationData;
                subject.SubjectConfirmations.Add(subjectConfirmation);
                samlAssertion.Subject = subject;

                AuthnStatement authnStatement = new AuthnStatement();
                authnStatement.AuthnContext = new AuthnContext();
                authnStatement.AuthnContext.AuthnContextClassRef = new AuthnContextClassRef(SAMLIdentifiers.AuthnContextClasses.Password);
                samlAssertion.Statements.Add(authnStatement);

                // Attributes may be included in the SAML assertion.
                AttributeStatement attributeStatement = new AttributeStatement();
                attributeStatement.Attributes.Add(new SAMLAttribute("Membership", SAMLIdentifiers.AttributeNameFormats.Basic, null, "Gold"));
                samlAssertion.Statements.Add(attributeStatement);

                samlResponse.Assertions.Add(samlAssertion);
            }
            else
            {
                samlResponse.Status = new Status(SAMLIdentifiers.PrimaryStatusCodes.Responder, SAMLIdentifiers.SecondaryStatusCodes.AuthnFailed, "The user is not authenticated at the identity provider");
            }

            Trace.Write("IdP", "Created SAML response");

            return(samlResponse);
        }
        // Send the SAML response over the specified binding.
        private void SendSAMLResponse(SAMLResponse samlResponse, SSOState ssoState)
        {
            Trace.Write("IdP", "Sending SAML response");

            // Serialize the SAML response for transmission.
            XmlElement samlResponseXml = samlResponse.ToXml();

            // Sign the SAML response
            X509Certificate2 x509Certificate = (X509Certificate2)Application[Global.IdPX509Certificate];

            SAMLMessageSignature.Generate(samlResponseXml, x509Certificate.PrivateKey, x509Certificate);

            // Send the SAML response to the service provider.
            switch (ssoState.idpProtocolBinding)
            {
            case SAMLIdentifiers.Binding.HTTPPost:
                IdentityProvider.SendSAMLResponseByHTTPPost(Response, ssoState.assertionConsumerServiceURL, samlResponseXml, ssoState.relayState);
                break;

            case SAMLIdentifiers.Binding.HTTPArtifact:
                // Create the artifact.
                string            identificationURL = CreateAbsoluteURL("~/");
                HTTPArtifactType4 httpArtifact      = new HTTPArtifactType4(HTTPArtifactType4.CreateSourceId(identificationURL), HTTPArtifactType4.CreateMessageHandle());

                // Cache the authentication request for subsequent sending using the artifact resolution protocol.
                HTTPArtifactState httpArtifactState = new HTTPArtifactState(samlResponseXml, null);
                HTTPArtifactStateCache.Add(httpArtifact, httpArtifactState);

                // Send the artifact.
                IdentityProvider.SendArtifactByHTTPArtifact(Response, ssoState.assertionConsumerServiceURL, httpArtifact, ssoState.relayState, false);
                break;

            default:
                Trace.Write("IdP", "Invalid identity provider binding");
                break;
            }

            Trace.Write("IdP", "Sent SAML response");
        }
Ejemplo n.º 8
0
        protected void Page_Load(object sender, EventArgs e)
        {
            try {
                Trace.Write("IdP", "SSO service");

                // Get the saved SSO state, if any.
                // If there isn't saved state then receive the authentication request.
                // If there is saved state then we've just completed a local login in response
                // to a prior authentication request.
                SSOState ssoState = (SSOState) Session[ssoSessionKey];

                if (ssoState == null) {
                    // Receive the authentication request.
                    AuthnRequest authnRequest = null;
                    string relayState = null;

                    ReceiveAuthnRequest(out authnRequest, out relayState);

                    if (authnRequest == null) {
                        Trace.Write("IdP", "No authentication request");
                        return;
                    }

                    // Process the authentication request.
                    bool forceAuthn = authnRequest.ForceAuthn;

                    ssoState = new SSOState();
                    ssoState.authnRequest = authnRequest;
                    ssoState.relayState = relayState;

                    if (!string.IsNullOrEmpty(authnRequest.ProtocolBinding)) {
                        ssoState.idpProtocolBinding = SAMLIdentifiers.BindingURIs.URIToBinding(authnRequest.ProtocolBinding);
                    } else {
                        ssoState.idpProtocolBinding = SAMLIdentifiers.Binding.HTTPPost;
                    }

                    if (!string.IsNullOrEmpty(authnRequest.AssertionConsumerServiceURL)) {
                        ssoState.assertionConsumerServiceURL = authnRequest.AssertionConsumerServiceURL;
                    } else {
                        ssoState.assertionConsumerServiceURL = WebConfigurationManager.AppSettings["spAssertionConsumerServiceURL"];
                    }

                    // Determine whether or not a local login is required.
                    bool requireLocalLogin = IsLocalLoginRequired(forceAuthn);

                    // If a local login is required then save the authentication request
                    // and initiate a local login.
                    if (requireLocalLogin) {
                        // Save the SSO state.
                        Session[ssoSessionKey] = ssoState;

                        // Initiate a local login.
                        FormsAuthentication.RedirectToLoginPage();
                        return;
                    }
                }

                // Create a SAML response with the user's local identity, if any.
                SAMLResponse samlResponse = CreateSAMLResponse(ssoState);

                // Send the SAML response to the service provider.
                SendSAMLResponse(samlResponse, ssoState);

                // Clear the SSO state.
                Session[ssoSessionKey] = null;

            }

            catch (Exception exception) {
                Trace.Write("IdP", "Error in SSO service", exception);
            }
        }
Ejemplo n.º 9
0
        // Send the SAML response over the specified binding.
        private void SendSAMLResponse(SAMLResponse samlResponse, SSOState ssoState)
        {
            Trace.Write("IdP", "Sending SAML response");

            // Serialize the SAML response for transmission.
            XmlElement samlResponseXml = samlResponse.ToXml();

            // Sign the SAML response
            X509Certificate2 x509Certificate = (X509Certificate2) Application[Global.IdPX509Certificate];

            SAMLMessageSignature.Generate(samlResponseXml, x509Certificate.PrivateKey, x509Certificate);

            // Send the SAML response to the service provider.
            switch (ssoState.idpProtocolBinding) {
                case SAMLIdentifiers.Binding.HTTPPost:
                    IdentityProvider.SendSAMLResponseByHTTPPost(Response, ssoState.assertionConsumerServiceURL, samlResponseXml, ssoState.relayState);
                    break;

                case SAMLIdentifiers.Binding.HTTPArtifact:
                    // Create the artifact.
                    string identificationURL = CreateAbsoluteURL("~/");
                    HTTPArtifactType4 httpArtifact = new HTTPArtifactType4(HTTPArtifactType4.CreateSourceId(identificationURL), HTTPArtifactType4.CreateMessageHandle());

                    // Cache the authentication request for subsequent sending using the artifact resolution protocol.
                    HTTPArtifactState httpArtifactState = new HTTPArtifactState(samlResponseXml, null);
                    HTTPArtifactStateCache.Add(httpArtifact, httpArtifactState);

                    // Send the artifact.
                    IdentityProvider.SendArtifactByHTTPArtifact(Response, ssoState.assertionConsumerServiceURL, httpArtifact, ssoState.relayState, false);
                    break;

                default:
                    Trace.Write("IdP", "Invalid identity provider binding");
                    break;
            }

            Trace.Write("IdP", "Sent SAML response");
        }
Ejemplo n.º 10
0
        // https://api.anytimefitness.com/Help/SSO#login-styling
        public static string EncodeState(SSOState state)
        {
            var json = JsonConvert.SerializeObject(state);

            return(Base64UrlEncoder.Encode(json));
        }
Ejemplo n.º 11
0
        protected void Page_Load(object sender, EventArgs e)
        {
            try
            {
                Trace.Write("IdP", "SSO service");

                // Get the saved SSO state, if any.
                // If there isn't saved state then receive the authentication request.
                // If there is saved state then we've just completed a local login in response
                // to a prior authentication request.
                SSOState ssoState = (SSOState)Session[ssoSessionKey];

                if (ssoState == null)
                {
                    // Receive the authentication request.
                    AuthnRequest authnRequest = null;
                    string       relayState   = null;

                    ReceiveAuthnRequest(out authnRequest, out relayState);

                    if (authnRequest == null)
                    {
                        Trace.Write("IdP", "No authentication request");
                        return;
                    }

                    // Process the authentication request.
                    bool forceAuthn = authnRequest.ForceAuthn;

                    ssoState = new SSOState();
                    ssoState.authnRequest = authnRequest;
                    ssoState.relayState   = relayState;

                    if (!string.IsNullOrEmpty(authnRequest.ProtocolBinding))
                    {
                        ssoState.idpProtocolBinding = SAMLIdentifiers.BindingURIs.URIToBinding(authnRequest.ProtocolBinding);
                    }
                    else
                    {
                        ssoState.idpProtocolBinding = SAMLIdentifiers.Binding.HTTPPost;
                    }

                    if (!string.IsNullOrEmpty(authnRequest.AssertionConsumerServiceURL))
                    {
                        ssoState.assertionConsumerServiceURL = authnRequest.AssertionConsumerServiceURL;
                    }
                    else
                    {
                        ssoState.assertionConsumerServiceURL = WebConfigurationManager.AppSettings["spAssertionConsumerServiceURL"];
                    }

                    // Determine whether or not a local login is required.
                    bool requireLocalLogin = IsLocalLoginRequired(forceAuthn);

                    // If a local login is required then save the authentication request
                    // and initiate a local login.
                    if (requireLocalLogin)
                    {
                        // Save the SSO state.
                        Session[ssoSessionKey] = ssoState;

                        // Initiate a local login.
                        FormsAuthentication.RedirectToLoginPage();
                        return;
                    }
                }

                // Create a SAML response with the user's local identity, if any.
                SAMLResponse samlResponse = CreateSAMLResponse(ssoState);

                // Send the SAML response to the service provider.
                SendSAMLResponse(samlResponse, ssoState);

                // Clear the SSO state.
                Session[ssoSessionKey] = null;
            }

            catch (Exception exception)
            {
                Trace.Write("IdP", "Error in SSO service", exception);
            }
        }