public void Saml2AuthenticationRequest_ToXElement_RootNode()
        {
            var x = new Saml2AuthenticationRequest().ToXElement();

            x.Should().NotBeNull().And.Subject.Name.Should().Be(
                Saml2Namespaces.Saml2P + "AuthnRequest");
        }
Ejemplo n.º 2
0
        public void Saml2AuthenticationRequest_Read_ShouldReturnNullOnNullXml()
        {
            string xmlData = null;

            var subject = Saml2AuthenticationRequest.Read(xmlData, null);

            subject.Should().BeNull();
        }
Ejemplo n.º 3
0
        public void Saml2AuthenticationRequest_ForceAuthentication_OmittedIfFalse()
        {
            var subject = new Saml2AuthenticationRequest()
            {
                ForceAuthentication = false
            }.ToXElement();

            subject.Should().NotBeNull().And.Subject.Attribute("ForceAuthn").Should().BeNull();
        }
Ejemplo n.º 4
0
        public void Saml2AuthenticationRequest_ToXElement_AddsAttributeConsumingServiceIndex()
        {
            var subject = new Saml2AuthenticationRequest()
            {
                AttributeConsumingServiceIndex = 17
            }.ToXElement();

            subject.Attribute("AttributeConsumingServiceIndex").Value.Should().Be("17");
        }
Ejemplo n.º 5
0
        public void SignInCommand_Run_Calls_Notifications()
        {
            var options   = StubFactory.CreateOptions();
            var idp       = options.IdentityProviders.Default;
            var relayData = new Dictionary <string, string>();

            options.SPOptions.DiscoveryServiceUrl = null;

            var request = new HttpRequestData("GET",
                                              new Uri("http://sp.example.com"));

            var selectedIdpCalled = false;

            options.Notifications.SelectIdentityProvider =
                (ei, r) =>
            {
                ei.Should().BeSameAs(idp.EntityId);
                r.Should().BeSameAs(relayData);
                selectedIdpCalled = true;
                return(null);
            };

            Saml2AuthenticationRequest saml2AuthenticationRequest = null;

            options.Notifications.AuthenticationRequestCreated = (a, i, r) =>
            {
                a.Should().NotBeNull();
                i.Should().BeSameAs(idp);
                r.Should().BeSameAs(relayData);
                saml2AuthenticationRequest = a;
            };

            CommandResult notifiedCommandResult = null;

            options.Notifications.SignInCommandResultCreated = (cr, r) =>
            {
                notifiedCommandResult = cr;
                r.Should().BeSameAs(relayData);
            };

            bool authenticationRequestXmlCreatedCalled = false;

            options.Notifications.AuthenticationRequestXmlCreated = (ar, xd, bt) =>
            {
                authenticationRequestXmlCreatedCalled = true;
                ar.Should().BeSameAs(saml2AuthenticationRequest);
                bt.Should().Be(Saml2BindingType.HttpRedirect);
            };

            SignInCommand.Run(idp.EntityId, null, request, options, relayData)
            .Should().BeSameAs(notifiedCommandResult);

            saml2AuthenticationRequest.Should().NotBeNull("the AuthenticationRequestCreated notification should have been called");
            selectedIdpCalled.Should().BeTrue("the SelectIdentityProvider notification should have been called.");
            authenticationRequestXmlCreatedCalled.Should().BeTrue("the AuthenticationedRequestXmlCreated should have been called.");
        }
Ejemplo n.º 6
0
        public async Task <ActionResult> Index(HomePageModel model)
        {
            if (ModelState.IsValid)
            {
                var LDAPEndpoint = ConfigurationManager.AppSettings["LDAP.Endpoint"];

                if (String.IsNullOrEmpty(LDAPEndpoint))
                {
                    throw new ConfigurationErrorsException("ConfigurationManager.AppSettings[\"LDAP.Endpoint\"] should not be null.");
                }

                var client = new HttpClient();
                var result = await client.PostAsJsonAsync(LDAPEndpoint, new { Username = model.Username, Password = model.Password });

                if (!result.IsSuccessStatusCode)
                {
                    if (result.StatusCode == HttpStatusCode.Unauthorized)
                    {
                        ModelState.AddModelError("LDAP.Endpoint", "Username or Password not valid.");
                    }
                    else
                    {
                        ModelState.AddModelError("LDAP.Endpoint", "An error has ocurred. Please contact administrator.");
                    }

                    return(View(model));
                }

                var assertionModel = AssertionModel.Create(nameId: model.Username);

                var requestData = Request.ToHttpRequestData(true);

                if (requestData.QueryString["SAMLRequest"].Any())
                {
                    var extractedMessage = Saml2Binding.Get(Saml2BindingType.HttpRedirect)
                                           .Unbind(requestData, null);

                    var request = new Saml2AuthenticationRequest(
                        extractedMessage.Data,
                        extractedMessage.RelayState);

                    assertionModel.InResponseTo = request.Id.Value;
                    assertionModel.AssertionConsumerServiceUrl = request.AssertionConsumerServiceUrl.ToString();
                    assertionModel.RelayState      = extractedMessage.RelayState;
                    assertionModel.Audience        = request.Issuer.Id;
                    assertionModel.AuthnRequestXml = extractedMessage.Data.PrettyPrint();

                    var response = assertionModel.ToSaml2Response();

                    return(Saml2Binding.Get(assertionModel.ResponseBinding)
                           .Bind(response).ToActionResult());
                }
            }

            return(View(model));
        }
Ejemplo n.º 7
0
        public void Saml2AuthenticationRequest_ToXElement_ShouldHandleNullAcsUri()
        {
            var subject = new Saml2AuthenticationRequest()
            {
                AssertionConsumerServiceUrl = null
            }.ToXElement();

            subject.Should().NotBeNull().And.Subject.Attribute("AssertionConsumerServiceURL")
            .Should().BeNull();
        }
Ejemplo n.º 8
0
        public void Saml2AuthenticationRequest_ToXElement_OmitsRequestedAuthnContext_OnNullClassRef()
        {
            var subject = new Saml2AuthenticationRequest()
            {
                AssertionConsumerServiceUrl = new Uri("http://destination.example.com"),
                RequestedAuthnContext       = new Saml2RequestedAuthnContext(null, AuthnContextComparisonType.Exact)
            }.ToXElement();

            subject.Element(Saml2Namespaces.Saml2P + "RequestedAuthnContext").Should().BeNull();
        }
Ejemplo n.º 9
0
        public void Saml2AuthenticationRequest_ForceAuthentication()
        {
            var subject = new Saml2AuthenticationRequest()
            {
                ForceAuthentication = true
            }.ToXElement();

            subject.Should().NotBeNull().And.Subject.Attribute("ForceAuthn")
            .Should().NotBeNull().And.Subject.Value.Should().Be("true");
        }
        public void Saml2AuthenticationRequest_ToXElement_AddsRequestBaseFields()
        {
            // Just checking for the id field and assuming that means that the
            // base fields are added. The details of the fields are tested
            // by Saml2RequestBaseTests.

            var x = new Saml2AuthenticationRequest().ToXElement();

            x.Should().NotBeNull().And.Subject.Attribute("ID").Should().NotBeNull();
        }
        public void Saml2AuthenticationRequest_ToXElement_AddsRequestBaseFields()
        {
            // Just checking for the id field and assuming that means that the
            // base fields are added. The details of the fields are tested
            // by Saml2RequestBaseTests.

            var x = new Saml2AuthenticationRequest().ToXElement();

            x.Should().NotBeNull().And.Subject.Attribute("ID").Should().NotBeNull();
        }
        public void Saml2AuthenticationRequest_IsPassive()
        {
            var subject = new Saml2AuthenticationRequest()
            {
                IsPassive = true
            }.ToXElement();

            subject.Should().NotBeNull().And.Subject.Attribute("IsPassive")
            .Should().NotBeNull().And.Subject.Value.Should().Be("true");
        }
Ejemplo n.º 13
0
        private void Saml2AuthenticationRequest_ToXElement_AddsProtocolBinding(AuthServices.WebSso.Saml2BindingType protocolBinding, string expectedProtocolBinding)
        {
            var subject = new Saml2AuthenticationRequest()
            {
                AssertionConsumerServiceUrl = new Uri("http://destination.example.com"),
                Binding = protocolBinding
            }.ToXElement();

            subject.Attribute("ProtocolBinding").Value.Should().Equals(expectedProtocolBinding);
        }
        public void Saml2AuthenticationRequest_AssertionConsumerServiceUrl()
        {
            string url = "http://some.example.com/Saml2AuthenticationModule/acs";
            var x = new Saml2AuthenticationRequest()
            {
                AssertionConsumerServiceUrl = new Uri(url)
            }.ToXElement();

            x.Should().NotBeNull().And.Subject.Attribute("AssertionConsumerServiceURL")
                .Should().NotBeNull().And.Subject.Value.Should().Be(url);
        }
Ejemplo n.º 15
0
        public void Saml2AuthenticationRequest_AssertionConsumerServiceUrl()
        {
            string url     = "http://some.example.com/Saml2AuthenticationModule/acs";
            var    subject = new Saml2AuthenticationRequest()
            {
                AssertionConsumerServiceUrl = new Uri(url)
            }.ToXElement();

            subject.Should().NotBeNull().And.Subject.Attribute("AssertionConsumerServiceURL")
            .Should().NotBeNull().And.Subject.Value.Should().Be(url);
        }
Ejemplo n.º 16
0
        public void Saml2AuthenticationRequest_ToXElement_ShouldCorrectSerializeAcsUri()
        {
            var url     = "http://some.example.com/Saml2AuthenticationModule/acs?RelayState=https%3A%2F%2Fmy.relaystate.nl";
            var subject = new Saml2AuthenticationRequest()
            {
                AssertionConsumerServiceUrl = new Uri(url)
            }.ToXElement();

            subject.Should().NotBeNull().And.Subject.Attribute("AssertionConsumerServiceURL")
            .Should().NotBeNull().And.Subject.Value.Should().Be(url);
        }
Ejemplo n.º 17
0
        public void Saml2AuthenticationRequest_ToXElement_NameFormatTransientForbidsAllowCreate()
        {
            var subject = new Saml2AuthenticationRequest()
            {
                AssertionConsumerServiceUrl = new Uri("http://destination.example.com"),
                NameIdPolicy = new Saml2NameIdPolicy(true, NameIdFormat.Transient)
            };

            subject.Invoking(s => s.ToXElement())
            .ShouldThrow <InvalidOperationException>()
            .And.Message.Should().Be("When NameIdPolicy/Format is set to Transient, it is not permitted to specify AllowCreate. Change Format or leave AllowCreate as null.");
        }
        public void Saml2AuthenticationRequest_Extensions()
        {
            var request = new Saml2AuthenticationRequest();

            request.ExtensionContents.Add(new XElement(XNamespace.Get("test") + "aditional"));
            var subject = request.ToXElement();

            subject.Should().NotBeNull().And.Subject
            .Element(Saml2Namespaces.Saml2P + "Extensions").Should().NotBeNull().And.Subject
            .Elements().Should().HaveCount(1).And.Subject
            .First().Name.LocalName.Should().Be("aditional");
        }
Ejemplo n.º 19
0
        public void Saml2AuthenticationRequest_ToXml_PreservesCustomChanges()
        {
            var subject = new Saml2AuthenticationRequest();

            subject.XmlCreated += (s, e) =>
            {
                e.Add(new XAttribute("CustomAttribute", "CustomValue"));
            };

            var xml = subject.ToXml();

            xml.Should().Contain("CustomAttribute=\"CustomValue\"");
        }
Ejemplo n.º 20
0
        public ActionResult Index()
        {
            var model   = AssertionModel.CreateFromConfiguration();
            var request = Saml2AuthenticationRequest.Read(Saml2Binding.Get(Saml2BindingType.HttpRedirect).Unbind(Request));

            if (request != null)
            {
                model.InResponseTo = request.Id;
                model.AssertionConsumerServiceUrl = request.AssertionConsumerServiceUrl.ToString();
            }

            return(View(model));
        }
Ejemplo n.º 21
0
        public void Saml2AuthenticationRequest_ToXElement_Scoping_NullContents_EmptyScoping()
        {
            var subject = new Saml2AuthenticationRequest()
            {
                AssertionConsumerServiceUrl = new Uri("http://destination.example.com"),
                Scoping = new Saml2Scoping()
            }.ToXElement().Element(Saml2Namespaces.Saml2P + "Scoping");

            var expected = new XElement(Saml2Namespaces.Saml2P + "root",
                                        new XAttribute(XNamespace.Xmlns + "saml2p", Saml2Namespaces.Saml2P),
                                        new XElement(Saml2Namespaces.Saml2P + "Scoping"))
                           .Elements().Single();

            subject.Should().BeEquivalentTo(expected);
        }
        public void Saml2AuthenticationRequest_ToXElement_AddsElementSaml2NameIdPolicy()
        {
            var subject = new Saml2AuthenticationRequest()
            {
                AssertionConsumerServiceUrl = new Uri("http://destination.example.com"),
                NameIdPolicy = new Saml2NameIdPolicy {
                    AllowCreate = false, Format = NameIdFormat.EmailAddress
                }
            }.ToXElement();

            XNamespace ns = "urn:oasis:names:tc:SAML:2.0:protocol";

            subject.Attribute("AttributeConsumingServiceIndex").Should().BeNull();
            subject.Should().NotBeNull().And.Subject.Element(ns + "NameIDPolicy").Should().NotBeNull();
        }
Ejemplo n.º 23
0
        public ActionResult Index(Guid?idpId)
        {
            var model = new HomePageModel
            {
                AssertionModel = AssertionModel.CreateFromConfiguration(),
            };

            if (idpId.HasValue)
            {
                var fileData = GetCachedConfiguration(idpId.Value);
                if (fileData != null)
                {
                    if (!string.IsNullOrEmpty(fileData.DefaultAssertionConsumerServiceUrl))
                    {
                        // Override default StubIdp Acs with Acs from IdpConfiguration
                        model.AssertionModel.AssertionConsumerServiceUrl = fileData.DefaultAssertionConsumerServiceUrl;
                    }
                    if (!string.IsNullOrEmpty(fileData.DefaultAssertionConsumerServiceUrl))
                    {
                        model.AssertionModel.Audience = fileData.DefaultAudience;
                    }

                    model.CustomDescription     = fileData.IdpDescription;
                    model.AssertionModel.NameId = null;
                    model.HideDetails           = fileData.HideDetails;
                }
            }

            var requestData = Request.ToHttpRequestData(false);

            if (requestData.QueryString["SAMLRequest"].Any())
            {
                var extractedMessage = Saml2Binding.Get(Saml2BindingType.HttpRedirect)
                                       .Unbind(requestData, null);

                var request = new Saml2AuthenticationRequest(
                    extractedMessage.Data,
                    extractedMessage.RelayState);

                model.AssertionModel.InResponseTo = request.Id.Value;
                model.AssertionModel.AssertionConsumerServiceUrl = request.AssertionConsumerServiceUrl.ToString();
                model.AssertionModel.RelayState      = extractedMessage.RelayState;
                model.AssertionModel.Audience        = request.Issuer.Id;
                model.AssertionModel.AuthnRequestXml = extractedMessage.Data.PrettyPrint();
            }

            return(View(model));
        }
Ejemplo n.º 24
0
        public void Saml2AuthenticationRequest_ToXElement_AddsElementSaml2NameIdPolicy_ForNameIdFormat()
        {
            var subject = new Saml2AuthenticationRequest()
            {
                AssertionConsumerServiceUrl = new Uri("http://destination.example.com"),
                NameIdPolicy = new Saml2NameIdPolicy(null, NameIdFormat.EmailAddress)
            }.ToXElement();

            var expected = new XElement(Saml2Namespaces.Saml2P + "root",
                                        new XAttribute(XNamespace.Xmlns + "saml2p", Saml2Namespaces.Saml2P),
                                        new XElement(Saml2Namespaces.Saml2P + "NameIDPolicy",
                                                     new XAttribute("Format", "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress")))
                           .Elements().Single();

            subject.Element(Saml2Namespaces.Saml2P + "NameIDPolicy")
            .Should().BeEquivalentTo(expected);
        }
Ejemplo n.º 25
0
        public void Saml2AuthenticationRequest_ToXElement_AddsElementSaml2NameIdPolicy_ForAllowCreate()
        {
            var subject = new Saml2AuthenticationRequest()
            {
                AssertionConsumerServiceUrl = new Uri("http://destination.example.com"),
                NameIdPolicy = new Saml2NameIdPolicy(false, NameIdFormat.NotConfigured)
            }.ToXElement();

            var expected = new XElement(Saml2Namespaces.Saml2P + "root",
                                        new XAttribute(XNamespace.Xmlns + "saml2p", Saml2Namespaces.Saml2P),
                                        new XElement(Saml2Namespaces.Saml2P + "NameIDPolicy",
                                                     new XAttribute("AllowCreate", false)))
                           .Elements().Single();

            subject.Attribute("AttributeConsumingServiceIndex").Should().BeNull();
            subject.Element(Saml2Namespaces.Saml2P + "NameIDPolicy")
            .Should().BeEquivalentTo(expected);
        }
Ejemplo n.º 26
0
        public void IdentityProvider_CreateAuthenticateRequest_BasicInfo()
        {
            var options = Options.FromConfiguration;

            var idp = options.IdentityProviders.Default;

            var urls    = StubFactory.CreateAuthServicesUrls();
            var subject = idp.CreateAuthenticateRequest(null, urls);

            var expected = new Saml2AuthenticationRequest()
            {
                AssertionConsumerServiceUrl = urls.AssertionConsumerServiceUrl,
                DestinationUrl = idp.SingleSignOnServiceUrl,
                Issuer         = options.SPOptions.EntityId,
                AttributeConsumingServiceIndex = 0,
            };

            subject.ShouldBeEquivalentTo(expected, opt => opt.Excluding(au => au.Id));
        }
Ejemplo n.º 27
0
        public ActionResult Index()
        {
            var model = AssertionModel.CreateFromConfiguration();

            var requestData = Request.ToHttpRequestData();

            if (requestData.QueryString["SAMLRequest"].Any())
            {
                var decodedXmlData = Saml2Binding.Get(Saml2BindingType.HttpRedirect)
                                     .Unbind(requestData);

                var request = Saml2AuthenticationRequest.Read(decodedXmlData);

                model.InResponseTo = request.Id;
                model.AssertionConsumerServiceUrl = request.AssertionConsumerServiceUrl.ToString();
                model.AuthnRequestXml             = decodedXmlData;
            }

            return(View(model));
        }
Ejemplo n.º 28
0
        public void Saml2AuthenticationRequest_Read_NoACS()
        {
            var xmlData = @"<?xml version=""1.0"" encoding=""UTF-8""?>
<samlp:AuthnRequest
  xmlns:samlp=""urn:oasis:names:tc:SAML:2.0:protocol""
  xmlns:saml=""urn:oasis:names:tc:SAML:2.0:assertion""
  ID=""Saml2AuthenticationRequest_Read_NoACS""
  Version=""2.0""
  Destination=""http://destination.example.com""
  IssueInstant=""2004-12-05T09:21:59Z"">
  <saml:Issuer>https://sp.example.com/SAML2</saml:Issuer>
/>
</samlp:AuthnRequest>
";

            var subject = Saml2AuthenticationRequest.Read(xmlData, null);

            subject.Id.Should().Be(new Saml2Id("Saml2AuthenticationRequest_Read_NoACS"));
            subject.AssertionConsumerServiceUrl.Should().Be(null);
        }
Ejemplo n.º 29
0
        public void Saml2AuthenticationRequest_Read_NoFormat()
        {
            var xmlData = @"<?xml version=""1.0"" encoding=""UTF-8""?>
<saml2p:AuthnRequest xmlns:saml2p=""urn:oasis:names:tc:SAML:2.0:protocol""
                     xmlns:saml2 =""urn:oasis:names:tc:SAML:2.0:assertion""
                     ID=""ide3c2f1c88255463ab4eb1b158fa6f616""
                     Version=""2.0""
                     IssueInstant=""2016-01-25T13:01:09Z""
                     Destination=""http://destination.example.com""
                     AssertionConsumerServiceURL=""https://sp.example.com/SAML2/Acs""
                     >
    <saml2:Issuer>https://sp.example.com/SAML2</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate = ""false""/>
   </saml2p:AuthnRequest>";

            var subject = Saml2AuthenticationRequest.Read(xmlData, null);

            subject.NameIdPolicy.AllowCreate.Should().Be(false);
            subject.NameIdPolicy.Format.Should().Be(NameIdFormat.NotConfigured);
        }
Ejemplo n.º 30
0
        private void Saml2AuthenticationRequest_ToXElement_AddsRequestedAuthnContextUtil(AuthnContextComparisonType comparisonType, string expectedComparisonType)
        {
            var classRef = "http://www.kentor.se";
            var subject  = new Saml2AuthenticationRequest()
            {
                AssertionConsumerServiceUrl = new Uri("http://destination.example.com"),
                RequestedAuthnContext       = new Saml2RequestedAuthnContext(new Uri(classRef), comparisonType)
            }.ToXElement();

            var expected = new XElement(Saml2Namespaces.Saml2P + "root",
                                        new XAttribute(XNamespace.Xmlns + "saml2p", Saml2Namespaces.Saml2P),
                                        new XAttribute(XNamespace.Xmlns + "saml2", Saml2Namespaces.Saml2),
                                        new XElement(Saml2Namespaces.Saml2P + "RequestedAuthnContext",
                                                     new XAttribute("Comparison", expectedComparisonType),
                                                     new XElement(Saml2Namespaces.Saml2 + "AuthnContextClassRef", classRef)))
                           .Elements().Single();

            var actual = subject.Element(Saml2Namespaces.Saml2P + "RequestedAuthnContext");

            actual.Should().BeEquivalentTo(expected);
        }
Ejemplo n.º 31
0
        public void Saml2AuthenticationRequest_Read_ShouldThrowOnInvalidMessageName()
        {
            var xmlData = @"<?xml version=""1.0"" encoding=""UTF-8""?>
<samlp:NotAuthnRequest
  xmlns:samlp=""urn:oasis:names:tc:SAML:2.0:protocol""
  xmlns:saml=""urn:oasis:names:tc:SAML:2.0:assertion""
  ID=""Saml2AuthenticationRequest_Read_ShouldThrowOnInvalidMessageName""
  Version=""2.0""
  Destination=""http://destination.example.com""
  AssertionConsumerServiceURL=""https://sp.example.com/SAML2/Acs""
  IssueInstant=""2004-12-05T09:21:59Z""
  InResponseTo=""111222333"">
  <saml:Issuer>https://sp.example.com/SAML2</saml:Issuer>
/>
</samlp:NotAuthnRequest>
";

            Action a = () => Saml2AuthenticationRequest.Read(xmlData, null);

            a.ShouldThrow <XmlException>().WithMessage("Expected a SAML2 authentication request document");
        }
Ejemplo n.º 32
0
        public void Saml2AuthenticationRequest_ToXElement_Scoping_ZeroProxyCount_AttributeAdded()
        {
            var subject = new Saml2AuthenticationRequest()
            {
                AssertionConsumerServiceUrl = new Uri("http://destination.example.com"),
                Scoping = new Saml2Scoping()
                {
                    ProxyCount = 0
                }
            };

            var actual = subject.ToXElement().Element(Saml2Namespaces.Saml2P + "Scoping");

            var expected = new XElement(Saml2Namespaces.Saml2P + "root",
                                        new XAttribute(XNamespace.Xmlns + "saml2p", Saml2Namespaces.Saml2P),
                                        new XElement(Saml2Namespaces.Saml2P + "Scoping",
                                                     new XAttribute("ProxyCount", "0")))
                           .Elements().Single();

            actual.Should().BeEquivalentTo(expected);
        }
Ejemplo n.º 33
0
        public ActionResult Index(Guid?idpId)
        {
            var requestData = Request.ToHttpRequestData();

            if (requestData.QueryString["SAMLRequest"].Any())
            {
                var decodedXmlData = Saml2Binding.Get(Saml2BindingType.HttpRedirect)
                                     .Unbind(requestData);

                var request = Saml2AuthenticationRequest.Read(decodedXmlData);

                var model = new AssertionModel();

                model.InResponseTo = request.Id;
                model.AssertionConsumerServiceUrl = request.AssertionConsumerServiceUrl.ToString();
                model.AuthnRequestXml             = decodedXmlData;
                model.NameId = ((ClaimsIdentity)User.Identity).Name;

                var manager = SessionManager.Instance;


                var response = model.ToSaml2Response();

                manager.AddSession(model.NameId, new Session()
                {
                    Id        = Guid.Parse(request.Id.Substring(2)),
                    Ip        = Request.UserHostAddress,
                    UserAgent = Request.UserAgent,
                    LogoutUrl = request.Issuer.Id,
                    Issuer    = response.Issuer.Id
                });

                var commandResult = Saml2Binding.Get(Saml2BindingType.HttpPost)
                                    .Bind(response);

                return(commandResult.ToActionResult());
            }

            throw new InvalidOperationException();
        }
Ejemplo n.º 34
0
        /// <summary>
        /// Create an authenticate request aimed for this idp.
        /// </summary>
        /// <param name="returnUrl">The return url where the browser should be sent after
        /// successful authentication.</param>
        /// <param name="authServicesUrls">Urls for AuthServices, used to populate fields
        /// in the created AuthnRequest</param>
        /// <param name="relayData">Aux data that should be preserved across the authentication</param>
        /// <returns>AuthnRequest</returns>
        public Saml2AuthenticationRequest CreateAuthenticateRequest(
            Uri returnUrl,
            AuthServicesUrls authServicesUrls,
            object relayData)
        {
            if (authServicesUrls == null)
            {
                throw new ArgumentNullException("authServicesUrls");
            }

            var authnRequest = new Saml2AuthenticationRequest()
            {
                DestinationUrl = SingleSignOnServiceUrl,
                AssertionConsumerServiceUrl = authServicesUrls.AssertionConsumerServiceUrl,
                Issuer = spOptions.EntityId,
                // For now we only support one attribute consuming service.
                AttributeConsumingServiceIndex = spOptions.AttributeConsumingServices.Any() ? 0 : (int?)null
            };

            var responseData = new StoredRequestState(EntityId, returnUrl, relayData);

            PendingAuthnRequests.Add(new Saml2Id(authnRequest.Id), responseData);

            return authnRequest;
        }
Ejemplo n.º 35
0
        public Saml2AuthenticationRequest CreateAuthenticateRequest(
            Uri returnUrl,
            AuthServicesUrls authServicesUrls,
            object relayData)
        {
            if (authServicesUrls == null)
            {
                throw new ArgumentNullException(nameof(authServicesUrls));
            }

            var authnRequest = new Saml2AuthenticationRequest()
            {
                DestinationUrl = SingleSignOnServiceUrl,
                AssertionConsumerServiceUrl = authServicesUrls.AssertionConsumerServiceUrl,
                Issuer = spOptions.EntityId,
                // For now we only support one attribute consuming service.
                AttributeConsumingServiceIndex = spOptions.AttributeConsumingServices.Any() ? 0 : (int?)null,
            };

            if(spOptions.AuthenticateRequestSigningBehavior == SigningBehavior.Always)
            {
                if(spOptions.SigningServiceCertificate == null)
                {
                    throw new ConfigurationErrorsException(
                        string.Format(
                            CultureInfo.InvariantCulture,
                            "Idp \"{0}\" is configured for signed AuthenticateRequests, but ServiceCertificates configuration contains no certificate with usage \"Signing\" or \"Both\".",
                            EntityId.Id));
                }

                authnRequest.SigningCertificate = spOptions.SigningServiceCertificate;
            }

            var responseData = new StoredRequestState(EntityId, returnUrl, authnRequest.Id, relayData);

            PendingAuthnRequests.Add(authnRequest.RelayState, responseData);

            return authnRequest;
        }
Ejemplo n.º 36
0
        public Saml2AuthenticationRequest CreateAuthenticateRequest(
            AuthServicesUrls authServicesUrls)
        {
            if (authServicesUrls == null)
            {
                throw new ArgumentNullException(nameof(authServicesUrls));
            }

            var authnRequest = new Saml2AuthenticationRequest()
            {
                DestinationUrl = SingleSignOnServiceUrl,
                AssertionConsumerServiceUrl = authServicesUrls.AssertionConsumerServiceUrl,
                Issuer = spOptions.EntityId,
                // For now we only support one attribute consuming service.
                AttributeConsumingServiceIndex = spOptions.AttributeConsumingServices.Any() ? 0 : (int?)null,
                NameIdPolicy = spOptions.NameIdPolicy,
                RequestedAuthnContext = spOptions.RequestedAuthnContext
            };

            if (spOptions.AuthenticateRequestSigningBehavior == SigningBehavior.Always
                || (spOptions.AuthenticateRequestSigningBehavior == SigningBehavior.IfIdpWantAuthnRequestsSigned
                && WantAuthnRequestsSigned))
            {
                if (spOptions.SigningServiceCertificate == null)
                {
                    throw new ConfigurationErrorsException(
                        string.Format(
                            CultureInfo.InvariantCulture,
                            "Idp \"{0}\" is configured for signed AuthenticateRequests, but ServiceCertificates configuration contains no certificate with usage \"Signing\" or \"Both\". To resolve this issue you can a) add a service certificate with usage \"Signing\" or \"Both\" (default if not specified is \"Both\") or b) Set the AuthenticateRequestSigningBehavior configuration property to \"Never\".",
                            EntityId.Id));
                }

                authnRequest.SigningCertificate = spOptions.SigningServiceCertificate;
            }

            return authnRequest;
        }