private static string Serialize(Saml2AuthenticationRequest request)
{
using (var compressed = new MemoryStream())
{
using (var writer = new StreamWriter(new DeflateStream(compressed, CompressionLevel.Optimal, true)))
{
writer.Write(request.ToXElement().ToString());
}
return(HttpUtility.UrlEncode(Convert.ToBase64String(compressed.GetBuffer())));
}
}
private static string Serialize(Saml2AuthenticationRequest request)
{
using (var compressed = new MemoryStream())
{
using (var writer = new StreamWriter(new DeflateStream(compressed, CompressionLevel.Optimal, true)))
{
writer.Write(request.ToXElement().ToString());
}
return HttpUtility.UrlEncode(Convert.ToBase64String(compressed.GetBuffer()));
}
}
public override CommandResult Bind(Saml2AuthenticationRequest request)
{
var serializedReqeust = Serialize(request);
var redirectUri = new Uri(request.DestinationUri.ToString()
+ "?SAMLRequest=" + serializedReqeust);
return(new CommandResult()
{
HttpStatusCode = HttpStatusCode.SeeOther,
Location = redirectUri
});
}
public Saml2AuthenticationRequest CreateAuthenticateRequest()
{
var request = new Saml2AuthenticationRequest()
{
DestinationUri = DestinationUri,
AssertionConsumerServiceUrl = KentorAuthServicesSection.Current.AssertionConsumerServiceUrl,
Issuer = KentorAuthServicesSection.Current.Issuer
};
PendingAuthnRequests.Add(new Saml2Id(request.Id), Issuer);
return(request);
}
public override CommandResult Bind(Saml2AuthenticationRequest request)
{
var serializedReqeust = Serialize(request);
var redirectUri = new Uri(request.DestinationUri.ToString()
+ "?SAMLRequest=" + serializedReqeust);
return new CommandResult()
{
HttpStatusCode = HttpStatusCode.SeeOther,
Location = redirectUri
};
}
public Saml2AuthenticationRequest CreateAuthenticateRequest(Uri returnUri)
{
var request = new Saml2AuthenticationRequest()
{
DestinationUri = AssertionConsumerServiceUrl,
AssertionConsumerServiceUrl = KentorAuthServicesSection.Current.AssertionConsumerServiceUrl,
Issuer = KentorAuthServicesSection.Current.EntityId
};
var responseData = new StoredRequestState(EntityId, returnUri);
PendingAuthnRequests.Add(new Saml2Id(request.Id), responseData);
return(request);
}
public Saml2AuthenticationRequest CreateAuthenticateRequest(
Uri returnUrl,
AuthServicesUrls authServicesUrls,
object relayData)
{
if (authServicesUrls == null)
{
throw new ArgumentNullException(nameof(authServicesUrls));
}
var authnRequest = new Saml2AuthenticationRequest()
{
DestinationUrl = SingleSignOnServiceUrl,
AssertionConsumerServiceUrl = authServicesUrls.AssertionConsumerServiceUrl,
Issuer = spOptions.EntityId,
// For now we only support one attribute consuming service.
AttributeConsumingServiceIndex = spOptions.AttributeConsumingServices.Any() ? 0 : (int?)null,
NameIdPolicy = spOptions.NameIdPolicy,
RequestedAuthnContext = spOptions.RequestedAuthnContext
};
if (spOptions.AuthenticateRequestSigningBehavior == SigningBehavior.Always ||
(spOptions.AuthenticateRequestSigningBehavior == SigningBehavior.IfIdpWantAuthnRequestsSigned &&
WantAuthnRequestsSigned))
{
if (spOptions.SigningServiceCertificate == null)
{
throw new ConfigurationErrorsException(
string.Format(
CultureInfo.InvariantCulture,
"Idp \"{0}\" is configured for signed AuthenticateRequests, but ServiceCertificates configuration contains no certificate with usage \"Signing\" or \"Both\".",
EntityId.Id));
}
authnRequest.SigningCertificate = spOptions.SigningServiceCertificate;
}
var requestState = new StoredRequestState(EntityId, returnUrl, authnRequest.Id, relayData);
PendingAuthnRequests.Add(authnRequest.RelayState, requestState);
return(authnRequest);
}
/// <summary>
/// Create an authenticate request aimed for this idp.
/// </summary>
/// <param name="authServicesUrls">Urls for AuthServices, used to populate fields
/// in the created AuthnRequest</param>
/// <returns>AuthnRequest</returns>
public Saml2AuthenticationRequest CreateAuthenticateRequest(
AuthServicesUrls authServicesUrls)
{
if (authServicesUrls == null)
{
throw new ArgumentNullException("authServicesUrls");
}
var authnRequest = new Saml2AuthenticationRequest()
{
DestinationUrl = SingleSignOnServiceUrl,
AssertionConsumerServiceUrl = authServicesUrls.AssertionConsumerServiceUrl,
Issuer = spOptions.EntityId,
// For now we only support one attribute consuming service.
AttributeConsumingServiceIndex = spOptions.AttributeConsumingServices.Any() ? 0 : (int?)null
};
return(authnRequest);
}
public Saml2AuthenticationRequest CreateAuthenticateRequest(
AuthServicesUrls authServicesUrls)
{
if (authServicesUrls == null)
{
throw new ArgumentNullException(nameof(authServicesUrls));
}
var authnRequest = new Saml2AuthenticationRequest()
{
DestinationUrl = SingleSignOnServiceUrl,
AssertionConsumerServiceUrl = authServicesUrls.AssertionConsumerServiceUrl,
Issuer = spOptions.EntityId,
// For now we only support one attribute consuming service.
AttributeConsumingServiceIndex = spOptions.AttributeConsumingServices.Any() ? 0 : (int?)null,
NameIdPolicy = spOptions.NameIdPolicy,
RequestedAuthnContext = spOptions.RequestedAuthnContext,
SigningAlgorithm = this.OutboundSigningAlgorithm
};
if (spOptions.AuthenticateRequestSigningBehavior == SigningBehavior.Always ||
(spOptions.AuthenticateRequestSigningBehavior == SigningBehavior.IfIdpWantAuthnRequestsSigned &&
WantAuthnRequestsSigned))
{
if (spOptions.SigningServiceCertificate == null)
{
throw new ConfigurationErrorsException(
string.Format(
CultureInfo.InvariantCulture,
"Idp \"{0}\" is configured for signed AuthenticateRequests, but ServiceCertificates configuration contains no certificate with usage \"Signing\" or \"Both\". To resolve this issue you can a) add a service certificate with usage \"Signing\" or \"Both\" (default if not specified is \"Both\") or b) Set the AuthenticateRequestSigningBehavior configuration property to \"Never\".",
EntityId.Id));
}
authnRequest.SigningCertificate = spOptions.SigningServiceCertificate;
}
return(authnRequest);
}
public virtual CommandResult Bind(Saml2AuthenticationRequest request)
{
throw new NotImplementedException();
}
public CommandResult Bind(Saml2AuthenticationRequest request)
{
return(Saml2Binding.Get(Binding).Bind(request));
}
public Saml2AuthenticationRequest CreateAuthenticateRequest()
{
var request = new Saml2AuthenticationRequest()
{
DestinationUri = DestinationUri,
AssertionConsumerServiceUrl = KentorAuthServicesSection.Current.AssertionConsumerServiceUrl,
Issuer = KentorAuthServicesSection.Current.Issuer
};
PendingAuthnRequests.Add(new Saml2Id(request.Id), Issuer);
return request;
}
public CommandResult Bind(Saml2AuthenticationRequest request)
{
return Saml2Binding.Get(Binding).Bind(request);
}
public virtual CommandResult Bind(Saml2AuthenticationRequest request)
{
throw new NotImplementedException();
}
