public Saml2LogoutResponse GetLogoutResponse(string providerName) { var signingCertificate = _configurationProvider.GetIdentityProviderSigningCertificate(providerName); var key = signingCertificate.PublicKey.Key; if (key == null) { throw new ArgumentNullException(nameof(key)); } var response = new Saml2LogoutResponse(); var parser = new HttpRedirectBindingParser(Uri); response.OriginalLogoutRequest = parser.LogoutRequest; if (!parser.IsSigned) { response.StatusCode = Saml2Constants.StatusCodes.RequestDenied; } // Validates the signature using the public part of the asymmetric key given as parameter. var signatureProvider = _signatureProviderFactory.CreateFromAlgorithmUri(key.GetType(), parser.SignatureAlgorithm); if (!signatureProvider.VerifySignature( key, Encoding.UTF8.GetBytes(parser.SignedQuery), parser.DecodeSignature())) { response.StatusCode = Saml2Constants.StatusCodes.RequestDenied; } response.StatusCode = Saml2Constants.StatusCodes.Success; return(response); }
public string GetLogoutResponseUrl(Saml2LogoutResponse logoutResponse, string relayState) { var signingCertificate = _certificateProvider.GetCertificate(); var response = _saml2MessageFactory.CreateLogoutResponse(logoutResponse.StatusCode, logoutResponse.OriginalLogoutRequest.ID); return(_httpRedirectBinding.BuildLogoutResponseUrl(response, signingCertificate.ServiceProvider.PrivateKey, _identityProviderConfiguration.HashingAlgorithm, relayState)); }