public string ToXml(Saml2Assertion assertion)
{
var tokenHandlers = new Saml2SecurityTokenHandler();
var stringBuilder = new StringBuilder();
using (var xmlWriter = new XmlTextWriter(new StringWriter(stringBuilder)))
{
var token = new Saml2SecurityToken(assertion);
tokenHandlers.WriteToken(xmlWriter, token);
return stringBuilder.ToString();
}
}
public void Saml2Response_GetClaims_CorrectEncryptedSingleAssertion_UsingWIF()
{
var response =
@"<saml2p:Response xmlns:saml2p=""urn:oasis:names:tc:SAML:2.0:protocol""
xmlns:saml2=""urn:oasis:names:tc:SAML:2.0:assertion""
ID = """ + MethodBase.GetCurrentMethod().Name + @""" Version=""2.0"" IssueInstant=""2013-01-01T00:00:00Z"">
<saml2:Issuer>https://idp.example.com</saml2:Issuer>
<saml2p:Status>
<saml2p:StatusCode Value=""urn:oasis:names:tc:SAML:2.0:status:Success"" />
</saml2p:Status>
{0}
</saml2p:Response>";
var assertion = new Saml2Assertion(new Saml2NameIdentifier("https://idp.example.com"));
assertion.Subject = new Saml2Subject(new Saml2NameIdentifier("WIFUser"));
assertion.Subject.SubjectConfirmations.Add(new Saml2SubjectConfirmation(new Uri("urn:oasis:names:tc:SAML:2.0:cm:bearer")));
assertion.Conditions = new Saml2Conditions { NotOnOrAfter = new DateTime(2100, 1, 1) };
var token = new Saml2SecurityToken(assertion);
var handler = new Saml2SecurityTokenHandler();
assertion.SigningCredentials = new X509SigningCredentials(SignedXmlHelper.TestCert,
signatureAlgorithm: SecurityAlgorithms.RsaSha1Signature,
digestAlgorithm: SecurityAlgorithms.Sha1Digest);
assertion.EncryptingCredentials = new EncryptedKeyEncryptingCredentials(
SignedXmlHelper.TestCert2,
keyWrappingAlgorithm: SecurityAlgorithms.RsaOaepKeyWrap,
keySizeInBits: 256,
encryptionAlgorithm: SecurityAlgorithms.Aes192Encryption);
string assertionXml = String.Empty;
using (var sw = new StringWriter())
{
using (var xw = XmlWriter.Create(sw, new XmlWriterSettings { OmitXmlDeclaration = true }))
{
handler.WriteToken(xw, token);
}
assertionXml = sw.ToString();
}
var responseWithAssertion = string.Format(response, assertionXml);
var claims = Saml2Response.Read(responseWithAssertion).GetClaims(Options.FromConfiguration);
claims.Count().Should().Be(1);
claims.First().FindFirst(ClaimTypes.NameIdentifier).Value.Should().Be("WIFUser");
}
private void CreateSaml2Tokens( SecurityTokenDescriptor tokenDescriptor )
{
Saml2SecurityTokenHandler samlTokenHandler = new Saml2SecurityTokenHandler();
Saml2SecurityToken token = samlTokenHandler.CreateToken( tokenDescriptor ) as Saml2SecurityToken;
MemoryStream ms = new MemoryStream();
XmlDictionaryWriter writer = XmlDictionaryWriter.CreateTextWriter( ms );
samlTokenHandler.WriteToken( writer, token );
}
private void RunValidationTests( SecurityTokenDescriptor tokenDescriptor, SecurityToken securityToken, SecurityKey key, int iterations, bool display = true )
{
// Create jwts using wif
// Create Saml2 tokens
// Create Saml tokens
DateTime started;
string validating = "Validating, signed: '{0}', '{1}' Tokens. Time: '{2}'";
SetReturnSecurityTokenResolver str = new Test.SetReturnSecurityTokenResolver( securityToken, key );
SecurityTokenHandlerConfiguration tokenHandlerConfiguration = new SecurityTokenHandlerConfiguration()
{
IssuerTokenResolver = str,
SaveBootstrapContext = true,
CertificateValidator = AlwaysSucceedCertificateValidator.New,
AudienceRestriction = new AudienceRestriction( AudienceUriMode.Never ),
IssuerNameRegistry = new SetNameIssuerNameRegistry( Issuers.GotJwt ),
};
Saml2SecurityTokenHandler samlTokenHandler = new Saml2SecurityTokenHandler();
Saml2SecurityToken token = samlTokenHandler.CreateToken( tokenDescriptor ) as Saml2SecurityToken;
StringBuilder sb = new StringBuilder();
XmlWriter writer = XmlWriter.Create(sb);
samlTokenHandler.WriteToken( writer, token );
writer.Flush();
writer.Close();
string tokenXml = sb.ToString();
samlTokenHandler.Configuration = tokenHandlerConfiguration;
started = DateTime.UtcNow;
for ( int i = 0; i < iterations; i++ )
{
StringReader sr = new StringReader( tokenXml );
XmlDictionaryReader reader = XmlDictionaryReader.CreateDictionaryReader( XmlReader.Create( sr ) );
reader.MoveToContent();
SecurityToken saml2Token = samlTokenHandler.ReadToken( reader );
samlTokenHandler.ValidateToken( saml2Token );
}
if ( display )
{
Console.WriteLine( string.Format( validating, "Saml2SecurityTokenHandler", iterations, DateTime.UtcNow - started ) );
}
JwtSecurityTokenHandler jwtTokenHandler = new JwtSecurityTokenHandler();
JwtSecurityToken jwt = jwtTokenHandler.CreateToken( tokenDescriptor ) as JwtSecurityToken;
jwtTokenHandler.Configuration = tokenHandlerConfiguration;
started = DateTime.UtcNow;
for ( int i = 0; i < iterations; i++ )
{
jwtTokenHandler.ValidateToken( jwt.RawData );
}
if ( display )
{
Console.WriteLine( string.Format( validating, "JwtSecurityTokenHandle - ValidateToken( jwt.RawData )", iterations, DateTime.UtcNow - started ) );
}
jwt = jwtTokenHandler.CreateToken( tokenDescriptor ) as JwtSecurityToken;
sb = new StringBuilder();
writer = XmlWriter.Create(sb);
jwtTokenHandler.WriteToken( writer, jwt );
writer.Flush();
writer.Close();
tokenXml = sb.ToString();
started = DateTime.UtcNow;
for ( int i = 0; i<iterations; i++ )
{
StringReader sr = new StringReader( tokenXml );
XmlDictionaryReader reader = XmlDictionaryReader.CreateDictionaryReader( XmlReader.Create( sr ) );
reader.MoveToContent();
SecurityToken jwtToken = jwtTokenHandler.ReadToken( reader );
jwtTokenHandler.ValidateToken( jwtToken );
}
if ( display )
{
Console.WriteLine( string.Format( validating, "JwtSecurityTokenHandle - ReadToken( reader ), ValidateToken( jwtToken )", iterations, DateTime.UtcNow - started ) );
}
started = DateTime.UtcNow;
for ( int i = 0; i < iterations; i++ )
{
StringReader sr = new StringReader( tokenXml );
XmlDictionaryReader reader = XmlDictionaryReader.CreateDictionaryReader( XmlReader.Create( sr ) );
reader.MoveToContent();
JwtSecurityToken jwtToken = jwtTokenHandler.ReadToken( reader ) as JwtSecurityToken;
jwtTokenHandler.ValidateToken( jwtToken.RawData );
}
if ( display )
{
Console.WriteLine( string.Format( validating, "JwtSecurityTokenHandle - ReadToken( reader ), ValidateToken( jwtToken.RawData )", iterations, DateTime.UtcNow - started ) );
}
}
