// Process the artifact resolve request received from the identity provider in response // to the artifact sent by the service provider. private void ProcessArtifactResolve() { Trace.Write("IdP", "Processing artifact resolve request"); // Receive the artifact resolve request. XmlElement artifactResolveXml = ArtifactResolver.ReceiveArtifactResolve(Request); ArtifactResolve artifactResolve = new ArtifactResolve(artifactResolveXml); // Get the artifact. HTTPArtifactType4 httpArtifact = new HTTPArtifactType4(artifactResolve.Artifact.ArtifactValue); // Remove the artifact state from the cache. HTTPArtifactState httpArtifactState = HTTPArtifactStateCache.Remove(httpArtifact); if (httpArtifactState == null) { throw new ArgumentException("Invalid artifact."); } // Create an artifact response containing the cached SAML message. ArtifactResponse artifactResponse = new ArtifactResponse(); artifactResponse.Issuer = new Issuer(CreateAbsoluteURL("~/")); artifactResponse.SAMLMessage = httpArtifactState.SAMLMessage; XmlElement artifactResponseXml = artifactResponse.ToXml(); // Send the artifact response. ArtifactResolver.SendArtifactResponse(Response, artifactResponseXml); Trace.Write("IdP", "Processed artifact resolve request"); }
// Initiate the SSO by sending an authentication request to the identity provider. private void RequestLoginAtIdentityProvider() { // Create the authentication request. XmlElement authnRequestXml = CreateAuthnRequest(); // Create and cache the relay state so we remember which SP resource the user wishes // to access after SSO. string spResourceURL = CreateAbsoluteURL(FormsAuthentication.GetRedirectUrl("", false)); string relayState = RelayStateCache.Add(new RelayState(spResourceURL, null)); // Send the authentication request to the identity provider over the selected binding. string idpURL = CreateSSOServiceURL(); switch (spToIdPBindingRadioButtonList.SelectedValue) { case SAMLIdentifiers.BindingURIs.HTTPRedirect: X509Certificate2 x509Certificate = (X509Certificate2)Application[Global.SPX509Certificate]; ServiceProvider.SendAuthnRequestByHTTPRedirect(Response, idpURL, authnRequestXml, relayState, x509Certificate.PrivateKey); break; case SAMLIdentifiers.BindingURIs.HTTPPost: ServiceProvider.SendAuthnRequestByHTTPPost(Response, idpURL, authnRequestXml, relayState); // Don't send this form. Response.End(); break; case SAMLIdentifiers.BindingURIs.HTTPArtifact: // Create the artifact. string identificationURL = CreateAbsoluteURL("~/"); HTTPArtifactType4 httpArtifact = new HTTPArtifactType4(HTTPArtifactType4.CreateSourceId(identificationURL), HTTPArtifactType4.CreateMessageHandle()); // Cache the authentication request for subsequent sending using the artifact resolution protocol. HTTPArtifactState httpArtifactState = new HTTPArtifactState(authnRequestXml, null); HTTPArtifactStateCache.Add(httpArtifact, httpArtifactState); // Send the artifact. ServiceProvider.SendArtifactByHTTPArtifact(Response, idpURL, httpArtifact, relayState, false); break; } }
// Send the SAML response over the specified binding. private void SendSAMLResponse(SAMLResponse samlResponse, SSOState ssoState) { Trace.Write("IdP", "Sending SAML response"); // Serialize the SAML response for transmission. XmlElement samlResponseXml = samlResponse.ToXml(); // Sign the SAML response X509Certificate2 x509Certificate = (X509Certificate2)Application[Global.IdPX509Certificate]; SAMLMessageSignature.Generate(samlResponseXml, x509Certificate.PrivateKey, x509Certificate); // Send the SAML response to the service provider. switch (ssoState.idpProtocolBinding) { case SAMLIdentifiers.Binding.HTTPPost: IdentityProvider.SendSAMLResponseByHTTPPost(Response, ssoState.assertionConsumerServiceURL, samlResponseXml, ssoState.relayState); break; case SAMLIdentifiers.Binding.HTTPArtifact: // Create the artifact. string identificationURL = CreateAbsoluteURL("~/"); HTTPArtifactType4 httpArtifact = new HTTPArtifactType4(HTTPArtifactType4.CreateSourceId(identificationURL), HTTPArtifactType4.CreateMessageHandle()); // Cache the authentication request for subsequent sending using the artifact resolution protocol. HTTPArtifactState httpArtifactState = new HTTPArtifactState(samlResponseXml, null); HTTPArtifactStateCache.Add(httpArtifact, httpArtifactState); // Send the artifact. IdentityProvider.SendArtifactByHTTPArtifact(Response, ssoState.assertionConsumerServiceURL, httpArtifact, ssoState.relayState, false); break; default: Trace.Write("IdP", "Invalid identity provider binding"); break; } Trace.Write("IdP", "Sent SAML response"); }
// Send the SAML response over the specified binding. private void SendSAMLResponse(SAMLResponse samlResponse, SSOState ssoState) { Trace.Write("IdP", "Sending SAML response"); // Serialize the SAML response for transmission. XmlElement samlResponseXml = samlResponse.ToXml(); // Sign the SAML response X509Certificate2 x509Certificate = (X509Certificate2) Application[Global.IdPX509Certificate]; SAMLMessageSignature.Generate(samlResponseXml, x509Certificate.PrivateKey, x509Certificate); // Send the SAML response to the service provider. switch (ssoState.idpProtocolBinding) { case SAMLIdentifiers.Binding.HTTPPost: IdentityProvider.SendSAMLResponseByHTTPPost(Response, ssoState.assertionConsumerServiceURL, samlResponseXml, ssoState.relayState); break; case SAMLIdentifiers.Binding.HTTPArtifact: // Create the artifact. string identificationURL = CreateAbsoluteURL("~/"); HTTPArtifactType4 httpArtifact = new HTTPArtifactType4(HTTPArtifactType4.CreateSourceId(identificationURL), HTTPArtifactType4.CreateMessageHandle()); // Cache the authentication request for subsequent sending using the artifact resolution protocol. HTTPArtifactState httpArtifactState = new HTTPArtifactState(samlResponseXml, null); HTTPArtifactStateCache.Add(httpArtifact, httpArtifactState); // Send the artifact. IdentityProvider.SendArtifactByHTTPArtifact(Response, ssoState.assertionConsumerServiceURL, httpArtifact, ssoState.relayState, false); break; default: Trace.Write("IdP", "Invalid identity provider binding"); break; } Trace.Write("IdP", "Sent SAML response"); }
// Initiate the SSO by sending an authentication request to the identity provider. private void RequestLoginAtIdentityProvider() { // Create the authentication request. XmlElement authnRequestXml = CreateAuthnRequest(); // Create and cache the relay state so we remember which SP resource the user wishes // to access after SSO. string spResourceURL = CreateAbsoluteURL(FormsAuthentication.GetRedirectUrl("", false)); string relayState = RelayStateCache.Add(new RelayState(spResourceURL, null)); // Send the authentication request to the identity provider over the selected binding. string idpURL = CreateSSOServiceURL(); switch (spToIdPBindingRadioButtonList.SelectedValue) { case SAMLIdentifiers.BindingURIs.HTTPRedirect: X509Certificate2 x509Certificate = (X509Certificate2) Application[Global.SPX509Certificate]; ServiceProvider.SendAuthnRequestByHTTPRedirect(Response, idpURL, authnRequestXml, relayState, x509Certificate.PrivateKey); break; case SAMLIdentifiers.BindingURIs.HTTPPost: ServiceProvider.SendAuthnRequestByHTTPPost(Response, idpURL, authnRequestXml, relayState); // Don't send this form. Response.End(); break; case SAMLIdentifiers.BindingURIs.HTTPArtifact: // Create the artifact. string identificationURL = CreateAbsoluteURL("~/"); HTTPArtifactType4 httpArtifact = new HTTPArtifactType4(HTTPArtifactType4.CreateSourceId(identificationURL), HTTPArtifactType4.CreateMessageHandle()); // Cache the authentication request for subsequent sending using the artifact resolution protocol. HTTPArtifactState httpArtifactState = new HTTPArtifactState(authnRequestXml, null); HTTPArtifactStateCache.Add(httpArtifact, httpArtifactState); // Send the artifact. ServiceProvider.SendArtifactByHTTPArtifact(Response, idpURL, httpArtifact, relayState, false); break; } }