// Process the artifact resolve request received from the identity provider in response
// to the artifact sent by the service provider.
private void ProcessArtifactResolve()
{
Trace.Write("IdP", "Processing artifact resolve request");
// Receive the artifact resolve request.
XmlElement artifactResolveXml = ArtifactResolver.ReceiveArtifactResolve(Request);
ArtifactResolve artifactResolve = new ArtifactResolve(artifactResolveXml);
// Get the artifact.
HTTPArtifactType4 httpArtifact = new HTTPArtifactType4(artifactResolve.Artifact.ArtifactValue);
// Remove the artifact state from the cache.
HTTPArtifactState httpArtifactState = HTTPArtifactStateCache.Remove(httpArtifact);
if (httpArtifactState == null)
{
throw new ArgumentException("Invalid artifact.");
}
// Create an artifact response containing the cached SAML message.
ArtifactResponse artifactResponse = new ArtifactResponse();
artifactResponse.Issuer = new Issuer(CreateAbsoluteURL("~/"));
artifactResponse.SAMLMessage = httpArtifactState.SAMLMessage;
XmlElement artifactResponseXml = artifactResponse.ToXml();
// Send the artifact response.
ArtifactResolver.SendArtifactResponse(Response, artifactResponseXml);
Trace.Write("IdP", "Processed artifact resolve request");
}
// Initiate the SSO by sending an authentication request to the identity provider.
private void RequestLoginAtIdentityProvider()
{
// Create the authentication request.
XmlElement authnRequestXml = CreateAuthnRequest();
// Create and cache the relay state so we remember which SP resource the user wishes
// to access after SSO.
string spResourceURL = CreateAbsoluteURL(FormsAuthentication.GetRedirectUrl("", false));
string relayState = RelayStateCache.Add(new RelayState(spResourceURL, null));
// Send the authentication request to the identity provider over the selected binding.
string idpURL = CreateSSOServiceURL();
switch (spToIdPBindingRadioButtonList.SelectedValue)
{
case SAMLIdentifiers.BindingURIs.HTTPRedirect:
X509Certificate2 x509Certificate = (X509Certificate2)Application[Global.SPX509Certificate];
ServiceProvider.SendAuthnRequestByHTTPRedirect(Response, idpURL, authnRequestXml, relayState, x509Certificate.PrivateKey);
break;
case SAMLIdentifiers.BindingURIs.HTTPPost:
ServiceProvider.SendAuthnRequestByHTTPPost(Response, idpURL, authnRequestXml, relayState);
// Don't send this form.
Response.End();
break;
case SAMLIdentifiers.BindingURIs.HTTPArtifact:
// Create the artifact.
string identificationURL = CreateAbsoluteURL("~/");
HTTPArtifactType4 httpArtifact = new HTTPArtifactType4(HTTPArtifactType4.CreateSourceId(identificationURL), HTTPArtifactType4.CreateMessageHandle());
// Cache the authentication request for subsequent sending using the artifact resolution protocol.
HTTPArtifactState httpArtifactState = new HTTPArtifactState(authnRequestXml, null);
HTTPArtifactStateCache.Add(httpArtifact, httpArtifactState);
// Send the artifact.
ServiceProvider.SendArtifactByHTTPArtifact(Response, idpURL, httpArtifact, relayState, false);
break;
}
}
// Send the SAML response over the specified binding.
private void SendSAMLResponse(SAMLResponse samlResponse, SSOState ssoState)
{
Trace.Write("IdP", "Sending SAML response");
// Serialize the SAML response for transmission.
XmlElement samlResponseXml = samlResponse.ToXml();
// Sign the SAML response
X509Certificate2 x509Certificate = (X509Certificate2)Application[Global.IdPX509Certificate];
SAMLMessageSignature.Generate(samlResponseXml, x509Certificate.PrivateKey, x509Certificate);
// Send the SAML response to the service provider.
switch (ssoState.idpProtocolBinding)
{
case SAMLIdentifiers.Binding.HTTPPost:
IdentityProvider.SendSAMLResponseByHTTPPost(Response, ssoState.assertionConsumerServiceURL, samlResponseXml, ssoState.relayState);
break;
case SAMLIdentifiers.Binding.HTTPArtifact:
// Create the artifact.
string identificationURL = CreateAbsoluteURL("~/");
HTTPArtifactType4 httpArtifact = new HTTPArtifactType4(HTTPArtifactType4.CreateSourceId(identificationURL), HTTPArtifactType4.CreateMessageHandle());
// Cache the authentication request for subsequent sending using the artifact resolution protocol.
HTTPArtifactState httpArtifactState = new HTTPArtifactState(samlResponseXml, null);
HTTPArtifactStateCache.Add(httpArtifact, httpArtifactState);
// Send the artifact.
IdentityProvider.SendArtifactByHTTPArtifact(Response, ssoState.assertionConsumerServiceURL, httpArtifact, ssoState.relayState, false);
break;
default:
Trace.Write("IdP", "Invalid identity provider binding");
break;
}
Trace.Write("IdP", "Sent SAML response");
}
// Send the SAML response over the specified binding.
private void SendSAMLResponse(SAMLResponse samlResponse, SSOState ssoState)
{
Trace.Write("IdP", "Sending SAML response");
// Serialize the SAML response for transmission.
XmlElement samlResponseXml = samlResponse.ToXml();
// Sign the SAML response
X509Certificate2 x509Certificate = (X509Certificate2) Application[Global.IdPX509Certificate];
SAMLMessageSignature.Generate(samlResponseXml, x509Certificate.PrivateKey, x509Certificate);
// Send the SAML response to the service provider.
switch (ssoState.idpProtocolBinding) {
case SAMLIdentifiers.Binding.HTTPPost:
IdentityProvider.SendSAMLResponseByHTTPPost(Response, ssoState.assertionConsumerServiceURL, samlResponseXml, ssoState.relayState);
break;
case SAMLIdentifiers.Binding.HTTPArtifact:
// Create the artifact.
string identificationURL = CreateAbsoluteURL("~/");
HTTPArtifactType4 httpArtifact = new HTTPArtifactType4(HTTPArtifactType4.CreateSourceId(identificationURL), HTTPArtifactType4.CreateMessageHandle());
// Cache the authentication request for subsequent sending using the artifact resolution protocol.
HTTPArtifactState httpArtifactState = new HTTPArtifactState(samlResponseXml, null);
HTTPArtifactStateCache.Add(httpArtifact, httpArtifactState);
// Send the artifact.
IdentityProvider.SendArtifactByHTTPArtifact(Response, ssoState.assertionConsumerServiceURL, httpArtifact, ssoState.relayState, false);
break;
default:
Trace.Write("IdP", "Invalid identity provider binding");
break;
}
Trace.Write("IdP", "Sent SAML response");
}
// Initiate the SSO by sending an authentication request to the identity provider.
private void RequestLoginAtIdentityProvider()
{
// Create the authentication request.
XmlElement authnRequestXml = CreateAuthnRequest();
// Create and cache the relay state so we remember which SP resource the user wishes
// to access after SSO.
string spResourceURL = CreateAbsoluteURL(FormsAuthentication.GetRedirectUrl("", false));
string relayState = RelayStateCache.Add(new RelayState(spResourceURL, null));
// Send the authentication request to the identity provider over the selected binding.
string idpURL = CreateSSOServiceURL();
switch (spToIdPBindingRadioButtonList.SelectedValue) {
case SAMLIdentifiers.BindingURIs.HTTPRedirect:
X509Certificate2 x509Certificate = (X509Certificate2) Application[Global.SPX509Certificate];
ServiceProvider.SendAuthnRequestByHTTPRedirect(Response, idpURL, authnRequestXml, relayState, x509Certificate.PrivateKey);
break;
case SAMLIdentifiers.BindingURIs.HTTPPost:
ServiceProvider.SendAuthnRequestByHTTPPost(Response, idpURL, authnRequestXml, relayState);
// Don't send this form.
Response.End();
break;
case SAMLIdentifiers.BindingURIs.HTTPArtifact:
// Create the artifact.
string identificationURL = CreateAbsoluteURL("~/");
HTTPArtifactType4 httpArtifact = new HTTPArtifactType4(HTTPArtifactType4.CreateSourceId(identificationURL), HTTPArtifactType4.CreateMessageHandle());
// Cache the authentication request for subsequent sending using the artifact resolution protocol.
HTTPArtifactState httpArtifactState = new HTTPArtifactState(authnRequestXml, null);
HTTPArtifactStateCache.Add(httpArtifact, httpArtifactState);
// Send the artifact.
ServiceProvider.SendArtifactByHTTPArtifact(Response, idpURL, httpArtifact, relayState, false);
break;
}
}
