public override CommandResult Bind(ISaml2Message message)
{
if (message == null)
{
throw new ArgumentNullException(nameof(message));
}
var serializedRequest = Serialize(message.ToXml());
var queryString = message.MessageName + "=" + serializedRequest
+ (string.IsNullOrEmpty(message.RelayState) ? ""
: ("&RelayState=" + Uri.EscapeDataString(message.RelayState)));
if(message.SigningCertificate != null)
{
queryString = AddSignature(queryString, message.SigningCertificate);
}
var redirectUri = new Uri(message.DestinationUrl.ToString()
+ (String.IsNullOrEmpty(message.DestinationUrl.Query) ? "?" : "&")
+ queryString);
return new CommandResult()
{
HttpStatusCode = HttpStatusCode.SeeOther,
Location = redirectUri
};
}
public override CommandResult Bind(ISaml2Message message, ILoggerAdapter logger)
{
if (message == null)
{
throw new ArgumentNullException(nameof(message));
}
var messageXml = message.ToXml();
logger?.WriteVerbose("Sending message over Http Redirect Binding\n" + messageXml);
var serializedRequest = Serialize(messageXml);
var queryString = message.MessageName + "=" + serializedRequest
+ (string.IsNullOrEmpty(message.RelayState)
? ""
: ("&RelayState=" + Uri.EscapeDataString(message.RelayState)));
if (message.SigningCertificate != null)
{
queryString = AddSignature(queryString, message);
}
var redirectUri = new Uri(message.DestinationUrl.ToString()
+ (string.IsNullOrEmpty(message.DestinationUrl.Query) ? "?" : "&")
+ queryString);
return(new CommandResult()
{
HttpStatusCode = HttpStatusCode.SeeOther,
Location = redirectUri
});
}
private static string Serialize(ISaml2Message request)
{
using (var compressed = new MemoryStream())
{
using (var writer = new StreamWriter(new DeflateStream(compressed, CompressionLevel.Optimal, true)))
{
writer.Write(request.ToXml());
}
return HttpUtility.UrlEncode(Convert.ToBase64String(compressed.GetBuffer()));
}
}
private static string Serialize(ISaml2Message request)
{
using (var compressed = new MemoryStream())
{
using (var writer = new StreamWriter(new DeflateStream(compressed, CompressionLevel.Optimal, true)))
{
writer.Write(request.ToXml());
}
return(HttpUtility.UrlEncode(Convert.ToBase64String(compressed.GetBuffer())));
}
}
/// <summary>
/// Binds a message to a binding
/// </summary>
/// <param name="binding"></param>
/// <param name="message"></param>
/// <returns></returns>
public static CommandResult Bind(this Saml2Binding binding, ISaml2Message message)
{
if (binding == null)
{
throw new ArgumentNullException(nameof(binding));
}
if (message == null)
{
throw new ArgumentNullException(nameof(message));
}
return binding.Bind(message.ToXml(), message.DestinationUrl, message.MessageName);
}
/// <summary>
/// Binds a message to a binding
/// </summary>
/// <param name="binding"></param>
/// <param name="message"></param>
/// <returns></returns>
public static CommandResult Bind(this Saml2Binding binding, ISaml2Message message)
{
if (binding == null)
{
throw new ArgumentNullException("binding");
}
if (message == null)
{
throw new ArgumentNullException("message");
}
return(binding.Bind(message.ToXml(), message.DestinationUrl, message.MessageName));
}
public override CommandResult Bind(ISaml2Message message)
{
if (message == null)
{
throw new ArgumentNullException(nameof(message));
}
var xml = message.ToXml();
if (message.SigningCertificate != null)
{
var xmlDoc = new XmlDocument()
{
PreserveWhitespace = true
};
xmlDoc.LoadXml(xml);
if (xmlDoc.FirstChild.LastChild.Name.Equals("saml2:Assertion"))
{
((XmlElement)xmlDoc.FirstChild.LastChild).Sign(message.SigningCertificate, false, message.SigningAlgorithm);
}
else
{
xmlDoc.Sign(message.SigningCertificate, true, message.SigningAlgorithm);
}
xml = xmlDoc.OuterXml;
}
var encodedXml = Convert.ToBase64String(Encoding.UTF8.GetBytes(xml));
var relayStateHtml = string.IsNullOrEmpty(message.RelayState) ? null
: string.Format(CultureInfo.InvariantCulture, PostHtmlRelayStateFormatString, message.RelayState);
var cr = new CommandResult()
{
ContentType = "text/html",
Content = String.Format(
CultureInfo.InvariantCulture,
PostHtmlFormatString,
message.DestinationUrl,
relayStateHtml,
message.MessageName,
encodedXml)
};
return(cr);
}
public ActionResult Index()
{
var request = XElement.Load(Request.InputStream);
var artifact = request
.Element(Saml2Namespaces.SoapEnvelope + "Body")
.Element(Saml2Namespaces.Saml2P + "ArtifactResolve")
.Element(Saml2Namespaces.Saml2P + "Artifact")
.Value;
var requestId = request
.Element(Saml2Namespaces.SoapEnvelope + "Body")
.Element(Saml2Namespaces.Saml2P + "ArtifactResolve")
.Attribute("ID").Value;
var binaryArtifact = Convert.FromBase64String(artifact);
ISaml2Message message = null;
if (!Saml2ArtifactBinding.PendingMessages.TryRemove(binaryArtifact, out message))
{
throw new InvalidOperationException("Unknown artifact");
}
var xml = message.ToXml();
if (message.SigningCertificate != null)
{
var xmlDoc = new XmlDocument()
{
PreserveWhitespace = true
};
xmlDoc.LoadXml(xml);
xmlDoc.Sign(message.SigningCertificate, true);
xml = xmlDoc.OuterXml;
}
var response = string.Format(
CultureInfo.InvariantCulture,
ResponseFormatString,
new Saml2Id().Value,
requestId,
DateTime.UtcNow.ToSaml2DateTimeString(),
xml);
return(Content(response));
}
private static string AddSignature(string queryString, ISaml2Message message)
{
string signingAlgorithmUrl = message.SigningAlgorithm;
queryString += "&SigAlg=" + Uri.EscapeDataString(signingAlgorithmUrl);
var signatureDescription = (SignatureDescription)CryptoConfig.CreateFromName(signingAlgorithmUrl);
HashAlgorithm hashAlg = signatureDescription.CreateDigest();
hashAlg.ComputeHash(Encoding.UTF8.GetBytes(queryString));
AsymmetricSignatureFormatter asymmetricSignatureFormatter =
signatureDescription.CreateFormatter(
((RSACryptoServiceProvider)message.SigningCertificate.PrivateKey)
.GetSha256EnabledRSACryptoServiceProvider());
byte[] signatureValue = asymmetricSignatureFormatter.CreateSignature(hashAlg);
queryString += "&Signature=" + Uri.EscapeDataString(Convert.ToBase64String(signatureValue));
return(queryString);
}
public override CommandResult Bind(ISaml2Message message)
{
if (message == null)
{
throw new ArgumentNullException("message");
}
var serializedRequest = Serialize(message);
var redirectUri = new Uri(message.DestinationUri.ToString()
+ "?SAMLRequest=" + serializedRequest);
return(new CommandResult()
{
HttpStatusCode = HttpStatusCode.SeeOther,
Location = redirectUri
});
}
public override CommandResult Bind(ISaml2Message message)
{
if (message == null)
{
throw new ArgumentNullException("message");
}
var encodedXml = Convert.ToBase64String(
Encoding.UTF8.GetBytes(message.ToXml()));
var cr = new CommandResult()
{
Content = String.Format(CultureInfo.InvariantCulture, PostHtmlFormatString,
message.DestinationUri, message.MessageName, encodedXml)
};
return(cr);
}
public override CommandResult Bind(ISaml2Message message)
{
if(message == null)
{
throw new ArgumentNullException("message");
}
var serializedRequest = Serialize(message);
var redirectUri = new Uri(message.DestinationUri.ToString()
+ "?SAMLRequest=" + serializedRequest);
return new CommandResult()
{
HttpStatusCode = HttpStatusCode.SeeOther,
Location = redirectUri
};
}
public override CommandResult Bind(ISaml2Message message)
{
if(message == null)
{
throw new ArgumentNullException("message");
}
var encodedXml = Convert.ToBase64String(
Encoding.UTF8.GetBytes(message.ToXml()));
var cr = new CommandResult()
{
Content = String.Format(CultureInfo.InvariantCulture, PostHtmlFormatString,
message.DestinationUri, message.MessageName, encodedXml)
};
return cr;
}
public override CommandResult Bind(ISaml2Message message, ILoggerAdapter logger)
{
if (message == null)
{
throw new ArgumentNullException(nameof(message));
}
var xml = message.ToXml();
if (message.SigningCertificate != null)
{
var xmlDoc = new XmlDocument()
{
PreserveWhitespace = true
};
xmlDoc.LoadXml(xml);
xmlDoc.Sign(message.SigningCertificate, true, message.SigningAlgorithm);
xml = xmlDoc.OuterXml;
}
logger?.WriteVerbose("Sending message over Http POST binding\n" + xml);
var encodedXml = Convert.ToBase64String(Encoding.UTF8.GetBytes(xml));
var relayStateHtml = string.IsNullOrEmpty(message.RelayState) ? null
: string.Format(CultureInfo.InvariantCulture, PostHtmlRelayStateFormatString, message.RelayState);
var cr = new CommandResult()
{
ContentType = "text/html",
Content = String.Format(
CultureInfo.InvariantCulture,
PostHtmlFormatString,
message.DestinationUrl,
relayStateHtml,
message.MessageName,
encodedXml)
};
return(cr);
}
public override CommandResult Bind(ISaml2Message message)
{
if(message == null)
{
throw new ArgumentNullException(nameof(message));
}
var xml = message.ToXml();
if(message.SigningCertificate != null)
{
var xmlDoc = new XmlDocument()
{
PreserveWhitespace = true
};
xmlDoc.LoadXml(xml);
xmlDoc.Sign(message.SigningCertificate, true);
xml = xmlDoc.OuterXml;
}
var encodedXml = Convert.ToBase64String(Encoding.UTF8.GetBytes(xml));
var relayStateHtml = string.IsNullOrEmpty(message.RelayState) ? null
: string.Format(CultureInfo.InvariantCulture, PostHtmlRelayStateFormatString, message.RelayState);
var cr = new CommandResult()
{
ContentType = "text/html",
Content = String.Format(
CultureInfo.InvariantCulture,
PostHtmlFormatString,
message.DestinationUrl,
relayStateHtml,
message.MessageName,
encodedXml)
};
return cr;
}
/// <summary>
/// Binds a message to a http response with HTTP Redirect.
/// </summary>
/// <param name="message">Message to bind.</param>
/// <returns>CommandResult.</returns>
public override CommandResult Bind(ISaml2Message message)
{
if (message == null)
{
throw new ArgumentNullException(nameof(message));
}
var artifact = CreateArtifact(message.Issuer, 0);
((IDictionary <byte[], ISaml2Message>)PendingMessages).Add(artifact, message);
var relayParam = string.IsNullOrEmpty(message.RelayState) ? ""
: "&RelayState=" + Uri.EscapeDataString(message.RelayState);
return(new CommandResult
{
HttpStatusCode = System.Net.HttpStatusCode.SeeOther,
Location = new Uri(message.DestinationUrl.OriginalString
+ (string.IsNullOrEmpty(message.DestinationUrl.Query) ? "?" : "&")
+ "SAMLart=" + Uri.EscapeDataString(Convert.ToBase64String(artifact))
+ relayParam)
});
}
/// <summary>
/// Bind the message to a transport.
/// </summary>
/// <param name="message">The message to send</param>
/// <returns>CommandResult to be returned to the client browser.</returns>
public virtual CommandResult Bind(ISaml2Message message)
{
throw new NotImplementedException();
}
/// <summary>
/// Binds a message to a http response.
/// </summary>
/// <param name="message">Message to bind.</param>
/// <returns>CommandResult.</returns>
public CommandResult Bind(ISaml2Message message)
{
return(Bind(message, null));
}
/// <summary>
/// Bind a Saml2AuthenticateRequest using the active binding of the idp,
/// producing a CommandResult with the result of the binding.
/// </summary>
/// <param name="request">The AuthnRequest to bind.</param>
/// <returns>CommandResult with the bound request.</returns>
public CommandResult Bind(ISaml2Message request)
{
return(Saml2Binding.Get(Binding).Bind(request));
}
/// <summary>
/// Binds a message to a http response.
/// </summary>
/// <param name="message">Message to bind.</param>
/// <param name="logger">Logger to log use, can be null.</param>
/// <returns>CommandResult.</returns>
public virtual CommandResult Bind(ISaml2Message message, ILoggerAdapter logger)
{
throw new NotImplementedException();
}
/// <summary>
/// Bind a Saml2AuthenticateRequest using the active binding of the idp,
/// producing a CommandResult with the result of the binding.
/// </summary>
/// <param name="request">The AuthnRequest to bind.</param>
/// <returns>CommandResult with the bound request.</returns>
public CommandResult Bind(ISaml2Message request)
{
return Saml2Binding.Get(Binding).Bind(request);
}
/// <summary>
/// Binds a message to a http response.
/// </summary>
/// <param name="message">Message to bind.</param>
/// <returns>CommandResult.</returns>
public virtual CommandResult Bind(ISaml2Message message)
{
throw new NotImplementedException();
}
public override CommandResult Bind(ISaml2Message message, ILoggerAdapter logger)
{
return(Bind(message, logger, null));
}
