private static void SignMessage(XmlElement xmlElement)
{
Console.Error.WriteLine("Signing SAML message");
SAMLMessageSignature.Generate(xmlElement, x509Certificate.PrivateKey, x509Certificate);
}
// Receive the authentication request from the service provider.
private void ReceiveAuthnRequest(out AuthnRequest authnRequest, out string relayState)
{
// Determine the service provider to identity provider binding type.
// We use a query string parameter rather than having separate endpoints per binding.
string bindingType = Request.QueryString[bindingQueryParameter];
Trace.Write("IdP", "Receiving authentication request over binding " + bindingType);
// Receive the authentication request.
XmlElement authnRequestXml = null;
switch (bindingType)
{
case SAMLIdentifiers.BindingURIs.HTTPRedirect:
bool signed = false;
X509Certificate2 x509Certificate = (X509Certificate2)Application[Global.SPX509Certificate];
IdentityProvider.ReceiveAuthnRequestByHTTPRedirect(Request, out authnRequestXml, out relayState, out signed, x509Certificate.PublicKey.Key);
break;
case SAMLIdentifiers.BindingURIs.HTTPPost:
IdentityProvider.ReceiveAuthnRequestByHTTPPost(Request, out authnRequestXml, out relayState);
break;
case SAMLIdentifiers.BindingURIs.HTTPArtifact:
// Receive the artifact.
HTTPArtifact httpArtifact = null;
IdentityProvider.ReceiveArtifactByHTTPArtifact(Request, false, out httpArtifact, out relayState);
// Create an artifact resolve request.
ArtifactResolve artifactResolve = new ArtifactResolve();
artifactResolve.Issuer = new Issuer(CreateAbsoluteURL("~/"));
artifactResolve.Artifact = new Artifact(httpArtifact.ToString());
XmlElement artifactResolveXml = artifactResolve.ToXml();
// Send the artifact resolve request and receive the artifact response.
string spArtifactResponderURL = WebConfigurationManager.AppSettings["spArtifactResponderURL"];
XmlElement artifactResponseXml = ArtifactResolver.SendRequestReceiveResponse(spArtifactResponderURL, artifactResolveXml);
ArtifactResponse artifactResponse = new ArtifactResponse(artifactResponseXml);
// Extract the authentication request from the artifact response.
authnRequestXml = artifactResponse.SAMLMessage;
break;
default:
throw new ArgumentException("Invalid service provider to identity provider binding");
}
// If using HTTP redirect the message isn't signed as the generated query string is too long for most browsers.
if (bindingType != SAMLIdentifiers.BindingURIs.HTTPRedirect)
{
if (SAMLMessageSignature.IsSigned(authnRequestXml))
{
// Verify the request's signature.
X509Certificate2 x509Certificate = (X509Certificate2)Application[Global.SPX509Certificate];
if (!SAMLMessageSignature.Verify(authnRequestXml, x509Certificate))
{
throw new ArgumentException("The authentication request signature failed to verify.");
}
}
}
// Deserialize the XML.
authnRequest = new AuthnRequest(authnRequestXml);
Trace.Write("IdP", "Received authentication request");
}