Example #1
0
        private static void AddAttributeToStatement(string attrName, string attrValue, Saml2AttributeStatement statement)
        {
            var attribute = new Saml2Attribute(attrName);

            attribute.Values.Add(attrValue);
            statement.Attributes.Add(attribute);
        }
Example #2
0
 protected override string ReadAttributeValue(XmlReader reader, Saml2Attribute attribute)
 {
     if (attribute.Name != null)
     {
         return(base.ReadAttributeValue(reader, attribute));
     }
     return("empty");
 }
Example #3
0
 public static IEnumerable <Claim> ToClaims(this Saml2Attribute attribute, string issuer)
 {
     if (attribute == null)
     {
         throw new ArgumentNullException("value");
     }
     return(attribute.Values.Select(x => new Claim(attribute.FriendlyName, x, attribute.AttributeValueXsiType, issuer)));
 }
Example #4
0
 private static Saml2Attribute GetAttribute(string attrName, string attrValue)
 {
     var attribute = new Saml2Attribute(attrName, attrValue)
     {
         NameFormat = new Uri(SAML2_Basic)
     };
     return attribute;
 }
Example #5
0
        private Saml2Assertion CreateSamlAssertion(SecurityKey signatureKey, SecurityKeyIdentifier signatureKeyIdentifier, SecurityKeyIdentifier proofKeyIdentifier)
        {
            Claim claim = base.ClientCredentials.Claims.FirstOrDefault((Claim c) => c.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier");

            if (claim == null)
            {
                throw new ArgumentException("At least one NameIdentifier/Identity claim must be present in the claimset", "ClaimsClientCredentials.Claims");
            }
            Saml2Subject saml2Subject = new Saml2Subject
            {
                NameId = new Saml2NameIdentifier(claim.Value, new Uri("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"))
            };
            Saml2SubjectConfirmationData saml2SubjectConfirmationData = new Saml2SubjectConfirmationData();

            saml2SubjectConfirmationData.KeyIdentifiers.Add(proofKeyIdentifier);
            saml2Subject.SubjectConfirmations.Add(new Saml2SubjectConfirmation(new Uri("urn:oasis:names:tc:SAML:2.0:cm:holder-of-key"), saml2SubjectConfirmationData));
            IEnumerable <Saml2Attribute> enumerable = from c in base.ClientCredentials.Claims.Except(new Claim[]
            {
                claim
            })
                                                      select new Saml2Attribute(c.Type, c.Value);
            Claim claim2 = base.ClientCredentials.Claims.FirstOrDefault((Claim c) => c.Type == "http://www.tridion.com/2009/08/directoryservice/claims/directoryServiceName");
            Saml2NameIdentifier issuer;

            if (claim2 == null)
            {
                Saml2Attribute saml2Attribute = new Saml2Attribute("http://www.tridion.com/2009/08/directoryservice/claims/directoryServiceName", claim.Issuer);
                enumerable = enumerable.Concat(new Saml2Attribute[]
                {
                    saml2Attribute
                });
                issuer = new Saml2NameIdentifier(claim.Issuer);
            }
            else
            {
                issuer = new Saml2NameIdentifier(claim2.Value);
            }
            DateTime       utcNow         = DateTime.UtcNow;
            Saml2Assertion saml2Assertion = new Saml2Assertion(issuer)
            {
                Subject      = saml2Subject,
                IssueInstant = utcNow,
                Conditions   = new Saml2Conditions
                {
                    NotBefore    = new DateTime?(utcNow),
                    NotOnOrAfter = new DateTime?(utcNow + base.TokenValidityTimeSpan)
                },
                Advice             = new Saml2Advice(),
                SigningCredentials = new SigningCredentials(signatureKey, base.SecurityAlgorithmSuite.DefaultAsymmetricSignatureAlgorithm, base.SecurityAlgorithmSuite.DefaultDigestAlgorithm, signatureKeyIdentifier)
            };

            saml2Assertion.Statements.Add(new Saml2AttributeStatement(enumerable));
            if (base.ClientCredentials.AudienceUris != null)
            {
                saml2Assertion.Conditions.AudienceRestrictions.Add(new Saml2AudienceRestriction(base.ClientCredentials.AudienceUris));
            }
            return(saml2Assertion);
        }
Example #6
0
        public static SecurityToken MakeBootstrapSecurityToken()
        {
            Saml2NameIdentifier identifier = new Saml2NameIdentifier("http://localhost/Echo");

            Saml2Assertion assertion = new Saml2Assertion(identifier);

            assertion.Issuer  = new Saml2NameIdentifier("idp1.test.oio.dk");
            assertion.Subject = new Saml2Subject(new Saml2NameIdentifier("Casper", new Uri("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified")));
            Saml2Attribute atribute = new Saml2Attribute("dk:gov:saml:attribute:AssuranceLevel", "2");

            atribute.NameFormat = new Uri("urn:oasis:names:tc:SAML:2.0:attrname-format:basic");

            assertion.Statements.Add(new Saml2AttributeStatement(atribute));
            return(new Saml2SecurityToken(assertion));
        }
Example #7
0
        public override void WriteAttribute(XmlWriter writer, Saml2Attribute attribute)
        {
            if (string.IsNullOrEmpty(attribute.AttributeValueXsiType))
            {
                base.WriteAttribute(writer, attribute);
                return;
            }

            var dictionaryWriter = null as XmlDictionaryWriter;

            if (writer is XmlDictionaryWriter w)
            {
                dictionaryWriter = w;
            }
            else
            {
                dictionaryWriter = XmlDictionaryWriter.CreateDictionaryWriter(writer);
            }
            var xsi = "http://www.w3.org/2001/XMLSchema-instance";

            dictionaryWriter.WriteStartElement(Saml2Constants.Elements.Attribute, Saml2Constants.Namespace);
            dictionaryWriter.WriteAttributeString(Saml2Constants.Attributes.Name, attribute.Name);
            dictionaryWriter.WriteAttributeString(Saml2Constants.Attributes.NameFormat, attribute.NameFormat?.ToString() ?? Saml2Constants.NameIdentifierFormats.UnspecifiedString);
            foreach (var value in attribute.Values)
            {
                dictionaryWriter.WriteStartElement(Saml2Constants.Elements.AttributeValue, Saml2Constants.Namespace);

                var fqtn = attribute.AttributeValueXsiType?.Split('#');
                if (fqtn?.Length == 2)
                {
                    if (string.IsNullOrEmpty(dictionaryWriter.LookupPrefix("xs")))
                    {
                        dictionaryWriter.WriteAttributeString("xmlns", "xs", null, fqtn[0]);
                    }

                    dictionaryWriter.WriteStartAttribute("xsi", "type", xsi);
                    dictionaryWriter.WriteQualifiedName(fqtn[1], fqtn[0]);
                    dictionaryWriter.WriteEndAttribute();
                }

                dictionaryWriter.WriteString(value);
                dictionaryWriter.WriteEndElement();
            }
            dictionaryWriter.WriteEndElement();
        }
Example #8
0
        protected override void WriteAttributeValue(XmlWriter writer, string value, Saml2Attribute attribute)
        {
            var sb = new StringBuilder("<a>");

            sb.Append(value);
            sb.Append("</a>");
            byte[] rawValue = new UTF8Encoding().GetBytes(sb.ToString());
            using (var reader = XmlDictionaryReader.CreateTextReader(rawValue, XmlDictionaryReaderQuotas.Max))
            {
                reader.ReadStartElement("a");
                while (reader.NodeType != XmlNodeType.EndElement ||
                       (reader.NodeType == XmlNodeType.EndElement && reader.Name != "a"))
                {
                    writer.WriteNode(reader, false);
                }
                reader.ReadEndElement();
                reader.Close();
            }
        }
Example #9
0
        protected virtual void WriteAttribute(XmlWriter writer, Saml2Attribute attribute)
        {
            if (writer == null)
            {
                throw new ArgumentNullException(nameof(writer));
            }
            if (attribute == null)
            {
                throw new ArgumentNullException(nameof(attribute));
            }

            writer.WriteStartElement(Saml2Constants.Elements.Attribute, Saml2Constants.Namespace);

            writer.WriteAttributeString(Saml2Constants.Attributes.Name, attribute.Name);

            writer.WriteAttributeIfPresent(Saml2Constants.Attributes.NameFormat, null, attribute.NameFormat.AbsoluteUri);
            writer.WriteAttributeIfPresent(Saml2Constants.Attributes.FriendlyName, null, attribute.FriendlyName);

            foreach (var value in attribute.Values)
            {
                writer.WriteStartElement(Saml2Constants.Elements.AttributeValue, Saml2Constants.Namespace);

                if (null == value)
                {
                    writer.WriteAttributeString("nil", XmlSchema.InstanceNamespace, XmlConvert.ToString(true));
                }
                else if (value.Length > 0)
                {
                    writer.WriteString(value);
                }

                writer.WriteEndElement();
            }

            writer.WriteEndElement();
        }
Example #10
0
        private static void CreateIdentityProviderMetadata(SamlIdpData idpData, string fileName, Encoding encoding)
        {
            if (string.IsNullOrEmpty(idpData.SigninCertificateCn))
            {
                throw new ApplicationException("no CN for a Certificate supplied");
            }

            string signingCertificateSubjectName = idpData.SigninCertificateCn;

            Constants.NameIdType nidFmt = idpData.NameIdType;

            MetadataSerializer serializer = new MetadataSerializer();
            IdentityProviderSingleSignOnDescriptor item = new IdentityProviderSingleSignOnDescriptor();

            EntityDescriptor metadata = new EntityDescriptor();

            metadata.EntityId = new EntityId(idpData.EntityId);

            X509Certificate2 certificate = CertificateHelper.RetrieveCertificate(signingCertificateSubjectName);
            KeyDescriptor    descriptor  = new KeyDescriptor(
                new SecurityKeyIdentifier(
                    new SecurityKeyIdentifierClause[]
            {
                new X509SecurityToken(certificate).CreateKeyIdentifierClause <X509RawDataKeyIdentifierClause>()
            }));

            descriptor.Use = KeyType.Signing;
            item.Keys.Add(descriptor);

            //using 2.0
            if (Constants.NameIdType.Saml20 == nidFmt)
            {
                item.NameIdentifierFormats.Add(Saml2Constants.NameIdentifierFormats.Transient);
            }

            //using 1.1
            if (Constants.NameIdType.Saml11 == nidFmt)
            {
                item.NameIdentifierFormats.Add(Saml2Constants.NameIdentifierFormats.Unspecified);
            }

            foreach (var attributeName in idpData.AttributeNames)
            {
                Saml2Attribute at1 = new Saml2Attribute(attributeName.Name)
                {
                    NameFormat = new Uri(Constants.Saml20AttributeNameFormat)
                };
                item.SupportedAttributes.Add(at1);
            }

            item.ProtocolsSupported.Add(new Uri(Constants.Saml20Protocol));
            item.SingleSignOnServices.Add(new ProtocolEndpoint(new Uri(idpData.BindingType), new Uri(idpData.BindingLocation)));

            metadata.RoleDescriptors.Add(item);

            metadata.Contacts.Add(new ContactPerson(ContactType.Technical)
            {
                Company          = idpData.MainContact.Company,
                GivenName        = idpData.MainContact.GivenName,
                Surname          = idpData.MainContact.SurName,
                EmailAddresses   = { idpData.MainContact.Email },
                TelephoneNumbers = { idpData.MainContact.Phone }
            });

            XmlTextWriter writer = new XmlTextWriter(fileName, encoding);

            serializer.WriteMetadata(writer, metadata);
            writer.Close();
        }
Example #11
0
        public void Saml2Attribute_RelativeNameFormat_ArgumentException()
        {
            var attr = new Saml2Attribute("Country");

            Assert.Throws <ArgumentException>(() => attr.NameFormat = new Uri("resource", UriKind.Relative));
        }