Example #1
0
        public void GetAttributesTest()
        {
            string          xml  = ReadFile(xmlResponseFilename);
            Saml2Serializer saml = new Saml2Serializer();
            Dictionary <string, ResponseAssertionAttribute> dictionary = saml.GetAttributes(xml);

            Assert.AreEqual("Max", dictionary["surname"].Values[0]);
        }
Example #2
0
        /// <summary>
        /// Reads the given saml response and extracts the attributes
        /// </summary>
        /// <param name="samlResponse">saml response with or without encrypted assertion</param>
        /// <param name="relaystate">related state to saml response</param>
        /// <param name="responseAssertionAttributes">contains the extracted attributes from the assertion (if there were any)</param>
        /// <returns>true -> valid response -> else exception is thrown</returns>
        public bool ReadResponse(string samlResponse, string relaystate, out Dictionary <string, ResponseAssertionAttribute> responseAssertionAttributes)
        {
            if (!initialized)
            {
                throw new SamlCommunicationException("Init must be called first", SamlCommunicationType.SAMLCOMMUNICATION);
            }

            LogService.Log(LogService.LogType.Info, "ReadResponse called");
            responseAssertionAttributes = new Dictionary <string, ResponseAssertionAttribute>();

            try
            {
                LogService.Log(LogService.LogType.Info, "ReadResponse response: '" + samlResponse + "'; relatedstate: '" + relaystate + "'");
                // decode SAMLResponse first (base64)
                string responseXML = Encoding.UTF8.GetString(Convert.FromBase64String(samlResponse));

                // get response as object
                Response response = serializer.ConvertXMLToResponseObject(responseXML);

                // remove encrypted assertion if there is one
                if (response.EncryptedAssertion != null)
                {
                    RemoveEncryptedAssertion(response); // TODO should check first if response is valid or not (saving computation power)
                }
                // load metadata from issuer
                EntityDescriptor metadata = LoadMetadataFile(response.Issuer, metadataDirectoryPath);

                // load AuthnRequest from archiver
                string       authnRequestString = archiver.GetArchivedObject(response.Assertion.Subject.SubjectConfirmation.SubjectConfirmationData.InResponseTo);
                AuthnRequest authnRequest       = serializer.ConvertXMLToAuthnRequestObject(Encoding.UTF8.GetString(Convert.FromBase64String(authnRequestString)));

                // check if response is valid
                if (verifier.ValidateResponse(response, responseXML, metadata, authnRequest))
                {
                    LogService.Log(LogService.LogType.Info, "ReadResponse extract attributes from response");
                    responseAssertionAttributes = serializer.GetAttributes(response);
                    return(true);
                }

                throw new SamlCommunicationException("Response is not valid.");
            }
            catch (Exception e)
            {
                LogService.Log(LogService.LogType.FatalError, "ReadResponse failed", e);
                throw new SamlCommunicationException("ReadResponse failed", e, SamlCommunicationType.SAMLCOMMUNICATION);
            }
        }