/// <summary> /// Creates the security token /// </summary> /// <param name="timeout">Maximum amount of time the method is supposed to take. Ignored in this implementation.</param> /// <returns>A SecurityToken corresponding the SAML assertion and proof key specified at construction time</returns> protected override SecurityToken GetTokenCore(TimeSpan timeout) { // Create a SamlSecurityToken from the provided assertion SamlSecurityToken samlToken = new SamlSecurityToken(assertion); // Create a SecurityTokenSerializer that will be used to serialize the SamlSecurityToken WSSecurityTokenSerializer ser = new WSSecurityTokenSerializer(); // Create a memory stream to write the serialized token into // Use an initial size of 64Kb MemoryStream s = new MemoryStream(UInt16.MaxValue); // Create an XmlWriter over the stream XmlWriter xw = XmlWriter.Create(s); // Write the SamlSecurityToken into the stream ser.WriteToken(xw, samlToken); // Seek back to the beginning of the stream s.Seek(0, SeekOrigin.Begin); // Load the serialized token into a DOM XmlDocument dom = new XmlDocument(); dom.Load(s); // Create a KeyIdentifierClause for the SamlSecurityToken SamlAssertionKeyIdentifierClause samlKeyIdentifierClause = samlToken.CreateKeyIdentifierClause <SamlAssertionKeyIdentifierClause>(); // Return a GenericXmlToken from the XML for the SamlSecurityToken, the proof token, the valid from // and valid until times from the assertion and the key identifier clause created above return(new GenericXmlSecurityToken(dom.DocumentElement, proofToken, assertion.Conditions.NotBefore, assertion.Conditions.NotOnOrAfter, samlKeyIdentifierClause, samlKeyIdentifierClause, null)); }
protected override SecurityToken GetTokenCore(TimeSpan timeout) { SecurityToken securityToken; Saml2Assertion saml2Assertion; if (base.TokenRequirement.KeyType == SecurityKeyType.SymmetricKey) { securityToken = SamlSecurityTokenProvider.CreateSymmetricProofToken(base.TokenRequirement.KeySize); saml2Assertion = this.CreateSamlAssertionWithSymmetricKey((BinarySecretSecurityToken)securityToken); } else { if (base.TokenRequirement.KeyType != SecurityKeyType.AsymmetricKey) { throw new ArgumentOutOfRangeException("KeyType"); } securityToken = SamlSecurityTokenProvider.CreateAsymmetricProofToken(); saml2Assertion = this.CreateSamlAssertionWithAsymmetricKey(securityToken); } Saml2SecurityToken saml2SecurityToken = new Saml2SecurityToken(saml2Assertion); XmlDocument xmlDocument = new XmlDocument(); using (XmlWriter xmlWriter = xmlDocument.CreateNavigator().AppendChild()) { Saml2SecurityTokenHandler saml2SecurityTokenHandler = new Saml2SecurityTokenHandler(); saml2SecurityTokenHandler.WriteToken(xmlWriter, saml2SecurityToken); } SamlAssertionKeyIdentifierClause samlAssertionKeyIdentifierClause = saml2SecurityToken.CreateKeyIdentifierClause <SamlAssertionKeyIdentifierClause>(); return(new GenericXmlSecurityToken(xmlDocument.DocumentElement, securityToken, saml2Assertion.Conditions.NotBefore.Value, saml2Assertion.Conditions.NotOnOrAfter.Value, samlAssertionKeyIdentifierClause, samlAssertionKeyIdentifierClause, null)); }
void WriteSamlAssertionKeyIdentifierClause(XmlWriter w, SamlAssertionKeyIdentifierClause ic) { w.WriteStartElement("o", "SecurityTokenReference", Constants.WssNamespace); w.WriteStartElement("o", "KeyIdentifier", Constants.WssNamespace); w.WriteAttributeString("ValueType", Constants.WssKeyIdentifierSamlAssertion); w.WriteString(ic.AssertionId); w.WriteEndElement(); w.WriteEndElement(); }
protected override SecurityToken GetTokenCore(TimeSpan timeout) { SamlSecurityToken samlSecurityToken = new SamlSecurityToken(this.assertion); WSSecurityTokenSerializer wssecurityTokenSerializer = new WSSecurityTokenSerializer(); MemoryStream memoryStream = new MemoryStream(65535); XmlWriter writer = XmlWriter.Create(memoryStream); wssecurityTokenSerializer.WriteToken(writer, samlSecurityToken); memoryStream.Seek(0L, SeekOrigin.Begin); XmlDocument xmlDocument = new XmlDocument(); xmlDocument.Load(memoryStream); SamlAssertionKeyIdentifierClause samlAssertionKeyIdentifierClause = samlSecurityToken.CreateKeyIdentifierClause <SamlAssertionKeyIdentifierClause>(); return(new GenericXmlSecurityToken(xmlDocument.DocumentElement, this.proofToken, this.assertion.Conditions.NotBefore, this.assertion.Conditions.NotOnOrAfter, samlAssertionKeyIdentifierClause, samlAssertionKeyIdentifierClause, null)); }
private static void ParseValues(JSNotifyRequestSecurityTokenResponse rstr) { rstr.ValidFrom = long.Parse(rstr.Created).ToDateTimeFromEpoch(); rstr.ValidTo = long.Parse(rstr.Expires).ToDateTimeFromEpoch(); rstr.SecurityTokenString = HttpUtility.HtmlDecode(rstr.SecurityTokenString); var xml = XElement.Parse(rstr.SecurityTokenString); string idAttribute = ""; switch (rstr.TokenType) { case SecurityTokenTypes.Saml11: idAttribute = "AssertionID"; break; case SecurityTokenTypes.Saml2: idAttribute = "ID"; break; } if (rstr.TokenType == SecurityTokenTypes.Saml11 || rstr.TokenType == SecurityTokenTypes.Saml2) { var tokenId = xml.Attribute(idAttribute); var xmlElement = xml.ToXmlElement(); SecurityKeyIdentifierClause clause = null; if (tokenId != null) { clause = new SamlAssertionKeyIdentifierClause(tokenId.Value); } rstr.SecurityToken = new GenericXmlSecurityToken( xmlElement, null, rstr.ValidFrom, rstr.ValidTo, clause, clause, new ReadOnlyCollection <IAuthorizationPolicy>(new List <IAuthorizationPolicy>())); } else if (rstr.TokenType == SecurityTokenTypes.SWT) { rstr.SecurityTokenString = Encoding.UTF8.GetString(Convert.FromBase64String(xml.Value)); } }
protected override SecurityToken GetTokenCore(TimeSpan timeout) { Collection <XmlElement> reqParams = new Collection <XmlElement>(); foreach (XmlElement param in tokenRequirement.AdditionalRequestParameters) { if (param.NamespaceURI == "urn:oasis:names:tc:SAML:1.0:assertion") { reqParams.Add(param); } } ISessionCache cache = (ISessionCache)Activator.CreateInstance(clientCredentials.Cache, clientCredentials.Config); //Check the cache for existing session. String id; List <String> idSort; id = clientCredentials.ClientCertificate.Certificate.Thumbprint + ";"; id += clientCredentials.Session.Thumbprint + ";"; idSort = new List <string>(); foreach (XmlElement reqParam in reqParams) { String val; val = "{" + reqParam.GetAttribute("AttributeNamespace") + "}"; val += reqParam.GetAttribute("AttributeName"); val += "="; val += reqParam.GetElementsByTagName("AttributeValue", "urn:oasis:names:tc:SAML:1.0:assertion")[0].InnerText; val += ";"; idSort.Add(val); } idSort.Sort(); foreach (String val in idSort) { id += val; } idSort = new List <string>(); foreach (ClaimTypeRequirement req in tokenRequirement.ClaimTypeRequirements) { String val = req.ClaimType + ";"; idSort.Add(val); } idSort.Sort(); foreach (String val in idSort) { id += val; } XmlNamespaceManager nsmngr = null; DateTime notOnOrAfter = DateTime.MinValue; //Get the value from the cache XmlElement assertion = cache.Get(id); //If cache had a result, check if it is still valid if (assertion != null) { nsmngr = new XmlNamespaceManager(assertion.OwnerDocument.NameTable); nsmngr.AddNamespace("saml", "urn:oasis:names:tc:SAML:1.0:assertion"); notOnOrAfter = DateTime.Parse(assertion.SelectSingleNode("saml:Conditions/@NotOnOrAfter", nsmngr).Value, null, DateTimeStyles.RoundtripKind); if (notOnOrAfter < DateTime.UtcNow) { assertion = null; cache.Remove(id); } } //If the cache wasn't successful, create new. if (assertion == null) { //Get a new assertion token for the session StsClient target = new StsClient(tokenRequirement.IssuerBinding, tokenRequirement.IssuerAddress); target.Endpoint.Behaviors.Remove <ClientCredentials>(); target.Endpoint.Behaviors.Add(new OptClientCredentials()); target.ClientCredentials.ClientCertificate.Certificate = clientCredentials.ClientCertificate.Certificate; target.InnerChannel.OperationTimeout = timeout; assertion = target.RequestTicket("Anonymous", clientCredentials.Session, clientCredentials.Duration, reqParams, tokenRequirement.ClaimTypeRequirements); nsmngr = new XmlNamespaceManager(assertion.OwnerDocument.NameTable); nsmngr.AddNamespace("saml", "urn:oasis:names:tc:SAML:1.0:assertion"); notOnOrAfter = DateTime.Parse(assertion.SelectSingleNode("saml:Conditions/@NotOnOrAfter", nsmngr).Value, null, DateTimeStyles.RoundtripKind); cache.Add(id, assertion, notOnOrAfter); } //Get some date from the assertion token DateTime notBefore = DateTime.Parse(assertion.SelectSingleNode("saml:Conditions/@NotBefore", nsmngr).Value, null, DateTimeStyles.RoundtripKind); String assertionId = assertion.SelectSingleNode("@AssertionID", nsmngr).Value; // Create a KeyIdentifierClause for the SamlSecurityToken SamlAssertionKeyIdentifierClause samlKeyIdentifierClause = new SamlAssertionKeyIdentifierClause(assertionId); return(new GenericXmlSecurityToken(assertion, new X509SecurityToken(clientCredentials.Session), notBefore, notOnOrAfter, samlKeyIdentifierClause, samlKeyIdentifierClause, null)); }