/// <summary>
/// Creates the security token
/// </summary>
/// <param name="timeout">Maximum amount of time the method is supposed to take. Ignored in this implementation.</param>
/// <returns>A SecurityToken corresponding the SAML assertion and proof key specified at construction time</returns>
protected override SecurityToken GetTokenCore(TimeSpan timeout)
{
// Create a SamlSecurityToken from the provided assertion
SamlSecurityToken samlToken = new SamlSecurityToken(assertion);
// Create a SecurityTokenSerializer that will be used to serialize the SamlSecurityToken
WSSecurityTokenSerializer ser = new WSSecurityTokenSerializer();
// Create a memory stream to write the serialized token into
// Use an initial size of 64Kb
MemoryStream s = new MemoryStream(UInt16.MaxValue);
// Create an XmlWriter over the stream
XmlWriter xw = XmlWriter.Create(s);
// Write the SamlSecurityToken into the stream
ser.WriteToken(xw, samlToken);
// Seek back to the beginning of the stream
s.Seek(0, SeekOrigin.Begin);
// Load the serialized token into a DOM
XmlDocument dom = new XmlDocument();
dom.Load(s);
// Create a KeyIdentifierClause for the SamlSecurityToken
SamlAssertionKeyIdentifierClause samlKeyIdentifierClause = samlToken.CreateKeyIdentifierClause <SamlAssertionKeyIdentifierClause>();
// Return a GenericXmlToken from the XML for the SamlSecurityToken, the proof token, the valid from
// and valid until times from the assertion and the key identifier clause created above
return(new GenericXmlSecurityToken(dom.DocumentElement, proofToken, assertion.Conditions.NotBefore, assertion.Conditions.NotOnOrAfter, samlKeyIdentifierClause, samlKeyIdentifierClause, null));
}
protected override SecurityToken GetTokenCore(TimeSpan timeout)
{
SecurityToken securityToken;
Saml2Assertion saml2Assertion;
if (base.TokenRequirement.KeyType == SecurityKeyType.SymmetricKey)
{
securityToken = SamlSecurityTokenProvider.CreateSymmetricProofToken(base.TokenRequirement.KeySize);
saml2Assertion = this.CreateSamlAssertionWithSymmetricKey((BinarySecretSecurityToken)securityToken);
}
else
{
if (base.TokenRequirement.KeyType != SecurityKeyType.AsymmetricKey)
{
throw new ArgumentOutOfRangeException("KeyType");
}
securityToken = SamlSecurityTokenProvider.CreateAsymmetricProofToken();
saml2Assertion = this.CreateSamlAssertionWithAsymmetricKey(securityToken);
}
Saml2SecurityToken saml2SecurityToken = new Saml2SecurityToken(saml2Assertion);
XmlDocument xmlDocument = new XmlDocument();
using (XmlWriter xmlWriter = xmlDocument.CreateNavigator().AppendChild())
{
Saml2SecurityTokenHandler saml2SecurityTokenHandler = new Saml2SecurityTokenHandler();
saml2SecurityTokenHandler.WriteToken(xmlWriter, saml2SecurityToken);
}
SamlAssertionKeyIdentifierClause samlAssertionKeyIdentifierClause = saml2SecurityToken.CreateKeyIdentifierClause <SamlAssertionKeyIdentifierClause>();
return(new GenericXmlSecurityToken(xmlDocument.DocumentElement, securityToken, saml2Assertion.Conditions.NotBefore.Value, saml2Assertion.Conditions.NotOnOrAfter.Value, samlAssertionKeyIdentifierClause, samlAssertionKeyIdentifierClause, null));
}
void WriteSamlAssertionKeyIdentifierClause(XmlWriter w, SamlAssertionKeyIdentifierClause ic)
{
w.WriteStartElement("o", "SecurityTokenReference", Constants.WssNamespace);
w.WriteStartElement("o", "KeyIdentifier", Constants.WssNamespace);
w.WriteAttributeString("ValueType", Constants.WssKeyIdentifierSamlAssertion);
w.WriteString(ic.AssertionId);
w.WriteEndElement();
w.WriteEndElement();
}
protected override SecurityToken GetTokenCore(TimeSpan timeout)
{
SamlSecurityToken samlSecurityToken = new SamlSecurityToken(this.assertion);
WSSecurityTokenSerializer wssecurityTokenSerializer = new WSSecurityTokenSerializer();
MemoryStream memoryStream = new MemoryStream(65535);
XmlWriter writer = XmlWriter.Create(memoryStream);
wssecurityTokenSerializer.WriteToken(writer, samlSecurityToken);
memoryStream.Seek(0L, SeekOrigin.Begin);
XmlDocument xmlDocument = new XmlDocument();
xmlDocument.Load(memoryStream);
SamlAssertionKeyIdentifierClause samlAssertionKeyIdentifierClause = samlSecurityToken.CreateKeyIdentifierClause <SamlAssertionKeyIdentifierClause>();
return(new GenericXmlSecurityToken(xmlDocument.DocumentElement, this.proofToken, this.assertion.Conditions.NotBefore, this.assertion.Conditions.NotOnOrAfter, samlAssertionKeyIdentifierClause, samlAssertionKeyIdentifierClause, null));
}
private static void ParseValues(JSNotifyRequestSecurityTokenResponse rstr)
{
rstr.ValidFrom = long.Parse(rstr.Created).ToDateTimeFromEpoch();
rstr.ValidTo = long.Parse(rstr.Expires).ToDateTimeFromEpoch();
rstr.SecurityTokenString = HttpUtility.HtmlDecode(rstr.SecurityTokenString);
var xml = XElement.Parse(rstr.SecurityTokenString);
string idAttribute = "";
switch (rstr.TokenType)
{
case SecurityTokenTypes.Saml11:
idAttribute = "AssertionID";
break;
case SecurityTokenTypes.Saml2:
idAttribute = "ID";
break;
}
if (rstr.TokenType == SecurityTokenTypes.Saml11 || rstr.TokenType == SecurityTokenTypes.Saml2)
{
var tokenId = xml.Attribute(idAttribute);
var xmlElement = xml.ToXmlElement();
SecurityKeyIdentifierClause clause = null;
if (tokenId != null)
{
clause = new SamlAssertionKeyIdentifierClause(tokenId.Value);
}
rstr.SecurityToken = new GenericXmlSecurityToken(
xmlElement,
null,
rstr.ValidFrom,
rstr.ValidTo,
clause,
clause,
new ReadOnlyCollection <IAuthorizationPolicy>(new List <IAuthorizationPolicy>()));
}
else if (rstr.TokenType == SecurityTokenTypes.SWT)
{
rstr.SecurityTokenString = Encoding.UTF8.GetString(Convert.FromBase64String(xml.Value));
}
}
protected override SecurityToken GetTokenCore(TimeSpan timeout)
{
Collection <XmlElement> reqParams = new Collection <XmlElement>();
foreach (XmlElement param in tokenRequirement.AdditionalRequestParameters)
{
if (param.NamespaceURI == "urn:oasis:names:tc:SAML:1.0:assertion")
{
reqParams.Add(param);
}
}
ISessionCache cache = (ISessionCache)Activator.CreateInstance(clientCredentials.Cache, clientCredentials.Config);
//Check the cache for existing session.
String id;
List <String> idSort;
id = clientCredentials.ClientCertificate.Certificate.Thumbprint + ";";
id += clientCredentials.Session.Thumbprint + ";";
idSort = new List <string>();
foreach (XmlElement reqParam in reqParams)
{
String val;
val = "{" + reqParam.GetAttribute("AttributeNamespace") + "}";
val += reqParam.GetAttribute("AttributeName");
val += "=";
val += reqParam.GetElementsByTagName("AttributeValue", "urn:oasis:names:tc:SAML:1.0:assertion")[0].InnerText;
val += ";";
idSort.Add(val);
}
idSort.Sort();
foreach (String val in idSort)
{
id += val;
}
idSort = new List <string>();
foreach (ClaimTypeRequirement req in tokenRequirement.ClaimTypeRequirements)
{
String val = req.ClaimType + ";";
idSort.Add(val);
}
idSort.Sort();
foreach (String val in idSort)
{
id += val;
}
XmlNamespaceManager nsmngr = null;
DateTime notOnOrAfter = DateTime.MinValue;
//Get the value from the cache
XmlElement assertion = cache.Get(id);
//If cache had a result, check if it is still valid
if (assertion != null)
{
nsmngr = new XmlNamespaceManager(assertion.OwnerDocument.NameTable);
nsmngr.AddNamespace("saml", "urn:oasis:names:tc:SAML:1.0:assertion");
notOnOrAfter = DateTime.Parse(assertion.SelectSingleNode("saml:Conditions/@NotOnOrAfter", nsmngr).Value, null, DateTimeStyles.RoundtripKind);
if (notOnOrAfter < DateTime.UtcNow)
{
assertion = null;
cache.Remove(id);
}
}
//If the cache wasn't successful, create new.
if (assertion == null)
{
//Get a new assertion token for the session
StsClient target = new StsClient(tokenRequirement.IssuerBinding, tokenRequirement.IssuerAddress);
target.Endpoint.Behaviors.Remove <ClientCredentials>();
target.Endpoint.Behaviors.Add(new OptClientCredentials());
target.ClientCredentials.ClientCertificate.Certificate = clientCredentials.ClientCertificate.Certificate;
target.InnerChannel.OperationTimeout = timeout;
assertion = target.RequestTicket("Anonymous", clientCredentials.Session, clientCredentials.Duration, reqParams, tokenRequirement.ClaimTypeRequirements);
nsmngr = new XmlNamespaceManager(assertion.OwnerDocument.NameTable);
nsmngr.AddNamespace("saml", "urn:oasis:names:tc:SAML:1.0:assertion");
notOnOrAfter = DateTime.Parse(assertion.SelectSingleNode("saml:Conditions/@NotOnOrAfter", nsmngr).Value, null, DateTimeStyles.RoundtripKind);
cache.Add(id, assertion, notOnOrAfter);
}
//Get some date from the assertion token
DateTime notBefore = DateTime.Parse(assertion.SelectSingleNode("saml:Conditions/@NotBefore", nsmngr).Value, null, DateTimeStyles.RoundtripKind);
String assertionId = assertion.SelectSingleNode("@AssertionID", nsmngr).Value;
// Create a KeyIdentifierClause for the SamlSecurityToken
SamlAssertionKeyIdentifierClause samlKeyIdentifierClause = new SamlAssertionKeyIdentifierClause(assertionId);
return(new GenericXmlSecurityToken(assertion, new X509SecurityToken(clientCredentials.Session), notBefore, notOnOrAfter, samlKeyIdentifierClause, samlKeyIdentifierClause, null));
}
