public XmlDocument CreateEncryptedAssertionDocument(FtgpSamlAssertionInfo samlAssertionInfo)
{
if (samlAssertionInfo?.Roles == null || !samlAssertionInfo.Roles.Any())
{
throw new ArgumentException("The SAML assertion info does not contain any roles.");
}
var document = new XmlDocument();
var encryptedAssertion = CreateEncryptedAssertion(document, samlAssertionInfo);
document.AppendChild(encryptedAssertion);
return document;
}
public XmlDocument CreateResponseDocument(FtgpSamlAssertionInfo samlAssertionInfo)
{
if (samlAssertionInfo?.Roles == null || !samlAssertionInfo.Roles.Any())
{
throw new ArgumentException("The SAML assertion info does not contain any roles.");
}
var document = new XmlDocument();
var id = Guid.NewGuid().ToString();
var response = CreateEmptyResponse(document, id);
var issuer = CreateIssuer(document, issuerText);
var encryptedAssertion = CreateEncryptedAssertion(document, samlAssertionInfo);
response.AppendChild(issuer);
response.AppendChild(encryptedAssertion);
document.AppendChild(response);
SignDocument(document, id);
return document;
}
private XmlDocument CreateSignedAssertionDocument(FtgpSamlAssertionInfo samlAssertionInfo)
{
var document = new XmlDocument();
var assertion = CreateEmptyAssertion(document, samlAssertionInfo.AssertionId);
var issuer = CreateIssuer(document, issuerText);
var conditions = CreateConditions(document, samlAssertionInfo.NotBefore, samlAssertionInfo.NotOnOrAfter);
var nameAttributeStatement = CreateAttributeStatement(document, "name", samlAssertionInfo.Name);
var emailAttributeStatement = CreateAttributeStatement(document, "emailaddress", samlAssertionInfo.Email);
var languageAttributeStatement = CreateAttributeStatement(document, "language", samlAssertionInfo.Language);
var roleAttributeStatement = CreateAttributeStatement(document, "role", samlAssertionInfo.Roles);
assertion.AppendChild(issuer);
assertion.AppendChild(conditions);
assertion.AppendChild(nameAttributeStatement);
assertion.AppendChild(emailAttributeStatement);
assertion.AppendChild(languageAttributeStatement);
assertion.AppendChild(roleAttributeStatement);
if (!string.IsNullOrEmpty(samlAssertionInfo.AgencyId))
{
var agencyAttributeStatement = CreateAttributeStatement(document, "agency", samlAssertionInfo.AgencyId);
assertion.AppendChild(agencyAttributeStatement);
}
document.AppendChild(assertion);
SignDocument(document, samlAssertionInfo.AssertionId);
return document;
}
private XmlElement CreateEncryptedAssertion(XmlDocument document, FtgpSamlAssertionInfo samlAssertionInfo)
{
var encryptedAssertion = CreateEmptyEncryptedAssertion(document);
var signedAssertionDocument = CreateSignedAssertionDocument(samlAssertionInfo);
var encryptedAssertionElement = EncryptElement(signedAssertionDocument.DocumentElement);
encryptedAssertion.AppendChild(document.ImportNode(encryptedAssertionElement, true));
return encryptedAssertion;
}
