public Saml2LogoutResponse GetLogoutReponse(Uri uri, AsymmetricAlgorithm key)
{
var response = new Saml2LogoutResponse();
var parser = new HttpRedirectBindingParser(uri);
if (key == null)
{
throw new ArgumentNullException(nameof(key));
}
response.OriginalLogoutRequest = parser.LogoutRequest;
if (!parser.IsSigned)
{
response.StatusCode = Saml2Constants.StatusCodes.RequestDenied;
}
// Validates the signature using the public part of the asymmetric key given as parameter.
var signatureProvider =
_signatureProviderFactory.CreateFromAlgorithmUri(key.GetType(), parser.SignatureAlgorithm);
if (!signatureProvider.VerifySignature(key, Encoding.UTF8.GetBytes(parser.SignedQuery),
parser.DecodeSignature()))
{
response.StatusCode = Saml2Constants.StatusCodes.RequestDenied;
}
response.StatusCode = Saml2Constants.StatusCodes.Success;
return(response);
}
public string GetLogoutResponseUrl(Saml2LogoutResponse logoutResponse, string relayState)
{
var signingCertificate = _certificateProvider.GetCertificate();
var response = _saml2MessageFactory.CreateLogoutResponse(logoutResponse.StatusCode,
logoutResponse.OriginalLogoutRequest.ID);
return(_httpRedirectBinding.BuildLogoutResponseUrl(response,
signingCertificate.ServiceProvider.PrivateKey, _identityProviderConfiguration.HashingAlgorithm,
relayState));
}
