/// <summary>
        /// Validate AttributeStatement.
        /// </summary>
        /// <remarks>
        /// [SAML2.0 standard] section 2.7.3
        /// </remarks>
        /// <param name="statement">The statement.</param>
        private void ValidateAttributeStatement(AttributeStatement statement)
        {
            if (statement.Items == null || statement.Items.Length == 0)
            {
                throw new Saml20FormatException("AttributeStatement MUST contain at least one Attribute or EncryptedAttribute");
            }

            foreach (var o in statement.Items)
            {
                if (o == null)
                {
                    throw new Saml20FormatException("null-Attributes are not supported");
                }

                if (o is SamlAttribute)
                {
                    _attributeValidator.ValidateAttribute((SamlAttribute)o);
                }
                else if (o is EncryptedElement)
                {
                    _attributeValidator.ValidateEncryptedAttribute((EncryptedElement)o);
                }
                else
                {
                    throw new Saml20FormatException(string.Format("Subelement {0} of AttributeStatement is not supported", o.GetType()));
                }
            }
        }
            public void ThrowsExceptionWhenAttributeElementEmptyName()
            {
                // Arrange
                var statement = new AttributeStatement();
                var validator = new Saml20StatementValidator();

                statement.Items = new object[] { new SamlAttribute() };

                // Act
                validator.ValidateStatement(statement);
            }
            public void ThrowsExceptionWhenNullAttributeList()
            {
                // Arrange
                var statement = new AttributeStatement();
                var validator = new Saml20StatementValidator();

                statement.Items = null;

                // Act
                validator.ValidateStatement(statement);
            }
Example #4
0
        /// <summary>
        /// Merges the modified attributes into <code>AttributeStatement</code> of the assertion.
        /// </summary>
        private void InsertAttributes()
        {
            if (_assertionAttributes == null)
            {
                return;
            }

            // Generate the new AttributeStatement
            var attributeStatement = new AttributeStatement();
            var statements = new List<object>(_encryptedAssertionAttributes.Count + _assertionAttributes.Count);
            statements.AddRange(_assertionAttributes.ToArray());
            statements.AddRange(_encryptedAssertionAttributes.ToArray());
            attributeStatement.Items = statements.ToArray();

            var list = XmlAssertion.GetElementsByTagName(AttributeStatement.ElementName, Saml20Constants.Assertion);

            if (list.Count > 0)
            {
                // Remove the old AttributeStatement.
                XmlAssertion.RemoveChild(list[0]);

                // FIX _samlAssertion.DocumentElement.RemoveChild(list[0]);
            }

            // Only insert a new AttributeStatement if there are attributes.
            if (statements.Count > 0)
            {
                // Convert the new AttributeStatement to the Document Object Model and make a silent prayer that one day we will
                // be able to make this transition in a more elegant way.
                var attributeStatementDoc = Serialization.Serialize(attributeStatement);
                var attr = XmlAssertion.OwnerDocument.ImportNode(attributeStatementDoc.DocumentElement, true);

                // Insert the new statement.
                XmlAssertion.AppendChild(attr);
            }

            _encryptedAssertionAttributes = null;
            _assertionAttributes = null;
        }
Example #5
0
        /// <summary>
        /// Assembles our basic test assertion
        /// </summary>
        /// <returns>The <see cref="Assertion"/>.</returns>
        public static Assertion GetBasicAssertion()
        {
            var assertion = new Assertion
                                {
                                    Issuer = new NameId(),
                                    Id = "_b8977dc86cda41493fba68b32ae9291d",
                                    IssueInstant = DateTime.UtcNow,
                                    Version = "2.0"
                                };

            assertion.Issuer.Value = GetBasicIssuer();
            assertion.Subject = new Subject();
            var subjectConfirmation = new SubjectConfirmation
            {
                Method = SubjectConfirmation.BearerMethod,
                SubjectConfirmationData =
                    new SubjectConfirmationData
                    {
                        NotOnOrAfter = new DateTime(2008, 12, 31, 12, 0, 0, 0),
                        Recipient = "http://borger.dk"
                    }
            };
            assertion.Subject.Items = new object[] { subjectConfirmation };
            assertion.Conditions = new Conditions { NotOnOrAfter = new DateTime(2008, 12, 31, 12, 0, 0, 0) };
            var audienceRestriction = new AudienceRestriction { Audience = GetAudiences().Select(u => u.ToString()).ToList() };
            assertion.Conditions.Items = new List<ConditionAbstract>(new ConditionAbstract[] { audienceRestriction });

            AuthnStatement authnStatement;
            {
                authnStatement = new AuthnStatement();
                assertion.Items = new StatementAbstract[] { authnStatement };
                authnStatement.AuthnInstant = new DateTime(2008, 1, 8);
                authnStatement.SessionIndex = "70225885";
                authnStatement.AuthnContext = new AuthnContext
                                                  {
                                                      Items = new object[]
                                                                  {
                                                                      "urn:oasis:names:tc:SAML:2.0:ac:classes:X509",
                                                                      "http://www.safewhere.net/authncontext/declref"
                                                                  },
                                                      ItemsElementName = new[]
                                                                             {
                                                                                 AuthnContextType.AuthnContextClassRef,
                                                                                 AuthnContextType.AuthnContextDeclRef
                                                                             }
                                                  };
            }

            AttributeStatement attributeStatement;
            {
                attributeStatement = new AttributeStatement();
                var surName = new SamlAttribute
                    {
                        FriendlyName = "SurName",
                        Name = "urn:oid:2.5.4.4",
                        NameFormat = SamlAttribute.NameformatUri,
                        AttributeValue = new[] { "Fry" }
                    };

                var commonName = new SamlAttribute
                    {
                        FriendlyName = "CommonName",
                        Name = "urn:oid:2.5.4.3",
                        NameFormat = SamlAttribute.NameformatUri,
                        AttributeValue = new[] { "Philip J. Fry" }
                    };

                var userName = new SamlAttribute
                    {
                        Name = "urn:oid:0.9.2342.19200300.100.1.1",
                        NameFormat = SamlAttribute.NameformatUri,
                        AttributeValue = new[] { "fry" }
                    };

                var email = new SamlAttribute
                    {
                        FriendlyName = "Email",
                        Name = "urn:oid:0.9.2342.19200300.100.1.3",
                        NameFormat = SamlAttribute.NameformatUri,
                        AttributeValue = new[] { "*****@*****.**" }
                    };

                attributeStatement.Items = new object[] { surName, commonName, userName, email };
            }

            assertion.Items = new StatementAbstract[] { authnStatement, attributeStatement };

            return assertion;
        }