public string ToXml(Saml2Assertion assertion) { var tokenHandlers = new Saml2SecurityTokenHandler(); var stringBuilder = new StringBuilder(); using (var xmlWriter = new XmlTextWriter(new StringWriter(stringBuilder))) { var token = new Saml2SecurityToken(assertion); tokenHandlers.WriteToken(xmlWriter, token); return stringBuilder.ToString(); } }
public void Saml2Response_GetClaims_CorrectEncryptedSingleAssertion_UsingWIF() { var response = @"<saml2p:Response xmlns:saml2p=""urn:oasis:names:tc:SAML:2.0:protocol"" xmlns:saml2=""urn:oasis:names:tc:SAML:2.0:assertion"" ID = """ + MethodBase.GetCurrentMethod().Name + @""" Version=""2.0"" IssueInstant=""2013-01-01T00:00:00Z""> <saml2:Issuer>https://idp.example.com</saml2:Issuer> <saml2p:Status> <saml2p:StatusCode Value=""urn:oasis:names:tc:SAML:2.0:status:Success"" /> </saml2p:Status> {0} </saml2p:Response>"; var assertion = new Saml2Assertion(new Saml2NameIdentifier("https://idp.example.com")); assertion.Subject = new Saml2Subject(new Saml2NameIdentifier("WIFUser")); assertion.Subject.SubjectConfirmations.Add(new Saml2SubjectConfirmation(new Uri("urn:oasis:names:tc:SAML:2.0:cm:bearer"))); assertion.Conditions = new Saml2Conditions { NotOnOrAfter = new DateTime(2100, 1, 1) }; var token = new Saml2SecurityToken(assertion); var handler = new Saml2SecurityTokenHandler(); assertion.SigningCredentials = new X509SigningCredentials(SignedXmlHelper.TestCert, signatureAlgorithm: SecurityAlgorithms.RsaSha1Signature, digestAlgorithm: SecurityAlgorithms.Sha1Digest); assertion.EncryptingCredentials = new EncryptedKeyEncryptingCredentials( SignedXmlHelper.TestCert2, keyWrappingAlgorithm: SecurityAlgorithms.RsaOaepKeyWrap, keySizeInBits: 256, encryptionAlgorithm: SecurityAlgorithms.Aes192Encryption); string assertionXml = String.Empty; using (var sw = new StringWriter()) { using (var xw = XmlWriter.Create(sw, new XmlWriterSettings { OmitXmlDeclaration = true })) { handler.WriteToken(xw, token); } assertionXml = sw.ToString(); } var responseWithAssertion = string.Format(response, assertionXml); var claims = Saml2Response.Read(responseWithAssertion).GetClaims(Options.FromConfiguration); claims.Count().Should().Be(1); claims.First().FindFirst(ClaimTypes.NameIdentifier).Value.Should().Be("WIFUser"); }
private void CreateSaml2Tokens( SecurityTokenDescriptor tokenDescriptor ) { Saml2SecurityTokenHandler samlTokenHandler = new Saml2SecurityTokenHandler(); Saml2SecurityToken token = samlTokenHandler.CreateToken( tokenDescriptor ) as Saml2SecurityToken; MemoryStream ms = new MemoryStream(); XmlDictionaryWriter writer = XmlDictionaryWriter.CreateTextWriter( ms ); samlTokenHandler.WriteToken( writer, token ); }
private void RunValidationTests( SecurityTokenDescriptor tokenDescriptor, SecurityToken securityToken, SecurityKey key, int iterations, bool display = true ) { // Create jwts using wif // Create Saml2 tokens // Create Saml tokens DateTime started; string validating = "Validating, signed: '{0}', '{1}' Tokens. Time: '{2}'"; SetReturnSecurityTokenResolver str = new Test.SetReturnSecurityTokenResolver( securityToken, key ); SecurityTokenHandlerConfiguration tokenHandlerConfiguration = new SecurityTokenHandlerConfiguration() { IssuerTokenResolver = str, SaveBootstrapContext = true, CertificateValidator = AlwaysSucceedCertificateValidator.New, AudienceRestriction = new AudienceRestriction( AudienceUriMode.Never ), IssuerNameRegistry = new SetNameIssuerNameRegistry( Issuers.GotJwt ), }; Saml2SecurityTokenHandler samlTokenHandler = new Saml2SecurityTokenHandler(); Saml2SecurityToken token = samlTokenHandler.CreateToken( tokenDescriptor ) as Saml2SecurityToken; StringBuilder sb = new StringBuilder(); XmlWriter writer = XmlWriter.Create(sb); samlTokenHandler.WriteToken( writer, token ); writer.Flush(); writer.Close(); string tokenXml = sb.ToString(); samlTokenHandler.Configuration = tokenHandlerConfiguration; started = DateTime.UtcNow; for ( int i = 0; i < iterations; i++ ) { StringReader sr = new StringReader( tokenXml ); XmlDictionaryReader reader = XmlDictionaryReader.CreateDictionaryReader( XmlReader.Create( sr ) ); reader.MoveToContent(); SecurityToken saml2Token = samlTokenHandler.ReadToken( reader ); samlTokenHandler.ValidateToken( saml2Token ); } if ( display ) { Console.WriteLine( string.Format( validating, "Saml2SecurityTokenHandler", iterations, DateTime.UtcNow - started ) ); } JwtSecurityTokenHandler jwtTokenHandler = new JwtSecurityTokenHandler(); JwtSecurityToken jwt = jwtTokenHandler.CreateToken( tokenDescriptor ) as JwtSecurityToken; jwtTokenHandler.Configuration = tokenHandlerConfiguration; started = DateTime.UtcNow; for ( int i = 0; i < iterations; i++ ) { jwtTokenHandler.ValidateToken( jwt.RawData ); } if ( display ) { Console.WriteLine( string.Format( validating, "JwtSecurityTokenHandle - ValidateToken( jwt.RawData )", iterations, DateTime.UtcNow - started ) ); } jwt = jwtTokenHandler.CreateToken( tokenDescriptor ) as JwtSecurityToken; sb = new StringBuilder(); writer = XmlWriter.Create(sb); jwtTokenHandler.WriteToken( writer, jwt ); writer.Flush(); writer.Close(); tokenXml = sb.ToString(); started = DateTime.UtcNow; for ( int i = 0; i<iterations; i++ ) { StringReader sr = new StringReader( tokenXml ); XmlDictionaryReader reader = XmlDictionaryReader.CreateDictionaryReader( XmlReader.Create( sr ) ); reader.MoveToContent(); SecurityToken jwtToken = jwtTokenHandler.ReadToken( reader ); jwtTokenHandler.ValidateToken( jwtToken ); } if ( display ) { Console.WriteLine( string.Format( validating, "JwtSecurityTokenHandle - ReadToken( reader ), ValidateToken( jwtToken )", iterations, DateTime.UtcNow - started ) ); } started = DateTime.UtcNow; for ( int i = 0; i < iterations; i++ ) { StringReader sr = new StringReader( tokenXml ); XmlDictionaryReader reader = XmlDictionaryReader.CreateDictionaryReader( XmlReader.Create( sr ) ); reader.MoveToContent(); JwtSecurityToken jwtToken = jwtTokenHandler.ReadToken( reader ) as JwtSecurityToken; jwtTokenHandler.ValidateToken( jwtToken.RawData ); } if ( display ) { Console.WriteLine( string.Format( validating, "JwtSecurityTokenHandle - ReadToken( reader ), ValidateToken( jwtToken.RawData )", iterations, DateTime.UtcNow - started ) ); } }