public static string GetAssertion(
string issuer, string subject, string certLocation, string certPassword,
Dictionary <string, string> attributes)
{
// Create certificate from file. It must contain private key!
X509Certificate2 cert = new X509Certificate2(certLocation, certPassword);
// The private key contained in the certificate will be used to sign the token.
X509AsymmetricSecurityKey signingKey = new X509AsymmetricSecurityKey(cert);
SecurityKeyIdentifier ski = new SecurityKeyIdentifier(new
X509ThumbprintKeyIdentifierClause(cert));
SamlAssertion assertion =
SamlHelper.CreateSamlAssertion(issuer, subject, subject, attributes);
assertion.SigningCredentials = new
SigningCredentials(signingKey, SecurityAlgorithms.RsaSha1Signature,
SecurityAlgorithms.Sha1Digest, ski);
return(SamlHelper.SerializeToken(assertion));
}
public static string GetAssertion(
string issuer, string subject, Dictionary <string, string> attributes)
{
return(SamlHelper.SerializeToken(
SamlHelper.CreateSamlAssertion(issuer, subject, subject, attributes)));
}
/// <summary>
/// Returns a Base64 Encoded String with the SamlResponse in it.
/// </summary>
/// <param name="recipient">Recipient</param>
/// <param name="issuer">Issuer</param>
/// <param name="subject">Subject</param>
/// <param name="certLocation">Certificate Location</param>
/// <param name="certPassword">Certificate Password</param>
/// <param name="attributes">A list of attributes to pass</param>
/// <returns></returns>
public static string GetPostSamlResponse(string recipient, string issuer, string domain, string subject,
StoreLocation storeLocation, StoreName storeName, X509FindType findType, string certFile, string certPassword, object findValue,
Dictionary <string, string> attributes, SigningHelper.SignatureType signatureType)
{
ResponseType response = new ResponseType();
// Create Response
response.ResponseID = "_" + Guid.NewGuid().ToString();
response.MajorVersion = "1";
response.MinorVersion = "1";
response.IssueInstant = System.DateTime.UtcNow;
response.Recipient = recipient;
StatusType status = new StatusType();
status.StatusCode = new StatusCodeType();
status.StatusCode.Value = new XmlQualifiedName("Success", "urn:oasis:names:tc:SAML:1.0:protocol");
response.Status = status;
// Create Assertion
AssertionType assertionType = SamlHelper.CreateSaml11Assertion(
issuer.Trim(), domain.Trim(), subject.Trim(), attributes);
response.Assertion = new AssertionType[] { assertionType };
//Serialize
XmlSerializerNamespaces ns = new XmlSerializerNamespaces();
ns.Add("samlp", "urn:oasis:names:tc:SAML:1.0:protocol");
ns.Add("saml", "urn:oasis:names:tc:SAML:1.0:assertion");
XmlSerializer responseSerializer =
new XmlSerializer(response.GetType());
StringWriter stringWriter = new StringWriter();
XmlWriterSettings settings = new XmlWriterSettings();
settings.OmitXmlDeclaration = true;
settings.Indent = true;
settings.Encoding = Encoding.UTF8;
XmlWriter responseWriter = XmlTextWriter.Create(stringWriter, settings);
responseSerializer.Serialize(responseWriter, response, ns);
responseWriter.Close();
string samlString = stringWriter.ToString();
stringWriter.Close();
// Sign the document
XmlDocument doc = new XmlDocument();
doc.LoadXml(samlString);
X509Certificate2 cert = null;
if (System.IO.File.Exists(certFile))
{
cert = new X509Certificate2(certFile, certPassword);
}
else
{
X509Store store = new X509Store(storeName, storeLocation);
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection coll = store.Certificates.Find(findType, findValue, true);
if (coll.Count < 1)
{
throw new ArgumentException("Unable to locate certificate");
}
cert = coll[0];
store.Close();
}
XmlElement signature = SigningHelper.SignDoc(
doc, cert, "ResponseID", response.ResponseID);
doc.DocumentElement.InsertBefore(signature,
doc.DocumentElement.ChildNodes[0]);
if (SamlHelper.Logger.IsDebugEnabled)
{
SamlHelper.Logger.DebugFormat(
"Saml Assertion before encoding = {0}",
doc.OuterXml.ToString());
}
// Base64Encode and URL Encode
byte[] base64EncodedBytes =
Encoding.UTF8.GetBytes(doc.OuterXml);
string returnValue = System.Convert.ToBase64String(
base64EncodedBytes);
return(returnValue);
}
