public string GetSamlLogoutRequest()
{
try
{
SAMLLogoutRequest request = new SAMLLogoutRequest();
request.Destination = ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.LOGOUT_SEND_TO);
request.Alias = ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.CPEPS);
request.Issuer = ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.SP_LOGOUT_RETURN_URL);
request.QAALevel = ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.QAALEVEL);
request.Country = ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.SAMLCOUNTRY);
request.SpProvidedId = ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.PROVIDERNAME);
request.NameID = ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.SP_ID);
request.Id = "_" + Guid.NewGuid().ToString();
SAMLEngine samlEngine = SAMLEngine.Instance;
samlEngine.Init();
XmlDocument xml = samlEngine.GenerateLogoutRequest(request);
string base64String = Convert.ToBase64String(Encoding.UTF8.GetBytes(xml.OuterXml));
return base64String;
}
catch (Exception e)
{
_logger.Error(e);
throw;
}
}
/// <summary>
/// Peticion de autenticacion SAML
/// </summary>
/// <param name="reqPath">ruta de retorno</param>
/// <returns>Peticion SAML XML codificado en b64 </returns>
public string GetSamLoginRequest(string reqPath)
{
try
{
SAMLRequest request = new SAMLRequest();
request.Destination = ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.SPEPS);
request.AssertionConsumerServiceURL = ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.SP_RETURN_URL) + "?reqPath=" + reqPath;
request.Alias = ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.CPEPS);
request.ProviderName = ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.PROVIDERNAME);
request.Issuer = ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.SAMLISSUER);
request.QAALevel = ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.QAALEVEL);
request.Id = "_" + Guid.NewGuid().ToString();
request.AddAttribute("eIdentifier", true);
request.AddAttribute("givenName", true);
request.AddAttribute("surname", true);
request.AddAttribute("inheritedFamilyName", false);
request.AddAttribute("eMail", false);
SAMLEngine samlEngine = SAMLEngine.Instance;
samlEngine.Init();
XmlDocument xml = samlEngine.GenerateRequest(request);
_logger.Trace("Peticion SAML2: {0} ;", xml.OuterXml);
string b64 = Convert.ToBase64String(Encoding.UTF8.GetBytes(xml.OuterXml));
return b64;
}
catch (Exception e)
{
_logger.Error(e);
throw;
}
}
private void btnSave_Click(object sender, EventArgs e)
{
//Save settings;
ConfigurationSettingsHelper.SaveEndpointAddress(txtEndPointAddress.Text);
DialogResult = DialogResult.OK;
CustomMessageBox.ShowMessage(ResourceHelper.GetResourceText("IPChanged"));
Close();
}
public void Initialize_WithDefaultSettings()
{
var prefix = "spring:cloud:config";
var settings = new ConfigServerClientSettings();
IConfiguration config = new ConfigurationRoot(new List <IConfigurationProvider>());
ConfigurationSettingsHelper.Initialize(prefix, settings, config);
TestHelper.VerifyDefaults(settings);
}
public void Initialize_WithDefaultSettings()
{
// Arrange
string prefix = "spring:cloud:config";
ConfigServerClientSettings settings = new ConfigServerClientSettings();
HostingEnvironment env = new HostingEnvironment();
IConfiguration config = new ConfigurationRoot(new List <IConfigurationProvider>());
// Act and Assert
ConfigurationSettingsHelper.Initialize(prefix, settings, config);
TestHelpers.VerifyDefaults(settings);
}
public void Initalize_ThrowsOnNulls()
{
string configPrefix = null;
ConfigServerClientSettings settings = null;
IConfiguration config = null;
var ex = Assert.Throws <ArgumentNullException>(() => ConfigurationSettingsHelper.Initialize(configPrefix, settings, config));
Assert.Contains(nameof(configPrefix), ex.Message);
ex = Assert.Throws <ArgumentNullException>(() => ConfigurationSettingsHelper.Initialize("foobar", settings, config));
Assert.Contains(nameof(settings), ex.Message);
ex = Assert.Throws <ArgumentNullException>(() => ConfigurationSettingsHelper.Initialize("foobar", new ConfigServerClientSettings(), config));
Assert.Contains(nameof(config), ex.Message);
}
private static void Main(string[] args)
{
Trace.WriteLine("Program.cs");
Application.EnableVisualStyles();
Application.SetCompatibleTextRenderingDefault(false);
#if !DEBUG
Splash.ShowSplash(500);
Thread.Sleep(4000);
Splash.Fadeout();
#endif
//LogHelper.ConfigureLog();
ConfigurationSettingsHelper.SetInstanceEndpointAddress();
Boolean serverAvailable = ConfigurationSettingsHelper.TestServer();
if (!serverAvailable)
{
CustomMessageBox.ShowError(ResourceHelper.GetResourceText("ServerConnectionError"));
ServerSettings s = new ServerSettings();
s.ShowDialog();
Application.Exit();
}
else
{
XmlDocument doc = new XmlDocument();
String configFileName = Utils.DirectoryAndFileHelper.LanguageConfigurationFile;
if (File.Exists(configFileName))
{
doc.Load(configFileName);
try
{
CultureInfo uiCulture = new CultureInfo(doc.DocumentElement.Attributes["culture"].Value);
CultureInfo culture = new CultureInfo("en-GB");
//Thread.CurrentThread.CurrentCulture = culture;
Thread.CurrentThread.CurrentCulture = culture;
Thread.CurrentThread.CurrentUICulture = uiCulture;
}
catch (System.Globalization.CultureNotFoundException)
{
}
}
PrincipalForm principalForm = ViewManager.CreatePrincipalForm();
ViewManager.SetMainControl(ERMTControl.Login);
Application.Run(principalForm);
}
}
private SAMLEngine()
{
try
{
_xmlNamespaces.Add(SAMLConstants.NS_PROTOCOL_PREFIX, SAMLConstants.NS_PROTOCOL);
_xmlNamespaces.Add(SAMLConstants.NS_ASSERT_PREFIX, SAMLConstants.NS_ASSERT);
_xmlNamespaces.Add(ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_QAALEVEL_PREFIX),
ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_QAALEVEL));
_xmlNamespaces.Add(ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTRS_PREFIX),
ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTRS));
thisIssuer = ConfigurationSettingsHelper.GetCriticalConfigSetting("SPIssuer");
validateXsd = ConfigurationSettingsHelper.GetCriticalConfigBoolSetting("SamlValidateXsdXml");
thisDestination = ConfigurationManager.AppSettings["SamlDestinationAlias"];
if (string.IsNullOrEmpty(thisDestination))
{
thisDestination = null;
}
else
{
thisDestination = thisIssuer + thisDestination;
}
validTimeframe = ConfigurationSettingsHelper.GetCriticalConfigIntSetting("SamlValidTimeframe");
int?skewClockTmp = ConfigurationSettingsHelper.GetConfigIntSetting("SamlSkewClock");
skewClock = skewClockTmp == null ? SKEW_CLOCK : (int)skewClockTmp;
int capacity = ConfigurationSettingsHelper.GetConfigIntSetting("SamlNumberStoredIds") ?? MAX_STORED_IDS;
receivedIds = new List <string>(capacity);
string tumbprint = ConfigurationSettingsHelper.GetCriticalConfigSetting("SamlCertificate");
certificate = CertificateUtils.GetCertificateFromPersonalStore(tumbprint);
if (certificate == null || !certificate.HasPrivateKey)
{
_logger.Trace("Certificate '" + tumbprint + "' not found at " +
"LocalMachine/My keystore or access to private key was denied. Certificate: " + certificate);
throw new SAMLException("Certificate '" + tumbprint + "' not found at " +
"LocalMachine/My keystore or access to private key was denied. Certificate: " + certificate);
}
citizenAttributes = CitizenAttributes.Instance;
}
catch (Exception)
{
throw;
}
}
public void Initalize_ThrowsOnNulls()
{
// Arrange
string configPrefix = null;
ConfigServerClientSettings settings = null;
IHostingEnvironment environment = null;
ConfigurationRoot root = null;
// Act and Assert
var ex = Assert.Throws <ArgumentNullException>(() => ConfigurationSettingsHelper.Initialize(configPrefix, settings, environment, root));
Assert.Contains(nameof(configPrefix), ex.Message);
ex = Assert.Throws <ArgumentNullException>(() => ConfigurationSettingsHelper.Initialize("foobar", settings, environment, root));
Assert.Contains(nameof(settings), ex.Message);
ex = Assert.Throws <ArgumentNullException>(() => ConfigurationSettingsHelper.Initialize("foobar", new ConfigServerClientSettings(), environment, root));
Assert.Contains(nameof(environment), ex.Message);
}
private void ServerSettings_Load(object sender, EventArgs e)
{
txtEndPointAddress.Text = ConfigurationSettingsHelper.GetEndpointAddress();
}
/// <summary>
/// Obtiene el comando de respuesta de autenticación
/// </summary>
/// <param name="request">Respuesta desde clave</param>
/// <returns>Comando con la identidad reconocida en la autenticacion</returns>
public CommandResult GetSamlResponseCommandResult(HttpRequestData request)
{
try
{
var samlResponse = ProcessSamlLoginResponse(request.Form["SAMLResponse"]);
CommandResult commandResult = new CommandResult();
if (samlResponse.StatusCode == StatusCode.SUCCESS && samlResponse.ErrorCode == ErrorCodes.VALID)
{
var eIdentifierAn = samlResponse.GetAttributeNames().SingleOrDefault(a => a == ConfigurationSettingsHelper.GetCriticalConfigSetting("eIdentifier" + CommonConstants.ATTRIBUTE_NS_SUFFIX));
var GivenNameAn = samlResponse.GetAttributeNames().SingleOrDefault(a => a == ConfigurationSettingsHelper.GetCriticalConfigSetting("givenName" + CommonConstants.ATTRIBUTE_NS_SUFFIX));
var SurnameAn = samlResponse.GetAttributeNames().SingleOrDefault(a => a == ConfigurationSettingsHelper.GetCriticalConfigSetting("surname" + CommonConstants.ATTRIBUTE_NS_SUFFIX));
var InheritedFamilyNameAN = samlResponse.GetAttributeNames().SingleOrDefault(a => a == ConfigurationSettingsHelper.GetCriticalConfigSetting("inheritedFamilyName" + CommonConstants.ATTRIBUTE_NS_SUFFIX));
var EmailAn = samlResponse.GetAttributeNames().SingleOrDefault(a => a == ConfigurationSettingsHelper.GetCriticalConfigSetting("eMail" + CommonConstants.ATTRIBUTE_NS_SUFFIX));
var eIdentifier = samlResponse.isAttributeSimple(eIdentifierAn) ? samlResponse.GetAttributeValue(eIdentifierAn) : samlResponse.GetAttributeComplexValue(eIdentifierAn).Select(m => m.Value).FirstOrDefault();
var GivenName = samlResponse.isAttributeSimple(GivenNameAn) ? samlResponse.GetAttributeValue(GivenNameAn) : samlResponse.GetAttributeComplexValue(GivenNameAn).Select(m => m.Value).FirstOrDefault();
var Surname = samlResponse.isAttributeSimple(SurnameAn) ? samlResponse.GetAttributeValue(SurnameAn) : samlResponse.GetAttributeComplexValue(SurnameAn).Select(m => m.Value).FirstOrDefault();
var InheritedFamilyName = samlResponse.isAttributeSimple(InheritedFamilyNameAN) ? samlResponse.GetAttributeValue(InheritedFamilyNameAN) : samlResponse.GetAttributeComplexValue(InheritedFamilyNameAN).Select(m => m.Value).FirstOrDefault();
var Email = samlResponse.isAttributeSimple(EmailAn) ? samlResponse.GetAttributeValue(EmailAn) : samlResponse.GetAttributeComplexValue(EmailAn).Select(m => m.Value).FirstOrDefault();
_logger.Trace("clave:valor {0} : {1}",eIdentifierAn, eIdentifier);
_logger.Trace("clave:valor {0} : {1}", GivenNameAn, GivenName);
_logger.Trace("clave:valor {0} : {1}", SurnameAn, Surname);
_logger.Trace("clave:valor {0} : {1}", InheritedFamilyNameAN, InheritedFamilyName);
_logger.Trace("clave:valor {0} : {1}", EmailAn, Email);
ClaimsIdentity cidt = new ClaimsIdentity(DefaultAuthenticationTypes.ExternalCookie);
cidt.AddClaim(new Claim(ClaimTypes.NameIdentifier, eIdentifier, ClaimValueTypes.String, _issuer));
cidt.AddClaim(new Claim(eIdentifierAn, eIdentifier, ClaimValueTypes.String, _issuer));
cidt.AddClaim(new Claim(ClaimTypes.GivenName, GivenName, ClaimValueTypes.String, _issuer));
cidt.AddClaim(new Claim(ClaimTypes.Surname, Surname ?? string.Empty, ClaimValueTypes.String, _issuer));
cidt.AddClaim(new Claim(InheritedFamilyNameAN, InheritedFamilyName ?? string.Empty, ClaimValueTypes.String, _issuer));
cidt.AddClaim(new Claim(ClaimTypes.Email, Email ?? string.Empty, ClaimValueTypes.Email, _issuer));
ClaimsPrincipal cp = new ClaimsPrincipal(new ClaimsIdentity[] { cidt });
commandResult.Principal = cp;
}
else
{
_logger.Warn("Respuesta SAML erronea: {0}, {1}, {2}", samlResponse.StatusCode, samlResponse.ErrorCode, samlResponse.StatusMessage);
}
commandResult.HttpStatusCode = System.Net.HttpStatusCode.Redirect;
return commandResult;
}
catch (Exception e)
{
_logger.Error(e);
throw;
}
}
private XmlDocument GenerateLogoutRequestMetadata(SAMLLogoutRequest context)
{
DateTime now = DateTime.UtcNow;
LogoutRequestType request = new LogoutRequestType();
request.ID = context.Id;
request.Version = SAMLConstants.SAML_VERSION;
request.IssueInstant = now;
request.Destination = context.Destination;
request.Consent = SAMLConstants.CONSENT;
request.Issuer = new NameIDType();
request.Issuer.Value = context.Issuer;
request.NameID = new NameIDType();
request.NameID.Value = ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.SP_ID);
XmlDocument doc = new XmlDocument();
doc.PreserveWhitespace = true;
// stork extensions
XmlElement qualityAuthnAssLevel = doc.CreateElement(ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_QAALEVEL_PREFIX),
"QualityAuthenticationAssuranceLevel", ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_QAALEVEL));
qualityAuthnAssLevel.InnerText = context.QAALevel;
XmlElement spSectorEl = doc.CreateElement(SAMLConstants.NS_STORK_ASSER_PREFIX,
"spSector", SAMLConstants.NS_STORK_ASSER);
spSectorEl.InnerText = ConfigurationSettingsHelper
.GetCriticalConfigIntSetting(CommonConstants.SAMLSECTOR).ToString();
XmlElement spInstitutionEl = doc.CreateElement(SAMLConstants.NS_STORK_ASSER_PREFIX,
"spInstitution", SAMLConstants.NS_STORK_ASSER);
spInstitutionEl.InnerText = ConfigurationSettingsHelper
.GetCriticalConfigSetting(CommonConstants.SAMLINSTITUTION);
XmlElement spApplicationEl = doc.CreateElement(SAMLConstants.NS_STORK_ASSER_PREFIX,
"spApplication", SAMLConstants.NS_STORK_ASSER);
spApplicationEl.InnerText = ConfigurationSettingsHelper
.GetCriticalConfigSetting(CommonConstants.SAMLAPPLICATION);
XmlElement spCountryEl = doc.CreateElement(SAMLConstants.NS_STORK_ASSER_PREFIX,
"spCountry", SAMLConstants.NS_STORK_ASSER);
spCountryEl.InnerText = ConfigurationSettingsHelper
.GetCriticalConfigSetting(CommonConstants.SAMLCOUNTRY);
XmlElement eIDSectorShareEl = doc.CreateElement(SAMLConstants.NS_STORK_PROT_PREFIX,
"eIDSectorShare", SAMLConstants.NS_STORK_PROT);
eIDSectorShareEl.InnerText = ConfigurationSettingsHelper
.GetCriticalConfigBoolSetting("SamlEIDSectorShare").ToString().ToLower();
XmlElement eIDCrossSectorShareEl = doc.CreateElement(SAMLConstants.NS_STORK_PROT_PREFIX,
"eIDCrossSectorShare", SAMLConstants.NS_STORK_PROT);
eIDCrossSectorShareEl.InnerText = ConfigurationSettingsHelper
.GetCriticalConfigBoolSetting("SamlEIDCrossSectorShare").ToString().ToLower();
XmlElement eIDCrossBorderShareEl = doc.CreateElement(SAMLConstants.NS_STORK_PROT_PREFIX,
"eIDCrossBorderShare", SAMLConstants.NS_STORK_PROT);
eIDCrossBorderShareEl.InnerText = ConfigurationSettingsHelper
.GetCriticalConfigBoolSetting("SamlEIDCrossBorderShare").ToString().ToLower();
request.Extensions = new ExtensionsType();
request.Extensions.Any = new XmlElement[] { qualityAuthnAssLevel, spSectorEl,
spInstitutionEl, spApplicationEl, spCountryEl, eIDSectorShareEl,
eIDCrossSectorShareEl, eIDCrossBorderShareEl };
MemoryStream stream = new MemoryStream();
Serialize(request, stream);
StreamReader reader = new StreamReader(stream);
stream.Seek(0, SeekOrigin.Begin);
string xml = reader.ReadToEnd();
XmlTextReader xmlReader = new XmlTextReader(new StringReader(xml));
return(Deserialize <XmlDocument>(xmlReader));
}
private XmlDocument GenerateRequestMetadata(SAMLRequest context)
{
DateTime now = DateTime.UtcNow;
AuthnRequestType request = new AuthnRequestType();
request.ID = context.Id;
request.Version = SAMLConstants.SAML_VERSION;
request.IssueInstant = now;
request.Destination = context.Destination;
request.Consent = SAMLConstants.CONSENT;
request.ForceAuthn = true;
request.IsPassive = false;
request.ProtocolBinding = SAMLConstants.PROTOCOL_BINDING;
request.AssertionConsumerServiceURL = context.AssertionConsumerServiceURL;
request.ProviderName = context.ProviderName;
request.Issuer = new NameIDType();
request.Issuer.Value = context.Issuer;
request.Issuer.Format = context.IssuerFormat;
XmlDocument doc = new XmlDocument();
doc.PreserveWhitespace = true;
XmlElement requestedAttrs = doc.CreateElement(ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTRS_PREFIX),
"RequestedAttributes", ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTRS));
foreach (AttributeElement attr in context.Attributes)
{
XmlElement requestedAttr = doc.CreateElement(ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTR_PREFIX),
"RequestedAttribute", ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTR));
requestedAttr.SetAttribute("Name", attr.AttrName);
requestedAttr.SetAttribute("NameFormat", SAMLConstants.ATTRIBUTE_NAME_FORMAT);
requestedAttr.SetAttribute("isRequired", attr.IsRequired.ToString().ToLower());
if (attr.AttrName.Equals(CommonConstants.FORCE_AUTH))
{
XmlElement attrValue = doc.CreateElement(ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTR_PREFIX),
"AttributeValue", ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTR));
attrValue.InnerText = attr.AttrValue.ToString().ToLower();
requestedAttr.AppendChild(attrValue);
}
requestedAttrs.AppendChild(requestedAttr);
}
// stork extensions
XmlElement qualityAuthnAssLevel = doc.CreateElement(ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_QAALEVEL_PREFIX),
"QualityAuthenticationAssuranceLevel", ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_QAALEVEL));
qualityAuthnAssLevel.InnerText = context.QAALevel;
XmlElement spSectorEl = doc.CreateElement(SAMLConstants.NS_STORK_ASSER_PREFIX,
"spSector", SAMLConstants.NS_STORK_ASSER);
spSectorEl.InnerText = ConfigurationSettingsHelper
.GetCriticalConfigIntSetting(CommonConstants.SAMLSECTOR).ToString();
XmlElement spInstitutionEl = doc.CreateElement(SAMLConstants.NS_STORK_ASSER_PREFIX,
"spInstitution", SAMLConstants.NS_STORK_ASSER);
spInstitutionEl.InnerText = ConfigurationSettingsHelper
.GetCriticalConfigSetting(CommonConstants.SAMLINSTITUTION);
XmlElement spApplicationEl = doc.CreateElement(SAMLConstants.NS_STORK_ASSER_PREFIX,
"spApplication", SAMLConstants.NS_STORK_ASSER);
spApplicationEl.InnerText = ConfigurationSettingsHelper
.GetCriticalConfigSetting(CommonConstants.SAMLAPPLICATION);
XmlElement spCountryEl = doc.CreateElement(SAMLConstants.NS_STORK_ASSER_PREFIX,
"spCountry", SAMLConstants.NS_STORK_ASSER);
spCountryEl.InnerText = ConfigurationSettingsHelper
.GetCriticalConfigSetting(CommonConstants.SAMLCOUNTRY);
XmlElement eIDSectorShareEl = doc.CreateElement(SAMLConstants.NS_STORK_PROT_PREFIX,
"eIDSectorShare", SAMLConstants.NS_STORK_PROT);
eIDSectorShareEl.InnerText = ConfigurationSettingsHelper
.GetCriticalConfigBoolSetting("SamlEIDSectorShare").ToString().ToLower();
XmlElement eIDCrossSectorShareEl = doc.CreateElement(SAMLConstants.NS_STORK_PROT_PREFIX,
"eIDCrossSectorShare", SAMLConstants.NS_STORK_PROT);
eIDCrossSectorShareEl.InnerText = ConfigurationSettingsHelper
.GetCriticalConfigBoolSetting("SamlEIDCrossSectorShare").ToString().ToLower();
XmlElement eIDCrossBorderShareEl = doc.CreateElement(SAMLConstants.NS_STORK_PROT_PREFIX,
"eIDCrossBorderShare", SAMLConstants.NS_STORK_PROT);
eIDCrossBorderShareEl.InnerText = ConfigurationSettingsHelper
.GetCriticalConfigBoolSetting("SamlEIDCrossBorderShare").ToString().ToLower();
request.Extensions = new ExtensionsType();
request.Extensions.Any = new XmlElement[] { qualityAuthnAssLevel, spSectorEl,
spInstitutionEl, spApplicationEl, spCountryEl, eIDSectorShareEl,
eIDCrossSectorShareEl, eIDCrossBorderShareEl, requestedAttrs };
MemoryStream stream = new MemoryStream();
Serialize(request, stream);
StreamReader reader = new StreamReader(stream);
stream.Seek(0, SeekOrigin.Begin);
string xml = reader.ReadToEnd();
XmlTextReader xmlReader = new XmlTextReader(new StringReader(xml));
return(Deserialize <XmlDocument>(xmlReader));
}
/// <summary>
///
/// </summary>
/// <param name="doc"></param>
/// <returns>a saml context to be used when generating the response</returns>
private SAMLContext ExtractRequestValues(XmlDocument doc)
{
SAMLContext context = new SAMLContext(SAMLConstants.ErrorCodes.VALID);
XmlReader reader = new XmlTextReader(new StringReader(doc.OuterXml));
AuthnRequestType request = Deserialize <AuthnRequestType>(reader);
context.AssertionConsumer = request.AssertionConsumerServiceURL;
if (IsRepeatedId(request.ID))
{
context.ErrorCode = SAMLConstants.ErrorCodes.REPEATED_ID;
return(context);
}
AddId(request.ID);
if (thisDestination != null && request.Destination != thisDestination)
{
context.ErrorCode = SAMLConstants.ErrorCodes.INVALID_DESTINATION;
return(context);
}
if (Math.Abs(request.IssueInstant.Subtract(DateTime.UtcNow).TotalMinutes) > validTimeframe)
{
context.ErrorCode = SAMLConstants.ErrorCodes.EXPIRED;
return(context);
}
context.Issuer = request.Issuer.Value;
context.RequestID = request.ID;
XmlElement[] xmlElement = request.Extensions.Any;
XmlElement reqAttributes = null;
foreach (XmlElement element in xmlElement)
{
if (element.LocalName == "RequestedAttributes" &&
element.NamespaceURI == ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTRS))
{
reqAttributes = element;
break;
}
}
if (reqAttributes == null)
{
context.ErrorCode = SAMLConstants.ErrorCodes.XML_VALIDATION_FAILED;
return(context);
}
try
{
foreach (XmlElement element in reqAttributes.GetElementsByTagName("RequestedAttribute", ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTR)))
{
XmlAttributeCollection attrCollection = element.Attributes;
string name = attrCollection["Name"].Value;
// string nameFormat = attrColection["NameFormat"].Value;
string isRequired = attrCollection["isRequired"].Value;
context.AddAttribute(name, bool.Parse(isRequired));
}
}
catch (Exception)
{
//something wrong happend with the attribute processing.
//Problably the isRequiredAttribut is not present. Log the event and return an InvalidAttribute response
context.ErrorCode = SAMLConstants.ErrorCodes.INVALID_ATTRIBUTES;
return(context);
}
if (context.GetAttributeNames().Count == 0)
{
context.ErrorCode = SAMLConstants.ErrorCodes.INVALID_ATTRIBUTES;
}
return(context);
}
