Exemple #1
0
 private static void SignMessage(XmlElement xmlElement)
 {
     Console.Error.WriteLine("Signing SAML message");
     SAMLMessageSignature.Generate(xmlElement, x509Certificate.PrivateKey, x509Certificate);
 }
Exemple #2
0
        // Receive the authentication request from the service provider.
        private void ReceiveAuthnRequest(out AuthnRequest authnRequest, out string relayState)
        {
            // Determine the service provider to identity provider binding type.
            // We use a query string parameter rather than having separate endpoints per binding.
            string bindingType = Request.QueryString[bindingQueryParameter];

            Trace.Write("IdP", "Receiving authentication request over binding " + bindingType);

            // Receive the authentication request.
            XmlElement authnRequestXml = null;

            switch (bindingType)
            {
            case SAMLIdentifiers.BindingURIs.HTTPRedirect:
                bool             signed          = false;
                X509Certificate2 x509Certificate = (X509Certificate2)Application[Global.SPX509Certificate];

                IdentityProvider.ReceiveAuthnRequestByHTTPRedirect(Request, out authnRequestXml, out relayState, out signed, x509Certificate.PublicKey.Key);
                break;

            case SAMLIdentifiers.BindingURIs.HTTPPost:
                IdentityProvider.ReceiveAuthnRequestByHTTPPost(Request, out authnRequestXml, out relayState);
                break;

            case SAMLIdentifiers.BindingURIs.HTTPArtifact:
                // Receive the artifact.
                HTTPArtifact httpArtifact = null;

                IdentityProvider.ReceiveArtifactByHTTPArtifact(Request, false, out httpArtifact, out relayState);

                // Create an artifact resolve request.
                ArtifactResolve artifactResolve = new ArtifactResolve();
                artifactResolve.Issuer   = new Issuer(CreateAbsoluteURL("~/"));
                artifactResolve.Artifact = new Artifact(httpArtifact.ToString());

                XmlElement artifactResolveXml = artifactResolve.ToXml();

                // Send the artifact resolve request and receive the artifact response.
                string spArtifactResponderURL = WebConfigurationManager.AppSettings["spArtifactResponderURL"];

                XmlElement artifactResponseXml = ArtifactResolver.SendRequestReceiveResponse(spArtifactResponderURL, artifactResolveXml);

                ArtifactResponse artifactResponse = new ArtifactResponse(artifactResponseXml);

                // Extract the authentication request from the artifact response.
                authnRequestXml = artifactResponse.SAMLMessage;
                break;

            default:
                throw new ArgumentException("Invalid service provider to identity provider binding");
            }

            // If using HTTP redirect the message isn't signed as the generated query string is too long for most browsers.
            if (bindingType != SAMLIdentifiers.BindingURIs.HTTPRedirect)
            {
                if (SAMLMessageSignature.IsSigned(authnRequestXml))
                {
                    // Verify the request's signature.
                    X509Certificate2 x509Certificate = (X509Certificate2)Application[Global.SPX509Certificate];

                    if (!SAMLMessageSignature.Verify(authnRequestXml, x509Certificate))
                    {
                        throw new ArgumentException("The authentication request signature failed to verify.");
                    }
                }
            }

            // Deserialize the XML.
            authnRequest = new AuthnRequest(authnRequestXml);

            Trace.Write("IdP", "Received authentication request");
        }