private static void Validate(XmlDocument xmlDocument) { Console.Error.WriteLine("Validating against XML schemas"); DateTime startDateTime = DateTime.Now; SAMLValidator samlValidator = new SAMLValidator(); bool validated = samlValidator.Validate(xmlDocument); TimeSpan elapsedTimeSpan = DateTime.Now - startDateTime; Console.Error.WriteLine("Validated: {0}", validated); if (!validated) { foreach (XmlSchemaException warning in samlValidator.Warnings) { Console.WriteLine(warning.Message); } foreach (XmlSchemaException error in samlValidator.Errors) { Console.WriteLine(error.Message); } } Console.Error.WriteLine("Elapsed time: {0} ms", elapsedTimeSpan.TotalMilliseconds); }
protected virtual SAMLValidatorResult <ResponseType> CheckSamlResponse(SAMLResponseDto samlResponse) { var response = SAMLValidator.CheckSaml <ResponseType>(samlResponse.SAMLResponse, samlResponse.RelayState); var assertion = response.Content.Items.FirstOrDefault(i => i is AssertionType) as AssertionType; if (assertion == null) { throw new SamlException(System.Net.HttpStatusCode.BadRequest, Saml.Constants.StatusCodes.Responder, Global.MissingAssertion); } return(response); }
private static void Validate(XmlDocument xmlDocument) { Console.Error.WriteLine("Validating against XML schemas"); SAMLValidator samlValidator = new SAMLValidator(); bool validated = samlValidator.Validate(xmlDocument); Console.Error.WriteLine("Validated: " + validated); if (!validated) { foreach (XmlSchemaException warning in samlValidator.Warnings) { Console.WriteLine(warning.Message); } foreach (XmlSchemaException error in samlValidator.Errors) { Console.WriteLine(error.Message); } } }
protected virtual AuthnRequestType CheckParameter(SAMLRequestDto parameter) { var authnRequest = SAMLValidator.CheckSaml <AuthnRequestType>(parameter.SAMLRequest, parameter.RelayState); if (authnRequest.Content.Issuer == null || string.IsNullOrWhiteSpace(authnRequest.Content.Issuer.Value)) { throw new SamlException(HttpStatusCode.BadRequest, Saml.Constants.StatusCodes.Requester, string.Format(Global.MissingParameter, nameof(authnRequest.Content.Issuer))); } if (!string.IsNullOrWhiteSpace(authnRequest.Content.Issuer.Format) && authnRequest.Content.Issuer.Format != Saml.Constants.NameIdentifierFormats.EntityIdentifier) { throw new SamlException(HttpStatusCode.BadRequest, Saml.Constants.StatusCodes.Requester, string.Format(Global.UnsupportNameIdFormat, nameof(authnRequest.Content.Issuer.Format))); } if (!string.IsNullOrWhiteSpace(authnRequest.Content.ProtocolBinding) && authnRequest.Content.ProtocolBinding != Saml.Constants.Bindings.HttpRedirect) { throw new SamlException(HttpStatusCode.BadRequest, Saml.Constants.StatusCodes.UnsupportedBinding, string.Format(Global.UnsupportBinding, authnRequest.Content.ProtocolBinding)); } return(authnRequest.Content); }
public ActionResult UploadSaml(FormCollection formCollection) { var attributes = new List <SAMLAttribute>(); var errorMessages = new List <string>(); var xmlDoc = null as XmlDocument; SessionHelper.Set(SamlAttributesSessionKey, null); SessionHelper.Set(SamlErrorMessagesSessionKey, null); if (Request != null) { var file = Request.Files["SamlFile"]; if ((file != null) && (file.ContentLength > 0) && !string.IsNullOrEmpty(file.FileName)) { try { xmlDoc = new XmlDocument(); xmlDoc.Load(file.InputStream); var samlValidator = new SAMLValidator(); var isValid = samlValidator.Validate(xmlDoc); if (!isValid) { errorMessages.AddRange(samlValidator.Warnings.Select(warning => string.Format("Warning:, {0}", warning.Message))); errorMessages.AddRange(samlValidator.Errors.Select(error => error.Message)); } if (SAMLMessageSignature.IsSigned(xmlDoc.DocumentElement)) { if (!SAMLMessageSignature.Verify(xmlDoc.DocumentElement)) { errorMessages.Add(string.Format("Failed to verify SAML response signature. [{0}]", xmlDoc.OuterXml)); } } var samlResponse = new SAMLResponse(xmlDoc.DocumentElement); var assertions = samlResponse.GetAssertions(); var encryptedAssertions = samlResponse.GetEncryptedAssertions(); var signedAssertions = samlResponse.GetSignedAssertions(); var x509CertificateFilePath = Path.Combine(HttpRuntime.AppDomainAppPath, SAMLConfiguration.Current.ServiceProviderConfiguration.CertificateFile); var x509Certificate = new X509Certificate2(x509CertificateFilePath, SAMLConfiguration.Current.ServiceProviderConfiguration.CertificatePassword); encryptedAssertions.ForEach(a => { var decryptedAssertion = a.DecryptToXml(x509Certificate); assertions.Add(new SAMLAssertion(decryptedAssertion)); }); signedAssertions.ForEach(a => { if (SAMLAssertionSignature.IsSigned(a)) { if (!SAMLAssertionSignature.Verify(a)) { errorMessages.Add(string.Format("Failed to verify SAML assertion signature. [{0}]", a.OuterXml)); } } assertions.Add(new SAMLAssertion(a)); }); assertions.ForEach(a => { var nameId = a.GetNameID(); if (!string.IsNullOrEmpty(nameId)) { attributes.Add("NameId", nameId); } a.GetAttributeStatements().ForEach( s => attributes.AddRange(from object attribute in s.Attributes select attribute as SAMLAttribute)); }); } catch (Exception ex) { var saml = xmlDoc != null ? xmlDoc.OuterXml : string.Empty; _logger.Log(ex); errorMessages.Add(string.Format("{0} [{1}]", ex.Message, saml)); } } } SessionHelper.Set(SamlAttributesSessionKey, attributes.ToArray()); SessionHelper.Set(SamlErrorMessagesSessionKey, errorMessages); return(Redirect(TestTargetUrl)); }