/// <summary>
/// Processes the authentication request.
/// </summary>
/// <param name="authnRequest">The AuthnRequest object.</param>
/// <param name="relayState">The relayState string.</param>
public static void ProcessAuthnRequest(Page page, out AuthnRequest authnRequest, out string relayState)
{
// Use a single endpoint and use a query string parameter to determine the Service Provider to Identity Provider binding type.
string bindingType = page.Request.QueryString[SP2IdPBindingTypeVar];
// Get the previously loaded certificate.
X509Certificate2 cert = (X509Certificate2)page.Application[Global.SPCertKey];
switch (bindingType)
{
case RedirectBinding:
authnRequest = AuthnRequest.Create(page.Request.RawUrl, cert.PublicKey.Key);
relayState = authnRequest.RelayState;
break;
case PostBinding:
authnRequest = AuthnRequest.CreateFromHttpPost(page.Request);
relayState = authnRequest.RelayState;
break;
case ArtifactBinding:
Saml2ArtifactType0004 httpArtifact = Saml2ArtifactType0004.CreateFromHttpArtifactHttpForm(page.Request);
// Create an artifact resolve request.
ArtifactResolve artifactResolve = new ArtifactResolve();
artifactResolve.Issuer = new Issuer(new Uri(page.Request.Url, page.ResolveUrl("~/")).ToString());
artifactResolve.Artifact = new Artifact(httpArtifact.ToString());
// Send the SAML Artifact Resolve Request and parse the received response.
ArtifactResponse artifactResponse = ArtifactResponse.SendSamlMessageReceiveAftifactResponse(Global.ArtifactResolutionUrl, artifactResolve);
// Extract the authentication request from the received artifact response.
authnRequest = new AuthnRequest(artifactResponse.Message);
relayState = httpArtifact.RelayState;
break;
default:
throw new ApplicationException("Invalid binding type");
}
if (authnRequest.IsSigned())
{
if (!authnRequest.Validate(cert))
{
throw new ApplicationException("The authentication request signature failed to verify.");
}
}
}
/// <summary>
/// Receives the SAML response from the identity provider.
/// </summary>
/// <param name="samlResponse"></param>
/// <param name="relayState"></param>
private void ReceiveResponse(out ComponentPro.Saml2.Response samlResponse, out string relayState)
{
// Determine the identity provider to service provider binding type.
// We use a query string parameter rather than having separate endpoints per binding.
string bindingType = Request.QueryString[Util.BindingVarName];
switch (bindingType)
{
case SamlBindingUri.HttpPost:
samlResponse = ComponentPro.Saml2.Response.Create(Request);
relayState = samlResponse.RelayState;
break;
case SamlBindingUri.HttpArtifact:
Saml2ArtifactType0004 httpArtifact = Saml2ArtifactType0004.CreateFromHttpArtifactHttpForm(Request);
// Create an artifact resolve request.
ArtifactResolve artifactResolve = new ArtifactResolve();
artifactResolve.Issuer = new Issuer(Util.GetAbsoluteUrl(this, "~/"));
artifactResolve.Artifact = new Artifact(httpArtifact.ToString());
// Send the artifact resolve request and receive the artifact response.
string spArtifactResponderUrl = WebConfigurationManager.AppSettings["ArtifactIdProviderUrl"];
ArtifactResponse artifactResponse = ArtifactResponse.SendSamlMessageReceiveAftifactResponse(spArtifactResponderUrl, artifactResolve);
// Extract the authentication request from the artifact response.
samlResponse = new Response(artifactResponse.Message);
relayState = httpArtifact.RelayState;
break;
default:
Trace.Write("ServiceProvider", "Invalid identity provider to service provider binding");
samlResponse = null;
relayState = null;
return;
}
// Verify the response's signature.
X509Certificate2 x509Certificate = (X509Certificate2)Application[Global.IdPCertKey];
if (!samlResponse.Validate(x509Certificate))
{
throw new System.ApplicationException("The SAML response signature failed to verify.");
}
}
