String GenerateResponse(String SamlAssession, AuthNRequest authNRequest) { String postForm = String.Copy(Common.postForm); //Base64 encoding String encoded = Common.EncodeTo64(SamlAssession); //return the html postForm = postForm.Replace("%ASSERTION_CONSUMER", SamlAssertionConsumerValidator.GetValidURL(authNRequest)); postForm = postForm.Replace("%SAML_RESPONSE", encoded); Common.debug(postForm); return(postForm); }
String BuildAssertion(String subject, AuthNRequest authNRequest) { Common.debug("inside BuildAssertion"); String recipientGsa = SamlAssertionConsumerValidator.GetValidURL(authNRequest); XmlDocument respDoc = (XmlDocument)Common.postResponse.CloneNode(true); Common.debug("before replacement: " + respDoc.InnerXml); if (!recipientGsa.StartsWith("http")) { recipientGsa = "http://" + Request.Headers["Host"] + recipientGsa; } String req = respDoc.InnerXml; req = req.Replace("%REQID", authNRequest.Id); DateTime currentTimeStamp = DateTime.Now; req = req.Replace("%INSTANT", Common.FormatInvariantTime(currentTimeStamp.AddMinutes(-1))); req = req.Replace("%NOT_ON_OR_AFTER", Common.FormatInvariantTime(currentTimeStamp.AddSeconds(Common.iTrustDuration))); if (Common.IDPEntityId == null || "".Equals(Common.IDPEntityId)) { throw new Exception("IDP Entity ID is not set in config. Using machine name as default"); } req = req.Replace("%ISSUER", Common.IDPEntityId); String MessageId = Common.GenerateRandomString(); req = req.Replace("%MESSAGE_ID", MessageId); req = req.Replace("%RESPONSE_ID", Common.GenerateRandomString()); req = req.Replace("%ASSERTION_ID", Common.GenerateRandomString()); req = req.Replace("%SUBJECT", SecurityElement.Escape(subject)); req = req.Replace("%RECIPIENT", recipientGsa); req = req.Replace("%AUTHN_REQUEST_ID", SecurityElement.Escape(authNRequest.Id)); req = req.Replace("%AUDIENCE", authNRequest.Issuer); respDoc.InnerXml = req; // Sign the XML document. SignXml(respDoc, MessageId); Common.debug("exit BuildAssession"); return(respDoc.InnerXml); }