private XmlDocument GenerateRequestMetadata(SAMLRequest context)
{
DateTime now = DateTime.UtcNow;
AuthnRequestType request = new AuthnRequestType();
request.ID = context.Id;
request.Version = SAMLConstants.SAML_VERSION;
request.IssueInstant = now;
request.Destination = context.Destination;
request.Consent = SAMLConstants.CONSENT;
request.ForceAuthn = true;
request.IsPassive = false;
request.ProtocolBinding = SAMLConstants.PROTOCOL_BINDING;
request.AssertionConsumerServiceURL = context.AssertionConsumerServiceURL;
request.ProviderName = context.ProviderName;
request.Issuer = new NameIDType();
request.Issuer.Value = context.Issuer;
request.Issuer.Format = context.IssuerFormat;
XmlDocument doc = new XmlDocument();
doc.PreserveWhitespace = true;
XmlElement requestedAttrs = doc.CreateElement(ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTRS_PREFIX),
"RequestedAttributes", ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTRS));
foreach (AttributeElement attr in context.Attributes)
{
XmlElement requestedAttr = doc.CreateElement(ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTR_PREFIX),
"RequestedAttribute", ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTR));
requestedAttr.SetAttribute("Name", attr.AttrName);
requestedAttr.SetAttribute("NameFormat", SAMLConstants.ATTRIBUTE_NAME_FORMAT);
requestedAttr.SetAttribute("isRequired", attr.IsRequired.ToString().ToLower());
if (attr.AttrName.Equals(CommonConstants.FORCE_AUTH))
{
XmlElement attrValue = doc.CreateElement(ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTR_PREFIX),
"AttributeValue", ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTR));
attrValue.InnerText = attr.AttrValue.ToString().ToLower();
requestedAttr.AppendChild(attrValue);
}
requestedAttrs.AppendChild(requestedAttr);
}
// stork extensions
XmlElement qualityAuthnAssLevel = doc.CreateElement(ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_QAALEVEL_PREFIX),
"QualityAuthenticationAssuranceLevel", ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_QAALEVEL));
qualityAuthnAssLevel.InnerText = context.QAALevel;
XmlElement spSectorEl = doc.CreateElement(SAMLConstants.NS_STORK_ASSER_PREFIX,
"spSector", SAMLConstants.NS_STORK_ASSER);
spSectorEl.InnerText = ConfigurationSettingsHelper
.GetCriticalConfigIntSetting(CommonConstants.SAMLSECTOR).ToString();
XmlElement spInstitutionEl = doc.CreateElement(SAMLConstants.NS_STORK_ASSER_PREFIX,
"spInstitution", SAMLConstants.NS_STORK_ASSER);
spInstitutionEl.InnerText = ConfigurationSettingsHelper
.GetCriticalConfigSetting(CommonConstants.SAMLINSTITUTION);
XmlElement spApplicationEl = doc.CreateElement(SAMLConstants.NS_STORK_ASSER_PREFIX,
"spApplication", SAMLConstants.NS_STORK_ASSER);
spApplicationEl.InnerText = ConfigurationSettingsHelper
.GetCriticalConfigSetting(CommonConstants.SAMLAPPLICATION);
XmlElement spCountryEl = doc.CreateElement(SAMLConstants.NS_STORK_ASSER_PREFIX,
"spCountry", SAMLConstants.NS_STORK_ASSER);
spCountryEl.InnerText = ConfigurationSettingsHelper
.GetCriticalConfigSetting(CommonConstants.SAMLCOUNTRY);
XmlElement eIDSectorShareEl = doc.CreateElement(SAMLConstants.NS_STORK_PROT_PREFIX,
"eIDSectorShare", SAMLConstants.NS_STORK_PROT);
eIDSectorShareEl.InnerText = ConfigurationSettingsHelper
.GetCriticalConfigBoolSetting("SamlEIDSectorShare").ToString().ToLower();
XmlElement eIDCrossSectorShareEl = doc.CreateElement(SAMLConstants.NS_STORK_PROT_PREFIX,
"eIDCrossSectorShare", SAMLConstants.NS_STORK_PROT);
eIDCrossSectorShareEl.InnerText = ConfigurationSettingsHelper
.GetCriticalConfigBoolSetting("SamlEIDCrossSectorShare").ToString().ToLower();
XmlElement eIDCrossBorderShareEl = doc.CreateElement(SAMLConstants.NS_STORK_PROT_PREFIX,
"eIDCrossBorderShare", SAMLConstants.NS_STORK_PROT);
eIDCrossBorderShareEl.InnerText = ConfigurationSettingsHelper
.GetCriticalConfigBoolSetting("SamlEIDCrossBorderShare").ToString().ToLower();
request.Extensions = new ExtensionsType();
request.Extensions.Any = new XmlElement[] { qualityAuthnAssLevel, spSectorEl,
spInstitutionEl, spApplicationEl, spCountryEl, eIDSectorShareEl,
eIDCrossSectorShareEl, eIDCrossBorderShareEl, requestedAttrs };
MemoryStream stream = new MemoryStream();
Serialize(request, stream);
StreamReader reader = new StreamReader(stream);
stream.Seek(0, SeekOrigin.Begin);
string xml = reader.ReadToEnd();
XmlTextReader xmlReader = new XmlTextReader(new StringReader(xml));
return(Deserialize <XmlDocument>(xmlReader));
}
/// <summary>
///
/// </summary>
/// <param name="doc"></param>
/// <returns>a saml context to be used when generating the response</returns>
private SAMLContext ExtractRequestValues(XmlDocument doc)
{
SAMLContext context = new SAMLContext(SAMLConstants.ErrorCodes.VALID);
XmlReader reader = new XmlTextReader(new StringReader(doc.OuterXml));
AuthnRequestType request = Deserialize <AuthnRequestType>(reader);
context.AssertionConsumer = request.AssertionConsumerServiceURL;
if (IsRepeatedId(request.ID))
{
context.ErrorCode = SAMLConstants.ErrorCodes.REPEATED_ID;
return(context);
}
AddId(request.ID);
if (thisDestination != null && request.Destination != thisDestination)
{
context.ErrorCode = SAMLConstants.ErrorCodes.INVALID_DESTINATION;
return(context);
}
if (Math.Abs(request.IssueInstant.Subtract(DateTime.UtcNow).TotalMinutes) > validTimeframe)
{
context.ErrorCode = SAMLConstants.ErrorCodes.EXPIRED;
return(context);
}
context.Issuer = request.Issuer.Value;
context.RequestID = request.ID;
XmlElement[] xmlElement = request.Extensions.Any;
XmlElement reqAttributes = null;
foreach (XmlElement element in xmlElement)
{
if (element.LocalName == "RequestedAttributes" &&
element.NamespaceURI == ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTRS))
{
reqAttributes = element;
break;
}
}
if (reqAttributes == null)
{
context.ErrorCode = SAMLConstants.ErrorCodes.XML_VALIDATION_FAILED;
return(context);
}
try
{
foreach (XmlElement element in reqAttributes.GetElementsByTagName("RequestedAttribute", ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTR)))
{
XmlAttributeCollection attrCollection = element.Attributes;
string name = attrCollection["Name"].Value;
// string nameFormat = attrColection["NameFormat"].Value;
string isRequired = attrCollection["isRequired"].Value;
context.AddAttribute(name, bool.Parse(isRequired));
}
}
catch (Exception)
{
//something wrong happend with the attribute processing.
//Problably the isRequiredAttribut is not present. Log the event and return an InvalidAttribute response
context.ErrorCode = SAMLConstants.ErrorCodes.INVALID_ATTRIBUTES;
return(context);
}
if (context.GetAttributeNames().Count == 0)
{
context.ErrorCode = SAMLConstants.ErrorCodes.INVALID_ATTRIBUTES;
}
return(context);
}
