/// <summary> /// Builds an authentication request. /// </summary> /// <returns>The authentication request.</returns> private AuthnRequest BuildAuthenticationRequest() { // Create some URLs to identify the service provider to the identity provider. // As we're using the same endpoint for the different bindings, add a query string parameter // to identify the binding. string issuerUrl = Util.GetAbsoluteUrl(this, "~/"); string assertionConsumerServiceUrl = string.Format("{0}?{1}={2}", Util.GetAbsoluteUrl(this, "~/AssertionService.aspx"), Util.BindingVarName, HttpUtility.UrlEncode(idpToSPBindingList.SelectedValue)); // Create the authentication request. AuthnRequest authnRequest = new AuthnRequest(); authnRequest.Destination = WebConfigurationManager.AppSettings["SingleSignonIdProviderUrl"]; authnRequest.Issuer = new Issuer(issuerUrl); authnRequest.ForceAuthn = false; authnRequest.NameIdPolicy = new NameIdPolicy(null, null, true); authnRequest.ProtocolBinding = idpToSPBindingList.SelectedValue; authnRequest.AssertionConsumerServiceUrl = assertionConsumerServiceUrl; // Don't sign if using HTTP redirect as the generated query string is too long for most browsers. if (spToIdPBindingList.SelectedValue != SamlBindingUri.HttpRedirect) { // Sign the authentication request. X509Certificate2 x509Certificate = (X509Certificate2)Application[Global.SPCertKey]; authnRequest.Sign(x509Certificate); } return(authnRequest); }
/// <summary> /// Gets the authentication request. /// </summary> /// <param name="page">The page object.</param> /// <returns>The authentication request object.</returns> public static AuthnRequest GetAuthnRequest(Page page) { // Create the authentication request. AuthnRequest authnRequest = new AuthnRequest(); authnRequest.Destination = Global.SingleSignOnServiceURL; authnRequest.Issuer = new Issuer(GetAbsoluteUrl(page, "~/")); authnRequest.ForceAuthn = false; authnRequest.NameIdPolicy = new NameIdPolicy(null, null, true); if (Global.SingleSignOnServiceBinding != SamlBinding.HttpRedirect) { // Sign the authentication request if the SSO service binding is not HTTP Redirect. // Get the certificate. X509Certificate2 x509Certificate = (X509Certificate2)page.Application[Global.SpCertKey]; // Sign the SAML request. authnRequest.Sign(x509Certificate); } return authnRequest; }
/// <summary> /// Gets the authentication request. /// </summary> /// <param name="page">The page object.</param> /// <returns>The authentication request object.</returns> public static AuthnRequest GetAuthnRequest(Page page) { // Create the authentication request. AuthnRequest authnRequest = new AuthnRequest(); authnRequest.Destination = Global.SingleSignOnServiceURL; authnRequest.Issuer = new Issuer(GetAbsoluteUrl(page, "~/")); authnRequest.ForceAuthn = false; authnRequest.NameIdPolicy = new NameIdPolicy(null, null, true); if (Global.SingleSignOnServiceBinding != SamlBinding.HttpRedirect) { // Sign the authentication request if the SSO service binding is not HTTP Redirect. // Get the certificate. X509Certificate2 x509Certificate = (X509Certificate2)page.Application[Global.SpCertKey]; // Sign the SAML request. authnRequest.Sign(x509Certificate); } return(authnRequest); }
/// <summary> /// Gets the authentication request. /// </summary> /// <param name="page">The page object.</param> /// <returns>The authentication request object.</returns> public static AuthnRequest GetAuthnRequest(Page page) { // Create the authentication request. AuthnRequest authnRequest = new AuthnRequest(); authnRequest.Destination = Global.SingleSignOnServiceURL; authnRequest.Issuer = new Issuer(GetAbsoluteUrl(page, "~/")); authnRequest.RequestedAuthnContext = new RequestedAuthnContext(); authnRequest.RequestedAuthnContext.Comparison = SamlAuthenticationContextComparison.Exact; authnRequest.RequestedAuthnContext.AuthenticationContexts.Add(new AuthnContextClassRef(SamlAuthenticationContext.PasswordProtectedTransport)); authnRequest.ForceAuthn = false; authnRequest.NameIdPolicy = new NameIdPolicy(null, null, true); if (Global.SingleSignOnServiceBinding != SamlBinding.HttpRedirect) { // Sign the authentication request if the SSO service binding is not HTTP Redirect. // Get the certificate. X509Certificate2 x509Certificate = (X509Certificate2)page.Application[Global.SpCertKey]; // Sign the SAML request. authnRequest.Sign(x509Certificate); } return authnRequest; }