// Create an authentication request.
private XmlElement CreateAuthnRequest()
{
// Create some URLs to identify the service provider to the identity provider.
// As we're using the same endpoint for the different bindings, add a query string parameter
// to identify the binding.
string issuerURL = CreateAbsoluteURL("~/");
string assertionConsumerServiceURL = CreateAssertionConsumerServiceURL();
// Create the authentication request.
AuthnRequest authnRequest = new AuthnRequest();
authnRequest.Destination = WebConfigurationManager.AppSettings["idpssoURL"];
authnRequest.Issuer = new Issuer(issuerURL);
authnRequest.ForceAuthn = false;
authnRequest.NameIDPolicy = new NameIDPolicy(null, null, true);
authnRequest.ProtocolBinding = idpToSPBindingRadioButtonList.SelectedValue;
authnRequest.AssertionConsumerServiceURL = assertionConsumerServiceURL;
// Serialize the authentication request to XML for transmission.
XmlElement authnRequestXml = authnRequest.ToXml();
// Don't sign if using HTTP redirect as the generated query string is too long for most browsers.
if (spToIdPBindingRadioButtonList.SelectedValue != SAMLIdentifiers.BindingURIs.HTTPRedirect) {
// Sign the authentication request.
X509Certificate2 x509Certificate = (X509Certificate2) Application[Global.SPX509Certificate];
SAMLMessageSignature.Generate(authnRequestXml, x509Certificate.PrivateKey, x509Certificate);
}
return authnRequestXml;
}
// Create an authentication request.
private XmlElement CreateAuthnRequest()
{
// Create some URLs to identify the service provider to the identity provider.
// As we're using the same endpoint for the different bindings, add a query string parameter
// to identify the binding.
string issuerURL = CreateAbsoluteURL("~/");
string assertionConsumerServiceURL = CreateAssertionConsumerServiceURL();
// Create the authentication request.
AuthnRequest authnRequest = new AuthnRequest();
authnRequest.Destination = WebConfigurationManager.AppSettings["idpssoURL"];
authnRequest.Issuer = new Issuer(issuerURL);
authnRequest.ForceAuthn = false;
authnRequest.NameIDPolicy = new NameIDPolicy(null, null, true);
authnRequest.ProtocolBinding = idpToSPBindingRadioButtonList.SelectedValue;
authnRequest.AssertionConsumerServiceURL = assertionConsumerServiceURL;
// Serialize the authentication request to XML for transmission.
XmlElement authnRequestXml = authnRequest.ToXml();
// Don't sign if using HTTP redirect as the generated query string is too long for most browsers.
if (spToIdPBindingRadioButtonList.SelectedValue != SAMLIdentifiers.BindingURIs.HTTPRedirect)
{
// Sign the authentication request.
X509Certificate2 x509Certificate = (X509Certificate2)Application[Global.SPX509Certificate];
SAMLMessageSignature.Generate(authnRequestXml, x509Certificate.PrivateKey, x509Certificate);
}
return(authnRequestXml);
}
//private readonly IStoreSamlCertificates _certificates;
//public Test(IStoreSamlCertificates certificatesStore)
//{
// _certificates = certificatesStore;
//}
//private X509Certificate2 GetCertificate()
//{
// var store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
// try
// {
// //< add key = "SamlTestServiceProviderEntityId" value = "https://develop.ucosmic.com/sign-on/saml/2" />
// //< add key = "SamlTestCertificateThumbprint" value = "1945D599DF7F3B3D6513C87A8CDDF4CE6E0899B6" />
// store.Open(OpenFlags.ReadOnly);
// var certificates = store.Certificates.Find(X509FindType.FindByThumbprint, "1945D599DF7F3B3D6513C87A8CDDF4CE6E0899B6", false);
// if (certificates.Count < 1)
// {
// throw new InvalidOperationException(string.Format(
// "Could not find certificate with thumbprint '{0}' in My LocalMachine store.",
// "1945D599DF7F3B3D6513C87A8CDDF4CE6E0899B6"));
// }
// return certificates[0];
// }
// finally
// {
// store.Close();
// }
//}
public void SendAuthnRequest(string idpLocation, Saml2SsoBinding idpBinding,
string fromSpEntityId, string returnUrl, HttpContextBase httpContext)
{
// Create the authentication request.
var authnRequest = new AuthnRequest
{
Destination = idpLocation,
Issuer = new Issuer(fromSpEntityId),
ForceAuthn = true,
NameIDPolicy = new NameIDPolicy(null, null, true),
};
// Serialize the authentication request to XML for transmission.
var authnRequestXml = authnRequest.ToXml();
// Don't sign if using HTTP redirect as the generated query string is too long for most browsers.
//if (idpBinding != Saml2SsoBinding.HttpRedirect)
//{
// // Sign the authentication request.
// var signingCertificate = _certificates.GetSigningCertificate();
// SAMLMessageSignature.Generate(authnRequestXml, signingCertificate.PrivateKey, signingCertificate);
//}
// Create and cache the relay state so we remember which SP resource the user wishes to access after SSO.
//SAML.HttpContext = httpContext;
string relayState = null;
if (!string.IsNullOrWhiteSpace(returnUrl))
{
relayState = RelayStateCache.Add(new RelayState(returnUrl, null));
}
var privateKey = @"MIIDUDCCAjgCCQDZl9Be7/58pTANBgkqhkiG9w0BAQsFADBqMQswCQYDVQQGEwJH QjERMA8GA1UECAwIU29tZXJzZXQxDTALBgNVBAcMBEJhdGgxHDAaBgNVBAoME0Jh dGggU3BhIFVuaXZlcnNpdHkxGzAZBgNVBAMMEmF1dGguYmF0aHNwYS5hYy51azAe Fw0xNzA2MTIxMjMxMjNaFw0zNzA2MDcxMjMxMjNaMGoxCzAJBgNVBAYTAkdCMREw DwYDVQQIDAhTb21lcnNldDENMAsGA1UEBwwEQmF0aDEcMBoGA1UECgwTQmF0aCBT cGEgVW5pdmVyc2l0eTEbMBkGA1UEAwwSYXV0aC5iYXRoc3BhLmFjLnVrMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw54yhGaNi9/5YADBiGWn33YcQNAI f6jagUt7uc/XTcTMoHrirLNftACRzhLXS049fwe48EC6xITe5PWNbiglEXyLmnBF KMOCN7dXDCPWKhSe9vBA2b6+2BS22jAi255WhDj65u4j1+Rg5i0r5E/YLwvG5YAw i9aKSHvvwFwy8Gwo7O3viMqlKsIKx+VV3SfC70NhvtCPh1aHbECfXr05kx5KYXnO UZRZHVLdzG9XP1+BawFcY+kFcflK9uNHUD/i36gCO0X2KciwWWHrmI5ZSR4tymUv FYAIiPklFReOqXUgj0v8pS/NqxKrRzZZWPwbTieJBS0GTt6YvCrQZVnzXQIDAQAB MA0GCSqGSIb3DQEBCwUAA4IBAQBO7NZbRXUfdaICB33BuAwOxsaXaSBkEI6tgZLx wAI/gmOEy639DxWGFuhoUeMhl9B3w5COes7VNvgy9Dl/QaZLH9p3pTBwtc92nN2J U3S4MPdGhtXXKud2DiQuGYtTnp48wbphfAGQDKhz6RI3gionZyHBOkV6Fx5XvSVj Oa7DRfawg951TKGP3OpKI4vuY3kb4hW7XEFfcCEQOcaCujckSwxU6QaI7DnDGP+O wdBmfdEj9Ey37nM0qrzI5cjTz51xJ9c0oNd3+abiGzzL7L7N+AfRVcECowo5l63j vNXAI2IiTocKRsZIWg8qn0pFts3vr7afzJMY6ZQsISwD4fLg";
var bytes = privateKey.GetType();
// Send the authentication request to the identity provider over the configured binding.
switch (idpBinding)
{
case Saml2SsoBinding.HttpPost:
ServiceProvider.SendAuthnRequestByHTTPPost(httpContext.Response, idpLocation, authnRequestXml, relayState);
httpContext.Response.End();
break;
case Saml2SsoBinding.HttpRedirect:
var encryptionCertificate = new X509Certificate2();
//var encryptionCertificate = GetCertificate();
encryptionCertificate.Import(Encoding.ASCII.GetBytes(privateKey));
ServiceProvider.SendAuthnRequestByHTTPRedirect(httpContext.Response, idpLocation, authnRequestXml, relayState,
encryptionCertificate.PrivateKey);
break;
default:
throw new NotSupportedException(string.Format(
"The binding is currently not supported."));
}
}
public void SendAuthnRequest(string idpLocation, Saml2SsoBinding idpBinding,
string fromSpEntityId, string returnUrl, HttpContextBase httpContext)
{
// Create the authentication request.
var authnRequest = new AuthnRequest
{
Destination = idpLocation,
Issuer = new Issuer(fromSpEntityId),
ForceAuthn = false,
NameIDPolicy = new NameIDPolicy(null, null, true),
};
// Serialize the authentication request to XML for transmission.
var authnRequestXml = authnRequest.ToXml();
// Don't sign if using HTTP redirect as the generated query string is too long for most browsers.
if (idpBinding != Saml2SsoBinding.HttpRedirect)
{
// Sign the authentication request.
var signingCertificate = _certificates.GetSigningCertificate();
SAMLMessageSignature.Generate(authnRequestXml, signingCertificate.PrivateKey, signingCertificate);
}
// Create and cache the relay state so we remember which SP resource the user wishes to access after SSO.
SAML.HttpContext = httpContext;
string relayState = null;
if (!string.IsNullOrWhiteSpace(returnUrl))
{
relayState = RelayStateCache.Add(new RelayState(returnUrl, null));
}
// Send the authentication request to the identity provider over the configured binding.
switch (idpBinding)
{
case Saml2SsoBinding.HttpPost:
ServiceProvider.SendAuthnRequestByHTTPPost(httpContext.Response, idpLocation, authnRequestXml, relayState);
httpContext.Response.End();
break;
case Saml2SsoBinding.HttpRedirect:
var encryptionCertificate = _certificates.GetEncryptionCertificate();
ServiceProvider.SendAuthnRequestByHTTPRedirect(httpContext.Response, idpLocation, authnRequestXml, relayState,
encryptionCertificate.PrivateKey);
break;
default:
throw new NotSupportedException(string.Format(
"The '{0}' binding is currently not supported.", idpBinding.AsUriString()));
}
}
public void SendAuthnRequest(string idpLocation, Saml2SsoBinding idpBinding,
string fromSpEntityId, string returnUrl, HttpContextBase httpContext)
{
// Create the authentication request.
var authnRequest = new AuthnRequest
{
Destination = idpLocation,
Issuer = new Issuer(fromSpEntityId),
ForceAuthn = false,
NameIDPolicy = new NameIDPolicy(null, null, true),
};
// Serialize the authentication request to XML for transmission.
var authnRequestXml = authnRequest.ToXml();
// Don't sign if using HTTP redirect as the generated query string is too long for most browsers.
if (idpBinding != Saml2SsoBinding.HttpRedirect)
{
// Sign the authentication request.
var signingCertificate = _certificates.GetSigningCertificate();
SAMLMessageSignature.Generate(authnRequestXml, signingCertificate.PrivateKey, signingCertificate);
}
// Create and cache the relay state so we remember which SP resource the user wishes to access after SSO.
SAML.HttpContext = httpContext;
string relayState = null;
if (!string.IsNullOrWhiteSpace(returnUrl))
relayState = RelayStateCache.Add(new RelayState(returnUrl, null));
// Send the authentication request to the identity provider over the configured binding.
switch (idpBinding)
{
case Saml2SsoBinding.HttpPost:
ServiceProvider.SendAuthnRequestByHTTPPost(httpContext.Response, idpLocation, authnRequestXml, relayState);
httpContext.Response.End();
break;
case Saml2SsoBinding.HttpRedirect:
var encryptionCertificate = _certificates.GetEncryptionCertificate();
ServiceProvider.SendAuthnRequestByHTTPRedirect(httpContext.Response, idpLocation, authnRequestXml, relayState,
encryptionCertificate.PrivateKey);
break;
default:
throw new NotSupportedException(string.Format(
"The '{0}' binding is currently not supported.", idpBinding.AsUriString()));
}
}
static void Main(string[] args)
{
try {
#if DOTNET45
// Register the SHA-256 cryptographic algorithm.
// Only supported in .NET 4.5 and above.
CryptoConfig.AddAlgorithm(typeof(RSAPKCS1SHA256SignatureDescription), "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
#endif
// Load the certificate and private key for signature generation.
X509Certificate2 x509Certificate = new X509Certificate2("idp.pfx", "password");
// Create a basic SAML assertion and serialize it to XML.
SAMLAssertion samlAssertion = new SAMLAssertion();
samlAssertion.Issuer = new Issuer("test");
XmlElement samlAssertionElement = samlAssertion.ToXml();
// Sign the SAML assertion using SHA-256 for the digest and signature algorithms.
SAMLAssertionSignature.Generate(samlAssertionElement, x509Certificate.PrivateKey, x509Certificate, null, "http://www.w3.org/2001/04/xmlenc#sha256", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
Console.WriteLine("Signed SAML assertion: {0}", samlAssertionElement.OuterXml);
// Verify the signature.
bool verified = SAMLAssertionSignature.Verify(samlAssertionElement);
Console.WriteLine("Signature verified: {0}", verified);
// The HTTP-redirect doesn't use XML signatures so check it separately.
// Create a basic authn request and serialize it to XML.
AuthnRequest authnRequest = new AuthnRequest();
authnRequest.Issuer = new Issuer("test");
XmlElement authnRequestElement = authnRequest.ToXml();
// Create the HTTP-redirect URL included the SHA-256 signature.
string url = HTTPRedirectBinding.CreateRequestRedirectURL("http://www.test.com", authnRequestElement, null, x509Certificate.PrivateKey, HTTPRedirectBinding.SignatureAlgorithms.RSA_SHA256);
string relayState = null;
bool signed = false;
// Retrieve the authn request from the HTTP-redirect URL and verify the signature.
HTTPRedirectBinding.GetRequestFromRedirectURL(url, out authnRequestElement, out relayState, out signed, x509Certificate.PublicKey.Key);
}
catch (Exception exception) {
// If signature generation/verification fails then most likely the .NET CLR security update
// hasn't been installed and configured correctly or the inbuilt .NET SHA-256 support hasn't been initialized.
Console.WriteLine(exception.ToString());
}
}
static void Main(string[] args)
{
try {
#if DOTNET45
// Register the SHA-256 cryptographic algorithm.
// Only supported in .NET 4.5 and above.
CryptoConfig.AddAlgorithm(typeof(RSAPKCS1SHA256SignatureDescription), "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
#endif
// Load the certificate and private key for signature generation.
X509Certificate2 x509Certificate = new X509Certificate2("idp.pfx", "password");
// Create a basic SAML assertion and serialize it to XML.
SAMLAssertion samlAssertion = new SAMLAssertion();
samlAssertion.Issuer = new Issuer("test");
XmlElement samlAssertionElement = samlAssertion.ToXml();
// Sign the SAML assertion using SHA-256 for the digest and signature algorithms.
SAMLAssertionSignature.Generate(samlAssertionElement, x509Certificate.PrivateKey, x509Certificate, null, "http://www.w3.org/2001/04/xmlenc#sha256", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
Console.WriteLine("Signed SAML assertion: {0}", samlAssertionElement.OuterXml);
// Verify the signature.
bool verified = SAMLAssertionSignature.Verify(samlAssertionElement);
Console.WriteLine("Signature verified: {0}", verified);
// The HTTP-redirect doesn't use XML signatures so check it separately.
// Create a basic authn request and serialize it to XML.
AuthnRequest authnRequest = new AuthnRequest();
authnRequest.Issuer = new Issuer("test");
XmlElement authnRequestElement = authnRequest.ToXml();
// Create the HTTP-redirect URL included the SHA-256 signature.
string url = HTTPRedirectBinding.CreateRequestRedirectURL("http://www.test.com", authnRequestElement, null, x509Certificate.PrivateKey, HTTPRedirectBinding.SignatureAlgorithms.RSA_SHA256);
string relayState = null;
bool signed = false;
// Retrieve the authn request from the HTTP-redirect URL and verify the signature.
HTTPRedirectBinding.GetRequestFromRedirectURL(url, out authnRequestElement, out relayState, out signed, x509Certificate.PublicKey.Key);
}
catch (Exception exception) {
// If signature generation/verification fails then most likely the .NET CLR security update
// hasn't been installed and configured correctly or the inbuilt .NET SHA-256 support hasn't been initialized.
Console.WriteLine(exception.ToString());
}
}
private static void SignAndVerify(X509Certificate2 x509Certificate, string digestMethod, string signatureMethod)
{
try
{
Console.WriteLine("Testing signature generation and verification using \"{0}\".", signatureMethod);
// Create a basic SAML assertion and serialize it to XML.
SAMLAssertion samlAssertion = new SAMLAssertion();
samlAssertion.Issuer = new Issuer("test");
XmlElement samlAssertionElement = samlAssertion.ToXml();
// Sign the SAML assertion using the specified digest and signature methods.
SAMLAssertionSignature.Generate(samlAssertionElement, x509Certificate.PrivateKey, x509Certificate, null, digestMethod, signatureMethod);
// Verify the signature.
bool verified = SAMLAssertionSignature.Verify(samlAssertionElement);
if (!verified)
{
throw new Exception("The XML signature failed to verify.");
}
// The HTTP-redirect doesn't use XML signatures so check it separately.
// Create a basic authn request and serialize it to XML.
AuthnRequest authnRequest = new AuthnRequest();
authnRequest.Issuer = new Issuer("test");
XmlElement authnRequestElement = authnRequest.ToXml();
// Create the HTTP-redirect URL included the signature.
string url = HTTPRedirectBinding.CreateRequestRedirectURL("http://www.test.com", authnRequestElement, null, x509Certificate.PrivateKey, signatureMethod);
string relayState = null;
bool signed = false;
// Retrieve the authn request from the HTTP-redirect URL and verify the signature.
HTTPRedirectBinding.GetRequestFromRedirectURL(url, out authnRequestElement, out relayState, out signed, x509Certificate.PublicKey.Key);
Console.WriteLine("Signature generation and verification using \"{0}\" was successful.", signatureMethod);
}
catch (Exception exception)
{
Console.WriteLine("Signature generation and verification using \"{0}\" failed.", signatureMethod);
Console.WriteLine(exception.ToString());
}
}
private XmlElement CreateAuthnRequest()
{
// Create the authentication request.
AuthnRequest authnRequest = new AuthnRequest();
authnRequest.Destination = "https://login.microsoftonline.com/021af3dc-d776-4348-8539-7eab9f6ce3fb/saml2";// Configuration.SingleSignOnServiceURL;
authnRequest.Issuer = new Issuer("http://localhost/WebDrawer");
authnRequest.ForceAuthn = false;
authnRequest.NameIDPolicy = new NameIDPolicy(null, null, true);
// Serialize the authentication request to XML for transmission.
XmlElement authnRequestXml = authnRequest.ToXml();
return(authnRequestXml);
}
// Create an authentication request.
private XmlElement CreateAuthnRequest()
{
// Create the authentication request.
AuthnRequest authnRequest = new AuthnRequest();
authnRequest.Destination = Configuration.SingleSignOnServiceURL;
authnRequest.Issuer = new Issuer(CreateAbsoluteURL("~/"));
authnRequest.ForceAuthn = false;
authnRequest.NameIDPolicy = new NameIDPolicy(null, null, true);
// Serialize the authentication request to XML for transmission.
XmlElement authnRequestXml = authnRequest.ToXml();
// Don't sign if using HTTP redirect as the generated query string is too long for most browsers.
if (Configuration.SingleSignOnServiceBinding != SAMLIdentifiers.Binding.HTTPRedirect)
{
// Sign the authentication request.
X509Certificate2 x509Certificate = (X509Certificate2)Application[Global.SPX509Certificate];
SAMLMessageSignature.Generate(authnRequestXml, x509Certificate.PrivateKey, x509Certificate);
}
return(authnRequestXml);
}
// Create an authentication request.
private XmlElement CreateAuthnRequest()
{
// Create the authentication request.
AuthnRequest authnRequest = new AuthnRequest();
authnRequest.Destination = Configuration.SingleSignOnServiceURL;
authnRequest.Issuer = new Issuer(Configuration.Issuer);
authnRequest.ForceAuthn = false;
authnRequest.NameIDPolicy = new NameIDPolicy(null, null, true);
// Serialize the authentication request to XML for transmission.
XmlElement authnRequestXml = authnRequest.ToXml();
// Don't sign if using HTTP redirect as the generated query string is too long for most browsers.
if (Configuration.SingleSignOnServiceBinding != SAMLIdentifiers.Binding.HTTPRedirect) {
// Sign the authentication request.
X509Certificate2 x509Certificate = (X509Certificate2)Application[Global.SPX509Certificate];
SAMLMessageSignature.Generate(authnRequestXml, x509Certificate.PrivateKey, x509Certificate);
}
return authnRequestXml;
}
//private readonly IStoreSamlCertificates _certificates;
//public Test(IStoreSamlCertificates certificatesStore)
//{
// _certificates = certificatesStore;
//}
//private X509Certificate2 GetCertificate()
//{
// var store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
// try
// {
// //< add key = "SamlTestServiceProviderEntityId" value = "https://develop.ucosmic.com/sign-on/saml/2" />
// //< add key = "SamlTestCertificateThumbprint" value = "1945D599DF7F3B3D6513C87A8CDDF4CE6E0899B6" />
// store.Open(OpenFlags.ReadOnly);
// var certificates = store.Certificates.Find(X509FindType.FindByThumbprint, "1945D599DF7F3B3D6513C87A8CDDF4CE6E0899B6", false);
// if (certificates.Count < 1)
// {
// throw new InvalidOperationException(string.Format(
// "Could not find certificate with thumbprint '{0}' in My LocalMachine store.",
// "1945D599DF7F3B3D6513C87A8CDDF4CE6E0899B6"));
// }
// return certificates[0];
// }
// finally
// {
// store.Close();
// }
//}
public void SendAuthnRequest(string idpLocation, Saml2SsoBinding idpBinding,
string fromSpEntityId, string returnUrl, HttpContextBase httpContext)
{
// Create the authentication request.
var authnRequest = new AuthnRequest
{
Destination = idpLocation,
Issuer = new Issuer(fromSpEntityId),
ForceAuthn = true,
NameIDPolicy = new NameIDPolicy(null, null, true),
};
// Serialize the authentication request to XML for transmission.
var authnRequestXml = authnRequest.ToXml();
// Don't sign if using HTTP redirect as the generated query string is too long for most browsers.
//if (idpBinding != Saml2SsoBinding.HttpRedirect)
//{
// // Sign the authentication request.
// var signingCertificate = _certificates.GetSigningCertificate();
// SAMLMessageSignature.Generate(authnRequestXml, signingCertificate.PrivateKey, signingCertificate);
//}
// Create and cache the relay state so we remember which SP resource the user wishes to access after SSO.
//SAML.HttpContext = httpContext;
string relayState = null;
if (!string.IsNullOrWhiteSpace(returnUrl))
{
relayState = RelayStateCache.Add(new RelayState(returnUrl, null));
}
// Send the authentication request to the identity provider over the configured binding.
switch (idpBinding)
{
case Saml2SsoBinding.HttpPost:
ServiceProvider.SendAuthnRequestByHTTPPost(httpContext.Response, idpLocation, authnRequestXml, relayState);
httpContext.Response.End();
break;
case Saml2SsoBinding.HttpRedirect:
StreamReader sr = new StreamReader(@"C:\Users\vladi\Source\Repos\othmankh\ShibTesting\SamlProject\App_Data\encrypted_private_key.pem");
PemReader pr = new PemReader(sr, new PasswordFinder("WRONG_PASSWORD"));
RSAParameters rsaParams = DotNetUtilities.ToRSAParameters((RsaPrivateCrtKeyParameters)pr.ReadObject());
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
rsa.ImportParameters(rsaParams);
var encryptionCertificate = new X509Certificate2();
encryptionCertificate.Import(@"C:\Users\vladi\Source\Repos\othmankh\ShibTesting\SamlProject\App_Data\unitu.cer");
encryptionCertificate.PrivateKey = rsa;
ServiceProvider.SendAuthnRequestByHTTPRedirect(httpContext.Response, idpLocation, authnRequestXml, relayState, encryptionCertificate.PrivateKey);
break;
default:
throw new NotSupportedException(string.Format(
"The binding is currently not supported."));
}
}
