/// <summary>
/// Generates an encrypted assertion and writes it to disk.
/// </summary>
public static void GenerateEncryptedAssertion()
{
var cert = Certificates.InMemoryResourceUtility.GetInMemoryCertificate("sts_dev_certificate.pfx", "test1234");
var assertion = AssertionUtil.GetTestAssertion();
// Create an EncryptedData instance to hold the results of the encryption.o
var encryptedData = new EncryptedData
{
Type = EncryptedXml.XmlEncElementUrl,
EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url)
};
// Create a symmetric key.
var aes = new RijndaelManaged {
KeySize = 256
};
aes.GenerateKey();
// Encrypt the assertion and add it to the encryptedData instance.
var encryptedXml = new EncryptedXml();
var encryptedElement = encryptedXml.EncryptData(assertion.DocumentElement, aes, false);
encryptedData.CipherData.CipherValue = encryptedElement;
// Add an encrypted version of the key used.
encryptedData.KeyInfo = new KeyInfo();
var encryptedKey = new EncryptedKey();
// Use this certificate to encrypt the key.
var publicKeyRsa = cert.PublicKey.Key as RSA;
Assert.True(publicKeyRsa != null, "Public key of certificate was not an RSA key. Modify test.");
encryptedKey.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);
encryptedKey.CipherData = new CipherData(EncryptedXml.EncryptKey(aes.Key, publicKeyRsa, false));
encryptedData.KeyInfo.AddClause(new KeyInfoEncryptedKey(encryptedKey));
// Create the resulting Xml-document to hook into.
var encryptedAssertion = new EncryptedAssertion
{
EncryptedData = new Schema.XEnc.EncryptedData(),
EncryptedKey = new Schema.XEnc.EncryptedKey[1]
};
encryptedAssertion.EncryptedKey[0] = new Schema.XEnc.EncryptedKey();
var result = Serialization.Serialize(encryptedAssertion);
var encryptedDataElement = GetElement(Schema.XEnc.EncryptedData.ElementName, Saml20Constants.Xenc, result);
EncryptedXml.ReplaceElement(encryptedDataElement, encryptedData, false);
// At this point, result can be output to text
}
public void GenerateEncryptedAssertion_01()
{
XmlDocument assertion = AssertionUtil.GetTestAssertion_01();
// Create an EncryptedData instance to hold the results of the encryption.o
EncryptedData encryptedData = new EncryptedData();
encryptedData.Type = EncryptedXml.XmlEncElementUrl;
encryptedData.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url);
// Create a symmetric key.
RijndaelManaged aes = new RijndaelManaged();
aes.KeySize = 256;
aes.GenerateKey();
// Encrypt the assertion and add it to the encryptedData instance.
EncryptedXml encryptedXml = new EncryptedXml();
byte[] encryptedElement = encryptedXml.EncryptData(assertion.DocumentElement, aes, false);
encryptedData.CipherData.CipherValue = encryptedElement;
// Add an encrypted version of the key used.
encryptedData.KeyInfo = new KeyInfo();
EncryptedKey encryptedKey = new EncryptedKey();
// Use this certificate to encrypt the key.
X509Certificate2 cert = new X509Certificate2(@"Saml20\Certificates\sts_dev_certificate.pfx", "test1234");
RSA publicKeyRSA = cert.PublicKey.Key as RSA;
Assert.IsNotNull(publicKeyRSA, "Public key of certificate was not an RSA key. Modify test.");
encryptedKey.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);
encryptedKey.CipherData = new CipherData(EncryptedXml.EncryptKey(aes.Key, publicKeyRSA, false));
encryptedData.KeyInfo.AddClause(new KeyInfoEncryptedKey(encryptedKey));
// Create the resulting Xml-document to hook into.
EncryptedAssertion encryptedAssertion = new EncryptedAssertion();
encryptedAssertion.encryptedData = new saml20.Schema.XEnc.EncryptedData();
encryptedAssertion.encryptedKey = new saml20.Schema.XEnc.EncryptedKey[1];
encryptedAssertion.encryptedKey[0] = new saml20.Schema.XEnc.EncryptedKey();
XmlDocument result;
result = Serialization.Serialize(encryptedAssertion);
XmlElement encryptedDataElement = GetElement(dk.nita.saml20.Schema.XEnc.EncryptedData.ELEMENT_NAME, Saml20Constants.XENC, result);
EncryptedXml.ReplaceElement(encryptedDataElement, encryptedData, false);
}
/// <summary>
/// Encrypts the Assertion in the assertion property and creates an <code>EncryptedAssertion</code> element
/// that can be retrieved using the <code>GetXml</code> method.
/// </summary>
public void Encrypt()
{
if (_transportKey == null)
{
throw new InvalidOperationException("The \"TransportKey\" property is required to encrypt the assertion.");
}
if (_assertion == null)
{
throw new InvalidOperationException("The \"Assertion\" property is required for this operation.");
}
EncryptedData encryptedData = new EncryptedData();
encryptedData.Type = EncryptedXml.XmlEncElementUrl;
encryptedData.EncryptionMethod = new EncryptionMethod(_sessionKeyAlgorithm);
// Encrypt the assertion and add it to the encryptedData instance.
EncryptedXml encryptedXml = new EncryptedXml();
byte[] encryptedElement = encryptedXml.EncryptData(_assertion.DocumentElement, SessionKey, false);
encryptedData.CipherData.CipherValue = encryptedElement;
// Add an encrypted version of the key used.
encryptedData.KeyInfo = new KeyInfo();
EncryptedKey encryptedKey = new EncryptedKey();
encryptedKey.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);
encryptedKey.CipherData = new CipherData(EncryptedXml.EncryptKey(SessionKey.Key, TransportKey, false));
encryptedData.KeyInfo.AddClause(new KeyInfoEncryptedKey(encryptedKey));
// Create an empty EncryptedAssertion to hook into.
var encryptedAssertion = new EncryptedAssertion();
encryptedAssertion.encryptedData = new SfwEncryptedData();
XmlDocument result = new XmlDocument();
result.XmlResolver = null;
result.LoadXml(Serialization.SerializeToXmlString(encryptedAssertion));
XmlElement encryptedDataElement = GetElement(SfwEncryptedData.ELEMENT_NAME, Saml20Constants.XENC, result.DocumentElement);
EncryptedXml.ReplaceElement(encryptedDataElement, encryptedData, false);
_encryptedAssertion = result;
}
/// <summary>
/// Encrypts the Assertion in the assertion property and creates an <code>EncryptedAssertion</code> element
/// that can be retrieved using the <code>GetXml</code> method.
/// </summary>
public void Encrypt()
{
if (TransportKey == null)
{
throw new InvalidOperationException("The \"TransportKey\" property is required to encrypt the assertion.");
}
if (Assertion == null)
{
throw new InvalidOperationException("The \"Assertion\" property is required for this operation.");
}
var encryptedData = new EncryptedData
{
Type = EncryptedXml.XmlEncElementUrl,
EncryptionMethod = new EncryptionMethod(_sessionKeyAlgorithm)
};
// Encrypt the assertion and add it to the encryptedData instance.
var encryptedXml = new EncryptedXml();
var encryptedElement = encryptedXml.EncryptData(Assertion.DocumentElement, SessionKey, false);
encryptedData.CipherData.CipherValue = encryptedElement;
// Add an encrypted version of the key used.
encryptedData.KeyInfo = new KeyInfo();
var encryptedKey = new EncryptedKey
{
EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url),
CipherData = new CipherData(EncryptedXml.EncryptKey(SessionKey.Key, TransportKey, false))
};
encryptedData.KeyInfo.AddClause(new KeyInfoEncryptedKey(encryptedKey));
// Create an empty EncryptedAssertion to hook into.
var encryptedAssertion = new EncryptedAssertion {
EncryptedData = new Schema.XEnc.EncryptedData()
};
var result = new XmlDocument();
result.LoadXml(Serialization.SerializeToXmlString(encryptedAssertion));
var encryptedDataElement = GetElement(Schema.XEnc.EncryptedData.ElementName, Saml20Constants.Xenc, result.DocumentElement);
EncryptedXml.ReplaceElement(encryptedDataElement, encryptedData, false);
_encryptedAssertion = result;
}
private static XmlElement DecryptAssertion(XmlElement xmlElement)
{
Console.Error.WriteLine("Decrypting SAML assertion");
EncryptedAssertion encryptedAssertion = new EncryptedAssertion(xmlElement);
EncryptionMethod encryptionMethod = null;
if (!String.IsNullOrEmpty(algorithm)) {
encryptionMethod = new EncryptionMethod(algorithm);
}
return encryptedAssertion.DecryptToXml(x509Certificate.PrivateKey, null, encryptionMethod);
}
private static XmlElement DecryptAssertion(XmlElement xmlElement)
{
Console.Error.WriteLine("Decrypting SAML assertion");
EncryptedAssertion encryptedAssertion = new EncryptedAssertion(xmlElement);
EncryptionMethod encryptionMethod = null;
if (!String.IsNullOrEmpty(algorithm))
{
encryptionMethod = new EncryptionMethod(algorithm);
}
return(encryptedAssertion.DecryptToXml(x509Certificate.PrivateKey, null, encryptionMethod));
}
protected override void OnLoad(EventArgs e)
{
base.OnLoad(e);
try
{
#region Receive SAML Response
// Create a SAML response from the HTTP request.
ComponentPro.Saml2.Response samlResponse = ComponentPro.Saml2.Response.Create(Request);
// Is it signed?
if (samlResponse.IsSigned())
{
// Loaded the previously loaded certificate.
X509Certificate2 x509Certificate = (X509Certificate2)Application[Global.CertKeyName];
// Validate the SAML response with the certificate.
if (!samlResponse.Validate(x509Certificate))
{
throw new ApplicationException("SAML response signature is not valid.");
}
}
#endregion
#region Process the response
// Success?
if (!samlResponse.IsSuccess())
{
throw new ApplicationException("SAML response is not success");
}
Assertion samlAssertion;
// Define ENCRYPTEDSAML preprocessor flag if you wish to decrypt the SAML response.
#if ENCRYPTEDSAML
if (samlResponse.GetEncryptedAssertions().Count > 0)
{
EncryptedAssertion encryptedAssertion = samlResponse.GetEncryptedAssertions()[0];
// Load the private key.
// Consider caching the loaded key in production environment for better performance.
X509Certificate2 decryptionKey = new X509Certificate2(Path.Combine(HttpRuntime.AppDomainAppPath, "EncryptionKey.pfx"), "password");
// Decrypt the encrypted assertion.
samlAssertion = encryptedAssertion.Decrypt(decryptionKey.PrivateKey, null);
}
else
{
throw new ApplicationException("No encrypted assertions found in the SAML response");
}
#else
// Get the asserted identity.
if (samlResponse.GetAssertions().Count > 0)
{
samlAssertion = samlResponse.GetAssertions()[0];
}
else
{
throw new ApplicationException("No assertions found in the SAML response");
}
#endif
// Get the subject name identifier.
string userName;
if (samlAssertion.Subject.NameId != null)
{
userName = samlAssertion.Subject.NameId.NameIdentifier;
}
else
{
throw new ApplicationException("Name identifier not found in subject");
}
#region Extract Custom Attributes
// If you need to add custom attributes, uncomment the following code
//if (samlAssertion.AttributeStatements.Count > 0)
//{
// foreach (AttributeStatement attributeStatement in samlAssertion.AttributeStatements)
// {
// // If you need to decrypt encrypted attributes, refer to this topic: http://www.samlcomponent.net/encrypting-and-decrypting-saml-response-xml
// foreach (ComponentPro.Saml2.Attribute attribute in attributeStatement.Attributes)
// {
// // Process your custom attribute here.
// // ...
// }
// }
//}
#endregion
// Set authentication cookie.
FormsAuthentication.SetAuthCookie(userName, false);
// Redirect to the requested URL.
Response.Redirect(samlResponse.RelayState, false);
#endregion
}
catch (Exception exception)
{
Trace.Write("ServiceProvider", "An Error occurred", exception);
}
}
private static XmlElement CreateSamlResponse(string assertionConsumerServiceUrl, List <SAMLAttribute> attributes, string requestId = null, bool signAssertion = false, bool signResponse = false, bool encryptAssertion = false)
{
var samlResponse = new SAMLResponse {
Destination = assertionConsumerServiceUrl
};
var issuer = new Issuer(SAMLConfiguration.Current.IdentityProviderConfiguration.Name);
var issuerX509CertificateFilePath = Path.Combine(HttpRuntime.AppDomainAppPath, SAMLConfiguration.Current.IdentityProviderConfiguration.CertificateFile);
var issuerX509Certificate = new X509Certificate2(issuerX509CertificateFilePath, SAMLConfiguration.Current.IdentityProviderConfiguration.CertificatePassword);
var partner = SessionHelper.Get <string>(PartnerSpSessionKey) ?? SAMLConfiguration.Current.ServiceProviderConfiguration.Name;
var partnerConfig = SAMLConfiguration.Current.PartnerServiceProviderConfigurations[partner];
var partnerX509CertificateFilePath = string.Empty;
var partnerX509Certificate = null as X509Certificate2;
if (partnerConfig != null)
{
partnerX509CertificateFilePath = Path.Combine(HttpRuntime.AppDomainAppPath, partnerConfig.CertificateFile);
partnerX509Certificate = new X509Certificate2(partnerX509CertificateFilePath);
signAssertion = partnerConfig.SignAssertion;
signResponse = partnerConfig.SignSAMLResponse;
encryptAssertion = partnerConfig.EncryptAssertion;
}
samlResponse.Issuer = issuer;
samlResponse.Status = new Status(SAMLIdentifiers.PrimaryStatusCodes.Success, null);
samlResponse.IssueInstant = DateTime.Now;
samlResponse.InResponseTo = requestId;
var samlAssertion = new SAMLAssertion {
Issuer = issuer, IssueInstant = samlResponse.IssueInstant
};
var profileId = attributes.Where(a => a.Name == PortalClaimTypes.ProfileId).Select(a => a.Values[0].ToString()).FirstOrDefault();
var subject = new Subject(new NameID(profileId));
var subjectConfirmation = new SubjectConfirmation(SAMLIdentifiers.SubjectConfirmationMethods.Bearer);
var subjectConfirmationData = new SubjectConfirmationData {
Recipient = assertionConsumerServiceUrl
};
subjectConfirmation.SubjectConfirmationData = subjectConfirmationData;
subject.SubjectConfirmations.Add(subjectConfirmation);
samlAssertion.Subject = subject;
var conditions = new Conditions(DateTime.Now, DateTime.Now.AddDays(1));
var audienceRestriction = new AudienceRestriction();
audienceRestriction.Audiences.Add(new Audience(partner));
conditions.ConditionsList.Add(audienceRestriction);
samlAssertion.Conditions = conditions;
var authnStatement = new AuthnStatement {
AuthnContext = new AuthnContext(), AuthnInstant = samlResponse.IssueInstant
};
authnStatement.AuthnContext.AuthnContextClassRef = new AuthnContextClassRef(SAMLIdentifiers.AuthnContextClasses.X509);
samlAssertion.Statements.Add(authnStatement);
attributes.ForEach(a =>
{
var attributeStatement = new AttributeStatement();
attributeStatement.Attributes.Add(a);
samlAssertion.Statements.Add(attributeStatement);
});
var samlAssertionXml = samlAssertion.ToXml();
if (signAssertion)
{
SAMLAssertionSignature.Generate(samlAssertionXml, issuerX509Certificate.PrivateKey, issuerX509Certificate);
}
if (encryptAssertion)
{
var encryptedAssertion = new EncryptedAssertion(samlAssertionXml, partnerX509Certificate);
samlResponse.Assertions.Add(encryptedAssertion.ToXml());
}
else
{
samlResponse.Assertions.Add(samlAssertionXml);
}
var samlResponseXml = samlResponse.ToXml();
if (signResponse)
{
SAMLMessageSignature.Generate(samlResponseXml, issuerX509Certificate.PrivateKey, issuerX509Certificate);
}
return(samlResponseXml);
}
private void CreateAssertionResponse(User user)
{
string entityId = request.Issuer.Value;
Saml20MetadataDocument metadataDocument = IDPConfig.GetServiceProviderMetadata(entityId);
IDPEndPointElement endpoint =
metadataDocument.AssertionConsumerServiceEndpoints().Find(delegate(IDPEndPointElement e) { return(e.Binding == SAMLBinding.POST); });
if (endpoint == null)
{
Context.Response.Write(string.Format("'{0}' does not have a SSO endpoint that supports the POST binding.", entityId));
Context.Response.End();
return;
}
UserSessionsHandler.AddLoggedInSession(entityId);
Response response = new Response();
response.Destination = endpoint.Url;
response.InResponseTo = request.ID;
response.Status = new Status();
response.Status.StatusCode = new StatusCode();
response.Status.StatusCode.Value = Saml20Constants.StatusCodes.Success;
var nameIdFormat = metadataDocument.Entity.Items.OfType <SPSSODescriptor>().SingleOrDefault()?.NameIDFormat.SingleOrDefault() ?? Saml20Constants.NameIdentifierFormats.Persistent;
Assertion assertion = CreateAssertion(user, entityId, nameIdFormat);
var signatureProvider = SignatureProviderFactory.CreateFromShaHashingAlgorithmName(ShaHashingAlgorithm.SHA256);
EncryptedAssertion encryptedAssertion = null;
var keyDescriptors = metadataDocument.Keys.Where(x => x.use == KeyTypes.encryption);
if (keyDescriptors.Any())
{
foreach (KeyDescriptor keyDescriptor in keyDescriptors)
{
KeyInfo ki = (KeyInfo)keyDescriptor.KeyInfo;
foreach (KeyInfoClause clause in ki)
{
if (clause is KeyInfoX509Data)
{
X509Certificate2 cert = XmlSignatureUtils.GetCertificateFromKeyInfo((KeyInfoX509Data)clause);
var spec = new DefaultCertificateSpecification();
string error;
if (spec.IsSatisfiedBy(cert, out error))
{
AsymmetricAlgorithm key = XmlSignatureUtils.ExtractKey(clause);
AssertionEncryptionUtility.AssertionEncryptionUtility encryptedAssertionUtil = new AssertionEncryptionUtility.AssertionEncryptionUtility((RSA)key, assertion);
// Sign the assertion inside the response message.
signatureProvider.SignAssertion(encryptedAssertionUtil.Assertion, assertion.ID, IDPConfig.IDPCertificate);
encryptedAssertionUtil.Encrypt();
encryptedAssertion = Serialization.DeserializeFromXmlString <EncryptedAssertion>(encryptedAssertionUtil.EncryptedAssertion.OuterXml);
break;
}
}
}
if (encryptedAssertion != null)
{
break;
}
}
if (encryptedAssertion == null)
{
throw new Exception("Could not encrypt. No valid certificates found.");
}
}
if (encryptedAssertion != null)
{
response.Items = new object[] { encryptedAssertion };
}
else
{
response.Items = new object[] { assertion };
}
// Serialize the response.
XmlDocument responseDoc = new XmlDocument();
responseDoc.XmlResolver = null;
responseDoc.PreserveWhitespace = true;
responseDoc.LoadXml(Serialization.SerializeToXmlString(response));
if (encryptedAssertion == null)
{
// Sign the assertion inside the response message.
signatureProvider.SignAssertion(responseDoc, assertion.ID, IDPConfig.IDPCertificate);
}
HttpPostBindingBuilder builder = new HttpPostBindingBuilder(endpoint);
builder.Action = SAMLAction.SAMLResponse;
builder.Response = responseDoc.OuterXml;
builder.GetPage().ProcessRequest(Context);
Context.Response.End();
}
public ActionResult Index(Account acct)
{
var payments =
from lngroup in acct.LineItemGroups
from lines in lngroup.LineItems
select new DTO.AmountToPayDTO() { AmountToPay=lines.AmountToPay, LineItemId=lines.Id };
acctSvc.SaveAmountsToCart(acct.AccountNumber, new List<DTO.AmountToPayDTO>(payments.ToList()));
string dest = Request["Destination"]; //string.Format(WebConfigurationManager.AppSettings["SPTargetURL"]);
string samlService = Request["SAML"];
// Create a SAML response with the user's local identity.
SAMLResponse samlResponse = CreateSAMLResponse();
((SAMLAssertion)samlResponse.Assertions[0]).SetAttributeValue("AccountNumber", acct.AccountNumber);
//Todo: fix names
((SAMLAssertion)samlResponse.Assertions[0]).SetAttributeValue("UserFirstName", "John" );
((SAMLAssertion)samlResponse.Assertions[0]).SetAttributeValue("UserLastName", "Smith");
((SAMLAssertion)samlResponse.Assertions[0]).SetAttributeValue("UserEMailAddress", Membership.GetUser(User.Identity.Name, true).Email );
var encResponse = new EncryptedAssertion(
(SAMLAssertion)samlResponse.Assertions[0]
, (X509Certificate2)HttpContext.Application[FB.StrawPortal.MvcApplication.EncrypterX509Certificate]
, new EncryptionMethod(EncryptedXml.XmlEncAES256Url)
);
samlResponse.Assertions.RemoveAt(0);
samlResponse.Assertions.Add(encResponse);
// Send the SAML response to the service provider.
SendSAMLResponse(samlResponse, dest, samlService);
return new EmptyResult();
}
protected override void OnLoad(EventArgs e)
{
base.OnLoad(e);
try
{
// Extract the SP target url.
string targetUrl = Request.QueryString["spUrl"];
// Validate it.
if (string.IsNullOrEmpty(targetUrl))
{
return;
}
// Create a SAML response object.
ComponentPro.Saml2.Response samlResponse = new ComponentPro.Saml2.Response();
// Assign the consumer service url.
samlResponse.Destination = ConsumerServiceUrl;
Issuer issuer = new Issuer(GetAbsoluteUrl("~/"));
samlResponse.Issuer = issuer;
samlResponse.Status = new Status(SamlPrimaryStatusCode.Success, null);
Assertion samlAssertion = new Assertion();
samlAssertion.Issuer = issuer;
// Use the local user's local identity.
Subject subject = new Subject(new NameId(User.Identity.Name));
SubjectConfirmation subjectConfirmation = new SubjectConfirmation(SamlSubjectConfirmationMethod.Bearer);
SubjectConfirmationData subjectConfirmationData = new SubjectConfirmationData();
subjectConfirmationData.Recipient = ConsumerServiceUrl;
subjectConfirmation.SubjectConfirmationData = subjectConfirmationData;
subject.SubjectConfirmations.Add(subjectConfirmation);
samlAssertion.Subject = subject;
// Create a new authentication statement.
AuthnStatement authnStatement = new AuthnStatement();
authnStatement.AuthnContext = new AuthnContext();
authnStatement.AuthnContext.AuthnContextClassRef = new AuthnContextClassRef(SamlAuthenticateContext.Password);
samlAssertion.Statements.Add(authnStatement);
// If you need to add custom attributes, uncomment the following code
// #region Custom Attributes
// AttributeStatement attributeStatement = new AttributeStatement();
// attributeStatement.Attributes.Add(new ComponentPro.Saml2.Attribute("email", SamlAttributeNameFormat.Basic, null,
// "*****@*****.**"));
// attributeStatement.Attributes.Add(new ComponentPro.Saml2.Attribute("FirstName", SamlAttributeNameFormat.Basic, null,
// "John"));
// attributeStatement.Attributes.Add(new ComponentPro.Saml2.Attribute("LastName", SamlAttributeNameFormat.Basic, null,
// "Smith"));
// // Insert a custom token key to the SAML response.
// attributeStatement.Attributes.Add(new ComponentPro.Saml2.Attribute("CustomTokenForVerification", SamlAttributeNameFormat.Basic, null,
// "YourEncryptedTokenHere"));
// samlAssertion.Statements.Add(attributeStatement);
// #endregion
// Define ENCRYPTEDSAML preprocessor flag if you wish to encrypt the SAML response.
#if ENCRYPTEDSAML
// Load the certificate for the encryption.
// Please make sure the file is in the root directory.
X509Certificate2 encryptingCert = new X509Certificate2(Path.Combine(HttpRuntime.AppDomainAppPath, "EncryptionX509Certificate.cer"), "password");
// Create an encrypted SAML assertion from the SAML assertion we have created.
EncryptedAssertion encryptedSamlAssertion = new EncryptedAssertion(samlAssertion, encryptingCert, new System.Security.Cryptography.Xml.EncryptionMethod(SamlKeyAlgorithm.TripleDesCbc));
// Add encrypted assertion to the SAML response object.
samlResponse.Assertions.Add(encryptedSamlAssertion);
#else
// Add assertion to the SAML response object.
samlResponse.Assertions.Add(samlAssertion);
#endif
// Get the previously loaded certificate.
X509Certificate2 x509Certificate = (X509Certificate2)Application[Global.CertKeyName];
// Sign the SAML response with the certificate.
samlResponse.Sign(x509Certificate);
// Send the SAML response to the service provider.
samlResponse.SendPostBindingForm(Response.OutputStream, ConsumerServiceUrl, targetUrl);
}
catch (Exception exception)
{
Trace.Write("IdentityProvider", "An Error occurred", exception);
}
}
