Esempio n. 1
0
        // Initiate the SSO by sending an authentication request to the identity provider.
        private void RequestLoginAtIdentityProvider()
        {
            // Create the authentication request.
            XmlElement authnRequestXml = CreateAuthnRequest();

            // Create and cache the relay state so we remember which SP resource the user wishes
            // to access after SSO.
            string spResourceURL = CreateAbsoluteURL(FormsAuthentication.GetRedirectUrl("", false));
            string relayState    = RelayStateCache.Add(new RelayState(spResourceURL, null));

            // Send the authentication request to the identity provider over the selected binding.
            string idpURL = CreateSSOServiceURL();

            switch (spToIdPBindingRadioButtonList.SelectedValue)
            {
            case SAMLIdentifiers.BindingURIs.HTTPRedirect:
                X509Certificate2 x509Certificate = (X509Certificate2)Application[Global.SPX509Certificate];

                ServiceProvider.SendAuthnRequestByHTTPRedirect(Response, idpURL, authnRequestXml, relayState, x509Certificate.PrivateKey);

                break;

            case SAMLIdentifiers.BindingURIs.HTTPPost:
                ServiceProvider.SendAuthnRequestByHTTPPost(Response, idpURL, authnRequestXml, relayState);

                // Don't send this form.
                Response.End();

                break;

            case SAMLIdentifiers.BindingURIs.HTTPArtifact:
                // Create the artifact.
                string            identificationURL = CreateAbsoluteURL("~/");
                HTTPArtifactType4 httpArtifact      = new HTTPArtifactType4(HTTPArtifactType4.CreateSourceId(identificationURL), HTTPArtifactType4.CreateMessageHandle());

                // Cache the authentication request for subsequent sending using the artifact resolution protocol.
                HTTPArtifactState httpArtifactState = new HTTPArtifactState(authnRequestXml, null);
                HTTPArtifactStateCache.Add(httpArtifact, httpArtifactState);

                // Send the artifact.
                ServiceProvider.SendArtifactByHTTPArtifact(Response, idpURL, httpArtifact, relayState, false);
                break;
            }
        }
        // Send the SAML response over the specified binding.
        private void SendSAMLResponse(SAMLResponse samlResponse, SSOState ssoState)
        {
            Trace.Write("IdP", "Sending SAML response");

            // Serialize the SAML response for transmission.
            XmlElement samlResponseXml = samlResponse.ToXml();

            // Sign the SAML response
            X509Certificate2 x509Certificate = (X509Certificate2)Application[Global.IdPX509Certificate];

            SAMLMessageSignature.Generate(samlResponseXml, x509Certificate.PrivateKey, x509Certificate);

            // Send the SAML response to the service provider.
            switch (ssoState.idpProtocolBinding)
            {
            case SAMLIdentifiers.Binding.HTTPPost:
                IdentityProvider.SendSAMLResponseByHTTPPost(Response, ssoState.assertionConsumerServiceURL, samlResponseXml, ssoState.relayState);
                break;

            case SAMLIdentifiers.Binding.HTTPArtifact:
                // Create the artifact.
                string            identificationURL = CreateAbsoluteURL("~/");
                HTTPArtifactType4 httpArtifact      = new HTTPArtifactType4(HTTPArtifactType4.CreateSourceId(identificationURL), HTTPArtifactType4.CreateMessageHandle());

                // Cache the authentication request for subsequent sending using the artifact resolution protocol.
                HTTPArtifactState httpArtifactState = new HTTPArtifactState(samlResponseXml, null);
                HTTPArtifactStateCache.Add(httpArtifact, httpArtifactState);

                // Send the artifact.
                IdentityProvider.SendArtifactByHTTPArtifact(Response, ssoState.assertionConsumerServiceURL, httpArtifact, ssoState.relayState, false);
                break;

            default:
                Trace.Write("IdP", "Invalid identity provider binding");
                break;
            }

            Trace.Write("IdP", "Sent SAML response");
        }