private void CreateSAMLResponse()
{
IDProvider config = IDProvider.GetConfig();
SAMLResponse.ID = SAMLUtility.GenerateID();
SAMLResponse.Version = SAMLUtility.VERSION;
SAMLResponse.IssueInstant = DateTime.UtcNow.AddMinutes(10);
SAMLResponse.InResponseTo = SAMLRequest.ID;
SAMLResponse.Issuer = new NameIDType();
SAMLResponse.Issuer.Value = config.id;
SAMLResponse.Status = new StatusType();
SAMLResponse.Status.StatusCode = new StatusCodeType();
// Atualiza Cookie de sistemas autenticados e configura Status
HttpCookie cookie = this.Context.Request.Cookies["SistemasLogged"];
if (cookie != null)
{
// Carrega a Entidade SYS_Sistema apartir do caminho de logout
SYS_Sistema entitySistema = new SYS_Sistema {
sis_caminhoLogout = ((NameIDType)SAMLRequest.Item).Value
};
if (SYS_SistemaBO.GetSelectBy_sis_caminho(entitySistema, SYS_SistemaBO.TypePath.logout))
{
// Remove o sistema do Cookie
cookie.Values.Remove(entitySistema.sis_id.ToString());
// Atualiza dados do Cookie
this.Context.Response.Cookies.Set(cookie);
if (!cookie.Values.AllKeys.Contains(entitySistema.sis_id.ToString()))
{
SAMLResponse.Status.StatusCode.Value = SAMLUtility.StatusCodes.Success;
SAMLResponse.Status.StatusMessage = "A solicitação foi realizada com sucesso.";
}
else
{
SAMLResponse.Status.StatusCode.Value = SAMLUtility.StatusCodes.RequestDenied;
SAMLResponse.Status.StatusMessage = "Não foi possível atender a solicitação, o sistema emissor da requisição não está autenticado.";
}
}
else
{
SAMLResponse.Status.StatusCode.Value = SAMLUtility.StatusCodes.RequestDenied;
SAMLResponse.Status.StatusMessage = "Não foi possível atender a solicitação, sistema emissor da requisição não está cadastrado corretamente.";;
}
}
else
{
SAMLResponse.Status.StatusCode.Value = SAMLUtility.StatusCodes.RequestDenied;
SAMLResponse.Status.StatusMessage = "Não foi possível atender a solicitação.";
}
HttpPostBinding binding = new HttpPostBinding(SAMLResponse, HttpUtility.UrlDecode(this.Context.Request[HttpBindingConstants.RelayState]));
binding.SendResponse(this.Context, HttpUtility.UrlDecode(this.Context.Request[HttpBindingConstants.RelayState]), SAMLTypeSSO.logout);
}
private void CreateSAMLResponse()
{
FormsIdentity id = null;
if (HttpContext.Current.User != null)
{
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
if (HttpContext.Current.User.Identity is FormsIdentity)
{
id = (FormsIdentity)HttpContext.Current.User.Identity;
}
}
}
DateTime notBefore = (id != null ? id.Ticket.IssueDate.ToUniversalTime() : DateTime.UtcNow);
DateTime notOnOrAfter = (id != null ? id.Ticket.Expiration.ToUniversalTime() : DateTime.UtcNow.AddMinutes(30));
IDProvider config = IDProvider.GetConfig();
SAMLResponse.Status = new StatusType();
SAMLResponse.Status.StatusCode = new StatusCodeType();
SAMLResponse.Status.StatusCode.Value = SAMLUtility.StatusCodes.Success;
AssertionType assert = new AssertionType();
assert.ID = SAMLUtility.GenerateID();
assert.IssueInstant = DateTime.UtcNow.AddMinutes(10);
assert.Issuer = new NameIDType();
assert.Issuer.Value = config.id;
SubjectConfirmationType subjectConfirmation = new SubjectConfirmationType();
subjectConfirmation.Method = "urn:oasis:names:tc:SAML:2.0:cm:bearer";
subjectConfirmation.SubjectConfirmationData = new SubjectConfirmationDataType();
subjectConfirmation.SubjectConfirmationData.Recipient = SAMLRequest.Issuer;
subjectConfirmation.SubjectConfirmationData.InResponseTo = SAMLRequest.Request.ID;
subjectConfirmation.SubjectConfirmationData.NotOnOrAfter = notOnOrAfter;
NameIDType nameID = new NameIDType();
nameID.Format = SAMLUtility.NameIdentifierFormats.Transient;
nameID.Value = (id != null ? id.Name : UtilBO.FormatNameFormsAuthentication(this.__SessionWEB.__UsuarioWEB.Usuario));
assert.Subject = new SubjectType();
assert.Subject.Items = new object[] { subjectConfirmation, nameID };
assert.Conditions = new ConditionsType();
assert.Conditions.NotBefore = notBefore;
assert.Conditions.NotOnOrAfter = notOnOrAfter;
assert.Conditions.NotBeforeSpecified = true;
assert.Conditions.NotOnOrAfterSpecified = true;
AudienceRestrictionType audienceRestriction = new AudienceRestrictionType();
audienceRestriction.Audience = new string[] { SAMLRequest.Issuer };
assert.Conditions.Items = new ConditionAbstractType[] { audienceRestriction };
AuthnStatementType authnStatement = new AuthnStatementType();
authnStatement.AuthnInstant = DateTime.UtcNow;
authnStatement.SessionIndex = SAMLUtility.GenerateID();
authnStatement.AuthnContext = new AuthnContextType();
authnStatement.AuthnContext.Items =
new object[] { "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" };
authnStatement.AuthnContext.ItemsElementName =
new ItemsChoiceType5[] { ItemsChoiceType5.AuthnContextClassRef };
StatementAbstractType[] statementAbstract = new StatementAbstractType[] { authnStatement };
assert.Items = statementAbstract;
SAMLResponse.Items = new object[] { assert };
string xmlResponse = SAMLUtility.SerializeToXmlString(SAMLResponse);
XmlDocument doc = new XmlDocument();
doc.LoadXml(xmlResponse);
XmlSignatureUtils.SignDocument(doc, assert.ID);
SAMLResponse = SAMLUtility.DeserializeFromXmlString <ResponseType>(doc.InnerXml);
HttpPostBinding binding = new HttpPostBinding(SAMLResponse, HttpUtility.UrlDecode(Request[HttpBindingConstants.RelayState]));
binding.SendResponse(this.Context, HttpUtility.UrlDecode(SAMLRequest.AssertionConsumerServiceURL), SAMLTypeSSO.signon);
}
/// <summary>
/// Retorna um XmlElement contendo informações do Saml
/// </summary>
/// <returns></returns>
private XmlElement GetElementSAML(bool full)
{
// Cria elemento SAML
XmlElement xmlElementSAML = xml.CreateElement("Saml");
xmlElementSAML.SetAttribute("type", "Identity Provider");
xmlElementSAML.SetAttribute("version", SAMLUtility.VERSION);
// Cria elemento IDProvider
string statusIDProvider = string.Empty;
XmlElement xmlElementIDProvider = xml.CreateElement("IDProvider");
xmlElementSAML.AppendChild(xmlElementIDProvider);
try
{
IDProvider config = IDProvider.GetConfig();
if (config != null)
{
xmlElementIDProvider.SetAttribute("id", config.id);
statusIDProvider = StatusBO.Success;
}
else
{
statusIDProvider = "Não foi possível encontrar as configurações.";
}
}
catch (Exception ex)
{
statusIDProvider = ex.Message;
}
xmlElementIDProvider.SetAttribute("status", statusIDProvider);
if (full)
{
// Cria elemento Logged
string statusLogged = string.Empty;
XmlElement xmlElementLogged = xml.CreateElement("Logged");
xmlElementSAML.AppendChild(xmlElementLogged);
try
{
HttpCookie cookie = Context.Request.Cookies["SistemasLogged"];
xmlElementLogged.SetAttribute("count", (cookie == null ? "0" : cookie.Values.AllKeys.Count(p => p != null).ToString()));
if (cookie != null)
{
foreach (String str in cookie.Values.AllKeys.Where(p => p != null))
{
XmlElement xmlElement = xml.CreateElement("Application");
xmlElementLogged.AppendChild(xmlElement);
xmlElement.SetAttribute("name", cookie.Values[str]);
}
}
statusLogged = StatusBO.Success;
}
catch (Exception ex)
{
statusLogged = ex.Message;
}
xmlElementLogged.SetAttribute("status", statusLogged);
// Cria elemento Path
XmlElement xmlElementPath = xml.CreateElement("Path");
xmlElementSAML.AppendChild(xmlElementPath);
try
{
IList <Autenticador.Entities.SYS_Sistema> list = SYS_SistemaBO.GetSelectBy_usu_id(__SessionWEB.__UsuarioWEB.Usuario.usu_id);
Autenticador.Entities.SYS_Sistema entityCoreSSO = list.Where(p => p.sis_id == ApplicationWEB.SistemaID).First();
list.Remove(entityCoreSSO);
foreach (Autenticador.Entities.SYS_Sistema entitySistema in list)
{
string status = string.Empty;
XmlElement xmlElement = xml.CreateElement("Application");
xmlElementPath.AppendChild(xmlElement);
xmlElement.SetAttribute("name", entitySistema.sis_nome);
xmlElement.SetAttribute("login", entitySistema.sis_caminho);
xmlElement.SetAttribute("logout", entitySistema.sis_caminhoLogout);
// Validação url de login
if (string.IsNullOrEmpty(entitySistema.sis_caminho))
{
status += "Url de login inválida.";
}
else if (entitySistema.sis_caminho.Contains(entityCoreSSO.sis_caminho))
{
status += "A url de login contém um valor possivelmente inválido, que pode entrar em loop ao redirecionar.";
}
// Validação url de logout
if (string.IsNullOrEmpty(entitySistema.sis_caminhoLogout))
{
status += "Url de logout inválida.";
}
else if (entitySistema.sis_caminhoLogout.Contains(entityCoreSSO.sis_caminhoLogout))
{
status += "A url de logout contém um valor possivelmente inválido, que pode entrar em loop ao redirecionar.";
}
if (string.IsNullOrEmpty(status))
{
status = StatusBO.Success;
}
xmlElement.SetAttribute("status", status);
}
}
catch (Exception ex)
{
xmlElementPath.SetAttribute("error", ex.Message);
}
}
return(xmlElementSAML);
}