Esempio n. 1
0
        public SamlResponse Deserialize(string spidResponse, string logOutRequestId)
        {
            ResponseType response = new ResponseType();

            try
            {
                string toDeserializeSpidResponse = spidResponse.Replace(":LogoutResponse", ":Response");
                _logger.LogInformation("Deserialize -> deserializing response...");
                _logger.LogDebug("Deserialize -> SAML response: {0}", spidResponse);
                response = XmlHelper.Deserialize <ResponseType>(toDeserializeSpidResponse);
                _traceLogger.LogInformation("LogoutResp_ID: {0}|LogoutResp_IssueInstant: {1}|LogoutResp_Issuer: {2}|LogoutResp_SAML: {3}", response.ID, response.IssueInstant, response.Issuer.Value, spidResponse);

                SamlResponse model = new SamlResponse()
                {
                    Version      = response.Version,
                    Id           = response.ID,
                    SPRequestId  = response.InResponseTo,
                    Issuer       = response.Issuer.Value,
                    ResponseDate = response.IssueInstant
                };

                _logger.LogInformation("Deserialize -> validate response with id {0}...", model.Id);
                bool signatureIsValid = Validate(spidResponse);
                if (!signatureIsValid)
                {
                    _logger.LogWarning("Deserialize -> SAML response is not valid");
                    model.Status = SamlResponseStatus.ValidationError;
                    return(model);
                }
                _logger.LogInformation("Deserialize -> response validated");

                _logger.LogInformation("Deserialize -> mapping status code for response {0}...", model.Id);
                model.Status = _samlResponseStatusMapper.Map(response.Status.StatusCode);
                _logger.LogInformation("Deserialize -> response status code {0}", model.Status);
                if (!model.IsValid)
                {
                    if (!string.IsNullOrEmpty(response.Status.StatusMessage))
                    {
                        model.StatusMessage = _samlResponseStatusMessageMapper.Map(response.Status.StatusMessage);
                    }

                    _logger.LogWarning("Deserialize -> response is wrong", model.Status.ToString());
                    _logger.LogWarning("Deserialize -> request error status code: {0}", model.Status.ToString());
                    _logger.LogWarning("Deserialize -> request error status message: {0}", model.StatusMessage);
                    return(model);
                }

                if (response.InResponseTo != $"_{logOutRequestId}")
                {
                    _logger.LogWarning("Deserialize -> response is not valid. InResponseTo: {0} - LogOutRequest Id: {1}", response.InResponseTo, logOutRequestId);
                    model.Status = SamlResponseStatus.ValidationError;
                    return(model);
                }

                _logger.LogInformation("Deserialize -> SAML response {0} deserialized correctly", model.Id);
                return(model);
            }
            catch (Exception ex)
            {
                _logger.LogError(ex, "Deserialize -> error on deserialize response");
                throw ex;
            }
        }
Esempio n. 2
0
        public SamlResponse Deserialize(string spidResponse, string authnRequestId)
        {
            ResponseType response = new ResponseType();

            try
            {
                _logger.LogInformation("Deserialize -> deserializing response...");
                _logger.LogDebug("Deserialize -> SAML response: {0}", spidResponse);
                response = XmlHelper.Deserialize <ResponseType>(spidResponse);
                _traceLogger.LogInformation("AuthnResp_ID: {0}|AuthnResp_IssueInstant: {1}|AuthnResp_Issuer: {2}|AuthnResp_SAML: {3}", response.ID, response.IssueInstant, response.Issuer, spidResponse);

                SamlResponse model = new SamlResponse()
                {
                    Version      = response.Version,
                    Id           = response.ID,
                    SPRequestId  = response.InResponseTo,
                    Issuer       = response.Issuer.Value,
                    ResponseDate = response.IssueInstant
                };

                _logger.LogInformation("Deserialize -> validate response with id {0}...", model.Id);
                bool signatureIsValid = Validate(spidResponse);
                if (!signatureIsValid)
                {
                    _logger.LogWarning("Deserialize -> SAML response is not valid");
                    model.Status = SamlResponseStatus.ValidationError;
                    return(model);
                }
                _logger.LogInformation("Deserialize -> response validated");

                _logger.LogInformation("Deserialize -> mapping status code for response {0}...", model.Id);
                model.Status = _samlResponseStatusMapper.Map(response.Status.StatusCode);
                _logger.LogInformation("Deserialize -> response status code {0}", model.Status);
                if (!model.IsValid)
                {
                    if (!string.IsNullOrEmpty(response.Status.StatusMessage))
                    {
                        model.StatusMessage = _samlResponseStatusMessageMapper.Map(response.Status.StatusMessage);
                    }

                    _logger.LogWarning("Deserialize -> response is wrong", model.Status.ToString());
                    _logger.LogWarning("Deserialize -> request error status code: {0}", model.Status.ToString());
                    _logger.LogWarning("Deserialize -> request error status message: {0}", model.StatusMessage);
                    return(model);
                }

                if (response.InResponseTo != $"_{authnRequestId}")
                {
                    _logger.LogWarning("Deserialize -> response is not valid. InResponseTo: {0} - AuthnRequest Id: {1}", response.InResponseTo, authnRequestId);
                    model.Status = SamlResponseStatus.ValidationError;
                    return(model);
                }

                _logger.LogInformation("Deserialize -> mapping user informations for response {0}...", model.Id);
                model.User = _samlUserMapper.Map(response);
                _traceLogger.LogInformation("AuthnResp_ID: {0}|AuthnResp_IdpReferenceId: {1}", response.ID, model.User.IdpReferenceId);
                _sessionAuthLogger.LogInformation("Autenticazione effettuata correttamente dall'utente {0} (AuthnResp_ID: {1})", model.User.IdpReferenceId, response.ID);
                _logger.LogInformation("Deserialize -> SAML response {0} deserialized correctly", model.Id);
                return(model);
            }
            catch (Exception ex)
            {
                _logger.LogError(ex, "Deserialize -> error on deserialize response");
                throw ex;
            }
        }