public static string GetSamlBase64StringToGetToken(SSOLoginData ssoLoginData)
{
var xmlDoc = GetSamlXmlDocToGetToken(ssoLoginData);
EncryptAssertionInDoc(xmlDoc);
return(GetBase64String(xmlDoc));
}
private static XmlDocument GetDoc(SSOLoginData ssoLoginData)
{
var id = "_" + Guid.NewGuid().ToString().Replace("-", "");
var xmlDoc = new XmlDocument();
var response = xmlDoc.CreateElement("samlp", "Response", SAML2_Protocol);
response.SetAttribute("ID", id);
response.SetAttribute("Version", "2.0");
response.SetAttribute("IssueInstant", DateTime.UtcNow.ToString(DateTimeFormat));
response.SetAttribute("Destination", "https://dev.axco.co.uk/Axco.sso/saml2/v1/signin/AssurexGlobal");
var docIssuer = xmlDoc.CreateElement("saml", "Issuer", SAML2_Assertion);
docIssuer.InnerText = "Assurex Global Test System";
response.AppendChild(docIssuer);
var status = xmlDoc.CreateElement("samlp", "Status");
var statuscode = xmlDoc.CreateElement("samlp", "StatusCode");
statuscode.SetAttribute("Value", SAML2_Success);
status.AppendChild(statuscode);
response.AppendChild(status);
var xmlAssertion = GetAssertion(xmlDoc, ssoLoginData);
response.AppendChild(xmlAssertion);
xmlDoc.AppendChild(response);
xmlDoc.DocumentElement.AppendChild(GetSignature(xmlDoc, id));
return xmlDoc;
}
private static XmlNode GetAssertion(XmlDocument xmlDoc, SSOLoginData ssoLoginData)
{
if (File.Exists(certPath))
{
var assertion = new Saml2Assertion(new Saml2NameIdentifier("Assurex Global Test System"));
assertion.Subject = new Saml2Subject(new Saml2NameIdentifier("*****@*****.**"));
assertion.Subject.SubjectConfirmations.Add(new Saml2SubjectConfirmation(new Uri(SAML2_Bearer))
{ SubjectConfirmationData = new Saml2SubjectConfirmationData() { Recipient = new Uri(recepient) } });
assertion.Statements.Add(new Saml2AuthenticationStatement(new Saml2AuthenticationContext(new Uri(SAML2_Password))));
List<Saml2Attribute> attributes = new List<Saml2Attribute>()
{
GetAttribute("UserName", ssoLoginData.Email),
GetAttribute("FirstName", ssoLoginData.FirstName),
GetAttribute("LastName", ssoLoginData.LastName),
GetAttribute("Country", ssoLoginData.Country),
GetAttribute("City", ssoLoginData.City),
GetAttribute("Department", ssoLoginData.Department),
GetAttribute("PhoneNumber", ssoLoginData.PhoneNumber),
GetAttribute("GroupMembership", ssoLoginData.GroupMembership),
GetAttribute("ErrorUrl", ssoLoginData.ErrorUrl),
};
assertion.Statements.Add(new Saml2AttributeStatement(attributes));
var samlAssertion = assertion;
var serializer = new Saml2Serializer();
var sb = new StringBuilder();
var settings = new XmlWriterSettings();
using (var writer = XmlWriter.Create(sb, settings))
{
serializer.WriteSaml2Assertion(writer, samlAssertion);
}
var samlXmlDoc = new XmlDocument();
samlXmlDoc.LoadXml(sb.ToString());
var xmlAssertion = xmlDoc.ImportNode(samlXmlDoc.DocumentElement, true);
return xmlAssertion;
}
else
{
throw new Exception($"Unable to find Certificate. Path: {certPath}");
}
}
private static XmlDocument GetSamlXmlDocToGetToken(SSOLoginData ssoLoginData)
{
var xmlDoc = new XmlDocument();
var requestId = Guid.NewGuid().ToString();
var elemReq = CreateRequestNode(xmlDoc, requestId);
xmlDoc.AppendChild(elemReq);
var samlAssertion = CreateSamlAssertionsForTokenRequest(requestId, ssoLoginData);
AppendSamlAssertion(xmlDoc, elemReq, samlAssertion);
return(xmlDoc);
}
private static Saml2Assertion CreateSamlAssertionsForTokenRequest(string requestId, SSOLoginData ssoLoginData)
{
if (!File.Exists(certPath))
{
throw new Exception($"Unable to find Certificate. Path: {certPath}");
}
var assertion = new Saml2Assertion(new Saml2NameIdentifier("SSO"));
assertion.Subject = new Saml2Subject(new Saml2NameIdentifier($"SalesRadixAuthenticationRequest : {requestId}"));
assertion.Conditions = new Saml2Conditions()
{
NotBefore = DateTime.Now.AddSeconds(-30),
NotOnOrAfter = DateTime.Now.AddSeconds(30),
};
var statement = new Saml2AttributeStatement();
AddAttributeToStatement("FirstName", ssoLoginData.FirstName, statement);
AddAttributeToStatement("LastName", ssoLoginData.LastName, statement);
AddAttributeToStatement("Email", ssoLoginData.Email, statement);
//AddAttributeToStatement("AdditionalEmail1", ssoLoginData.AdditionalEmail1, statement);
//AddAttributeToStatement("AdditionalEmail2", ssoLoginData.AdditionalEmail2, statement);
//AddAttributeToStatement("RoleId", ssoLoginData.RoleId.ToString(), statement);
//AddAttributeToStatement("GlobalUserId", ssoLoginData.GlobalUserId.ToString(), statement);
//AddAttributeToStatement("ManagerGlobalId", ssoLoginData.ManagerGlobalUserId.ToString(), statement);
assertion.Statements.Add(statement);
var x509 = new X509Certificate2();
x509.Import(certPath, certPwd, X509KeyStorageFlags.MachineKeySet);
var clientSigningCreds = new X509SigningCredentials(x509);
assertion.SigningCredentials = clientSigningCreds;
return(assertion);
}
public static string GetSamlBase64StringToGetToken(SSOLoginData ssoLoginData)
{
var xmlDoc = GetDoc(ssoLoginData);
return GetBase64String(xmlDoc);
}
