/// <summary>
/// Signs the SAML request.
/// </summary>
/// <param name="authRequest">The authentication request.</param>
/// <returns>Signed Xml.</returns>
public string SignSamlRequest(Saml2AuthenticationSecondFactorRequest authRequest)
{
var xmlDoc = XmlHelpers.XmlDocumentFromString(authRequest.ToXml());
xmlDoc.Sign(this.signingCertificate, true, this.sigAlgoritm);
var xml = xmlDoc.OuterXml;
var encodedXml = Convert.ToBase64String(Encoding.UTF8.GetBytes(xml));
return(encodedXml);
}
/// <summary>
/// Creates the SAML authentication request with the correct name identifier.
/// </summary>
/// <param name="identityClaim">The identity claim.</param>
/// <param name="authnRequestId">The AuthnRequest identifier.</param>
/// <param name="ascUri">The asc URI.</param>
/// <returns>The authentication request.</returns>
public static Saml2AuthenticationSecondFactorRequest CreateAuthnRequest(Claim identityClaim, string authnRequestId, Uri ascUri)
{
var serviceproviderConfiguration = Kentor.AuthServices.Configuration.Options.FromConfiguration;
Log.DebugFormat("Creating AuthnRequest for identity '{0}'", identityClaim.Value);
var nameIdentifier = new Saml2NameIdentifier(GetNameId(identityClaim), new Uri("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"));
var authnRequest = new Saml2AuthenticationSecondFactorRequest
{
DestinationUrl = Settings.Default.SecondFactorEndpoint,
AssertionConsumerServiceUrl = ascUri,
Issuer = serviceproviderConfiguration.SPOptions.EntityId,
RequestedAuthnContext = new Saml2RequestedAuthnContext(Settings.Default.MinimalLoa, AuthnContextComparisonType.Exact),
Subject = new Saml2Subject(nameIdentifier),
};
authnRequest.SetId(authnRequestId);
Log.InfoFormat("Created AuthnRequest for '{0}' with id '{1}'", identityClaim.Value, authnRequest.Id.Value);
return(authnRequest);
}
