[ExcludeFromCodeCoverage] // Just a wrapper o keep backward compatibility
public Saml2Response(XmlElement xml, Saml2Id expectedInResponseTo) : this(xml, expectedInResponseTo, null)
{
}
/// <summary>
/// Read the supplied Xml and parse it into a response.
/// </summary>
/// <param name="xml">xml data.</param>
/// <param name="expectedInResponseTo">The expected value of the
/// InReplyTo parameter in the message.</param>
/// <param name="options">Service provider settings used when validating Saml response</param>
/// <returns>Saml2Response</returns>
/// <exception cref="XmlException">On xml errors or unexpected xml structure.</exception>
public static Saml2Response Read(string xml, Saml2Id expectedInResponseTo, IOptions options)
{
var x = XmlHelpers.XmlDocumentFromString(xml);
return(new Saml2Response(x.DocumentElement, expectedInResponseTo, options));
}
/// <summary>
/// Creates a Saml2Assertion from a ClaimsIdentity.
/// </summary>
/// <param name="identity">Claims to include in Assertion.</param>
/// <param name="issuer">Issuer to include in assertion.</param>
/// <param name="audience">Audience to set as audience restriction.</param>
/// <param name="inResponseTo">In response to id</param>
/// <param name="destinationUri">The destination Uri for the message</param>
/// <returns>Saml2Assertion</returns>
/// <exception cref="ArgumentNullException"></exception>
public static Saml2Assertion ToSaml2Assertion(
this ClaimsIdentity identity,
EntityId issuer,
Uri audience,
Saml2Id inResponseTo,
Uri destinationUri)
{
if (identity == null)
{
throw new ArgumentNullException(nameof(identity));
}
if (issuer == null)
{
throw new ArgumentNullException(nameof(issuer));
}
var assertion = new Saml2Assertion(new Saml2NameIdentifier(issuer.Id));
assertion.Statements.Add(
new Saml2AuthenticationStatement(
new Saml2AuthenticationContext(
new Uri("urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified")))
{
SessionIndex = identity.Claims.SingleOrDefault(
c => c.Type == AuthServicesClaimTypes.SessionIndex)?.Value
});
var attributeClaims = identity.Claims.Where(
c => c.Type != ClaimTypes.NameIdentifier &&
c.Type != AuthServicesClaimTypes.SessionIndex).GroupBy(c => c.Type)
.ToArray();
if (attributeClaims.Any())
{
assertion.Statements.Add(
new Saml2AttributeStatement(
attributeClaims.Select(
ac => new Saml2Attribute(ac.Key, ac.Select(c => c.Value)))));
}
var notOnOrAfter = DateTime.UtcNow.AddMinutes(2);
assertion.Subject = new Saml2Subject(identity.ToSaml2NameIdentifier())
{
SubjectConfirmations =
{
new Saml2SubjectConfirmation(
new Uri("urn:oasis:names:tc:SAML:2.0:cm:bearer"),
new Saml2SubjectConfirmationData
{
NotOnOrAfter = notOnOrAfter,
InResponseTo = inResponseTo,
Recipient = destinationUri
})
}
};
assertion.Conditions = new Saml2Conditions()
{
NotOnOrAfter = notOnOrAfter
};
if (audience != null)
{
assertion.Conditions.AudienceRestrictions.Add(
new Saml2AudienceRestriction(audience));
}
return(assertion);
}
/// <summary>
/// Read the supplied Xml and parse it into a response.
/// </summary>
/// <param name="xml">xml data.</param>
/// <param name="expectedInResponseTo">The expected value of the
/// InReplyTo parameter in the message.</param>
/// <returns>Saml2Response</returns>
/// <exception cref="XmlException">On xml errors or unexpected xml structure.</exception>
public static Saml2Response Read(string xml, Saml2Id expectedInResponseTo)
{
return(Read(xml, expectedInResponseTo, null));
}
public Saml2AuthRequest()
{
Id = new Saml2Id("id" + Guid.NewGuid().ToString("N"));
}