private IActionResult LoginResponse(Saml2Id inResponseTo, Saml2StatusCodes status, string relayState, App app, string sessionIndex = null, IEnumerable <Claim> claims = null)
{
var responseBinding = new Saml2PostBinding();
responseBinding.RelayState = relayState;
var saml2AuthnResponse = new Saml2AuthnResponse(_samlConfig)
{
InResponseTo = inResponseTo,
Status = status,
Destination = app.SingleSignOnDestination
};
if (status == Saml2StatusCodes.Success && claims != null)
{
saml2AuthnResponse.SessionIndex = sessionIndex;
var claimsIdentity = new ClaimsIdentity(claims);
saml2AuthnResponse.NameId = new Saml2NameIdentifier(claimsIdentity.Claims.Where(c => c.Type == ClaimTypes.NameIdentifier).Select(c => c.Value).Single(), NameIdentifierFormats.Persistent);
saml2AuthnResponse.ClaimsIdentity = claimsIdentity;
saml2AuthnResponse.CreateSecurityToken(app.Issuer, subjectConfirmationLifetime: 5, issuedTokenLifetime: 60);
}
return(responseBinding.Bind(saml2AuthnResponse).ToActionResult());
}
public async Task <IActionResult> SingleLogout()
{
var requestBinding = new Saml2PostBinding();
var request = new Saml2LogoutRequest(_configuration);
Saml2StatusCodes status;
try
{
requestBinding.Unbind(Request.ToGenericHttpRequest(), request);
await request.DeleteSession(HttpContext);
status = Saml2StatusCodes.Success;
}
catch (Exception)
{
status = Saml2StatusCodes.RequestDenied;
}
var responseBinding = new Saml2PostBinding();
responseBinding.RelayState = requestBinding.RelayState;
var response = new Saml2LogoutResponse(_configuration)
{
InResponseToAsString = request.IdAsString,
Status = status
};
return(responseBinding.Bind(response)
.ToActionResult());
}
public ActionResult Login(string returnUrl)
{
var binding = new Saml2PostBinding();
binding.SetRelayStateQuery(new Dictionary <string, string> {
{ RelayStateReturnUrl, returnUrl }
});
return(binding.Bind(new Saml2AuthnRequest
{
ForceAuthn = false,
IsPassive = false,
NameIdPolicy =
new NameIdPolicy
{
AllowCreate = true,
Format = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
},
RequestedAuthnContext = new RequestedAuthnContext
{
Comparison = AuthnContextComparisonTypes.Exact,
AuthnContextClassRef =
new[] { AuthnContextClassTypes.PasswordProtectedTransport.OriginalString }
},
Issuer = new EndpointReference(Constants.ConfigSettings.SAServiceProviderEntityId),
Destination = new EndpointAddress(Constants.ConfigSettings.SADestination),
AssertionConsumerServiceUrl =
new EndpointAddress(Constants.ConfigSettings.SAAssertionConsumerServiceUrl),
}).ToActionResult());
}
private IActionResult LoginResponse(Saml2Id inResponseTo, Saml2StatusCodes status, string relayState, RelyingParty relyingParty, string sessionIndex = null, IEnumerable <Claim> claims = null)
{
var responsebinding = new Saml2PostBinding();
responsebinding.RelayState = relayState;
var saml2AuthnResponse = new Saml2AuthnResponse(GetLoginSaml2Config(relyingParty))
{
InResponseTo = inResponseTo,
Status = status,
Destination = relyingParty.SingleSignOnDestination,
};
if (status == Saml2StatusCodes.Success && claims != null)
{
saml2AuthnResponse.SessionIndex = sessionIndex;
var claimsIdentity = new ClaimsIdentity(claims);
saml2AuthnResponse.NameId = new Saml2NameIdentifier(claimsIdentity.Claims.Where(c => c.Type == ClaimTypes.NameIdentifier).Select(c => c.Value).Single(), NameIdentifierFormats.Persistent);
//saml2AuthnResponse.NameId = new Saml2NameIdentifier(claimsIdentity.Claims.Where(c => c.Type == ClaimTypes.NameIdentifier).Select(c => c.Value).Single());
saml2AuthnResponse.ClaimsIdentity = claimsIdentity;
_ = saml2AuthnResponse.CreateSecurityToken(relyingParty.Issuer);
}
return(responsebinding.Bind(saml2AuthnResponse).ToActionResult());
}
public ActionResult SingleLogout()
{
Saml2StatusCodes status;
var requestBinding = new Saml2PostBinding();
var logoutRequest = new Saml2LogoutRequest(config, ClaimsPrincipal.Current);
try
{
requestBinding.Unbind(Request.ToGenericHttpRequest(), logoutRequest);
status = Saml2StatusCodes.Success;
logoutRequest.DeleteSession();
}
catch (Exception exc)
{
// log exception
Debug.WriteLine("SingleLogout error: " + exc.ToString());
status = Saml2StatusCodes.RequestDenied;
}
var responsebinding = new Saml2PostBinding();
responsebinding.RelayState = requestBinding.RelayState;
var saml2LogoutResponse = new Saml2LogoutResponse(config)
{
InResponseToAsString = logoutRequest.IdAsString,
Status = status,
};
return(responsebinding.Bind(saml2LogoutResponse).ToActionResult());
}
public ActionResult Initiate()
{
var serviceProviderRealm = "https://claimstest.mylogbuy.com";
var binding = new Saml2PostBinding();
binding.RelayState = $"RPID={Uri.EscapeDataString(serviceProviderRealm)}";
var config = new Saml2Configuration
{
Issuer = "http://some-domain.com/this-application",
SingleSignOnDestination = new Uri("https://adfs.mylogbuy.com/adfs/ls/"),
SigningCertificate =
CertificateUtil.Load(
HttpContext.Server.MapPath("~/App_Data/itfoxtec.identity.saml2.testwebapp_Certificate.pfx"),
"!QAZ2wsx"),
SignatureAlgorithm = Saml2SecurityAlgorithms.RsaSha256Signature
};
var appliesToAddress = "http://adfs.mylogbuy.com/adfs/services/trust";
var response = new Saml2AuthnResponse(config);
response.Status = Saml2StatusCodes.Success;
var claimsIdentity = new ClaimsIdentity(CreateClaims());
response.NameId = new Saml2NameIdentifier(claimsIdentity.Claims.Where(c => c.Type == ClaimTypes.NameIdentifier).Select(c => c.Value).Single(), NameIdentifierFormats.Persistent);
response.ClaimsIdentity = claimsIdentity;
var token = response.CreateSecurityToken(appliesToAddress);
return(binding.Bind(response).ToActionResult());
}
public IActionResult Initiate()
{
var serviceProviderRealm = "https://some-domain.com/some-service-provider";
var binding = new Saml2PostBinding();
binding.RelayState = $"RPID={Uri.EscapeDataString(serviceProviderRealm)}";
var config = new Saml2Configuration();
config.Issuer = new Uri("http://some-domain.com/this-application");
config.SingleSignOnDestination = new Uri("https://test-adfs.itfoxtec.com/adfs/ls/");
config.SigningCertificate = CertificateUtil.Load(Startup.AppEnvironment.MapToPhysicalFilePath("itfoxtec.identity.saml2.testwebappcore_Certificate.pfx"));
config.SignatureAlgorithm = SecurityAlgorithms.RsaSha256Signature;
var appliesToAddress = new Uri("https://test-adfs.itfoxtec.com/adfs/services/trust");
var response = new Saml2AuthnResponse(config);
response.Status = Saml2StatusCodes.Success;
var claimsIdentity = new ClaimsIdentity(CreateClaims());
response.NameId = new Saml2NameIdentifier(claimsIdentity.Claims.Where(c => c.Type == ClaimTypes.NameIdentifier).Select(c => c.Value).Single(), NameIdentifierFormats.Persistent);
response.ClaimsIdentity = claimsIdentity;
var token = response.CreateSecurityToken(appliesToAddress);
return(binding.Bind(response).ToActionResult());
}
public async Task <IActionResult> SingleLogout()
{
var loginType = await GetSelectedLoginType();
Saml2StatusCodes status;
var requestBinding = new Saml2PostBinding();
var logoutRequest = new Saml2LogoutRequest(saml2Config, User);
try
{
requestBinding.Unbind(Request.ToGenericHttpRequest(), logoutRequest);
status = Saml2StatusCodes.Success;
await idPSelectionCookieRepository.DeleteAsync();
await logoutRequest.DeleteSession(HttpContext);
}
catch (Exception exc)
{
// log exception
Debug.WriteLine("SingleLogout error: " + exc.ToString());
status = Saml2StatusCodes.RequestDenied;
}
var responsebinding = new Saml2PostBinding();
responsebinding.RelayState = requestBinding.RelayState;
var saml2LogoutResponse = new Saml2LogoutResponse(saml2Config)
{
InResponseToAsString = logoutRequest.IdAsString,
Status = status,
};
saml2LogoutResponse.Destination = AddUpParty(saml2LogoutResponse.Destination, loginType);
return(responsebinding.Bind(saml2LogoutResponse).ToActionResult());
}
public async Task <IActionResult> Logout()
{
if (!User.Identity.IsAuthenticated)
{
return(Redirect(Url.Content("~/")));
}
var binding = new Saml2PostBinding();
var saml2LogoutRequest = await new Saml2LogoutRequest(config, User).DeleteSession(HttpContext);
return(binding.Bind(saml2LogoutRequest).ToActionResult());
}
public ActionResult Logout()
{
if (!User.Identity.IsAuthenticated)
{
return(Redirect(Url.Content("~/")));
}
var binding = new Saml2PostBinding();
var logoutRequest = new Saml2LogoutRequest(config, ClaimsPrincipal.Current).DeleteSession();
return(binding.Bind(logoutRequest).ToActionResult());
}
public async Task <IActionResult> LogOut()
{
if (User.Identity.IsAuthenticated)
{
var binding = new Saml2PostBinding();
var request = new Saml2LogoutRequest(_configuration);
await request.DeleteSession(HttpContext);
return(binding.Bind(request)
.ToActionResult());
}
return(Redirect(Url.Action("Index", "Home")));
}
public ActionResult Logout()
{
if (!User.Identity.IsAuthenticated)
{
return(Redirect(Url.Content("~/")));
}
var binding = new Saml2PostBinding();
return(binding.Bind(new Saml2LogoutRequest
{
Issuer = new EndpointReference("http://udv.itfoxtec.com/webapptest"),
Destination = new EndpointAddress("https://udv.itfoxtec.com/adfs/ls/")
}, CertificateUtil.Load("~/App_Data/webapptest_certificate.pfx")).ToActionResult());
}
private IActionResult LogoutResponse(Saml2Id inResponseTo, Saml2StatusCodes status, string relayState, string sessionIndex, RelyingParty relyingParty)
{
var responsebinding = new Saml2PostBinding();
responsebinding.RelayState = relayState;
var saml2LogoutResponse = new Saml2LogoutResponse(saml2Config)
{
InResponseTo = inResponseTo,
Status = status,
Destination = relyingParty.SingleLogoutResponseDestination,
SessionIndex = sessionIndex
};
return(responsebinding.Bind(saml2LogoutResponse).ToActionResult());
}
public async Task <IActionResult> SingleLogout()
{
var session = await idPSessionCookieRepository.GetAsync();
var relyingParty = ValidateRelyingParty(session.RelyingPartyIssuer);
var binding = new Saml2PostBinding();
var saml2LogoutRequest = new Saml2LogoutRequest(saml2Config, User)
{
Destination = relyingParty.SingleLogoutDestination
};
await idPSessionCookieRepository.DeleteAsync();
return(binding.Bind(saml2LogoutRequest).ToActionResult());
}
public ActionResult Logout()
{
if (!User.Identity.IsAuthenticated)
{
return(RedirectToAction("Index"));
}
var logoutRequest = new Saml2LogoutRequest
{
Issuer = new EndpointReference(Configuration.ISSUER),
Destination = new EndpointAddress(Configuration.CFS_ENDPOINT)
};
var binding = new Saml2PostBinding();
return(binding.Bind(logoutRequest).ToActionResult());
}
public ActionResult Initiate()
{
var serviceProviderRealm = "https://webapptest.somedomain.com";
var binding = new Saml2PostBinding();
binding.RelayState = string.Format("{0}={1}", "RPID", HttpUtility.UrlEncode(serviceProviderRealm));
var response = new Saml2IdPInitiatedAuthnResponse
{
Issuer = new EndpointReference("http://udv.itfoxtec.com/webapptest"),
Destination = new EndpointAddress("https://udv.itfoxtec.com/adfs/ls/"),
};
response.ClaimsIdentity = new ClaimsIdentity(CreateClaims());
response.CreateSecurityToken(CertificateUtil.Load("~/App_Data/webapptest_certificate.pfx"));
return(binding.Bind(response).ToActionResult());
}
public async Task <IActionResult> Logout()
{
if (!User.Identity.IsAuthenticated)
{
return(Redirect(Url.Content("~/")));
}
var binding = new Saml2PostBinding();
var saml2LogoutRequest = new Saml2LogoutRequest(saml2Config, User);
var loginType = await GetSelectedLoginType();
saml2LogoutRequest.Destination = AddUpParty(saml2LogoutRequest.Destination, loginType);
await idPSelectionCookieRepository.DeleteAsync();
await saml2LogoutRequest.DeleteSession(HttpContext);
return(binding.Bind(saml2LogoutRequest).ToActionResult());
}
public ActionResult InitiateLogin(User user)
{
var serviceProviderRealm = ConfigurationManager.AppSettings["serviceProviderRealm"];
var binding = new Saml2PostBinding();
binding.RelayState = $"RPID={Uri.EscapeDataString(serviceProviderRealm)}";
var config = new Saml2Configuration();
config.Issuer = new Uri(ConfigurationManager.AppSettings["issuer"]);
config.SingleSignOnDestination = new Uri(ConfigurationManager.AppSettings["SingleSignOnDestination"]);
//config.SigningCertificate = CertificateUtil.Load(HttpContext.Server.MapPath("~/App_Data/LnT.sso.saml2.testwebapp_Certificate.pfx"));
//config.SignatureAlgorithm = SecurityAlgorithms.RsaSha256Signature;
var entityDescriptor = new EntityDescriptor();
string metadataPath = System.Web.HttpContext.Current.Server.MapPath(ConfigurationManager.AppSettings["metadataPath"]);
entityDescriptor.ReadIdPSsoDescriptorFromFile(metadataPath);
if (entityDescriptor.IdPSsoDescriptor != null)
{
config.SignatureValidationCertificates.AddRange(entityDescriptor.IdPSsoDescriptor.SigningCertificates);
}
var appliesToAddress = new Uri(ConfigurationManager.AppSettings["appliesToAddress"]);
var response = new Saml2AuthnResponse(config);
response.Status = Saml2StatusCodes.Success;
var claimsIdentity = new ClaimsIdentity(CreateClaims());
response.NameId = new Saml2NameIdentifier(claimsIdentity.Claims.Where(c => c.Type == ClaimTypes.NameIdentifier).Select(c => c.Value).Single(), NameIdentifierFormats.Persistent);
response.ClaimsIdentity = claimsIdentity;
var token = response.CreateSecurityToken(appliesToAddress);
return(binding.Bind(response).ToActionResult());
}