Esempio n. 1
0
        public void WriteXmlValid()
        {
            SamlAssertion a       = new SamlAssertion();
            SamlSubject   subject = new SamlSubject(
                SamlConstants.UserNameNamespace,
                "urn:myqualifier",
                "myname");
            SamlAttribute          attr      = new SamlAttribute(Claim.CreateNameClaim("myname"));
            SamlAttributeStatement statement =
                new SamlAttributeStatement(subject, new SamlAttribute [] { attr });

            a.Advice = new SamlAdvice(new string [] { "urn:testadvice1" });
            DateTime notBefore  = DateTime.SpecifyKind(new DateTime(2000, 1, 1), DateTimeKind.Utc);
            DateTime notOnAfter = DateTime.SpecifyKind(new DateTime(2006, 1, 1), DateTimeKind.Utc);

            a.Conditions = new SamlConditions(notBefore, notOnAfter);
            a.Statements.Add(statement);
            a.Issuer = "my_hero";
            StringWriter sw      = new StringWriter();
            string       id      = a.AssertionId;
            DateTime     instant = a.IssueInstant;

            using (XmlDictionaryWriter dw = CreateWriter(sw)) {
                a.WriteXml(dw, new SamlSerializer(), null);
            }
            string expected = String.Format("<?xml version=\"1.0\" encoding=\"utf-16\"?><saml:Assertion MajorVersion=\"1\" MinorVersion=\"1\" AssertionID=\"{0}\" Issuer=\"my_hero\" IssueInstant=\"{1}\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\"><saml:Conditions NotBefore=\"{3}\" NotOnOrAfter=\"{4}\" /><saml:Advice><saml:AssertionIDReference>urn:testadvice1</saml:AssertionIDReference></saml:Advice><saml:AttributeStatement><saml:Subject><saml:NameIdentifier Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName\" NameQualifier=\"urn:myqualifier\">myname</saml:NameIdentifier></saml:Subject><saml:Attribute AttributeName=\"name\" AttributeNamespace=\"{2}\"><saml:AttributeValue>myname</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion>",
                                            id,
                                            instant.ToString("yyyy-MM-ddTHH:mm:ss.fff'Z'", CultureInfo.InvariantCulture),
                                            "http://schemas.xmlsoap.org/ws/2005/05/identity/claims",
                                            notBefore.ToString("yyyy-MM-ddTHH:mm:ss.fff'Z'", CultureInfo.InvariantCulture),
                                            notOnAfter.ToString("yyyy-MM-ddTHH:mm:ss.fff'Z'", CultureInfo.InvariantCulture));

            Assert.AreEqual(expected, sw.ToString());
        }
Esempio n. 2
0
        /// <summary>
        /// Creates a SAML Token with the input parameters
        /// </summary>
        /// <param name="stsName">Name of the STS issuing the SAML Token</param>
        /// <param name="proofToken">Associated Proof Token</param>
        /// <param name="issuerToken">Associated Issuer Token</param>
        /// <param name="proofKeyEncryptionToken">Token to encrypt the proof key with</param>
        /// <param name="samlConditions">The Saml Conditions to be used in the construction of the SAML Token</param>
        /// <param name="samlAttributes">The Saml Attributes to be used in the construction of the SAML Token</param>
        /// <returns>A SAML Token</returns>
        public static SamlSecurityToken CreateSamlToken(string stsName,
                                                        BinarySecretSecurityToken proofToken,
                                                        SecurityToken issuerToken,
                                                        SecurityToken proofKeyEncryptionToken,
                                                        SamlConditions samlConditions,
                                                        IEnumerable <SamlAttribute> samlAttributes)
        {
            // Create a security token reference to the issuer certificate
            SecurityKeyIdentifierClause skic = issuerToken.CreateKeyIdentifierClause <X509ThumbprintKeyIdentifierClause>();
            SecurityKeyIdentifier       issuerKeyIdentifier = new SecurityKeyIdentifier(skic);

            // Create an encrypted key clause containing the encrypted proof key
            byte[] wrappedKey = proofKeyEncryptionToken.SecurityKeys[0].EncryptKey(SecurityAlgorithms.RsaOaepKeyWrap, proofToken.GetKeyBytes());
            SecurityKeyIdentifierClause  encryptingTokenClause = proofKeyEncryptionToken.CreateKeyIdentifierClause <X509ThumbprintKeyIdentifierClause>();
            EncryptedKeyIdentifierClause encryptedKeyClause    = new EncryptedKeyIdentifierClause(wrappedKey, SecurityAlgorithms.RsaOaepKeyWrap, new SecurityKeyIdentifier(encryptingTokenClause));
            SecurityKeyIdentifier        proofKeyIdentifier    = new SecurityKeyIdentifier(encryptedKeyClause);

            // Create a comfirmationMethod for HolderOfKey
            List <string> confirmationMethods = new List <string>(1);

            confirmationMethods.Add(SamlConstants.HolderOfKey);

            // Create a SamlSubject with proof key and confirmation method from above
            SamlSubject samlSubject = new SamlSubject(null,
                                                      null,
                                                      null,
                                                      confirmationMethods,
                                                      null,
                                                      proofKeyIdentifier);

            // Create a SamlAttributeStatement from the passed in SamlAttribute collection and the SamlSubject from above
            SamlAttributeStatement samlAttributeStatement = new SamlAttributeStatement(samlSubject, samlAttributes);

            // Put the SamlAttributeStatement into a list of SamlStatements
            List <SamlStatement> samlSubjectStatements = new List <SamlStatement>();

            samlSubjectStatements.Add(samlAttributeStatement);

            // Create a SigningCredentials instance from the key associated with the issuerToken.
            SigningCredentials signingCredentials = new SigningCredentials(issuerToken.SecurityKeys[0],
                                                                           SecurityAlgorithms.RsaSha1Signature,
                                                                           SecurityAlgorithms.Sha1Digest,
                                                                           issuerKeyIdentifier);

            // Create a SamlAssertion from the list of SamlStatements created above and the passed in
            // SamlConditions.
            SamlAssertion samlAssertion = new SamlAssertion("_" + Guid.NewGuid().ToString(),
                                                            stsName,
                                                            DateTime.UtcNow,
                                                            samlConditions,
                                                            new SamlAdvice(),
                                                            samlSubjectStatements
                                                            );

            // Set the SigningCredentials for the SamlAssertion
            samlAssertion.SigningCredentials = signingCredentials;

            // Create a SamlSecurityToken from the SamlAssertion and return it
            return(new SamlSecurityToken(samlAssertion));
        }
Esempio n. 3
0
        static void Main(string[] args)
        {
            // Here we create some SAML assertion with ID and Issuer name.
            SamlAssertion assertion = new SamlAssertion();

            assertion.AssertionId = "AssertionID";
            assertion.Issuer      = "ISSUER";
            // Create some SAML subject.
            SamlSubject samlSubject = new SamlSubject();

            samlSubject.Name = "My Subject";

            //
            // Create one SAML attribute with few values.
            SamlAttribute attr = new SamlAttribute();

            attr.Namespace = "http://daenet.eu/saml";
            attr.AttributeValues.Add("Some Value 1");
            //attr.AttributeValues.Add("Some Value 2");

            attr.Name = "My ATTR Value";

            //
            // Now create the SAML statement containing one attribute and one subject.
            SamlAttributeStatement samlAttributeStatement = new SamlAttributeStatement();

            samlAttributeStatement.Attributes.Add(attr);
            samlAttributeStatement.SamlSubject = samlSubject;

            // Append the statement to the SAML assertion.
            assertion.Statements.Add(samlAttributeStatement);
        }
        private static void Serialize(SamlAssertion samlAssertion, XmlDocument document, XmlNode root)
        {
            if (samlAssertion == null)
            {
                throw new ArgumentNullException(nameof(samlAssertion));
            }

            if (document == null)
            {
                throw new ArgumentNullException(nameof(document));
            }

            if (root == null)
            {
                throw new ArgumentNullException(nameof(root));
            }

            var assertionNode = document.CreateElement(Constants.XmlPrefixes.Saml, Constants.XmlRootNames.SamlAssertion, Constants.XmlNamespaces.Saml);

            assertionNode.SetAttribute($"xmlns:{Constants.XmlPrefixes.Ns4}", Constants.XmlNamespaces.Ns4);
            assertionNode.SetAttribute(Constants.XmlAttributeNames.SamlAssertionId, samlAssertion.AssertionId);
            assertionNode.SetAttribute(Constants.XmlAttributeNames.SamlIssueInstant, ConvertToCurrentTime(samlAssertion.IssueInstant));
            assertionNode.SetAttribute(Constants.XmlAttributeNames.SamlIssuer, samlAssertion.Issuer);
            assertionNode.SetAttribute(Constants.XmlAttributeNames.SamlMajorVersion, samlAssertion.MajorVersion.ToString());
            assertionNode.SetAttribute(Constants.XmlAttributeNames.SamlMinorVersion, samlAssertion.MinorVersion.ToString());
            Serialize(samlAssertion.Conditions, document, assertionNode);
            Serialize(samlAssertion.AttributeStatement, document, assertionNode);
            root.AppendChild(assertionNode);
        }
 /// <summary>
 /// Copy constructor
 /// </summary>
 /// <param name="other">The SamlClientCredentials to create a copy of</param>
 protected SamlClientCredentials(SamlClientCredentials other) : base(other)
 {
     // Just do reference copy given sample nature
     this.assertion  = other.assertion;
     this.claims     = other.claims;
     this.proofToken = other.proofToken;
 }
Esempio n. 6
0
        SamlSecurityToken GetSamlToken()
        {
            SamlAssertion a = new SamlAssertion();

            SamlSubject subject = new SamlSubject(
                SamlConstants.UserNameNamespace,
                "urn:myqualifier",
                "myname");
            SamlAttribute          attr      = new SamlAttribute(Claim.CreateNameClaim("myname"));
            SamlAttributeStatement statement =
                new SamlAttributeStatement(subject, new SamlAttribute [] { attr });

            a.Statements.Add(statement);
            a.Issuer = "my_hero";

            X509Certificate2          cert = new X509Certificate2(TestResourceHelper.GetFullPathOfResource("Test/Resources/test.pfx"), "mono");
            X509AsymmetricSecurityKey key  =
                new X509AsymmetricSecurityKey(cert);

            a.SigningCredentials =
                new SigningCredentials(key,
                                       SecurityAlgorithms.HmacSha1Signature,
                                       SecurityAlgorithms.Sha256Digest);
            XmlDocument doc = new XmlDocument();
            XmlWriter   w   = doc.CreateNavigator().AppendChild();

            using (XmlDictionaryWriter dw = XmlDictionaryWriter.CreateDictionaryWriter(w)) {
                a.WriteXml(dw, new SamlSerializer(), new MySecurityTokenSerializer());
            }
            Console.Error.WriteLine(doc.OuterXml);
            return(new SamlSecurityToken(a));
        }
Esempio n. 7
0
        // Used in: How To: Create Security Token Service.
        //<snippet1>
        void AddSigningCredentials(SamlAssertion assertion, SecurityKey signingKey)
        {
            SigningCredentials sc = new SigningCredentials(signingKey,
                                                           SecurityAlgorithms.RsaSha1Signature, SecurityAlgorithms.Sha1Digest);

            assertion.SigningCredentials = sc;
        }
Esempio n. 8
0
        private static IEnumerable <SamlAssertion> ParseAssertions(XmlNode responseNode, SamlOptions options)
        {
            //All Assertions as direct child of Response-Element, or wrapped in EncryptedAssertion
            var assertions = responseNode.SelectNodes($"{SamlAuthenticationDefaults.SamlAssertionNsPrefix}:Assertion | {SamlAuthenticationDefaults.SamlAssertionNsPrefix}:EncryptedAssertion/{SamlAuthenticationDefaults.SamlAssertionNsPrefix}:Assertion", SamlXmlExtensions.NamespaceManager);

            var result = new List <SamlAssertion>();

            for (var i = 0; i < assertions.Count; i++)
            {
                var assertion     = new SamlAssertion();
                var assertionNode = assertions[i];

                assertion.Issuer = assertionNode.SelectSingleNode($"{SamlAuthenticationDefaults.SamlAssertionNsPrefix}:Issuer", SamlXmlExtensions.NamespaceManager)?.InnerText;
                assertion.Id     = assertionNode.SelectSingleNode("@ID", SamlXmlExtensions.NamespaceManager)?.Value;

                var signatureNode = assertionNode.SelectSingleNode("ds:Signature", SamlXmlExtensions.NamespaceManager);

                if (signatureNode != null && options.IdentityProviderCertificate != null)
                {
                    var signedXml = new SignedXml(assertionNode.OwnerDocument);
                    signedXml.LoadXml((XmlElement)signatureNode);
                    assertion.HasValidSignature = signedXml.CheckSignature(options.IdentityProviderCertificate, true);
                }

                var attributeStatements = assertionNode.SelectNodes($"{SamlAuthenticationDefaults.SamlAssertionNsPrefix}:AttributeStatement", SamlXmlExtensions.NamespaceManager);
                assertion.Attributes = ParseAttributeStatements(attributeStatements, options);

                assertion.SessionIndex  = assertionNode.SelectSingleNode($"{SamlAuthenticationDefaults.SamlAssertionNsPrefix}:AuthnStatement/@SessionIndex", SamlXmlExtensions.NamespaceManager)?.Value;
                assertion.SubjectNameId = assertionNode.SelectSingleNode($"{SamlAuthenticationDefaults.SamlAssertionNsPrefix}:Subject/{SamlAuthenticationDefaults.SamlAssertionNsPrefix}:NameID", SamlXmlExtensions.NamespaceManager)?.InnerText;

                result.Add(assertion);
            }

            return(result);
        }
 public override SecurityTokenProvider CreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement)
 {
     if (tokenRequirement.TokenType == SecurityTokenTypes.Saml || tokenRequirement.TokenType == "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1")
     {
         SamlAssertion samlAssertion = this.samlClientCredentials.Assertion;
         SecurityToken securityToken = this.samlClientCredentials.ProofToken;
         if (samlAssertion == null || securityToken == null)
         {
             SecurityBindingElement securityBindingElement = null;
             SecurityAlgorithmSuite algoSuite = null;
             if (tokenRequirement.TryGetProperty <SecurityBindingElement>("http://schemas.microsoft.com/ws/2006/05/servicemodel/securitytokenrequirement/SecurityBindingElement", out securityBindingElement))
             {
                 algoSuite = securityBindingElement.DefaultAlgorithmSuite;
             }
             if (tokenRequirement.KeyType == SecurityKeyType.SymmetricKey)
             {
                 securityToken = SamlUtilities.CreateSymmetricProofToken(tokenRequirement.KeySize);
                 samlAssertion = SamlUtilities.CreateSymmetricKeyBasedAssertion(this.samlClientCredentials.Claims, new X509SecurityToken(this.samlClientCredentials.ClientCertificate.Certificate), new X509SecurityToken(this.samlClientCredentials.ServiceCertificate.DefaultCertificate), (BinarySecretSecurityToken)securityToken, algoSuite);
             }
             else
             {
                 securityToken = SamlUtilities.CreateAsymmetricProofToken();
                 samlAssertion = SamlUtilities.CreateAsymmetricKeyBasedAssertion(this.samlClientCredentials.Claims, securityToken, algoSuite);
             }
         }
         return(new SamlSecurityTokenProvider(samlAssertion, securityToken));
     }
     return(base.CreateSecurityTokenProvider(tokenRequirement));
 }
Esempio n. 10
0
        public static SamlAssertion CreateSamlAssertionFromClaims(IEnumerable <Claim> claims)
        {
            var subject = new SamlSubject()
            {
                Name = "Windows Group Claim"
            };
            var statement = new SamlAttributeStatement()
            {
                SamlSubject = subject
            };
            var assertion = new SamlAssertion()
            {
                AssertionId = string.Format("_{0}", Guid.NewGuid().ToString()),
                Issuer      = "System"
            };

            foreach (var claim in claims)
            {
                var attribute = new SamlAttribute(claim);
                statement.Attributes.Add(attribute);
            }

            assertion.Statements.Add(statement);
            SignSamlAssertion(assertion);
            return(assertion);
        }
Esempio n. 11
0
        public static SamlAssertion CreateSamlAssertionFromUserNameClaims(IEnumerable <Claim> claims)
        {
            var subject = new SamlSubject()
            {
                Name = "Windows Group Claim"
            };
            var statement = new SamlAttributeStatement()
            {
                SamlSubject = subject
            };
            var assertion = new SamlAssertion()
            {
                AssertionId = string.Format("_{0}", Guid.NewGuid().ToString()),
                Issuer      = "System"
            };

            foreach (var claim in claims)
            {
                var samlClaim = new Claim(claim.ClaimType, GetResourceFromSid(claim.Resource as SecurityIdentifier), claim.Right);
                var attribute = new SamlAttribute(samlClaim);
                statement.Attributes.Add(attribute);
            }

            assertion.Statements.Add(statement);
            SignSamlAssertion(assertion);
            return(assertion);
        }
Esempio n. 12
0
        public void WriteXmlNullIssuer()
        {
            SamlAssertion a = new SamlAssertion();

            using (XmlDictionaryWriter dw = CreateWriter(new StringWriter())) {
                a.WriteXml(dw, null, null);
            }
        }
Esempio n. 13
0
        public void WriteXmlNoStatement()
        {
            SamlAssertion a = new SamlAssertion();

            a.Issuer = "my_boss";
            using (XmlDictionaryWriter dw = CreateWriter(new StringWriter())) {
                a.WriteXml(dw, null, null);
            }
        }
Esempio n. 14
0
        /// <summary>
        /// Creates a SAML assertion based on input parameters
        /// </summary>
        /// <param name="claims">A ClaimSet containing the claims to be placed into the SAML assertion</param>
        /// <param name="signatureKey">The SecurityKey that will be used to sign the SAML assertion</param>
        /// <param name="signatureKeyIdentifier">A key identifier for the signature key</param>
        /// <param name="proofKeyIdentifier">A key identifier for the proof key</param>
        /// <param name="algoSuite">The algorithm suite to use when performing cryptographic operations</param>
        /// <returns>A SAML assertion containing the passed in claims and proof key, signed by the provided signature key</returns>
        private static SamlAssertion CreateAssertion(ClaimSet claims, SecurityKey signatureKey, SecurityKeyIdentifier signatureKeyIdentifier, SecurityKeyIdentifier proofKeyIdentifier, SecurityAlgorithmSuite algoSuite)
        {
            List <string> confirmationMethods = new List <string>(1);

            // Create a confirmationMethod for HolderOfKey
            confirmationMethods.Add(SamlConstants.HolderOfKey);

            // Create a SamlSubject with proof key and confirmation method from above
            SamlSubject samlSubject = new SamlSubject(null,
                                                      null,
                                                      "Self",
                                                      confirmationMethods,
                                                      null,
                                                      proofKeyIdentifier);

            IList <SamlAttribute> samlAttributes = new List <SamlAttribute>();

            foreach (Claim c in claims)
            {
                if (typeof(string) == c.Resource.GetType())
                {
                    samlAttributes.Add(new SamlAttribute(c));
                }
            }

            // Create a SamlAttributeStatement from the passed in SamlAttribute collection and the
            // SamlSubject from above
            SamlAttributeStatement samlAttributeStatement = new SamlAttributeStatement(samlSubject, samlAttributes);

            // Put the SamlAttributeStatement into a list of SamlStatements
            List <SamlStatement> samlSubjectStatements = new List <SamlStatement>();

            samlSubjectStatements.Add(samlAttributeStatement);

            // Create a SigningCredentials instance from the signature key
            SigningCredentials signingCredentials = new SigningCredentials(signatureKey,
                                                                           algoSuite.DefaultAsymmetricSignatureAlgorithm,
                                                                           algoSuite.DefaultDigestAlgorithm,
                                                                           signatureKeyIdentifier);

            // Create a SamlAssertion from the list of SamlStatements created above
            DateTime      issueInstant  = DateTime.UtcNow;
            SamlAssertion samlAssertion = new SamlAssertion("_" + Guid.NewGuid().ToString(),
                                                            "Self",
                                                            issueInstant,
                                                            new SamlConditions(issueInstant, issueInstant + new TimeSpan(10, 0, 0)),
                                                            new SamlAdvice(),
                                                            samlSubjectStatements
                                                            );

            // Set the SigningCredentials for the SamlAssertion
            samlAssertion.SigningCredentials = signingCredentials;

            // Return the SamlAssertion
            return(samlAssertion);
        }
Esempio n. 15
0
        public void WriteXmlNullSerializer()
        {
            SamlAssertion a = new SamlAssertion();

            a.Statements.Add(new SamlAttributeStatement());
            a.Issuer = "my_hero";
            using (XmlDictionaryWriter dw = CreateWriter(new StringWriter())) {
                a.WriteXml(dw, null, null);
            }
        }
Esempio n. 16
0
        /// <summary>
        /// Creates a SAML token for the specified email address and security token.
        /// </summary>
        private SamlSecurityToken CreateSAMLToken(
            string emailAddress,
            X509SecurityToken issuerToken)
        {
            // Create list of confirmation strings
            List <string> confirmations = new List <string>();

            // Add holder-of-key string to list of confirmation strings
            confirmations.Add("urn:oasis:names:tc:SAML:1.0:cm:bearer");

            // Create SAML subject statement based on issuer member variable, confirmation string collection
            // local variable and proof key identifier parameter
            SamlSubject subject =
                new SamlSubject("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", null, emailAddress);

            // Create a list of SAML attributes
            List <SamlAttribute> attributes = new List <SamlAttribute>();
            Claim claim = Claim.CreateNameClaim(emailAddress);

            attributes.Add(new SamlAttribute(claim));

            // Create list of SAML statements
            List <SamlStatement> statements = new List <SamlStatement>();

            // Add a SAML attribute statement to the list of statements. Attribute statement is based on
            // subject statement and SAML attributes resulting from claims
            statements.Add(new SamlAttributeStatement(subject, attributes));

            // Create a valid from/until condition
            DateTime validFrom = DateTime.UtcNow;
            DateTime validTo   = DateTime.UtcNow.AddHours(12);

            SamlConditions conditions = new SamlConditions(validFrom, validTo);

            // Create the SAML assertion
            SamlAssertion assertion = new SamlAssertion(
                "_" + Guid.NewGuid().ToString(),
                issuerToken.Certificate.Subject,
                validFrom,
                conditions,
                null,
                statements);

            SecurityKey signingKey =
                new System.IdentityModel.Tokens.RsaSecurityKey((RSA)issuerToken.Certificate.PrivateKey);

            // Set the signing credentials for the SAML assertion
            assertion.SigningCredentials = new SigningCredentials(
                signingKey,
                System.IdentityModel.Tokens.SecurityAlgorithms.RsaSha1Signature,
                System.IdentityModel.Tokens.SecurityAlgorithms.Sha1Digest,
                new SecurityKeyIdentifier(issuerToken.CreateKeyIdentifierClause <X509ThumbprintKeyIdentifierClause>()));

            return(new SamlSecurityToken(assertion));
        }
Esempio n. 17
0
        private static void SignSamlAssertion(SamlAssertion assertion)
        {
            var certificate2 = GetCertificateFromStore(System.Configuration.ConfigurationManager.AppSettings["TokenSigningCeritificate"]);
            var securityKey  = new X509AsymmetricSecurityKey(certificate2);

            assertion.SigningCredentials = new SigningCredentials(
                securityKey,
                SecurityAlgorithms.RsaSha1Signature,
                SecurityAlgorithms.Sha1Digest,
                new SecurityKeyIdentifier(new X509ThumbprintKeyIdentifierClause(certificate2)));
        }
        /// <summary>
        /// Creates the custom SecurityTokenProvider when SAML tokens are specified in the tokenRequirement
        /// </summary>
        /// <param name="tokenRequirement">A SecurityTokenRequirement  </param>
        /// <returns>The appropriate SecurityTokenProvider</returns>
        public override SecurityTokenProvider CreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement)
        {
            // If token requirement matches SAML token return the custom SAML token provider
            if (tokenRequirement.TokenType == SecurityTokenTypes.Saml ||
                tokenRequirement.TokenType == "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1")
            {
                // Retrieve the SAML assertion and proof token from the client credentials
                SamlAssertion assertion  = this.samlClientCredentials.Assertion;
                SecurityToken prooftoken = this.samlClientCredentials.ProofToken;

                // If either the assertion of proof token is null...
                if (assertion == null || prooftoken == null)
                {
                    // ...get the SecurityBindingElement and then the specified algorithm suite
                    SecurityBindingElement sbe = null;
                    SecurityAlgorithmSuite sas = null;

                    if (tokenRequirement.TryGetProperty <SecurityBindingElement>("http://schemas.microsoft.com/ws/2006/05/servicemodel/securitytokenrequirement/SecurityBindingElement", out sbe))
                    {
                        sas = sbe.DefaultAlgorithmSuite;
                    }

                    // If the token requirement is for a SymmetricKey based token..
                    if (tokenRequirement.KeyType == SecurityKeyType.SymmetricKey)
                    {
                        // Create a symmetric proof token
                        prooftoken = SamlUtilities.CreateSymmetricProofToken(tokenRequirement.KeySize);
                        // and a corresponding assertion based on the claims specified in the client credentials
                        assertion = SamlUtilities.CreateSymmetricKeyBasedAssertion(this.samlClientCredentials.Claims,
                                                                                   new X509SecurityToken(samlClientCredentials.ClientCertificate.Certificate),
                                                                                   new X509SecurityToken(samlClientCredentials.ServiceCertificate.DefaultCertificate),
                                                                                   (BinarySecretSecurityToken)prooftoken,
                                                                                   sas);
                    }
                    // otherwise...
                    else
                    {
                        // Create an asymmetric proof token
                        prooftoken = SamlUtilities.CreateAsymmetricProofToken();
                        // and a corresponding assertion based on the claims specified in the client credentials
                        assertion = SamlUtilities.CreateAsymmetricKeyBasedAssertion(this.samlClientCredentials.Claims, prooftoken, sas);
                    }
                }

                // Create a SamlSecurityTokenProvider based on the assertion and proof token
                return(new SamlSecurityTokenProvider(assertion, prooftoken));
            }
            // otherwise use base implementation
            else
            {
                return(base.CreateSecurityTokenProvider(tokenRequirement));
            }
        }
        public static List <string> GetAttributeValues(SamlAssertion assertion, string attributeName)
        {
            throw new NotImplementedException();

            /*return assertion.getAttributeStatements()
             *      .stream()
             *      .flatMap(x->x.getAttributes().stream())
             *      .filter(x->attributeName.equals(x.getName()))
             *      .flatMap(x->x.getAttributeValues().stream())
             *      .map(AssertionUtils::getAttributeValue)
             *      .filter(x->x != null && !x.isEmpty())
             *      .collect(Collectors.toList());*/
        }
Esempio n. 20
0
        public void TestMethod()
        {
            string[]      attributeValues = { "test-value" };
            SamlAttribute samlAttribute   = new SamlAttribute("urn:namespace", "attributeName", attributeValues);

            Console.WriteLine("saml attribute: " + samlAttribute);

            SamlAuthenticationStatement samlStatement = new SamlAuthenticationStatement();

            SamlAssertion samlAssertion = new SamlAssertion();

            samlAssertion.Statements.Add(samlStatement);
        }
Esempio n. 21
0
        public void WriteXmlWithoutSamlSubject()
        {
            SamlAssertion a = new SamlAssertion();

            a.Statements.Add(new SamlAttributeStatement());
            a.Issuer = "my_boss";
            StringWriter sw = new StringWriter();

            using (XmlDictionaryWriter dw = CreateWriter(sw)) {
                a.WriteXml(dw, new SamlSerializer(), null);
            }
            Assert.AreEqual("<?xml version=\"1.0\" ?>", sw.ToString());
        }
Esempio n. 22
0
        private static string SerializeToken(SamlAssertion assertion)
        {
            SamlSecurityToken token = new SamlSecurityToken(assertion);

            SamlSerializer            serializer      = new SamlSerializer();
            WSSecurityTokenSerializer tokenSerializer = new WSSecurityTokenSerializer();
            StringWriter stringWriter = new StringWriter();

            XmlTextWriter xmltextWriter = new XmlTextWriter(stringWriter);

            serializer.WriteToken(token, xmltextWriter, tokenSerializer);

            return(stringWriter.ToString());
        }
Esempio n. 23
0
        private static SamlAssertion CreateSamlAssertion(string issuer, string domain, string subject, Dictionary <string, string> attributes)
        {
            // Here we create some SAML assertion with ID and Issuer name.
            SamlAssertion assertion = new SamlAssertion();

            assertion.AssertionId = "_" + Guid.NewGuid().ToString();
            assertion.Issuer      = issuer;

            //Not before, not after conditions
            assertion.Conditions = new SamlConditions(DateTime.UtcNow,
                                                      DateTime.UtcNow.AddMinutes(10));

            //
            // Create some SAML subject.
            SamlSubject samlSubject = new SamlSubject();

            samlSubject.Name          = subject;
            samlSubject.NameQualifier = subject;

            samlSubject.ConfirmationMethods.Add("urn:oasis:names:tc:SAML:1.0:cm:bearer");
            //
            // Now create the SAML statement containing one attribute and one subject.
            SamlAttributeStatement samlAttributeStatement = new SamlAttributeStatement();

            samlAttributeStatement.SamlSubject = samlSubject;
            //
            // Create userName SAML attributes.
            foreach (KeyValuePair <string, string> attribute in attributes)
            {
                SamlAttribute attr = new SamlAttribute();
                attr.Name      = attribute.Key;
                attr.Namespace = domain;
                attr.AttributeValues.Add(subject);
                samlAttributeStatement.Attributes.Add(attr);
            }
            // Append the statement to the SAML assertion.
            assertion.Statements.Add(samlAttributeStatement);

            IPHostEntry ipEntry =
                Dns.GetHostEntry(System.Environment.MachineName);

            SamlAuthenticationStatement samlAuthenticationStatement =
                new SamlAuthenticationStatement(samlSubject,
                                                "urn:oasis:names:tc:SAML:1.0:am:password",
                                                DateTime.UtcNow, null, ipEntry.AddressList[0].ToString(),
                                                null);

            assertion.Statements.Add(samlAuthenticationStatement);
            return(assertion);
        }
Esempio n. 24
0
        private static void SignSamlAssertion(SamlAssertion assertion)
        {
            var certificate2 = GetCertificateFromStore(StoreLocation.CurrentUser, DateTime.Now, "CN=SamlTokenSigningCertificate");

            if (certificate2 != null)
            {
                var securityKey = new X509AsymmetricSecurityKey(certificate2);
                assertion.SigningCredentials = new SigningCredentials(
                    securityKey,
                    SecurityAlgorithms.RsaSha1Signature,
                    SecurityAlgorithms.Sha1Digest,
                    new SecurityKeyIdentifier(new X509ThumbprintKeyIdentifierClause(certificate2)));
            }
        }
Esempio n. 25
0
        public void DefaultValues()
        {
            DateTime      d1 = DateTime.UtcNow, d2;
            SamlAssertion a = new SamlAssertion();

            d2 = DateTime.UtcNow;
            Assert.IsNull(a.Advice, "#1");
            Assert.IsNotNull(a.AssertionId, "#2");
            Assert.IsTrue(d1 <= a.IssueInstant && a.IssueInstant <= d2, "#3");
            Assert.IsNull(a.Issuer, "#4");
            Assert.AreEqual(1, a.MajorVersion, "#5");
            Assert.AreEqual(1, a.MinorVersion, "#6");
            Assert.IsNull(a.SigningCredentials, "#7");
            Assert.IsNull(a.SigningToken, "#8");
        }
Esempio n. 26
0
        public string GetSaml11Token()
        {
            var      claimSets = new List <ClaimSet>(ServiceSecurityContext.Current.AuthorizationContext.ClaimSets);
            ClaimSet claimSet  = claimSets.Find((Predicate <ClaimSet>) delegate(ClaimSet target)
            {
                WindowsClaimSet defaultClaimSet = target.Issuer as WindowsClaimSet;
                return(defaultClaimSet != null);
            });

            var               accessControlClaims = claimSet.FindClaims(ClaimTypes.Sid, Rights.PossessProperty);
            SamlAssertion     assertion           = Saml11Helper.CreateSamlAssertionFromUserNameClaims(accessControlClaims);
            SamlSecurityToken token = new SamlSecurityToken(assertion);

            return(Saml11Helper.SerializeSamlToken(token));
        }
        private SecurityToken CreateSAMLToken(DateTime validFrom, DateTime validTo, SecurityKey signingKey, SecurityKeyIdentifier signingKeyIdentifier, SecurityKeyIdentifier proofKeyIdentifier)
        {
            // Create list of confirmation strings
            List <string> confirmations = new List <string>();

            // Add holder-of-key string to list of confirmation strings
            confirmations.Add("urn:oasis:names:tc:SAML:1.0:cm:holder-of-key");

            // Create SAML subject statement based on issuer member variable, confirmation string collection
            // local variable and proof key identifier parameter
            SamlSubject subject = new SamlSubject(null, null, issuer, confirmations, null, proofKeyIdentifier);

            // Create a list of SAML attributes
            List <SamlAttribute> attributes = new List <SamlAttribute>();

            // Get the claimset we want to place into the SAML assertion
            ClaimSet cs = GetClaimSet();

            // Iterate through the claims and add a SamlAttribute for each claim
            // Note that GetClaimSet call above returns a claimset that only contains PossessProperty claims
            foreach (Claim c in cs)
            {
                attributes.Add(new SamlAttribute(c));
            }

            // Create list of SAML statements
            List <SamlStatement> statements = new List <SamlStatement>();

            // Add a SAML attribute statement to the list of statements. Attribute statement is based on
            // subject statement and SAML attributes resulting from claims
            statements.Add(new SamlAttributeStatement(subject, attributes));

            // Create a valid from/until condition
            SamlConditions conditions = new SamlConditions(validFrom, validTo);

            // Add a audience Uri restriction
            conditions.Conditions.Add(new SamlAudienceRestrictionCondition(new Uri[] { new Uri("http://localhost:8010/fedservice/calc") }));

            // Create the SAML assertion
            SamlAssertion assertion = new SamlAssertion("_" + Guid.NewGuid().ToString(), issuer, validFrom, conditions, null, statements);

            // Set the signing credentials for the SAML assertion
            string signatureAlgorithm = GetSignatureAlgorithm(signingKey);

            assertion.SigningCredentials = new SigningCredentials(signingKey, signatureAlgorithm, SecurityAlgorithms.Sha1Digest, signingKeyIdentifier);

            return(new SamlSecurityToken(assertion));
        }
Esempio n. 28
0
        private SecurityToken CreateSAMLToken(DateTime validFrom, DateTime validTo, SecurityKey signingKey, SecurityKeyIdentifier signingKeyIdentifier, SecurityKeyIdentifier proofKeyIdentifier, IList <ClaimTypeRequirement> claimReqs)
        {
            // Create list of confirmation strings
            List <string> confirmations = new List <string>();

            // Add holder-of-key string to list of confirmation strings
            confirmations.Add(SamlConstants.HolderOfKey);

            // Create SAML subject statement based on issuer member variable, confirmation string collection
            // local variable and proof key identifier parameter
            SamlSubject subject = new SamlSubject(null, null, issuer, confirmations, null, proofKeyIdentifier);

            // Create a list of SAML attributes
            List <SamlAttribute> attributes = new List <SamlAttribute>();

            // Get the claimset we want to place into the SAML assertion
            ClaimSet cs = GetClaimSet(claimReqs);

            // Iterate through the claims and add a SamlAttribute for each claim
            // Note that GetClaimSet call above returns a claimset that only contains PossessProperty claims
            foreach (Claim c in cs)
            {
                attributes.Add(new SamlAttribute(c));
            }

            // Create list of SAML statements
            List <SamlStatement> statements = new List <SamlStatement>();

            // Add a SAML attribute statement to the list of statements. Attribute statement is based on
            // subject statement and SAML attributes resulting from claims
            statements.Add(new SamlAttributeStatement(subject, attributes));

            // Create a valid from/until condition
            SamlConditions conditions = new SamlConditions(validFrom, validTo);

            // Create the SAML assertion
            SamlAssertion assertion = new SamlAssertion("_" + Guid.NewGuid().ToString(), issuer, validFrom, conditions, null, statements);

            // Set the signing credentials for the SAML assertion
            string signatureAlgorithm = GetSignatureAlgorithm(signingKey);

            assertion.SigningCredentials = new SigningCredentials(signingKey, signatureAlgorithm, SecurityAlgorithms.Sha1Digest, signingKeyIdentifier);

            SamlSecurityToken token = new SamlSecurityToken(assertion);

            Console.WriteLine("token.SecurityKeys.Count: {0}", token.SecurityKeys.Count);
            return(token);
        }
Esempio n. 29
0
        public void CompareSamlAssertions()
        {
            TestUtilities.WriteHeader($"{this}.CompareSamlAssertions", true);
            var context        = new CompareContext($"{this}.CompareSamlAssertions");
            var samlAssertion1 = new SamlAssertion(Guid.NewGuid().ToString(), Default.Issuer, DateTime.Parse(Default.IssueInstantString), null, new SamlAdvice(), new List <SamlStatement> {
                new SamlAttributeStatement(new SamlSubject(), new List <SamlAttribute> {
                    new SamlAttribute("1", "2", "3")
                })
            });
            var samlAssertion2 = new SamlAssertion(Guid.NewGuid().ToString(), Default.Issuer, DateTime.Parse(Default.IssueInstantString), null, new SamlAdvice(), new List <SamlStatement> {
                new SamlAttributeStatement(new SamlSubject(), new List <SamlAttribute> {
                    new SamlAttribute("1", "2", "3")
                })
            });

            IdentityComparer.AreEqual(samlAssertion1, samlAssertion2, context);

            Assert.True(context.Diffs.Count(s => s == "AssertionId:") == 1);
        }
Esempio n. 30
0
        public SoapEnvelope Build()
        {
            CheckInit();
            var samlAssertionId = GenerateId("assertion");
            var requestId       = GenerateId("request");
            var bodyId          = GenerateId("id");
            var timeStampId     = GenerateId("TS");
            var x509Id          = GenerateId("X509");
            var ssin            = GetSsin(_x509Certificate.Subject);

            if (string.IsNullOrWhiteSpace(ssin))
            {
                throw new EhealthException(Constants.ErrorCodes.NoSerialNumber);
            }

            var identitySubject = ParseSubject(_x509Certificate.Subject);
            var issuerSubject   = ParseSubject(_x509Certificate.Issuer);

            _samlAttributes.Add(new SamlAttribute(Constants.EhealthStsNames.SsinCertHolderAttributeName, Constants.EhealthStsNames.SsinAttributeNamespace, ssin));
            _samlAttributes.Add(new SamlAttribute(Constants.EhealthStsNames.SsinAttributeName, Constants.EhealthStsNames.SsinAttributeNamespace, ssin));
            _samlAttributeDesignators.Add(new SamlAttributeDesignator(Constants.EhealthStsNames.SsinCertHolderAttributeName, Constants.EhealthStsNames.SsinAttributeNamespace));
            _samlAttributeDesignators.Add(new SamlAttributeDesignator(Constants.EhealthStsNames.SsinAttributeName, Constants.EhealthStsNames.SsinAttributeNamespace));
            var issueInstant       = DateTime.Now;
            var samlNameIdentifier = new SamlNameIdentifier(
                Constants.EhealthStsNames.NameIdentifierFormat,
                issuerSubject,
                identitySubject);
            var samlSubject             = new SamlSubject(samlNameIdentifier);
            var samlConditions          = new SamlConditions(issueInstant);
            var samlAttributeStatement  = new SamlAttributeStatement(samlSubject, _samlAttributes);
            var samlAssertion           = new SamlAssertion(samlAssertionId, issueInstant, identitySubject, samlConditions, samlAttributeStatement);
            var subjectConfirmationData = new SamlSubjectConfirmationData(samlAssertion);
            var subjectConfirmation     = new SamlSubjectConfirmation(Constants.EhealthStsNames.SubjectConfirmationMethod, _x509Certificate, subjectConfirmationData);
            var samlSubjectO            = new SamlSubject(samlNameIdentifier, subjectConfirmation);
            var samlAttributeQuery      = new SamlAttributeQuery(samlSubjectO, _samlAttributeDesignators);
            var samlRequest             = new SamlRequest(requestId, samlAttributeQuery);
            var body         = new SoapBody(samlRequest, bodyId);
            var soapSecurity = new SoapSecurity(DateTime.UtcNow, timeStampId, x509Id, _x509Certificate);
            var header       = new SoapHeader(soapSecurity);
            var soapEnvelope = new SoapEnvelope(header, body);

            return(soapEnvelope);
        }
 /// <summary>
 /// Creates an instance of <see cref="SamlSecurityKeyIdentifierClause"/>
 /// </summary>
 /// <param name="assertion">The assertion can be queried to obtain information about 
 /// the issuer when resolving the key needed to check the signature. The assertion will
 /// be read completely when this clause is passed to the SecurityTokenResolver.</param>
 public SamlSecurityKeyIdentifierClause(SamlAssertion assertion)
     : base(typeof(SamlSecurityKeyIdentifierClause).ToString())
 {
     this.assertion = assertion;
 }