public AssertionData(AssertionType assertion)
{
// Find the attribute statement within the assertion
AttributeStatementType ast = null;
foreach (StatementAbstractType sat in assertion.Items)
{
if (sat.GetType().Equals(typeof(AttributeStatementType)))
{
ast = (AttributeStatementType)sat;
}
}
if (ast == null)
{
throw new ApplicationException("Invalid SAML Assertion: Missing Attribute Values");
}
SAMLAttributes = new Dictionary<string, string>();
// Do what needs to be done to pull specific attributes out for sending on
// For now assuming this is a simple list of string key and string values
foreach (AttributeType at in ast.Items)
{
SAMLAttributes.Add(at.Name, at.AttributeValue.ToString());
//switch (at.Name)
//{
// case "UserID":
// if (at.AttributeValue.Length > 0) UserID = at.AttributeValue[0].ToString();
// break;
// case "UserFirstName":
// if (at.AttributeValue.Length > 0) UserFirstName = int.Parse(at.AttributeValue[0].ToString());
// break;
// case "UserLastName":
// if (at.AttributeValue.Length > 0) UserLastName = at.AttributeValue[0].ToString();
// break;
// case "UserDisplayName":
// if (at.AttributeValue.Length > 0) UserDisplayName = at.AttributeValue[0].ToString();
// break;
// case "UserEmail":
// if (at.AttributeValue.Length > 0) UserEmail = at.AttributeValue[0].ToString();
// break;
// case "GroupID":
// if (at.AttributeValue.Length > 0) GroupID = int.Parse(at.AttributeValue[0].ToString());
// break;
//}
}
}
/// <summary>
/// Creates a SAML 2.0 Assertion Segment for a Response
/// Simple implmenetation assuming a list of string key and value pairs
/// </summary>
/// <param name="Issuer"></param>
/// <param name="AssertionExpirationMinutes"></param>
/// <param name="Audience"></param>
/// <param name="Subject"></param>
/// <param name="Recipient"></param>
/// <param name="Attributes">Dictionary of string key, string value pairs</param>
/// <returns>Assertion to sign and include in Response</returns>
private static AssertionType CreateSAML20Assertion(string Issuer,
int AssertionExpirationMinutes,
string Audience,
string Subject,
string Recipient,
Dictionary<string, string> Attributes)
{
var NewAssertion = new AssertionType
{
Version = "2.0",
IssueInstant = DateTime.UtcNow,
ID = "_" + Guid.NewGuid().ToString(),
Issuer = new NameIDType() {Value = Issuer.Trim()}
};
// Create Issuer
// Create Assertion Subject
var subject = new SubjectType();
var subjectNameIdentifier = new NameIDType() { Value = Subject.Trim(), Format = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" };
var subjectConfirmation = new SubjectConfirmationType() { Method = "urn:oasis:names:tc:SAML:2.0:cm:bearer", SubjectConfirmationData = new SubjectConfirmationDataType() { NotOnOrAfter = DateTime.UtcNow.AddMinutes(AssertionExpirationMinutes), Recipient = Recipient } };
subject.Items = new object[] { subjectNameIdentifier, subjectConfirmation };
NewAssertion.Subject = subject;
// Create Assertion Conditions
var conditions = new ConditionsType
{
NotBefore = DateTime.UtcNow,
NotBeforeSpecified = true,
NotOnOrAfter = DateTime.UtcNow.AddMinutes(AssertionExpirationMinutes),
NotOnOrAfterSpecified = true,
Items =
new ConditionAbstractType[]
{new AudienceRestrictionType() {Audience = new string[] {Audience.Trim()}}}
};
NewAssertion.Conditions = conditions;
// Add AuthnStatement and Attributes as Items
var authStatement = new AuthnStatementType() { AuthnInstant = DateTime.UtcNow, SessionIndex = NewAssertion.ID };
var context = new AuthnContextType();
context.ItemsElementName = new[] { ItemsChoiceType5.AuthnContextClassRef };
context.Items = new object[] { "urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified" };
authStatement.AuthnContext = context;
var attributeStatement = new AttributeStatementType();
attributeStatement.Items = new AttributeType[Attributes.Count];
int i = 0;
foreach (KeyValuePair<string, string> attribute in Attributes)
{
attributeStatement.Items[i] = new AttributeType()
{
Name = attribute.Key,
AttributeValue = new object[] { attribute.Value },
NameFormat = "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
};
i++;
}
NewAssertion.Items = new StatementAbstractType[] { authStatement, attributeStatement };
return NewAssertion;
}
