public void Resolve(IdpSsoService artifactResolutionService, Saml2AuthnResponse authnResponse)
{
var xmlDoc = this.ToXml();
var soapEnvelope = new SOAPEnvelope();
soapEnvelope.Body = xmlDoc;
xmlDoc = soapEnvelope.ToSoapXml();
WebClient client = new WebClient();
client.Encoding = Encoding.UTF8;
client.Headers.Add(HttpRequestHeader.ContentType, "text/xml; charset=\"utf-8\"");
client.Headers.Add(HttpRequestHeader.Accept, "text/xml");
var result = client.UploadString(artifactResolutionService.Location, xmlDoc.OuterXml);
soapEnvelope.FromSoapXml(result);
var ares = new SamlArtifactResponse(authnResponse)
{
SignatureValidationCertificate = SignatureValidationCertificate
};
ares.Read(soapEnvelope.Body.OuterXml, SignatureValidationCertificate != null);
}
/// <summary>
/// Create a Claims Principal and a Federated Authentication Session for the authenticated user.
/// </summary>
/// <param name="lifetime">The period from the current time during which the token is valid. The ValidFrom property will be set to UtcNow and the ValidTo property will be set to ValidFrom plus the period specified by this parameter. Default lifetime is 10 Hours.</param>
/// <param name="isReferenceMode">In reference mode, a simple artifact is produced during serialization and the token material is stored in the token cache that is associated with the token handler. The token cache is an instance of a class that derives from SessionSecurityTokenCache. For Web Farm scenarios, the token cache must operate across all nodes in the farm.</param>
/// <param name="isPersistent">If the IsPersistent property is true, the cookie is written as a persistent cookie. Persistent cookies remain valid after the browser is closed until they expire.</param>
public static ClaimsPrincipal CreateSession(this Saml2AuthnResponse saml2AuthnResponse, TimeSpan?lifetime = null, bool isReferenceMode = false, bool isPersistent = false)
{
if (Thread.CurrentPrincipal.Identity.IsAuthenticated)
{
throw new InvalidOperationException("There already exist an Authenticated user.");
}
if (saml2AuthnResponse.Status != Saml2StatusCodes.Success)
{
throw new InvalidOperationException(string.Format("The SAML2 Response Status is not Success, the Response Status is: {0}.", saml2AuthnResponse.Status));
}
var principal = new ClaimsPrincipal(saml2AuthnResponse.ClaimsIdentity);
if (principal.Identity == null || !principal.Identity.IsAuthenticated)
{
throw new InvalidOperationException("No Claims Identity created from SAML2 Response.");
}
var transformedPrincipal = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.ClaimsAuthenticationManager.Authenticate(null, principal);
var sessionSecurityToken = lifetime.HasValue ? new SessionSecurityToken(transformedPrincipal, lifetime.Value) : new SessionSecurityToken(transformedPrincipal);
sessionSecurityToken.IsReferenceMode = isReferenceMode;
sessionSecurityToken.IsPersistent = isPersistent;
FederatedAuthentication.SessionAuthenticationModule.AuthenticateSessionSecurityToken(sessionSecurityToken, true);
return(transformedPrincipal);
}
public SamlArtifactResponse(Saml2AuthnResponse response)
{
AuthnResponse = response;
}
