public virtual SamlStatement LoadStatement(XmlDictionaryReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
}
if (reader.IsStartElement(DictionaryManager.SamlDictionary.AuthenticationStatement, DictionaryManager.SamlDictionary.Namespace))
{
SamlAuthenticationStatement authStatement = new SamlAuthenticationStatement();
authStatement.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver);
return(authStatement);
}
else if (reader.IsStartElement(DictionaryManager.SamlDictionary.AttributeStatement, DictionaryManager.SamlDictionary.Namespace))
{
SamlAttributeStatement attrStatement = new SamlAttributeStatement();
attrStatement.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver);
return(attrStatement);
}
else if (reader.IsStartElement(DictionaryManager.SamlDictionary.AuthorizationDecisionStatement, DictionaryManager.SamlDictionary.Namespace))
{
SamlAuthorizationDecisionStatement authDecisionStatement = new SamlAuthorizationDecisionStatement();
authDecisionStatement.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver);
return(authDecisionStatement);
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.GetString(SR.SAMLUnableToLoadUnknownElement, reader.LocalName)));
}
}
public virtual SamlStatement LoadStatement(XmlDictionaryReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
}
if (reader.IsStartElement(this.DictionaryManager.SamlDictionary.AuthenticationStatement, this.DictionaryManager.SamlDictionary.Namespace))
{
SamlAuthenticationStatement statement = new SamlAuthenticationStatement();
statement.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver);
return statement;
}
if (reader.IsStartElement(this.DictionaryManager.SamlDictionary.AttributeStatement, this.DictionaryManager.SamlDictionary.Namespace))
{
SamlAttributeStatement statement2 = new SamlAttributeStatement();
statement2.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver);
return statement2;
}
if (!reader.IsStartElement(this.DictionaryManager.SamlDictionary.AuthorizationDecisionStatement, this.DictionaryManager.SamlDictionary.Namespace))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(System.IdentityModel.SR.GetString("SAMLUnableToLoadUnknownElement", new object[] { reader.LocalName })));
}
SamlAuthorizationDecisionStatement statement3 = new SamlAuthorizationDecisionStatement();
statement3.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver);
return statement3;
}
public virtual SamlStatement LoadStatement(XmlDictionaryReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
}
if (reader.IsStartElement(this.DictionaryManager.SamlDictionary.AuthenticationStatement, this.DictionaryManager.SamlDictionary.Namespace))
{
SamlAuthenticationStatement statement = new SamlAuthenticationStatement();
statement.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver);
return(statement);
}
if (reader.IsStartElement(this.DictionaryManager.SamlDictionary.AttributeStatement, this.DictionaryManager.SamlDictionary.Namespace))
{
SamlAttributeStatement statement2 = new SamlAttributeStatement();
statement2.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver);
return(statement2);
}
if (!reader.IsStartElement(this.DictionaryManager.SamlDictionary.AuthorizationDecisionStatement, this.DictionaryManager.SamlDictionary.Namespace))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(System.IdentityModel.SR.GetString("SAMLUnableToLoadUnknownElement", new object[] { reader.LocalName })));
}
SamlAuthorizationDecisionStatement statement3 = new SamlAuthorizationDecisionStatement();
statement3.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver);
return(statement3);
}
public void DefaultValues ()
{
Assert.AreEqual ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authentication", SamlAuthenticationStatement.ClaimType, "#0");
SamlAuthenticationStatement a = new SamlAuthenticationStatement ();
Assert.AreEqual ("urn:oasis:names:tc:SAML:1.0:am:unspecified", a.AuthenticationMethod, "#1");
Assert.IsNull (a.DnsAddress, "#2");
Assert.IsNull (a.IPAddress, "#3");
Assert.IsNull (a.SamlSubject, "#4");
}
/// <summary>
/// Serializes a given SamlAuthenticationStatement.
/// </summary>
/// <param name="writer">XmlWriter to which SamlAuthenticationStatement is serialized.</param>
/// <param name="statement">SamlAuthenticationStatement to be serialized.</param>
/// <exception cref="ArgumentNullException">The input parameter 'writer' or 'statement' is null.</exception>
protected virtual void WriteAuthenticationStatement(XmlWriter writer, SamlAuthenticationStatement statement)
{
if (writer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer");
}
if (statement == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("statement");
}
writer.WriteStartElement(SamlConstants.Prefix, SamlConstants.ElementNames.AuthenticationStatement, SamlConstants.Namespace);
writer.WriteAttributeString(SamlConstants.AttributeNames.AuthenticationMethod, null, statement.AuthenticationMethod);
writer.WriteAttributeString(SamlConstants.AttributeNames.AuthenticationInstant, null,
XmlConvert.ToString(statement.AuthenticationInstant.ToUniversalTime(), DateTimeFormats.Generated));
WriteSubject(writer, statement.SamlSubject);
if ((statement.IPAddress != null) || (statement.DnsAddress != null))
{
writer.WriteStartElement(SamlConstants.Prefix, SamlConstants.ElementNames.SubjectLocality, SamlConstants.Namespace);
if (statement.IPAddress != null)
{
writer.WriteAttributeString(SamlConstants.AttributeNames.SubjectLocalityIPAddress, null, statement.IPAddress);
}
if (statement.DnsAddress != null)
{
writer.WriteAttributeString(SamlConstants.AttributeNames.SubjectLocalityDNSAddress, null, statement.DnsAddress);
}
writer.WriteEndElement();
}
for (int i = 0; i < statement.AuthorityBindings.Count; i++)
{
WriteAuthorityBinding(writer, statement.AuthorityBindings[i]);
}
writer.WriteEndElement();
}
/// <summary>
/// Read the saml:AuthenticationStatement.
/// </summary>
/// <param name="reader">XmlReader positioned at a saml:AuthenticationStatement.</param>
/// <returns>SamlAuthenticationStatement</returns>
/// <exception cref="ArgumentNullException">The input parameter 'reader' is null.</exception>
/// <exception cref="XmlException">The XmlReader is not positioned on a saml:AuthenticationStatement
/// or the statement contains a unknown child element.</exception>
protected virtual SamlAuthenticationStatement ReadAuthenticationStatement(XmlReader reader)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
}
if (!reader.IsStartElement(SamlConstants.ElementNames.AuthenticationStatement, SamlConstants.Namespace))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.GetString(SR.ID4082, SamlConstants.ElementNames.AuthenticationStatement, SamlConstants.Namespace, reader.LocalName, reader.NamespaceURI)));
}
SamlAuthenticationStatement authnStatement = new SamlAuthenticationStatement();
string authInstance = reader.GetAttribute(SamlConstants.AttributeNames.AuthenticationInstant, null);
if (string.IsNullOrEmpty(authInstance))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.GetString(SR.ID4097)));
}
authnStatement.AuthenticationInstant = DateTime.ParseExact(
authInstance, DateTimeFormats.Accepted, DateTimeFormatInfo.InvariantInfo, DateTimeStyles.None).ToUniversalTime();
authnStatement.AuthenticationMethod = reader.GetAttribute(SamlConstants.AttributeNames.AuthenticationMethod, null);
if (string.IsNullOrEmpty(authnStatement.AuthenticationMethod))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.GetString(SR.ID4098)));
}
reader.MoveToContent();
reader.Read();
if (reader.IsStartElement(SamlConstants.ElementNames.Subject, SamlConstants.Namespace))
{
authnStatement.SamlSubject = ReadSubject(reader);
}
else
{
// Subject is a required element for a Authentication Statement clause.
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.GetString(SR.ID4099)));
}
if (reader.IsStartElement(SamlConstants.ElementNames.SubjectLocality, SamlConstants.Namespace))
{
authnStatement.DnsAddress = reader.GetAttribute(SamlConstants.AttributeNames.SubjectLocalityDNSAddress, null);
authnStatement.IPAddress = reader.GetAttribute(SamlConstants.AttributeNames.SubjectLocalityIPAddress, null);
if (reader.IsEmptyElement)
{
reader.MoveToContent();
reader.Read();
}
else
{
reader.MoveToContent();
reader.Read();
reader.ReadEndElement();
}
}
while (reader.IsStartElement())
{
if (reader.IsStartElement(SamlConstants.ElementNames.AuthorityBinding, SamlConstants.Namespace))
{
authnStatement.AuthorityBindings.Add(ReadAuthorityBinding(reader));
}
else
{
// We do not understand this element.
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.GetString(SR.ID4082, SamlConstants.ElementNames.AuthorityBinding, SamlConstants.Namespace, reader.LocalName, reader.NamespaceURI)));
}
}
reader.MoveToContent();
reader.ReadEndElement();
return authnStatement;
}
/// <summary>
/// Override this virtual to provide custom processing of the SamlAuthenticationStatement.
/// By default it adds authentication type and instant to each claim.
/// </summary>
/// <param name="samlStatement">The SamlAuthenticationStatement to process</param>
/// <param name="subject">The identity that should be modified to reflect the statement</param>
/// <param name="issuer">issuer Identity.</param>
/// <exception cref="ArgumentNullException">The parameter 'samlSubject' or 'subject' is null.</exception>
protected virtual void ProcessAuthenticationStatement(SamlAuthenticationStatement samlStatement, ClaimsIdentity subject, string issuer)
{
if (samlStatement == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("samlStatement");
}
if (subject == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("subject");
}
// When there is only a authentication statement present inside a saml assertion, we need to generate
// a nameId claim. See FIP 4848. We do not support any saml assertion without a attribute statement, but
// we might receive a saml assertion with only a authentication statement.
ProcessSamlSubject(samlStatement.SamlSubject, subject, issuer);
subject.AddClaim(new Claim(ClaimTypes.AuthenticationMethod, NormalizeAuthenticationType(samlStatement.AuthenticationMethod), ClaimValueTypes.String, issuer));
subject.AddClaim(new Claim(ClaimTypes.AuthenticationInstant, XmlConvert.ToString(samlStatement.AuthenticationInstant.ToUniversalTime(), DateTimeFormats.Generated), ClaimValueTypes.DateTime, issuer));
}
public virtual SamlStatement LoadStatement(XmlDictionaryReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
if (reader.IsStartElement(DictionaryManager.SamlDictionary.AuthenticationStatement, DictionaryManager.SamlDictionary.Namespace))
{
SamlAuthenticationStatement authStatement = new SamlAuthenticationStatement();
authStatement.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver);
return authStatement;
}
else if (reader.IsStartElement(DictionaryManager.SamlDictionary.AttributeStatement, DictionaryManager.SamlDictionary.Namespace))
{
SamlAttributeStatement attrStatement = new SamlAttributeStatement();
attrStatement.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver);
return attrStatement;
}
else if (reader.IsStartElement(DictionaryManager.SamlDictionary.AuthorizationDecisionStatement, DictionaryManager.SamlDictionary.Namespace))
{
SamlAuthorizationDecisionStatement authDecisionStatement = new SamlAuthorizationDecisionStatement();
authDecisionStatement.ReadXml(reader, this, keyInfoSerializer, outOfBandTokenResolver);
return authDecisionStatement;
}
else
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.GetString(SR.SAMLUnableToLoadUnknownElement, reader.LocalName)));
}
public void WriteXml1 ()
{
SamlAuthenticationStatement c = new SamlAuthenticationStatement ();
c.SamlSubject = new SamlSubject ("myFormat", "myQualifier", "myName");
DateTime instant = DateTime.SpecifyKind (new DateTime (2000, 1, 1), DateTimeKind.Utc);
c.AuthenticationInstant = instant;
c.DnsAddress = "123.45.67.89";
c.IPAddress = "98.76.54.32";
StringWriter sw = new StringWriter ();
using (XmlDictionaryWriter dw = CreateWriter (sw)) {
c.WriteXml (dw, new SamlSerializer (), null);
}
Assert.AreEqual (String.Format ("<?xml version=\"1.0\" encoding=\"utf-16\"?><saml:AuthenticationStatement AuthenticationMethod=\"urn:oasis:names:tc:SAML:1.0:am:unspecified\" AuthenticationInstant=\"2000-01-01T00:00:00.000Z\" xmlns:saml=\"{0}\"><saml:Subject><saml:NameIdentifier Format=\"myFormat\" NameQualifier=\"myQualifier\">myName</saml:NameIdentifier></saml:Subject><saml:SubjectLocality IPAddress=\"98.76.54.32\" DNSAddress=\"123.45.67.89\" /></saml:AuthenticationStatement>",
SamlConstants.Namespace), sw.ToString ());
}
public void WriteXmlNullSubject ()
{
SamlAuthenticationStatement c = new SamlAuthenticationStatement ();
StringWriter sw = new StringWriter ();
using (XmlDictionaryWriter dw = CreateWriter (sw)) {
c.WriteXml (dw, new SamlSerializer (), null);
}
}