/// <summary>
/// Call the Saml Helper Class and get the "Post" value, which can then be posted to the web page
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
public static string CreateSamlResponse(string recipient, string issuer, string domain, string subject, StoreLocation storeLocation, StoreName storeName, X509FindType findType, string certLocation, string certPassword, string certFindKey, Dictionary <string, string> attributes, string target)
{
string postData = "";
// Set Parameters to the method call to either the configuration value or a default value
SigningHelper.SignatureType signatureType = SigningHelper.SignatureType.Response;
postData = SamlHelper.GetPostSamlResponse(recipient,
issuer, domain, subject,
storeLocation, storeName, findType,
certLocation, certPassword, certFindKey,
attributes, signatureType);
return(postData);
}
/// <summary>
/// GetPostSamlResponse - Returns a Base64 Encoded String with the SamlResponse in it.
/// </summary>
/// <param name="recipient">Recipient</param>
/// <param name="issuer">Issuer</param>
/// <param name="domain">Domain</param>
/// <param name="subject">Subject</param>
/// <param name="storeLocation">Certificate Store Location</param>
/// <param name="storeName">Certificate Store Name</param>
/// <param name="findType">Certificate Find Type</param>
/// <param name="certLocation">Certificate Location</param>
/// <param name="findValue">Certificate Find Value</param>
/// <param name="certFile">Certificate File (used instead of the above Certificate Parameters)</param>
/// <param name="certPassword">Certificate Password (used instead of the above Certificate Parameters)</param>
/// <param name="attributes">A list of attributes to pass</param>
/// <param name="signatureType">Whether to sign Response or Assertion</param>
/// <returns>A base64Encoded string with a SAML response.</returns>
public static string GetPostSamlResponse(string recipient, string issuer, string domain, string subject,
StoreLocation storeLocation, StoreName storeName, X509FindType findType, string certFile, string certPassword, object findValue,
Dictionary <string, string> attributes, SigningHelper.SignatureType signatureType)
{
ResponseType response = new ResponseType();
// Response Main Area
response.ID = "_" + Guid.NewGuid().ToString();
response.Destination = recipient;
response.Version = "2.0";
response.IssueInstant = System.DateTime.UtcNow;
NameIDType issuerForResponse = new NameIDType();
issuerForResponse.Value = issuer.Trim();
response.Issuer = issuerForResponse;
StatusType status = new StatusType();
status.StatusCode = new StatusCodeType();
status.StatusCode.Value = "urn:oasis:names:tc:SAML:2.0:status:Success";
response.Status = status;
XmlSerializer responseSerializer =
new XmlSerializer(response.GetType());
StringWriter stringWriter = new StringWriter();
XmlWriterSettings settings = new XmlWriterSettings();
settings.OmitXmlDeclaration = true;
settings.Indent = true;
settings.Encoding = Encoding.UTF8;
XmlWriter responseWriter = XmlTextWriter.Create(stringWriter, settings);
string samlString = string.Empty;
AssertionType assertionType = SamlHelper.CreateSamlAssertion(
issuer.Trim(), recipient.Trim(), domain.Trim(), subject.Trim(), attributes);
response.Items = new AssertionType[] { assertionType };
responseSerializer.Serialize(responseWriter, response);
responseWriter.Close();
samlString = stringWriter.ToString();
samlString = samlString.Replace("SubjectConfirmationData",
string.Format("SubjectConfirmationData NotOnOrAfter=\"{0:o}\" Recipient=\"{1}\"",
DateTime.UtcNow.AddMinutes(5), recipient));
stringWriter.Close();
XmlDocument doc = new XmlDocument();
doc.LoadXml(samlString);
X509Certificate2 cert = null;
if (System.IO.File.Exists(certFile))
{
cert = new X509Certificate2(certFile, certPassword);
}
else
{
X509Store store = new X509Store(storeName, storeLocation);
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection coll = store.Certificates.Find(findType, findValue, false);
if (coll.Count < 1)
{
throw new ArgumentException("Unable to locate certificate");
}
cert = coll[0];
store.Close();
}
XmlElement signature =
SigningHelper.SignDoc(doc, cert, "ID",
signatureType == SigningHelper.SignatureType.Response ? response.ID : assertionType.ID);
doc.DocumentElement.InsertBefore(signature,
doc.DocumentElement.ChildNodes[1]);
string responseStr = doc.OuterXml;
byte[] base64EncodedBytes =
Encoding.UTF8.GetBytes(responseStr);
string returnValue = System.Convert.ToBase64String(
base64EncodedBytes);
return(returnValue);
}
