/// <summary> /// Build a signed SAML logout request. /// </summary> /// <param name="requestId"></param> /// <param name="destination"></param> /// <param name="consumerServiceURL"></param> /// <param name="certificate"></param> /// <param name="identityProvider"></param> /// <param name="subjectNameId"></param> /// <param name="authnStatementSessionIndex"></param> /// <returns></returns> public static LogoutRequestType GetLogoutRequest(string requestId, string consumerServiceURL, X509Certificate2 certificate, IdentityProvider identityProvider, string subjectNameId, string authnStatementSessionIndex) { BusinessValidation.Argument(requestId, string.Format(ErrorLocalization.ParameterCantNullOrEmpty, nameof(requestId))); BusinessValidation.Argument(subjectNameId, string.Format(ErrorLocalization.ParameterCantNullOrEmpty, nameof(subjectNameId))); BusinessValidation.Argument(consumerServiceURL, string.Format(ErrorLocalization.ParameterCantNullOrEmpty, nameof(consumerServiceURL))); BusinessValidation.Argument(certificate, string.Format(ErrorLocalization.ParameterCantNull, nameof(certificate))); BusinessValidation.Argument(identityProvider, string.Format(ErrorLocalization.ParameterCantNull, nameof(identityProvider))); if (string.IsNullOrWhiteSpace(identityProvider.DateTimeFormat)) { identityProvider.DateTimeFormat = SamlDefaultSettings.DateTimeFormat; } if (identityProvider.NowDelta == null) { identityProvider.NowDelta = SamlDefaultSettings.NowDelta; } if (string.IsNullOrWhiteSpace(identityProvider.SingleSignOutServiceUrl)) { throw new ArgumentNullException("The LogoutServiceUrl of the identity provider is null or empty."); } string dateTimeFormat = identityProvider.DateTimeFormat; string subjectNameIdRemoveText = identityProvider.SubjectNameIdRemoveText; string singleLogoutServiceUrl = identityProvider.SingleSignOutServiceUrl; DateTime now = DateTime.UtcNow; return(new LogoutRequestType { ID = "_" + requestId, Version = "2.0", IssueInstant = now.ToString(dateTimeFormat), Destination = singleLogoutServiceUrl, Issuer = new NameIDType { Value = consumerServiceURL.Trim(), Format = SamlConst.IssuerFormat, NameQualifier = consumerServiceURL }, Item = new NameIDType { NameQualifier = consumerServiceURL, Format = SamlConst.NameIDPolicyFormat, Value = subjectNameIdRemoveText == null ? subjectNameId : subjectNameId.Replace(subjectNameIdRemoveText, String.Empty) }, NotOnOrAfterSpecified = true, NotOnOrAfter = now.AddMinutes(10), Reason = SamlConst.LogoutUserProtocol, SessionIndex = new string[] { authnStatementSessionIndex } }); }
/// <summary> /// Get the IdP Authn Response and extract metadata to the returned DTO class /// </summary> /// <param name="base64Response"></param> /// <returns>IdpSaml2Response</returns> public static ResponseType GetAuthnResponse(string base64Response) { string idpResponse = null; BusinessValidation.Argument(base64Response, string.Format(ErrorLocalization.ParameterCantNullOrEmpty, nameof(base64Response))); BusinessValidation.ValidationTry(() => idpResponse = Encoding.UTF8.GetString(Convert.FromBase64String(base64Response)), ErrorLocalization.SingleSignOnUrlRequired); ResponseType response = null; try { response = DeserializeMessage <ResponseType>(idpResponse); BusinessValidation.ValidationCondition(() => response == null, ErrorLocalization.ResponseNotValid); return(response); } catch (Exception ex) { throw new Exception(ErrorLocalization.ResponseNotValid, ex); } }
/// <summary> /// Build a signed SAML authentication request. /// </summary> /// <param name="requestId"></param> /// <param name="destination"></param> /// <param name="consumerServiceURL"></param> /// <param name="securityLevel"></param> /// <param name="certificate"></param> /// <param name="identityProvider"></param> /// <returns>Returns a Base64 Encoded String of the SAML request</returns> public static AuthnRequestType GetAuthnRequest(string requestId, string entityId, ushort?assertionConsumerServiceIndex, ushort?attributeConsumingServiceIndex, X509Certificate2 certificate, IdentityProvider identityProvider) { BusinessValidation.Argument(requestId, string.Format(ErrorLocalization.ParameterCantNullOrEmpty, nameof(requestId))); BusinessValidation.Argument(certificate, string.Format(ErrorLocalization.ParameterCantNull, nameof(certificate))); BusinessValidation.Argument(identityProvider, string.Format(ErrorLocalization.ParameterCantNull, nameof(identityProvider))); BusinessValidation.ValidationCondition(() => string.IsNullOrWhiteSpace(identityProvider.SingleSignOnServiceUrl), ErrorLocalization.SingleSignOnUrlRequired); if (string.IsNullOrWhiteSpace(identityProvider.DateTimeFormat)) { identityProvider.DateTimeFormat = SamlDefaultSettings.DateTimeFormat; } if (identityProvider.NowDelta == null) { identityProvider.NowDelta = SamlDefaultSettings.NowDelta; } string dateTimeFormat = identityProvider.DateTimeFormat; double nowDelta = identityProvider.NowDelta.Value; DateTimeOffset now = DateTimeOffset.UtcNow; return(new AuthnRequestType { ID = "_" + requestId, Version = SamlConst.Version, IssueInstant = now.AddMinutes(nowDelta).ToString(dateTimeFormat), Destination = identityProvider.SingleSignOnServiceUrl, ForceAuthn = identityProvider.SecurityLevel > 1, ForceAuthnSpecified = identityProvider.SecurityLevel > 1, Issuer = new NameIDType { Value = entityId.Trim(), Format = SamlConst.IssuerFormat, NameQualifier = entityId }, AssertionConsumerServiceIndex = assertionConsumerServiceIndex ?? SamlDefaultSettings.AssertionConsumerServiceIndex, AssertionConsumerServiceIndexSpecified = true, AttributeConsumingServiceIndex = attributeConsumingServiceIndex ?? SamlDefaultSettings.AttributeConsumingServiceIndex, AttributeConsumingServiceIndexSpecified = true, NameIDPolicy = new NameIDPolicyType { Format = SamlConst.NameIDPolicyFormat, AllowCreate = false, AllowCreateSpecified = false }, Conditions = new ConditionsType { NotBefore = now.ToString(dateTimeFormat), NotBeforeSpecified = true, NotOnOrAfter = now.AddMinutes(10).ToString(dateTimeFormat), NotOnOrAfterSpecified = true }, RequestedAuthnContext = new RequestedAuthnContextType { Comparison = AuthnContextComparisonType.exact, ComparisonSpecified = true, Items = new string[1] { listAuthRefValid[identityProvider.SecurityLevel - 1] }, ItemsElementName = new ItemsChoiceType7[1] { ItemsChoiceType7.AuthnContextClassRef } } }); }