/// <summary>
/// Build a signed SAML logout request.
/// </summary>
/// <param name="requestId"></param>
/// <param name="destination"></param>
/// <param name="consumerServiceURL"></param>
/// <param name="certificate"></param>
/// <param name="identityProvider"></param>
/// <param name="subjectNameId"></param>
/// <param name="authnStatementSessionIndex"></param>
/// <returns></returns>
public static LogoutRequestType GetLogoutRequest(string requestId, string consumerServiceURL, X509Certificate2 certificate,
IdentityProvider identityProvider, string subjectNameId, string authnStatementSessionIndex)
{
BusinessValidation.Argument(requestId, string.Format(ErrorLocalization.ParameterCantNullOrEmpty, nameof(requestId)));
BusinessValidation.Argument(subjectNameId, string.Format(ErrorLocalization.ParameterCantNullOrEmpty, nameof(subjectNameId)));
BusinessValidation.Argument(consumerServiceURL, string.Format(ErrorLocalization.ParameterCantNullOrEmpty, nameof(consumerServiceURL)));
BusinessValidation.Argument(certificate, string.Format(ErrorLocalization.ParameterCantNull, nameof(certificate)));
BusinessValidation.Argument(identityProvider, string.Format(ErrorLocalization.ParameterCantNull, nameof(identityProvider)));
if (string.IsNullOrWhiteSpace(identityProvider.DateTimeFormat))
{
identityProvider.DateTimeFormat = SamlDefaultSettings.DateTimeFormat;
}
if (identityProvider.NowDelta == null)
{
identityProvider.NowDelta = SamlDefaultSettings.NowDelta;
}
if (string.IsNullOrWhiteSpace(identityProvider.SingleSignOutServiceUrl))
{
throw new ArgumentNullException("The LogoutServiceUrl of the identity provider is null or empty.");
}
string dateTimeFormat = identityProvider.DateTimeFormat;
string subjectNameIdRemoveText = identityProvider.SubjectNameIdRemoveText;
string singleLogoutServiceUrl = identityProvider.SingleSignOutServiceUrl;
DateTime now = DateTime.UtcNow;
return(new LogoutRequestType
{
ID = "_" + requestId,
Version = "2.0",
IssueInstant = now.ToString(dateTimeFormat),
Destination = singleLogoutServiceUrl,
Issuer = new NameIDType
{
Value = consumerServiceURL.Trim(),
Format = SamlConst.IssuerFormat,
NameQualifier = consumerServiceURL
},
Item = new NameIDType
{
NameQualifier = consumerServiceURL,
Format = SamlConst.NameIDPolicyFormat,
Value = subjectNameIdRemoveText == null ? subjectNameId : subjectNameId.Replace(subjectNameIdRemoveText, String.Empty)
},
NotOnOrAfterSpecified = true,
NotOnOrAfter = now.AddMinutes(10),
Reason = SamlConst.LogoutUserProtocol,
SessionIndex = new string[] { authnStatementSessionIndex }
});
}
/// <summary>
/// Get the IdP Authn Response and extract metadata to the returned DTO class
/// </summary>
/// <param name="base64Response"></param>
/// <returns>IdpSaml2Response</returns>
public static ResponseType GetAuthnResponse(string base64Response)
{
string idpResponse = null;
BusinessValidation.Argument(base64Response, string.Format(ErrorLocalization.ParameterCantNullOrEmpty, nameof(base64Response)));
BusinessValidation.ValidationTry(() => idpResponse = Encoding.UTF8.GetString(Convert.FromBase64String(base64Response)), ErrorLocalization.SingleSignOnUrlRequired);
ResponseType response = null;
try
{
response = DeserializeMessage <ResponseType>(idpResponse);
BusinessValidation.ValidationCondition(() => response == null, ErrorLocalization.ResponseNotValid);
return(response);
}
catch (Exception ex)
{
throw new Exception(ErrorLocalization.ResponseNotValid, ex);
}
}
/// <summary>
/// Build a signed SAML authentication request.
/// </summary>
/// <param name="requestId"></param>
/// <param name="destination"></param>
/// <param name="consumerServiceURL"></param>
/// <param name="securityLevel"></param>
/// <param name="certificate"></param>
/// <param name="identityProvider"></param>
/// <returns>Returns a Base64 Encoded String of the SAML request</returns>
public static AuthnRequestType GetAuthnRequest(string requestId,
string entityId,
ushort?assertionConsumerServiceIndex,
ushort?attributeConsumingServiceIndex,
X509Certificate2 certificate,
IdentityProvider identityProvider)
{
BusinessValidation.Argument(requestId, string.Format(ErrorLocalization.ParameterCantNullOrEmpty, nameof(requestId)));
BusinessValidation.Argument(certificate, string.Format(ErrorLocalization.ParameterCantNull, nameof(certificate)));
BusinessValidation.Argument(identityProvider, string.Format(ErrorLocalization.ParameterCantNull, nameof(identityProvider)));
BusinessValidation.ValidationCondition(() => string.IsNullOrWhiteSpace(identityProvider.SingleSignOnServiceUrl), ErrorLocalization.SingleSignOnUrlRequired);
if (string.IsNullOrWhiteSpace(identityProvider.DateTimeFormat))
{
identityProvider.DateTimeFormat = SamlDefaultSettings.DateTimeFormat;
}
if (identityProvider.NowDelta == null)
{
identityProvider.NowDelta = SamlDefaultSettings.NowDelta;
}
string dateTimeFormat = identityProvider.DateTimeFormat;
double nowDelta = identityProvider.NowDelta.Value;
DateTimeOffset now = DateTimeOffset.UtcNow;
return(new AuthnRequestType
{
ID = "_" + requestId,
Version = SamlConst.Version,
IssueInstant = now.AddMinutes(nowDelta).ToString(dateTimeFormat),
Destination = identityProvider.SingleSignOnServiceUrl,
ForceAuthn = identityProvider.SecurityLevel > 1,
ForceAuthnSpecified = identityProvider.SecurityLevel > 1,
Issuer = new NameIDType
{
Value = entityId.Trim(),
Format = SamlConst.IssuerFormat,
NameQualifier = entityId
},
AssertionConsumerServiceIndex = assertionConsumerServiceIndex ?? SamlDefaultSettings.AssertionConsumerServiceIndex,
AssertionConsumerServiceIndexSpecified = true,
AttributeConsumingServiceIndex = attributeConsumingServiceIndex ?? SamlDefaultSettings.AttributeConsumingServiceIndex,
AttributeConsumingServiceIndexSpecified = true,
NameIDPolicy = new NameIDPolicyType
{
Format = SamlConst.NameIDPolicyFormat,
AllowCreate = false,
AllowCreateSpecified = false
},
Conditions = new ConditionsType
{
NotBefore = now.ToString(dateTimeFormat),
NotBeforeSpecified = true,
NotOnOrAfter = now.AddMinutes(10).ToString(dateTimeFormat),
NotOnOrAfterSpecified = true
},
RequestedAuthnContext = new RequestedAuthnContextType
{
Comparison = AuthnContextComparisonType.exact,
ComparisonSpecified = true,
Items = new string[1]
{
listAuthRefValid[identityProvider.SecurityLevel - 1]
},
ItemsElementName = new ItemsChoiceType7[1]
{
ItemsChoiceType7.AuthnContextClassRef
}
}
});
}
