/// <summary> /// Processes a successful SAML response and redirect to the requested URL. /// </summary> /// <param name="page">The page object.</param> /// <param name="samlResponse">The SAML response object.</param> /// <param name="relayState">The relay state.</param> public static void SamlSuccessRedirect(Page page, ComponentPro.Saml2.Response samlResponse, string relayState) { // Get the previously loaded certificate. X509Certificate2 x509Certificate = (X509Certificate2)page.Application[Global.SpCertKey]; Assertion samlAssertion; // Check assertions. if (samlResponse.GetAssertions().Count > 0) { // Extract the first assertion. samlAssertion = samlResponse.GetAssertions()[0]; } else if (samlResponse.GetEncryptedAssertions().Count > 0) { // Extract the first assertion. samlAssertion = samlResponse.GetEncryptedAssertions()[0].Decrypt(x509Certificate.PrivateKey, null); } else { throw new ApplicationException("No assertions in response"); } string userName; // Get the subject name identifier. if (samlAssertion.Subject.NameId != null) { userName = samlAssertion.Subject.NameId.NameIdentifier; } else if (samlAssertion.Subject.EncryptedId != null) { NameId nameId = samlAssertion.Subject.EncryptedId.Decrypt(x509Certificate.PrivateKey, null); userName = nameId.NameIdentifier; } else { throw new ApplicationException("No name in subject"); } // Get the originally requested resource URL from the relay state. string resourceUrl = (string)SamlSettings.CacheProvider.Remove(relayState); if (resourceUrl == null) { throw new ApplicationException("Invalid relay state"); } // Create a login context for the asserted identity. FormsAuthentication.SetAuthCookie(userName, false); // Redirect to the originally requested resource URL. page.Response.Redirect(resourceUrl, false); }