private Saml2Configuration GetSamlConfiguration() { var myconfig = new Saml2Configuration { ServiceProvider = new ServiceProvider { SigningCertificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(FileEmbeddedResource("SelfHostOwinSPExample.sts_dev_certificate.pfx"), "test1234", System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.MachineKeySet), Server = "https://localhost:44333/core", Id = "https://localhost:44333/core" }, AllowedAudienceUris = new System.Collections.Generic.List <Uri>(new[] { new Uri("https://localhost:44333/core") }) }; myconfig.ServiceProvider.Endpoints.AddRange(new[] { new ServiceProviderEndpoint(EndpointType.SignOn, "/core/saml2/login", "/core"), new ServiceProviderEndpoint(EndpointType.Logout, "/core/saml2/logout", "/core"), new ServiceProviderEndpoint(EndpointType.Metadata, "/core/saml2/metadata") }); var idpSource = new IdentityProviders(); idpSource.AddByMetadataDirectory("..\\..\\Metadata"); //myconfig.IdentityProviders.AddByMetadataUrl(new Uri("https://tas.fhict.nl/identity/saml2/metadata")); idpSource.First().OmitAssertionSignatureCheck = true; myconfig.IdentityProvidersSource = idpSource; myconfig.LoggingFactoryType = "SAML2.Logging.DebugLoggerFactory"; return(myconfig); }
private IdentityProviders ToIdentityProviders(IEnumerable<IdentityProvider> providers, IdentityProviderCollection config) { var idps = new IdentityProviders(providers) { Encodings = config.Encodings, SelectionUrl = config.SelectionUrl }; idps.AddByMetadataDirectory(config.MetadataLocation); return idps; }
private IdentityProviders ToIdentityProviders(IEnumerable <IdentityProvider> providers, IdentityProviderCollection config) { var idps = new IdentityProviders(providers) { Encodings = config.Encodings, SelectionUrl = config.SelectionUrl }; idps.AddByMetadataDirectory(config.MetadataLocation); return(idps); }
//[ExpectedException(typeof(Saml20Exception), ExpectedMessage = "Assertion is no longer valid.")] public void CanDecryptFOBSAssertion() { // Arrange var doc = AssertionUtil.LoadBase64EncodedXmlDocument(@"Assertions\fobs-assertion2"); var encryptedList = doc.GetElementsByTagName(EncryptedAssertion.ElementName, Saml20Constants.Assertion); // Do some mock configuration. var idpSource = new IdentityProviders(); var config = new Saml2Configuration { AllowedAudienceUris = new System.Collections.Generic.List <Uri>(), IdentityProvidersSource = idpSource }; config.AllowedAudienceUris.Add(new Uri("https://saml.safewhere.net")); idpSource.AddByMetadataDirectory(@"Protocol\MetadataDocs\FOBS"); // Set it manually. var cert = new X509Certificate2(@"Certificates\SafewhereTest_SFS.pfx", "test1234"); var encryptedAssertion = new Saml20EncryptedAssertion((RSA)cert.PrivateKey); encryptedAssertion.LoadXml((XmlElement)encryptedList[0]); // Act encryptedAssertion.Decrypt(); // Retrieve metadata var assertion = new Saml20Assertion(encryptedAssertion.Assertion.DocumentElement, null, false, TestConfiguration.Configuration); var endp = config.IdentityProvidersSource.GetById(assertion.Issuer); // Assert Assert.That(encryptedList.Count == 1); Assert.IsNotNull(endp, "Endpoint not found"); Assert.IsNotNull(endp.Metadata, "Metadata not found"); try { assertion.CheckValid(AssertionUtil.GetTrustedSigners(assertion.Issuer)); Assert.Fail("Verification should fail. Token does not include its signing key."); } catch (InvalidOperationException) { } Assert.IsNull(assertion.SigningKey, "Signing key is already present on assertion. Modify test."); //Assert.IsTrue("We have tested this next test" == ""); //Assert.That(assertion.CheckSignature(Saml20SignonHandler.GetTrustedSigners(endp.Metadata.GetKeys(KeyTypes.Signing), endp))); //Assert.IsNotNull(assertion.SigningKey, "Signing key was not set on assertion instance."); }