// Process the SAML response.
private void ProcessSAMLResponse(SAMLResponse samlResponse, string relayState)
{
Trace.Write("SP", "Processing SAML response");
// Check whether the SAML response indicates success.
if (!samlResponse.IsSuccess())
{
throw new ArgumentException("Received error response");
}
// Extract the asserted identity from the SAML response.
SAMLAssertion samlAssertion = null;
if (samlResponse.GetAssertions().Count > 0)
{
samlAssertion = samlResponse.GetAssertions()[0];
}
else
{
throw new ArgumentException("No assertions in response");
}
// Enforce single use of the SAML assertion.
if (!AssertionIDCache.Add(samlAssertion))
{
throw new ArgumentException("The SAML assertion has already been used");
}
// Get the subject name identifier.
string userName = null;
if (samlAssertion.Subject.NameID != null)
{
userName = samlAssertion.Subject.NameID.NameIdentifier;
}
else
{
throw new ArgumentException("No name in subject");
}
// Create a login context for the asserted identity.
FormsAuthentication.SetAuthCookie(userName, false);
// Redirect to the requested URL.
Response.Redirect(relayState, false);
Trace.Write("SP", "Processed successful SAML response");
}
// Process the SAML response.
private void ProcessSAMLResponse(SAMLResponse samlResponse, string relayState)
{
Trace.Write("SP", "Processing SAML response");
// Check whether the SAML response indicates success.
if (!samlResponse.IsSuccess())
{
throw new ArgumentException("Received error response");
}
// Extract the asserted identity from the SAML response.
SAMLAssertion samlAssertion = null;
if (samlResponse.GetAssertions().Count > 0)
{
samlAssertion = samlResponse.GetAssertions()[0];
}
else
{
throw new ArgumentException("No assertions in response");
}
// Enforce single use of the SAML assertion.
if (!AssertionIDCache.Add(samlAssertion))
{
throw new ArgumentException("The SAML assertion has already been used");
}
// Get the subject name identifier.
string userName = null;
if (samlAssertion.Subject.NameID != null)
{
userName = samlAssertion.Subject.NameID.NameIdentifier;
}
else
{
throw new ArgumentException("No name in subject");
}
// Create a login context for the asserted identity.
FormsAuthentication.SetAuthCookie(userName, false);
// Redirect to the requested URL.
Response.Redirect(relayState, false);
Trace.Write("SP", "Processed successful SAML response");
}
// Process the SAML response returned by the identity provider in response
// to the authentication request sent by the service provider.
private void ProcessSAMLResponse()
{
// Receive the SAML response.
SAMLResponse samlResponse = null;
string relayState = null;
ReceiveSAMLResponse(out samlResponse, out relayState);
// Check whether the SAML response indicates success or an error and process accordingly.
if (samlResponse.IsSuccess())
{
ProcessSuccessSAMLResponse(samlResponse, relayState);
}
else
{
ProcessErrorSAMLResponse(samlResponse);
}
}
