public void Saml2AuthenticationContext_RelativeClassReference_ArgumentException() { var classRef = new Uri("resource", UriKind.Relative); var authContext = new Saml2AuthenticationContext(); Assert.Throws <ArgumentException>(() => new Saml2AuthenticationContext(classRef)); }
public void Saml2AuthenticationContext_RelativeDeclarationReference_ArgumentException() { var authContext = new Saml2AuthenticationContext(); var declarationReference = new Uri("resource", UriKind.Relative); Assert.Throws <ArgumentException>(() => authContext.DeclarationReference = declarationReference); }
private static SecurityToken GenerateHardcodedToken() { var securityTokenDescriptor = new SecurityTokenDescriptor(); securityTokenDescriptor.Subject = ClaimsPrincipal.Current.Identity as ClaimsIdentity; securityTokenDescriptor.Lifetime = new Lifetime(DateTime.Now, DateTime.Now.AddDays(2)); securityTokenDescriptor.TokenIssuerName = "http://identityserver.v2.thinktecture.com/trust/changethis"; securityTokenDescriptor.AppliesToAddress = "https://windows7:444/identity/wstrust/bearer"; securityTokenDescriptor.SigningCredentials = GenerateSigningCredentials(); Saml2SecurityTokenHandler saml2SecurityTokenHandler = new Saml2SecurityTokenHandler(); var saml2SecurityToken = saml2SecurityTokenHandler.CreateToken(securityTokenDescriptor) as Saml2SecurityToken; var authenticationMethod = "urn:oasis:names:tc:SAML:2.0:ac:classes:Password"; var authenticationContext = new Saml2AuthenticationContext(new Uri(authenticationMethod)); saml2SecurityToken.Assertion.Statements.Add(new Saml2AuthenticationStatement(authenticationContext)); return(saml2SecurityToken); }
private static Saml2Assertion CreateAssertion(SigningCredentials samlpTokenSigningCredentials) { var assertion = new Saml2Assertion(new Saml2NameIdentifier("https://mojeid.regtest.nic.cz/saml/idp.xml", new Uri("urn:oasis:names:tc:SAML:2.0:nameid-format:entity"))) { InclusiveNamespacesPrefixList = "ns1 ns2", IssueInstant = DateTime.Parse("2019-04-08T10:30:49Z"), SigningCredentials = samlpTokenSigningCredentials, Id = new Saml2Id("id-2bMsOPOKIqeVIDLqJ") }; var saml2SubjectConfirmationData = new Saml2SubjectConfirmationData { InResponseTo = new Saml2Id("ida5714d006fcc430c92aacf34ab30b166"), NotOnOrAfter = DateTime.Parse("2019-04-08T10:45:49Z"), Recipient = new Uri("https://tnia.eidentita.cz/fpsts/processRequest.aspx") }; var saml2SubjectConfirmation = new Saml2SubjectConfirmation(new Uri("urn:oasis:names:tc:SAML:2.0:cm:bearer"), saml2SubjectConfirmationData); var saml2Subject = new Saml2Subject(new Saml2NameIdentifier("6dfe0399103d11411b1fa00772b6a13e0858605b80c20ea845769c57b41479ed", new Uri("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"))); saml2Subject.SubjectConfirmations.Add(saml2SubjectConfirmation); assertion.Subject = saml2Subject; var saml2AudienceRestrictions = new Saml2AudienceRestriction("urn:microsoft: cgg2010: fpsts"); var saml2Conditions = new Saml2Conditions(); saml2Conditions.AudienceRestrictions.Add(saml2AudienceRestrictions); saml2Conditions.NotBefore = DateTime.Parse("2019-04-08T10:30:49Z"); saml2Conditions.NotOnOrAfter = DateTime.Parse("2019-04-08T10:45:49Z"); assertion.Conditions = saml2Conditions; var saml2AuthenticationContext = new Saml2AuthenticationContext(new Uri("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport")); var saml2Statement = new Saml2AuthenticationStatement(saml2AuthenticationContext) { AuthenticationInstant = DateTime.Parse("2019-04-08T10:30:49Z"), SessionIndex = "id-oTnhrqWtcTTEntvMy" }; assertion.Statements.Add(saml2Statement); return(assertion); }
public void Saml2AuthenticationContext_NullClassReference_ArgumentNullException() { var authContext = new Saml2AuthenticationContext(); Assert.Throws <ArgumentNullException>(() => authContext.ClassReference = null); }
private async Task <Saml2SecurityToken> CreateSecurityTokenAsync(SignInRequest request, RelyingParty rp, ClaimsIdentity outgoingSubject) { var now = DateTime.Now; var outgoingNameId = outgoingSubject.Claims.FirstOrDefault(c => c.Type == ClaimTypes.NameIdentifier); if (outgoingNameId == null) { _logger.LogError("The user profile does not have a name id"); throw new SignInException("The user profile does not have a name id"); } var issuer = new Saml2NameIdentifier(_options.IssuerName); var nameId = new Saml2NameIdentifier(outgoingNameId.Value); var subjectConfirmationData = new Saml2SubjectConfirmationData(); subjectConfirmationData.NotOnOrAfter = now.AddMinutes( rp.TokenLifetimeInMinutes.GetValueOrDefault(_options.DefaultNotOnOrAfterInMinutes)); if (request.Parameters.ContainsKey("Recipient")) { subjectConfirmationData.Recipient = new Uri(request.Parameters["Recipient"]); } else { subjectConfirmationData.Recipient = new Uri(rp.ReplyUrl); } var subjectConfirmation = new Saml2SubjectConfirmation(new Uri("urn:oasis:names:tc:SAML:2.0:cm:bearer"), subjectConfirmationData); subjectConfirmation.NameIdentifier = nameId; var subject = new Saml2Subject(subjectConfirmation); var conditions = new Saml2Conditions(new Saml2AudienceRestriction[] { new Saml2AudienceRestriction(request.Realm) }); conditions.NotOnOrAfter = now.AddMinutes( rp.TokenLifetimeInMinutes.GetValueOrDefault(_options.DefaultNotOnOrAfterInMinutes)); conditions.NotBefore = now.Subtract(TimeSpan.FromMinutes(_options.DefaultNotBeforeInMinutes)); var authContext = new Saml2AuthenticationContext(new Uri("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport")); var authStatement = new Saml2AuthenticationStatement(authContext, now); authStatement.SessionIndex = (request.Parameters.ContainsKey("SessionIndex")) ? request.Parameters["SessionIndex"] : null; var attributeStament = new Saml2AttributeStatement(); foreach (var claim in outgoingSubject.Claims) { _logger.LogDebug("Adding attribute in SAML token '{0} - {1}'", claim.Type, claim.Value); attributeStament.Attributes.Add(new Saml2Attribute(claim.Type, claim.Value)); } var assertion = new Saml2Assertion(issuer); assertion.Id = new Saml2Id(); assertion.Subject = subject; assertion.Conditions = conditions; assertion.Statements.Add(attributeStament); assertion.Statements.Add(authStatement); assertion.IssueInstant = now; assertion.SigningCredentials = await _keyService.GetSigningCredentialsAsync(); var token = new Saml2SecurityToken(assertion); token.SigningKey = assertion.SigningCredentials.Key; return(token); }