/// <summary> /// Signs the SAML request. /// </summary> /// <param name="authRequest">The authentication request.</param> /// <returns>Signed Xml.</returns> public string SignSamlRequest(Saml2AuthenticationSecondFactorRequest authRequest) { var xmlDoc = XmlHelpers.XmlDocumentFromString(authRequest.ToXml()); xmlDoc.Sign(this.signingCertificate, true, this.sigAlgoritm); var xml = xmlDoc.OuterXml; var encodedXml = Convert.ToBase64String(Encoding.UTF8.GetBytes(xml)); return(encodedXml); }
/// <summary> /// Creates the SAML authentication request with the correct name identifier. /// </summary> /// <param name="identityClaim">The identity claim.</param> /// <param name="authnRequestId">The AuthnRequest identifier.</param> /// <param name="ascUri">The asc URI.</param> /// <returns>The authentication request.</returns> public static Saml2AuthenticationSecondFactorRequest CreateAuthnRequest(Claim identityClaim, string authnRequestId, Uri ascUri) { var serviceproviderConfiguration = Kentor.AuthServices.Configuration.Options.FromConfiguration; Log.DebugFormat("Creating AuthnRequest for identity '{0}'", identityClaim.Value); var nameIdentifier = new Saml2NameIdentifier(GetNameId(identityClaim), new Uri("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified")); var authnRequest = new Saml2AuthenticationSecondFactorRequest { DestinationUrl = Settings.Default.SecondFactorEndpoint, AssertionConsumerServiceUrl = ascUri, Issuer = serviceproviderConfiguration.SPOptions.EntityId, RequestedAuthnContext = new Saml2RequestedAuthnContext(Settings.Default.MinimalLoa, AuthnContextComparisonType.Exact), Subject = new Saml2Subject(nameIdentifier), }; authnRequest.SetId(authnRequestId); Log.InfoFormat("Created AuthnRequest for '{0}' with id '{1}'", identityClaim.Value, authnRequest.Id.Value); return(authnRequest); }