private IActionResult LoginResponse(Saml2Id inResponseTo, Saml2StatusCodes status, string relayState, RelyingParty relyingParty, string sessionIndex = null, IEnumerable <Claim> claims = null) { var responsebinding = new Saml2PostBinding(); responsebinding.RelayState = relayState; var saml2AuthnResponse = new Saml2AuthnResponse(GetLoginSaml2Config(relyingParty)) { InResponseTo = inResponseTo, Status = status, Destination = relyingParty.SingleSignOnDestination, }; if (status == Saml2StatusCodes.Success && claims != null) { saml2AuthnResponse.SessionIndex = sessionIndex; var claimsIdentity = new ClaimsIdentity(claims); saml2AuthnResponse.NameId = new Saml2NameIdentifier(claimsIdentity.Claims.Where(c => c.Type == ClaimTypes.NameIdentifier).Select(c => c.Value).Single(), NameIdentifierFormats.Persistent); //saml2AuthnResponse.NameId = new Saml2NameIdentifier(claimsIdentity.Claims.Where(c => c.Type == ClaimTypes.NameIdentifier).Select(c => c.Value).Single()); saml2AuthnResponse.ClaimsIdentity = claimsIdentity; _ = saml2AuthnResponse.CreateSecurityToken(relyingParty.Issuer); } return(responsebinding.Bind(saml2AuthnResponse).ToActionResult()); }
private ActionResult LoginResponse(Saml2AuthnRequest saml2AuthnRequest, Saml2StatusCodes status, string relayState, RelyingParty relyingParty, string sessionIndex = null, IEnumerable <Claim> claims = null) { var responsebinding = new Saml2RedirectBinding(); responsebinding.RelayState = relayState; var saml2AuthnResponse = new Saml2AuthnResponse(config) { InResponseTo = saml2AuthnRequest.Id, Status = status, Destination = relyingParty.SingleSignOnDestination, Extensions = saml2AuthnRequest.Extensions }; if (status == Saml2StatusCodes.Success && claims != null) { saml2AuthnResponse.SessionIndex = sessionIndex; var claimsIdentity = new ClaimsIdentity(claims); saml2AuthnResponse.NameId = new Saml2NameIdentifier(claimsIdentity.Claims.Where(c => c.Type == ClaimTypes.NameIdentifier).Select(c => c.Value).Single(), NameIdentifierFormats.Persistent); saml2AuthnResponse.ClaimsIdentity = claimsIdentity; var token = saml2AuthnResponse.CreateSecurityToken(SettingManager.GetInstance().Configuration.Issuer); } return(responsebinding.Bind(saml2AuthnResponse).ToActionResult()); }
public ActionResult Initiate() { var serviceProviderRealm = "https://claimstest.mylogbuy.com"; var binding = new Saml2PostBinding(); binding.RelayState = $"RPID={Uri.EscapeDataString(serviceProviderRealm)}"; var config = new Saml2Configuration { Issuer = "http://some-domain.com/this-application", SingleSignOnDestination = new Uri("https://adfs.mylogbuy.com/adfs/ls/"), SigningCertificate = CertificateUtil.Load( HttpContext.Server.MapPath("~/App_Data/itfoxtec.identity.saml2.testwebapp_Certificate.pfx"), "!QAZ2wsx"), SignatureAlgorithm = Saml2SecurityAlgorithms.RsaSha256Signature }; var appliesToAddress = "http://adfs.mylogbuy.com/adfs/services/trust"; var response = new Saml2AuthnResponse(config); response.Status = Saml2StatusCodes.Success; var claimsIdentity = new ClaimsIdentity(CreateClaims()); response.NameId = new Saml2NameIdentifier(claimsIdentity.Claims.Where(c => c.Type == ClaimTypes.NameIdentifier).Select(c => c.Value).Single(), NameIdentifierFormats.Persistent); response.ClaimsIdentity = claimsIdentity; var token = response.CreateSecurityToken(appliesToAddress); return(binding.Bind(response).ToActionResult()); }
public IActionResult Initiate() { var serviceProviderRealm = "https://some-domain.com/some-service-provider"; var binding = new Saml2PostBinding(); binding.RelayState = $"RPID={Uri.EscapeDataString(serviceProviderRealm)}"; var config = new Saml2Configuration(); config.Issuer = new Uri("http://some-domain.com/this-application"); config.SingleSignOnDestination = new Uri("https://test-adfs.itfoxtec.com/adfs/ls/"); config.SigningCertificate = CertificateUtil.Load(Startup.AppEnvironment.MapToPhysicalFilePath("itfoxtec.identity.saml2.testwebappcore_Certificate.pfx")); config.SignatureAlgorithm = SecurityAlgorithms.RsaSha256Signature; var appliesToAddress = new Uri("https://test-adfs.itfoxtec.com/adfs/services/trust"); var response = new Saml2AuthnResponse(config); response.Status = Saml2StatusCodes.Success; var claimsIdentity = new ClaimsIdentity(CreateClaims()); response.NameId = new Saml2NameIdentifier(claimsIdentity.Claims.Where(c => c.Type == ClaimTypes.NameIdentifier).Select(c => c.Value).Single(), NameIdentifierFormats.Persistent); response.ClaimsIdentity = claimsIdentity; var token = response.CreateSecurityToken(appliesToAddress); return(binding.Bind(response).ToActionResult()); }
private IActionResult LoginResponse(Saml2Id inResponseTo, Saml2StatusCodes status, string relayState, App app, string sessionIndex = null, IEnumerable <Claim> claims = null) { var responseBinding = new Saml2PostBinding(); responseBinding.RelayState = relayState; var saml2AuthnResponse = new Saml2AuthnResponse(_samlConfig) { InResponseTo = inResponseTo, Status = status, Destination = app.SingleSignOnDestination }; if (status == Saml2StatusCodes.Success && claims != null) { saml2AuthnResponse.SessionIndex = sessionIndex; var claimsIdentity = new ClaimsIdentity(claims); saml2AuthnResponse.NameId = new Saml2NameIdentifier(claimsIdentity.Claims.Where(c => c.Type == ClaimTypes.NameIdentifier).Select(c => c.Value).Single(), NameIdentifierFormats.Persistent); saml2AuthnResponse.ClaimsIdentity = claimsIdentity; saml2AuthnResponse.CreateSecurityToken(app.Issuer, subjectConfirmationLifetime: 5, issuedTokenLifetime: 60); } return(responseBinding.Bind(saml2AuthnResponse).ToActionResult()); }
public ActionResult InitiateLogin(User user) { var serviceProviderRealm = ConfigurationManager.AppSettings["serviceProviderRealm"]; var binding = new Saml2PostBinding(); binding.RelayState = $"RPID={Uri.EscapeDataString(serviceProviderRealm)}"; var config = new Saml2Configuration(); config.Issuer = new Uri(ConfigurationManager.AppSettings["issuer"]); config.SingleSignOnDestination = new Uri(ConfigurationManager.AppSettings["SingleSignOnDestination"]); //config.SigningCertificate = CertificateUtil.Load(HttpContext.Server.MapPath("~/App_Data/LnT.sso.saml2.testwebapp_Certificate.pfx")); //config.SignatureAlgorithm = SecurityAlgorithms.RsaSha256Signature; var entityDescriptor = new EntityDescriptor(); string metadataPath = System.Web.HttpContext.Current.Server.MapPath(ConfigurationManager.AppSettings["metadataPath"]); entityDescriptor.ReadIdPSsoDescriptorFromFile(metadataPath); if (entityDescriptor.IdPSsoDescriptor != null) { config.SignatureValidationCertificates.AddRange(entityDescriptor.IdPSsoDescriptor.SigningCertificates); } var appliesToAddress = new Uri(ConfigurationManager.AppSettings["appliesToAddress"]); var response = new Saml2AuthnResponse(config); response.Status = Saml2StatusCodes.Success; var claimsIdentity = new ClaimsIdentity(CreateClaims()); response.NameId = new Saml2NameIdentifier(claimsIdentity.Claims.Where(c => c.Type == ClaimTypes.NameIdentifier).Select(c => c.Value).Single(), NameIdentifierFormats.Persistent); response.ClaimsIdentity = claimsIdentity; var token = response.CreateSecurityToken(appliesToAddress); return(binding.Bind(response).ToActionResult()); }