public void NoClientCert() { StsClient target = new StsClient(new StsBinding(), new EndpointAddress("https://wwwacc.ehealth.fgov.be/sts_1_1/SecureTokenService")); target.ClientCredentials.ServiceCertificate.SetDefaultCertificate(StoreLocation.LocalMachine, StoreName.AddressBook, X509FindType.FindByThumbprint, "23005f9a30f357dfb265de5277db54c5ff61d34d"); target.RequestTicket("Siemens", selfSignedSession, TimeSpan.FromMinutes(10), assertedDefault, requestedDefault); }
public void NoServerCert() { StsClient target = new StsClient(new StsBinding(), new EndpointAddress("https://wwwacc.ehealth.fgov.be/sts_1_1/SecureTokenService")); target.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindByThumbprint, "c0f554147928c3722670a47be2f92a9089add107"); target.RequestTicket("Siemens", selfSignedSession, TimeSpan.FromMinutes(10), assertedDefault, requestedDefault); }
public void ConfigViaConfig() { StsClient target = new StsClient("SSIN=79021802145"); XmlElement assertion = target.RequestTicket("Egelke", session, TimeSpan.FromHours(12), assertedDefault, requestedDefault); XmlDocument doc = new XmlDocument(); doc.ImportNode(assertion, true); doc.AppendChild(assertion); doc.Save(@"D:\tmp\tst.xml"); Assert.AreEqual("Assertion", assertion.LocalName); Assert.AreEqual("urn:oasis:names:tc:SAML:1.0:assertion", assertion.NamespaceURI); }
public void ConfigViaCode() { StsClient target = new StsClient( new StsBinding(), new EndpointAddress( new Uri("https://services-acpt.ehealth.fgov.be/IAM/Saml11TokenService/v1") , EndpointIdentity.CreateDnsIdentity("*.int.pub.ehealth.fgov.be") ) ); //target.Endpoint.Behaviors.Remove<ClientCredentials>(); //target.Endpoint.Behaviors.Add(new OptClientCredentials()); target.ClientCredentials.ServiceCertificate.DefaultCertificate = ehSsl; //not really used, but better then the workaround target.ClientCredentials.ClientCertificate.Certificate = auth; XmlElement assertion = target.RequestTicket("Anonymous", session, TimeSpan.FromHours(1), assertedDefault, requestedDefault); Assert.AreEqual("Assertion", assertion.LocalName); Assert.AreEqual("urn:oasis:names:tc:SAML:1.0:assertion", assertion.NamespaceURI); }
protected override SecurityToken GetTokenCore(TimeSpan timeout) { Collection <XmlElement> reqParams = new Collection <XmlElement>(); foreach (XmlElement param in tokenRequirement.AdditionalRequestParameters) { if (param.NamespaceURI == "urn:oasis:names:tc:SAML:1.0:assertion") { reqParams.Add(param); } } ISessionCache cache = (ISessionCache)Activator.CreateInstance(clientCredentials.Cache, clientCredentials.Config); //Check the cache for existing session. String id; List <String> idSort; id = clientCredentials.ClientCertificate.Certificate.Thumbprint + ";"; id += clientCredentials.Session.Thumbprint + ";"; idSort = new List <string>(); foreach (XmlElement reqParam in reqParams) { String val; val = "{" + reqParam.GetAttribute("AttributeNamespace") + "}"; val += reqParam.GetAttribute("AttributeName"); val += "="; val += reqParam.GetElementsByTagName("AttributeValue", "urn:oasis:names:tc:SAML:1.0:assertion")[0].InnerText; val += ";"; idSort.Add(val); } idSort.Sort(); foreach (String val in idSort) { id += val; } idSort = new List <string>(); foreach (ClaimTypeRequirement req in tokenRequirement.ClaimTypeRequirements) { String val = req.ClaimType + ";"; idSort.Add(val); } idSort.Sort(); foreach (String val in idSort) { id += val; } XmlNamespaceManager nsmngr = null; DateTime notOnOrAfter = DateTime.MinValue; //Get the value from the cache XmlElement assertion = cache.Get(id); //If cache had a result, check if it is still valid if (assertion != null) { nsmngr = new XmlNamespaceManager(assertion.OwnerDocument.NameTable); nsmngr.AddNamespace("saml", "urn:oasis:names:tc:SAML:1.0:assertion"); notOnOrAfter = DateTime.Parse(assertion.SelectSingleNode("saml:Conditions/@NotOnOrAfter", nsmngr).Value, null, DateTimeStyles.RoundtripKind); if (notOnOrAfter < DateTime.UtcNow) { assertion = null; cache.Remove(id); } } //If the cache wasn't successful, create new. if (assertion == null) { //Get a new assertion token for the session StsClient target = new StsClient(tokenRequirement.IssuerBinding, tokenRequirement.IssuerAddress); target.Endpoint.Behaviors.Remove <ClientCredentials>(); target.Endpoint.Behaviors.Add(new OptClientCredentials()); target.ClientCredentials.ClientCertificate.Certificate = clientCredentials.ClientCertificate.Certificate; target.InnerChannel.OperationTimeout = timeout; assertion = target.RequestTicket("Anonymous", clientCredentials.Session, clientCredentials.Duration, reqParams, tokenRequirement.ClaimTypeRequirements); nsmngr = new XmlNamespaceManager(assertion.OwnerDocument.NameTable); nsmngr.AddNamespace("saml", "urn:oasis:names:tc:SAML:1.0:assertion"); notOnOrAfter = DateTime.Parse(assertion.SelectSingleNode("saml:Conditions/@NotOnOrAfter", nsmngr).Value, null, DateTimeStyles.RoundtripKind); cache.Add(id, assertion, notOnOrAfter); } //Get some date from the assertion token DateTime notBefore = DateTime.Parse(assertion.SelectSingleNode("saml:Conditions/@NotBefore", nsmngr).Value, null, DateTimeStyles.RoundtripKind); String assertionId = assertion.SelectSingleNode("@AssertionID", nsmngr).Value; // Create a KeyIdentifierClause for the SamlSecurityToken SamlAssertionKeyIdentifierClause samlKeyIdentifierClause = new SamlAssertionKeyIdentifierClause(assertionId); return(new GenericXmlSecurityToken(assertion, new X509SecurityToken(clientCredentials.Session), notBefore, notOnOrAfter, samlKeyIdentifierClause, samlKeyIdentifierClause, null)); }
public void ConfigViaCode() { StsClient target = new StsClient(new StsBinding(), new EndpointAddress("https://www.ehealth.fgov.be/sts_1_1/SecureTokenService")); target.Endpoint.Behaviors.Remove<ClientCredentials>(); target.Endpoint.Behaviors.Add(new OptClientCredentials()); target.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindByThumbprint, "1ac02600f2f2b68f99f1e8eeab2e780470e0ea4c"); //target.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindByThumbprint, "566fd3fe13e3ab185a7224bcec8ad9cffbf9e9c2"); XmlElement assertion = target.RequestTicket("Anonymous", session, TimeSpan.FromHours(1), assertedDefault, requestedDefault); Assert.AreEqual("Assertion", assertion.LocalName); Assert.AreEqual("urn:oasis:names:tc:SAML:1.0:assertion", assertion.NamespaceURI); }
public void InvalidAddressHttp404() { StsClient target = new StsClient(new StsBinding(), new EndpointAddress("https://wwwacc.ehealth.fgov.be/sts_1_1/SecureTokenService2")); target.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindByThumbprint, "c0f554147928c3722670a47be2f92a9089add107"); target.ClientCredentials.ServiceCertificate.SetDefaultCertificate(StoreLocation.LocalMachine, StoreName.AddressBook, X509FindType.FindByThumbprint, "23005f9a30f357dfb265de5277db54c5ff61d34d"); target.RequestTicket("Siemens", selfSignedSession, TimeSpan.FromMinutes(10), assertedDefault, requestedDefault); }
public void AllNull() { StsClient target = new StsClient(new StsBinding(), new EndpointAddress("https://wwwacc.ehealth.fgov.be/sts_1_1/SecureTokenService")); target.RequestTicket(null, null, DateTime.MinValue, DateTime.MaxValue, null, null); }
protected override SecurityToken GetTokenCore(TimeSpan timeout) { Collection<XmlElement> reqParams = new Collection<XmlElement>(); foreach (XmlElement param in tokenRequirement.AdditionalRequestParameters) { if (param.NamespaceURI == "urn:oasis:names:tc:SAML:1.0:assertion") { reqParams.Add(param); } } ISessionCache cache = (ISessionCache) Activator.CreateInstance(clientCredentials.Cache, clientCredentials.Config); //Check the cache for existing session. String id; List<String> idSort; id = clientCredentials.ClientCertificate.Certificate.Thumbprint + ";"; id += clientCredentials.Session.Thumbprint + ";"; idSort = new List<string>(); foreach (XmlElement reqParam in reqParams) { String val; val = "{" + reqParam.GetAttribute("AttributeNamespace") + "}"; val += reqParam.GetAttribute("AttributeName"); val += "="; val += reqParam.GetElementsByTagName("AttributeValue", "urn:oasis:names:tc:SAML:1.0:assertion")[0].InnerText; val += ";"; idSort.Add(val); } idSort.Sort(); foreach (String val in idSort) { id += val; } idSort = new List<string>(); foreach (ClaimTypeRequirement req in tokenRequirement.ClaimTypeRequirements) { String val = req.ClaimType + ";"; idSort.Add(val); } idSort.Sort(); foreach (String val in idSort) { id += val; } XmlNamespaceManager nsmngr = null; DateTime notOnOrAfter = DateTime.MinValue; //Get the value from the cache XmlElement assertion = cache.Get(id); //If cache had a result, check if it is still valid if (assertion != null) { nsmngr = new XmlNamespaceManager(assertion.OwnerDocument.NameTable); nsmngr.AddNamespace("saml", "urn:oasis:names:tc:SAML:1.0:assertion"); notOnOrAfter = DateTime.Parse(assertion.SelectSingleNode("saml:Conditions/@NotOnOrAfter", nsmngr).Value, null, DateTimeStyles.RoundtripKind); if (notOnOrAfter < DateTime.UtcNow) { assertion = null; cache.Remove(id); } } //If the cache wasn't successful, create new. if (assertion == null) { //Get a new assertion token for the session StsClient target = new StsClient(tokenRequirement.IssuerBinding, tokenRequirement.IssuerAddress); target.Endpoint.Behaviors.Remove<ClientCredentials>(); target.Endpoint.Behaviors.Add(new OptClientCredentials()); target.ClientCredentials.ClientCertificate.Certificate = clientCredentials.ClientCertificate.Certificate; target.InnerChannel.OperationTimeout = timeout; assertion = target.RequestTicket("Anonymous", clientCredentials.Session, clientCredentials.Duration, reqParams, tokenRequirement.ClaimTypeRequirements); nsmngr = new XmlNamespaceManager(assertion.OwnerDocument.NameTable); nsmngr.AddNamespace("saml", "urn:oasis:names:tc:SAML:1.0:assertion"); notOnOrAfter = DateTime.Parse(assertion.SelectSingleNode("saml:Conditions/@NotOnOrAfter", nsmngr).Value, null, DateTimeStyles.RoundtripKind); cache.Add(id, assertion, notOnOrAfter); } //Get some date from the assertion token DateTime notBefore = DateTime.Parse(assertion.SelectSingleNode("saml:Conditions/@NotBefore", nsmngr).Value, null, DateTimeStyles.RoundtripKind); String assertionId = assertion.SelectSingleNode("@AssertionID", nsmngr).Value; // Create a KeyIdentifierClause for the SamlSecurityToken SamlAssertionKeyIdentifierClause samlKeyIdentifierClause = new SamlAssertionKeyIdentifierClause(assertionId); return new GenericXmlSecurityToken(assertion, new X509SecurityToken(clientCredentials.Session), notBefore, notOnOrAfter, samlKeyIdentifierClause, samlKeyIdentifierClause, null); }