protected override void OnWriteBodyContents(XmlDictionaryWriter writer) { writer.WriteStartElement("RequestSecurityTokenResponse", "http://schemas.xmlsoap.org/ws/2005/02/trust"); if (base.TokenType != null && base.TokenType.Length > 0) { writer.WriteStartElement("TokenType", "http://schemas.xmlsoap.org/ws/2005/02/trust"); writer.WriteString(base.TokenType); writer.WriteEndElement(); } WSSecurityTokenSerializer wssecurityTokenSerializer = new WSSecurityTokenSerializer(); if (this.RequestedSecurityToken != null) { writer.WriteStartElement("RequestedSecurityToken", "http://schemas.xmlsoap.org/ws/2005/02/trust"); wssecurityTokenSerializer.WriteToken(writer, this.RequestedSecurityToken); writer.WriteEndElement(); } if (this.RequestedAttachedReference != null) { writer.WriteStartElement("RequestedAttachedReference", "http://schemas.xmlsoap.org/ws/2005/02/trust"); wssecurityTokenSerializer.WriteKeyIdentifierClause(writer, this.RequestedAttachedReference); writer.WriteEndElement(); } if (this.RequestedUnattachedReference != null) { writer.WriteStartElement("RequestedUnattachedReference", "http://schemas.xmlsoap.org/ws/2005/02/trust"); wssecurityTokenSerializer.WriteKeyIdentifierClause(writer, this.RequestedUnattachedReference); writer.WriteEndElement(); } if (base.AppliesTo != null) { writer.WriteStartElement("AppliesTo", "http://schemas.xmlsoap.org/ws/2004/09/policy"); base.AppliesTo.WriteTo(AddressingVersion.WSAddressing10, writer); writer.WriteEndElement(); } if (this.RequestedProofToken != null) { writer.WriteStartElement("RequestedProofToken", "http://schemas.xmlsoap.org/ws/2005/02/trust"); wssecurityTokenSerializer.WriteToken(writer, this.RequestedProofToken); writer.WriteEndElement(); } if (this.IssuerEntropy != null && this.ComputeKey) { writer.WriteStartElement("RequestedProofToken", "http://schemas.xmlsoap.org/ws/2005/02/trust"); writer.WriteStartElement("ComputedKey", "http://schemas.xmlsoap.org/ws/2005/02/trust"); writer.WriteValue("http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1"); writer.WriteEndElement(); writer.WriteEndElement(); if (this.IssuerEntropy != null) { writer.WriteStartElement("Entropy", "http://schemas.xmlsoap.org/ws/2005/02/trust"); wssecurityTokenSerializer.WriteToken(writer, this.IssuerEntropy); writer.WriteEndElement(); } } writer.WriteEndElement(); }
/// <summary> /// Creates the security token /// </summary> /// <param name="timeout">Maximum amount of time the method is supposed to take. Ignored in this implementation.</param> /// <returns>A SecurityToken corresponding the SAML assertion and proof key specified at construction time</returns> protected override SecurityToken GetTokenCore(TimeSpan timeout) { // Create a SamlSecurityToken from the provided assertion SamlSecurityToken samlToken = new SamlSecurityToken(assertion); // Create a SecurityTokenSerializer that will be used to serialize the SamlSecurityToken WSSecurityTokenSerializer ser = new WSSecurityTokenSerializer(); // Create a memory stream to write the serialized token into // Use an initial size of 64Kb MemoryStream s = new MemoryStream(UInt16.MaxValue); // Create an XmlWriter over the stream XmlWriter xw = XmlWriter.Create(s); // Write the SamlSecurityToken into the stream ser.WriteToken(xw, samlToken); // Seek back to the beginning of the stream s.Seek(0, SeekOrigin.Begin); // Load the serialized token into a DOM XmlDocument dom = new XmlDocument(); dom.Load(s); // Create a KeyIdentifierClause for the SamlSecurityToken SamlAssertionKeyIdentifierClause samlKeyIdentifierClause = samlToken.CreateKeyIdentifierClause <SamlAssertionKeyIdentifierClause>(); // Return a GenericXmlToken from the XML for the SamlSecurityToken, the proof token, the valid from // and valid until times from the assertion and the key identifier clause created above return(new GenericXmlSecurityToken(dom.DocumentElement, proofToken, assertion.Conditions.NotBefore, assertion.Conditions.NotOnOrAfter, samlKeyIdentifierClause, samlKeyIdentifierClause, null)); }
protected override SecurityToken GetTokenCore(TimeSpan timeout) { SecurityToken securityToken; SamlAssertion samlAssertion; if (base.TokenRequirement.KeyType == SecurityKeyType.SymmetricKey) { securityToken = SamlSecurityTokenProvider.CreateSymmetricProofToken(base.TokenRequirement.KeySize); samlAssertion = this.CreateSamlAssertionWithSymmetricKey((BinarySecretSecurityToken)securityToken); } else { if (base.TokenRequirement.KeyType != SecurityKeyType.AsymmetricKey) { throw new ArgumentOutOfRangeException("KeyType"); } securityToken = SamlSecurityTokenProvider.CreateAsymmetricProofToken(); samlAssertion = this.CreateSamlAssertionWithAsymmetricKey(securityToken); } SamlSecurityToken samlSecurityToken = new SamlSecurityToken(samlAssertion); XmlDocument xmlDocument = new XmlDocument(); using (XmlWriter xmlWriter = xmlDocument.CreateNavigator().AppendChild()) { WSSecurityTokenSerializer wSSecurityTokenSerializer = new WSSecurityTokenSerializer(); wSSecurityTokenSerializer.WriteToken(xmlWriter, samlSecurityToken); } SamlAssertionKeyIdentifierClause samlAssertionKeyIdentifierClause = samlSecurityToken.CreateKeyIdentifierClause <SamlAssertionKeyIdentifierClause>(); return(new GenericXmlSecurityToken(xmlDocument.DocumentElement, securityToken, samlAssertion.Conditions.NotBefore, samlAssertion.Conditions.NotOnOrAfter, samlAssertionKeyIdentifierClause, samlAssertionKeyIdentifierClause, null)); }
private XmlElement ToXmlElement(SecurityToken token) { using (XmlDocumentWriterHelper documentWriterHelper = new XmlDocumentWriterHelper()) { _tokenSerializer.WriteToken(documentWriterHelper.CreateDocumentWriter(), token); XmlDocument xmlDocument = documentWriterHelper.ReadDocument(); return(xmlDocument.DocumentElement); } }
protected override SecurityToken GetTokenCore(TimeSpan timeout) { SamlSecurityToken samlSecurityToken = new SamlSecurityToken(this.assertion); WSSecurityTokenSerializer wssecurityTokenSerializer = new WSSecurityTokenSerializer(); MemoryStream memoryStream = new MemoryStream(65535); XmlWriter writer = XmlWriter.Create(memoryStream); wssecurityTokenSerializer.WriteToken(writer, samlSecurityToken); memoryStream.Seek(0L, SeekOrigin.Begin); XmlDocument xmlDocument = new XmlDocument(); xmlDocument.Load(memoryStream); SamlAssertionKeyIdentifierClause samlAssertionKeyIdentifierClause = samlSecurityToken.CreateKeyIdentifierClause <SamlAssertionKeyIdentifierClause>(); return(new GenericXmlSecurityToken(xmlDocument.DocumentElement, this.proofToken, this.assertion.Conditions.NotBefore, this.assertion.Conditions.NotOnOrAfter, samlAssertionKeyIdentifierClause, samlAssertionKeyIdentifierClause, null)); }
public static string SerializeSamlToken(SamlSecurityToken token) { var samlBuilder = new StringBuilder(); using (var writer = XmlWriter.Create(samlBuilder)) { try { var keyInfoSerializer = new WSSecurityTokenSerializer(); keyInfoSerializer.WriteToken(writer, token); Console.WriteLine("Saml Token Successfully Created"); } catch (Exception) { Console.WriteLine("Failed to seralize token"); } } return(samlBuilder.ToString()); }
public static string SerializeToken(SecurityToken token, bool urlEncode = false) { StringBuilder sb = new StringBuilder(); if (token is GenericXmlSecurityToken) { WSSecurityTokenSerializer wss = new WSSecurityTokenSerializer(SecurityVersion.WSSecurity11); XmlWriter writer = XmlWriter.Create(sb); wss.WriteToken(writer, token); } else { SecurityTokenHandlerCollection handlers = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.SecurityTokenHandlers; handlers.WriteToken(new XmlTextWriter(new StringWriter(sb)), token); } string serialized = sb.ToString(); return(urlEncode ? HttpUtility.UrlEncode(serialized) : serialized); }
// Methods of BodyWriter protected override void OnWriteBodyContents(XmlDictionaryWriter writer) { writer.WriteStartElement(Constants.Trust.Elements.RequestSecurityTokenResponse, Constants.Trust.NamespaceUri); if (this.TokenType != null && this.TokenType.Length > 0) { writer.WriteStartElement(Constants.Trust.Elements.TokenType, Constants.Trust.NamespaceUri); writer.WriteString(this.TokenType); writer.WriteEndElement(); // wst:TokenType } WSSecurityTokenSerializer ser = new WSSecurityTokenSerializer(); if (this.RequestedSecurityToken != null) { writer.WriteStartElement(Constants.Trust.Elements.RequestedSecurityToken, Constants.Trust.NamespaceUri); ser.WriteToken(writer, this.RequestedSecurityToken); writer.WriteEndElement(); // wst:RequestedSecurityToken } if (this.RequestedAttachedReference != null) { writer.WriteStartElement(Constants.Trust.Elements.RequestedAttachedReference, Constants.Trust.NamespaceUri); ser.WriteKeyIdentifierClause(writer, this.RequestedAttachedReference); writer.WriteEndElement(); // wst:RequestedAttachedReference } if (this.RequestedUnattachedReference != null) { writer.WriteStartElement(Constants.Trust.Elements.RequestedUnattachedReference, Constants.Trust.NamespaceUri); ser.WriteKeyIdentifierClause(writer, this.RequestedUnattachedReference); writer.WriteEndElement(); // wst:RequestedAttachedReference } if (this.AppliesTo != null) { writer.WriteStartElement(Constants.Policy.Elements.AppliesTo, Constants.Policy.NamespaceUri); this.AppliesTo.WriteTo(AddressingVersion.WSAddressing10, writer); writer.WriteEndElement(); // wsp:AppliesTo } if (this.RequestedProofToken != null)// Issuer entropy; write RPT only { writer.WriteStartElement(Constants.Trust.Elements.RequestedProofToken, Constants.Trust.NamespaceUri); ser.WriteToken(writer, this.RequestedProofToken); writer.WriteEndElement(); // wst:RequestedSecurityToken } if (this.IssuerEntropy != null && this.ComputeKey) // Combined entropy; write RPT and Entropy { writer.WriteStartElement(Constants.Trust.Elements.RequestedProofToken, Constants.Trust.NamespaceUri); writer.WriteStartElement(Constants.Trust.Elements.ComputedKey, Constants.Trust.NamespaceUri); writer.WriteValue(Constants.Trust.ComputedKeyAlgorithms.PSHA1); writer.WriteEndElement(); // wst:ComputedKey writer.WriteEndElement(); // wst:RequestedSecurityToken if (this.IssuerEntropy != null) { writer.WriteStartElement(Constants.Trust.Elements.Entropy, Constants.Trust.NamespaceUri); ser.WriteToken(writer, this.IssuerEntropy); writer.WriteEndElement(); // wst:Entropy } } writer.WriteEndElement(); // wst:RequestSecurityTokenResponse }
// Methods of BodyWriter /// <summary> /// Writes out an XML representation of the instance. /// </summary> /// <param name="writer">The writer to be used to write out the XML content</param> protected override void OnWriteBodyContents(XmlDictionaryWriter writer) { // Write out the wst:RequestSecurityTokenResponse start tag writer.WriteStartElement(Constants.Trust.Elements.RequestSecurityTokenResponse, Constants.Trust.NamespaceUri); // If we have a non-null, non-empty tokenType... if (this.TokenType != null && this.TokenType.Length > 0) { // Write out the wst:TokenType start tag writer.WriteStartElement(Constants.Trust.Elements.TokenType, Constants.Trust.NamespaceUri); // Write out the tokenType string writer.WriteString(this.TokenType); writer.WriteEndElement(); // wst:TokenType } // Create a serializer that knows how to write out security tokens WSSecurityTokenSerializer ser = new WSSecurityTokenSerializer(); // If we have a requestedSecurityToken... if (this.requestedSecurityToken != null) { // Write out the wst:RequestedSecurityToken start tag writer.WriteStartElement(Constants.Trust.Elements.RequestedSecurityToken, Constants.Trust.NamespaceUri); // Write out the requested token using the serializer ser.WriteToken(writer, requestedSecurityToken); writer.WriteEndElement(); // wst:RequestedSecurityToken } // If we have a requestedAttachedReference... if (this.requestedAttachedReference != null) { // Write out the wst:RequestedAttachedReference start tag writer.WriteStartElement(Constants.Trust.Elements.RequestedAttachedReference, Constants.Trust.NamespaceUri); // Write out the reference using the serializer ser.WriteKeyIdentifierClause(writer, this.requestedAttachedReference); writer.WriteEndElement(); // wst:RequestedAttachedReference } // If we have a requestedUnattachedReference... if (this.requestedUnattachedReference != null) { // Write out the wst:RequestedUnattachedReference start tag writer.WriteStartElement(Constants.Trust.Elements.RequestedUnattachedReference, Constants.Trust.NamespaceUri); // Write out the reference using the serializer ser.WriteKeyIdentifierClause(writer, this.requestedUnattachedReference); writer.WriteEndElement(); // wst:RequestedAttachedReference } // If we have a non-null appliesTo if (this.AppliesTo != null) { // Write out the wsp:AppliesTo start tag writer.WriteStartElement(Constants.Policy.Elements.AppliesTo, Constants.Policy.NamespaceUri); // Write the appliesTo in WS-Addressing 1.0 format this.AppliesTo.WriteTo(AddressingVersion.WSAddressing10, writer); writer.WriteEndElement(); // wsp:AppliesTo } // If the requestedProofToken is non-null, then the STS is providing all the key material... if (this.requestedProofToken != null) { // Write the wst:RequestedProofToken start tag writer.WriteStartElement(Constants.Trust.Elements.RequestedProofToken, Constants.Trust.NamespaceUri); // Write the proof token using the serializer ser.WriteToken(writer, requestedProofToken); writer.WriteEndElement(); // wst:RequestedSecurityToken } // If issuerEntropy is non-null and computeKey is true, then combined entropy is being used... if (this.issuerEntropy != null && this.computeKey) { // Write the wst:RequestedProofToken start tag writer.WriteStartElement(Constants.Trust.Elements.RequestedProofToken, Constants.Trust.NamespaceUri); // Write the wst:ComputeKey start tag writer.WriteStartElement(Constants.Trust.Elements.ComputedKey, Constants.Trust.NamespaceUri); // Write the PSHA1 algorithm value writer.WriteValue(Constants.Trust.ComputedKeyAlgorithms.PSHA1); writer.WriteEndElement(); // wst:ComputedKey writer.WriteEndElement(); // wst:RequestedSecurityToken // Write the wst:Entropy start tag writer.WriteStartElement(Constants.Trust.Elements.Entropy, Constants.Trust.NamespaceUri); // Write the issuerEntropy out using the serializer ser.WriteToken(writer, this.issuerEntropy); writer.WriteEndElement(); // wst:Entropy } writer.WriteEndElement(); // wst:RequestSecurityTokenResponse }
/// <summary> /// Build the contents of the SAML token /// </summary> /// <param name="writer"><b>XmlDictionaryWriter</b> to write the contents of this token to</param> protected override void OnWriteBodyContents(XmlDictionaryWriter writer) { // Subject SamlSubject subject = new SamlSubject(); if (this.useKey != null) { // Add the key and the Holder-Of-Key confirmation method subject.KeyIdentifier = this.useKey; subject.ConfirmationMethods.Add(SamlConstants.HolderOfKey); } else { // This is a bearer token subject.ConfirmationMethods.Add(SamlConstants.SenderVouches); } // Attributes, statements, conditions, and assertions List <SamlStatement> statements = new List <SamlStatement>(); List <SamlAttribute> attributes = GetTokenAttributes(); statements.Add(new SamlAuthenticationStatement(subject, Constants.Saml.AuthenticationMethods.Unspecified, DateTime.Now, null, null, null)); statements.Add(new SamlAttributeStatement(subject, attributes)); SamlConditions conditions = new SamlConditions(DateTime.Now, (DateTime.Now + TimeSpan.FromHours(8.0))); SamlAssertion assertion = new SamlAssertion("uuid-" + Guid.NewGuid(), Program.Issuer, DateTime.Now, conditions, null, statements); // Build the signing token SecurityToken signingToken = new X509SecurityToken(Program.SigningCertificate); SecurityKeyIdentifier keyIdentifier = new SecurityKeyIdentifier(signingToken.CreateKeyIdentifierClause <X509RawDataKeyIdentifierClause>()); SigningCredentials signingCredentials = new SigningCredentials(signingToken.SecurityKeys[0], SecurityAlgorithms.RsaSha1Signature, SecurityAlgorithms.Sha1Digest, keyIdentifier); assertion.SigningCredentials = signingCredentials; // Build the SAML token SamlSecurityToken token = new SamlSecurityToken(assertion); SecurityKeyIdentifierClause attachedReference = token.CreateKeyIdentifierClause <SamlAssertionKeyIdentifierClause>(); SecurityKeyIdentifierClause unattachedReference = token.CreateKeyIdentifierClause <SamlAssertionKeyIdentifierClause>(); // // Write the XML // //writer = XmlDictionaryWriter.CreateTextWriter(File.CreateText("output.xml").BaseStream); // RSTR writer.WriteStartElement(Constants.WSTrust.NamespaceUri.Prefix, Constants.WSTrust.Elements.RequestSecurityTokenResponse, Constants.WSTrust.NamespaceUri.Uri); if (context != null) { writer.WriteAttributeString(Constants.WSTrust.Attributes.Context, context); } // TokenType writer.WriteElementString(Constants.WSTrust.NamespaceUri.Prefix, Constants.WSTrust.Elements.TokenType, Constants.WSTrust.NamespaceUri.Uri, Constants.WSTrust.TokenTypes.Saml10Assertion); // RequestedSecurityToken (the SAML token) SecurityTokenSerializer tokenSerializer = new WSSecurityTokenSerializer(); writer.WriteStartElement(Constants.WSTrust.NamespaceUri.Prefix, Constants.WSTrust.Elements.RequestedSecurityToken, Constants.WSTrust.NamespaceUri.Uri); tokenSerializer.WriteToken(writer, token); writer.WriteEndElement(); // RequestedAttachedReference writer.WriteStartElement(Constants.WSTrust.NamespaceUri.Prefix, Constants.WSTrust.Elements.RequestedAttachedReference, Constants.WSTrust.NamespaceUri.Uri); tokenSerializer.WriteKeyIdentifierClause(writer, attachedReference); writer.WriteEndElement(); // RequestedUnattachedReference writer.WriteStartElement(Constants.WSTrust.NamespaceUri.Prefix, Constants.WSTrust.Elements.RequestedUnattachedReference, Constants.WSTrust.NamespaceUri.Uri); tokenSerializer.WriteKeyIdentifierClause(writer, unattachedReference); writer.WriteEndElement(); // RequestedDisplayToken (display token) string displayTokenNS = "http://schemas.xmlsoap.org/ws/2005/05/identity"; writer.WriteStartElement("wsid", "RequestedDisplayToken", displayTokenNS); writer.WriteStartElement("wsid", "DisplayToken", displayTokenNS); foreach (SamlAttribute attribute in attributes) { writer.WriteStartElement("wsid", "DisplayClaim", displayTokenNS); writer.WriteAttributeString("Uri", attribute.Namespace + "/" + attribute.Name); writer.WriteStartElement("wsid", "DisplayTag", displayTokenNS); writer.WriteValue(attribute.Name); writer.WriteEndElement(); writer.WriteStartElement("wsid", "Description", displayTokenNS); writer.WriteValue(attribute.Namespace + "/" + attribute.Name); writer.WriteEndElement(); foreach (string attributeValue in attribute.AttributeValues) { writer.WriteStartElement("wsid", "DisplayValue", displayTokenNS); writer.WriteValue(attributeValue); writer.WriteEndElement(); } writer.WriteEndElement(); } writer.WriteEndElement(); writer.WriteEndElement(); // RSTR End writer.WriteEndElement(); //writer.Close(); }
/// <summary cref="IUserIdentity.GetIdentityToken" /> public UserIdentityToken GetIdentityToken() { // check for anonymous. if (m_token == null) { AnonymousIdentityToken token = new AnonymousIdentityToken(); token.PolicyId = m_policyId; return(token); } // return a user name token. UserNameSecurityToken usernameToken = m_token as UserNameSecurityToken; if (usernameToken != null) { UserNameIdentityToken token = new UserNameIdentityToken(); token.PolicyId = m_policyId; token.UserName = usernameToken.UserName; token.DecryptedPassword = usernameToken.Password; return(token); } // return an X509 token. X509SecurityToken x509Token = m_token as X509SecurityToken; if (x509Token != null) { X509IdentityToken token = new X509IdentityToken(); token.PolicyId = m_policyId; token.CertificateData = x509Token.Certificate.GetRawCertData(); token.Certificate = x509Token.Certificate; return(token); } // handle SAML token. SamlSecurityToken samlToken = m_token as SamlSecurityToken; if (samlToken != null) { MemoryStream ostrm = new MemoryStream(); XmlTextWriter writer = new XmlTextWriter(ostrm, new UTF8Encoding()); try { SamlSerializer serializer = new SamlSerializer(); serializer.WriteToken(samlToken, writer, WSSecurityTokenSerializer.DefaultInstance); } finally { writer.Close(); } IssuedIdentityToken wssToken = new IssuedIdentityToken(); wssToken.PolicyId = m_policyId; wssToken.DecryptedTokenData = ostrm.ToArray(); return(wssToken); } // return a WSS token by default. if (m_token != null) { MemoryStream ostrm = new MemoryStream(); XmlWriter writer = new XmlTextWriter(ostrm, new UTF8Encoding()); try { WSSecurityTokenSerializer serializer = new WSSecurityTokenSerializer(); serializer.WriteToken(writer, m_token); } finally { writer.Close(); } IssuedIdentityToken wssToken = new IssuedIdentityToken(); wssToken.PolicyId = m_policyId; wssToken.DecryptedTokenData = ostrm.ToArray(); return(wssToken); } return(null); }