/// <summary> /// Processes the SAML response received from the IdP. /// </summary> /// <param name="page">The page object.</param> /// <param name="relayState">The relay state</param> /// <param name="samlResponse">The SAML response object.</param> public static void ProcessResponse(Page page, out ComponentPro.Saml2.Response samlResponse, out string relayState) { // Extract the binding type from the query string. string bindingType = page.Request.QueryString["binding"]; switch (bindingType) { case "artifact": // Create an artifact from the query string. Saml2ArtifactType0004 httpArtifact = Saml2ArtifactType0004.CreateFromHttpArtifactQueryString(page.Request); // Create an artifact resolve request. ArtifactResolve artifactResolve = new ArtifactResolve(); artifactResolve.Issuer = new Issuer(GetAbsoluteUrl(page, "~/")); artifactResolve.Artifact = new Artifact(httpArtifact.ToString()); // Send the artifact resolve request and create an artifact response from the received XML. ArtifactResponse artifactResponse = ArtifactResponse.SendSamlMessageReceiveAftifactResponse(Global.ArtifactServiceUrl, artifactResolve); // Get the SAML Response from the artifact response. samlResponse = new ComponentPro.Saml2.Response(artifactResponse.Message); relayState = httpArtifact.RelayState; break; case "post": System.Diagnostics.Debug.WriteLine("POST"); // Create a SAML response from the form data. samlResponse = ComponentPro.Saml2.Response.Create(page.Request); relayState = samlResponse.RelayState; break; default: throw new ApplicationException("Unknown binding type"); } // Is the SAML response signed? if (samlResponse.IsSigned()) { // Get the previously loaded certificate. X509Certificate2 x509Certificate = (X509Certificate2)page.Application[Global.IdPCertKey]; // Validate the certificate. if (!samlResponse.Validate(x509Certificate)) { throw new ApplicationException("The SAML response signature failed to verify."); } } }
/// <summary> /// Processes the SAML response received from the IdP. /// </summary> /// <param name="page">The page object.</param> /// <param name="relayState">The relay state</param> /// <param name="samlResponse">The SAML response object.</param> public static void ProcessResponse(Page page, out ComponentPro.Saml2.Response samlResponse, out string relayState) { // Extract the binding type from the query string. string bindingType = page.Request.QueryString["binding"]; switch (bindingType) { case "artifact": // Create an artifact from the query string. Saml2ArtifactType0004 httpArtifact = Saml2ArtifactType0004.CreateFromHttpArtifactQueryString(page.Request); // Create an artifact resolve request. ArtifactResolve artifactResolve = new ArtifactResolve(); artifactResolve.Issuer = new Issuer(GetAbsoluteUrl(page, "~/")); artifactResolve.Artifact = new Artifact(httpArtifact.ToString()); // Send the artifact resolve request and create an artifact response from the received XML. ArtifactResponse artifactResponse = ArtifactResponse.SendSamlMessageReceiveAftifactResponse(Global.ArtifactServiceUrl, artifactResolve); // Get the SAML Response from the artifact response. samlResponse = new ComponentPro.Saml2.Response(artifactResponse.Message); relayState = httpArtifact.RelayState; break; case "post": // Create a SAML response from the form data. samlResponse = ComponentPro.Saml2.Response.Create(page.Request); relayState = samlResponse.RelayState; break; default: throw new ApplicationException("Unknown binding type"); } // Is the SAML response signed? if (samlResponse.IsSigned()) { // Get the previously loaded certificate. X509Certificate2 x509Certificate = (X509Certificate2)page.Application[Global.IdPCertKey]; // Validate the certificate. if (!samlResponse.Validate(x509Certificate)) { throw new ApplicationException("The SAML response signature failed to verify."); } } }
protected override void OnLoad(EventArgs e) { base.OnLoad(e); try { #region Receive SAML Response // Create a SAML response from the HTTP request. ComponentPro.Saml2.Response samlResponse = ComponentPro.Saml2.Response.Create(Request); // Is it signed? if (samlResponse.IsSigned()) { // Loaded the previously loaded certificate. X509Certificate2 x509Certificate = (X509Certificate2)Application[Global.CertKeyName]; // Validate the SAML response with the certificate. if (!samlResponse.Validate(x509Certificate)) { throw new ApplicationException("SAML response signature is not valid."); } } #endregion #region Process the response // Success? if (!samlResponse.IsSuccess()) { throw new ApplicationException("SAML response is not success"); } Assertion samlAssertion; // Define ENCRYPTEDSAML preprocessor flag if you wish to decrypt the SAML response. #if ENCRYPTEDSAML if (samlResponse.GetEncryptedAssertions().Count > 0) { EncryptedAssertion encryptedAssertion = samlResponse.GetEncryptedAssertions()[0]; // Load the private key. // Consider caching the loaded key in production environment for better performance. X509Certificate2 decryptionKey = new X509Certificate2(Path.Combine(HttpRuntime.AppDomainAppPath, "EncryptionKey.pfx"), "password"); // Decrypt the encrypted assertion. samlAssertion = encryptedAssertion.Decrypt(decryptionKey.PrivateKey, null); } else { throw new ApplicationException("No encrypted assertions found in the SAML response"); } #else // Get the asserted identity. if (samlResponse.GetAssertions().Count > 0) { samlAssertion = samlResponse.GetAssertions()[0]; } else { throw new ApplicationException("No assertions found in the SAML response"); } #endif // Get the subject name identifier. string userName; if (samlAssertion.Subject.NameId != null) { userName = samlAssertion.Subject.NameId.NameIdentifier; } else { throw new ApplicationException("Name identifier not found in subject"); } #region Extract Custom Attributes // If you need to add custom attributes, uncomment the following code //if (samlAssertion.AttributeStatements.Count > 0) //{ // foreach (AttributeStatement attributeStatement in samlAssertion.AttributeStatements) // { // // If you need to decrypt encrypted attributes, refer to this topic: http://www.samlcomponent.net/encrypting-and-decrypting-saml-response-xml // foreach (ComponentPro.Saml2.Attribute attribute in attributeStatement.Attributes) // { // // Process your custom attribute here. // // ... // } // } //} #endregion // Set authentication cookie. FormsAuthentication.SetAuthCookie(userName, false); // Redirect to the requested URL. Response.Redirect(samlResponse.RelayState, false); #endregion } catch (Exception exception) { Trace.Write("ServiceProvider", "An Error occurred", exception); } }