/// <summary> /// Validate AttributeStatement. /// </summary> /// <remarks> /// [SAML2.0 standard] section 2.7.3 /// </remarks> /// <param name="statement">The statement.</param> private void ValidateAttributeStatement(AttributeStatement statement) { if (statement.Items == null || statement.Items.Length == 0) { throw new Saml20FormatException("AttributeStatement MUST contain at least one Attribute or EncryptedAttribute"); } foreach (var o in statement.Items) { if (o == null) { throw new Saml20FormatException("null-Attributes are not supported"); } if (o is SamlAttribute) { _attributeValidator.ValidateAttribute((SamlAttribute)o); } else if (o is EncryptedElement) { _attributeValidator.ValidateEncryptedAttribute((EncryptedElement)o); } else { throw new Saml20FormatException(string.Format("Subelement {0} of AttributeStatement is not supported", o.GetType())); } } }
public void ThrowsExceptionWhenAttributeElementEmptyName() { // Arrange var statement = new AttributeStatement(); var validator = new Saml20StatementValidator(); statement.Items = new object[] { new SamlAttribute() }; // Act validator.ValidateStatement(statement); }
public void ThrowsExceptionWhenNullAttributeList() { // Arrange var statement = new AttributeStatement(); var validator = new Saml20StatementValidator(); statement.Items = null; // Act validator.ValidateStatement(statement); }
/// <summary> /// Merges the modified attributes into <code>AttributeStatement</code> of the assertion. /// </summary> private void InsertAttributes() { if (_assertionAttributes == null) { return; } // Generate the new AttributeStatement var attributeStatement = new AttributeStatement(); var statements = new List<object>(_encryptedAssertionAttributes.Count + _assertionAttributes.Count); statements.AddRange(_assertionAttributes.ToArray()); statements.AddRange(_encryptedAssertionAttributes.ToArray()); attributeStatement.Items = statements.ToArray(); var list = XmlAssertion.GetElementsByTagName(AttributeStatement.ElementName, Saml20Constants.Assertion); if (list.Count > 0) { // Remove the old AttributeStatement. XmlAssertion.RemoveChild(list[0]); // FIX _samlAssertion.DocumentElement.RemoveChild(list[0]); } // Only insert a new AttributeStatement if there are attributes. if (statements.Count > 0) { // Convert the new AttributeStatement to the Document Object Model and make a silent prayer that one day we will // be able to make this transition in a more elegant way. var attributeStatementDoc = Serialization.Serialize(attributeStatement); var attr = XmlAssertion.OwnerDocument.ImportNode(attributeStatementDoc.DocumentElement, true); // Insert the new statement. XmlAssertion.AppendChild(attr); } _encryptedAssertionAttributes = null; _assertionAttributes = null; }
/// <summary> /// Assembles our basic test assertion /// </summary> /// <returns>The <see cref="Assertion"/>.</returns> public static Assertion GetBasicAssertion() { var assertion = new Assertion { Issuer = new NameId(), Id = "_b8977dc86cda41493fba68b32ae9291d", IssueInstant = DateTime.UtcNow, Version = "2.0" }; assertion.Issuer.Value = GetBasicIssuer(); assertion.Subject = new Subject(); var subjectConfirmation = new SubjectConfirmation { Method = SubjectConfirmation.BearerMethod, SubjectConfirmationData = new SubjectConfirmationData { NotOnOrAfter = new DateTime(2008, 12, 31, 12, 0, 0, 0), Recipient = "http://borger.dk" } }; assertion.Subject.Items = new object[] { subjectConfirmation }; assertion.Conditions = new Conditions { NotOnOrAfter = new DateTime(2008, 12, 31, 12, 0, 0, 0) }; var audienceRestriction = new AudienceRestriction { Audience = GetAudiences().Select(u => u.ToString()).ToList() }; assertion.Conditions.Items = new List<ConditionAbstract>(new ConditionAbstract[] { audienceRestriction }); AuthnStatement authnStatement; { authnStatement = new AuthnStatement(); assertion.Items = new StatementAbstract[] { authnStatement }; authnStatement.AuthnInstant = new DateTime(2008, 1, 8); authnStatement.SessionIndex = "70225885"; authnStatement.AuthnContext = new AuthnContext { Items = new object[] { "urn:oasis:names:tc:SAML:2.0:ac:classes:X509", "http://www.safewhere.net/authncontext/declref" }, ItemsElementName = new[] { AuthnContextType.AuthnContextClassRef, AuthnContextType.AuthnContextDeclRef } }; } AttributeStatement attributeStatement; { attributeStatement = new AttributeStatement(); var surName = new SamlAttribute { FriendlyName = "SurName", Name = "urn:oid:2.5.4.4", NameFormat = SamlAttribute.NameformatUri, AttributeValue = new[] { "Fry" } }; var commonName = new SamlAttribute { FriendlyName = "CommonName", Name = "urn:oid:2.5.4.3", NameFormat = SamlAttribute.NameformatUri, AttributeValue = new[] { "Philip J. Fry" } }; var userName = new SamlAttribute { Name = "urn:oid:0.9.2342.19200300.100.1.1", NameFormat = SamlAttribute.NameformatUri, AttributeValue = new[] { "fry" } }; var email = new SamlAttribute { FriendlyName = "Email", Name = "urn:oid:0.9.2342.19200300.100.1.3", NameFormat = SamlAttribute.NameformatUri, AttributeValue = new[] { "*****@*****.**" } }; attributeStatement.Items = new object[] { surName, commonName, userName, email }; } assertion.Items = new StatementAbstract[] { authnStatement, attributeStatement }; return assertion; }