コード例 #1
0
ファイル: AuthnRequestCache.cs プロジェクト: agascon/Fedlet
        /// <summary>
        /// Adds the specified AuthnRequest to the collection of previously 
        /// sent requests, maintaining the imposed limit as defined by 
        /// MaximumRequestsStored.  This collection is represented as a
        /// queue and is attached to the user's session.
        /// </summary>
        /// <param name="context">
        /// HttpContext containing session, request, and response objects.
        /// </param>
        /// <param name="authnRequest">AuthnRequest to add to the collection.</param>
        internal static void AddSentAuthnRequest(HttpContextBase context, AuthnRequest authnRequest)
        {
            Queue authnRequests = GetSentAuthnRequests(context);

            if (authnRequests == null)
            {
                authnRequests = new Queue(MaximumRequestsStored);
            }

            if (authnRequests.Count == MaximumRequestsStored)
            {
                authnRequests.Dequeue();
            }

            authnRequests.Enqueue(authnRequest);
            context.Session[AuthnRequestSessionAttribute] = authnRequests;

            ILogger logger = LoggerFactory.GetLogger(typeof(AuthnRequestCache));

            if (logger.IsInfoEnabled)
            {
                var message = new StringBuilder();
                message.AppendLine("AuthnRequestsCache:");
                foreach (AuthnRequest a in authnRequests)
                {
                    message.AppendLine(a.Id);
                }
                logger.Info(message.ToString());
            }
        }
コード例 #2
0
ファイル: AuthnRequestCache.cs プロジェクト: aldaris/opensso
        /// <summary>
        /// Adds the specified AuthnRequest to the collection of previously 
        /// sent requests, maintaining the imposed limit as defined by 
        /// MaximumRequestsStored.  This collection is represented as a
        /// queue and is attached to the user's session.
        /// </summary>
        /// <param name="context">
        /// HttpContext containing session, request, and response objects.
        /// </param>
        /// <param name="authnRequest">AuthnRequest to add to the collection.</param>
        internal static void AddSentAuthnRequest(HttpContext context, AuthnRequest authnRequest)
        {
            Queue authnRequests = AuthnRequestCache.GetSentAuthnRequests(context);

            if (authnRequests == null)
            {
                authnRequests = new Queue(AuthnRequestCache.MaximumRequestsStored);
            }

            if (authnRequests.Count == AuthnRequestCache.MaximumRequestsStored)
            {
                authnRequests.Dequeue();
            }

            authnRequests.Enqueue(authnRequest);
            context.Session[AuthnRequestCache.AuthnRequestSessionAttribute] = authnRequests;

            StringBuilder message = new StringBuilder();
            message.Append("AuthnRequestsCache:\r\n");
            IEnumerator i = authnRequests.GetEnumerator();
            while (i.MoveNext())
            {
                AuthnRequest a = (AuthnRequest)i.Current;
                message.Append(a.Id + "\r\n");
            }

            FedletLogger.Info(message.ToString());
        }
コード例 #3
0
        /// <summary>
        /// Removes the AuthnRequest from the collection of previously
        /// sent requests based on the provided AuthnRequest.Id value.
        /// This collection is represented as a queue and is attached to
        /// the user's session.
        /// </summary>
        /// <param name="context">
        /// HttpContext containing session, request, and response objects.
        /// </param>
        /// <param name="authnRequestId">
        /// ID of the AuthnRequest to be removed from the cache.
        /// </param>
        internal static void RemoveSentAuthnRequest(HttpContext context, string authnRequestId)
        {
            Queue originalCache = AuthnRequestCache.GetSentAuthnRequests(context);

            if (originalCache != null)
            {
                Queue revisedCache = new Queue();
                while (originalCache.Count > 0)
                {
                    AuthnRequest temp = (AuthnRequest)originalCache.Dequeue();
                    if (temp.Id != authnRequestId)
                    {
                        revisedCache.Enqueue(temp);
                    }
                }

                context.Session[AuthnRequestCache.AuthnRequestSessionAttribute] = revisedCache;
            }
        }
コード例 #4
0
        /// <summary>
        /// Sends an AuthnRequest to the specified IDP with the given 
        /// parameters.
        /// </summary>
        /// <param name="context">
        /// HttpContext containing session, request, and response objects.
        /// </param>
        /// <param name="idpEntityId">Entity ID of the IDP.</param>
        /// <param name="parameters">
        /// NameValueCollection of varying parameters for use in the 
        /// construction of the AuthnRequest.
        /// </param>
        public void SendAuthnRequest(HttpContext context, string idpEntityId, NameValueCollection parameters)
        {
            IdentityProvider idp = (IdentityProvider)this.IdentityProviders[idpEntityId];
            if (idp == null)
            {
                throw new ServiceProviderUtilityException(Resources.ServiceProviderUtilityIdentityProviderNotFound);
            }

            if (parameters == null)
            {
                parameters = new NameValueCollection();
            }

            AuthnRequest authnRequest = new AuthnRequest(idp, this.ServiceProvider, parameters);
            XmlDocument xmlDoc = (XmlDocument)authnRequest.XmlDom;
            StringBuilder logMessage = new StringBuilder();
            logMessage.Append("AuthnRequest:\r\n").Append(xmlDoc.OuterXml);
            FedletLogger.Info(logMessage.ToString());

            // Add this AuthnRequest for this user for validation on AuthnResponse
            AuthnRequestCache.AddSentAuthnRequest(context, authnRequest);

            // Send with Redirect or Post based on the 'reqBinding' parameter.
            if (parameters[Saml2Constants.RequestBinding] == Saml2Constants.HttpPostProtocolBinding)
            {
                string postHtml = this.GetAuthnRequestPostHtml(authnRequest, idpEntityId, parameters);
                context.Response.Write(postHtml);
                context.Response.End();
            }
            else
            {
                string redirectUrl = this.GetAuthnRequestRedirectLocation(authnRequest, idpEntityId, parameters);
                context.Response.Redirect(redirectUrl.ToString(), true);
            }
        }
コード例 #5
0
        /// <summary>
        /// Gets the AuthnRequest location along with querystring parameters 
        /// to be used for actual browser requests.
        /// </summary>
        /// <param name="authnRequest">
        /// AuthnRequest to packaged for a redirect.
        /// </param>
        /// <param name="idpEntityId">Entity ID of the IDP.</param>
        /// <param name="parameters">
        /// NameVallueCollection of additional parameters.
        /// </param>
        /// <returns>
        /// URL with query string parameter for the specified IDP.
        /// </returns>
        public string GetAuthnRequestRedirectLocation(AuthnRequest authnRequest, string idpEntityId, NameValueCollection parameters)
        {
            if (authnRequest == null)
            {
                throw new ServiceProviderUtilityException(Resources.AuthnRequestIsNull);
            }

            IdentityProvider idp = (IdentityProvider)this.IdentityProviders[idpEntityId];
            if (idp == null)
            {
                throw new ServiceProviderUtilityException(Resources.ServiceProviderUtilityIdentityProviderNotFound);
            }

            string ssoRedirectLocation = idp.GetSingleSignOnServiceLocation(Saml2Constants.HttpRedirectProtocolBinding);
            if (ssoRedirectLocation == null)
            {
                throw new ServiceProviderUtilityException(Resources.ServiceProviderUtilityIdpSingleSignOnSvcLocNotDefined);
            }

            string packagedAuthnRequest = Saml2Utils.CompressConvertToBase64UrlEncode(authnRequest.XmlDom);
            string queryString = Saml2Constants.RequestParameter + "=" + packagedAuthnRequest;

            if (parameters != null && !string.IsNullOrEmpty(parameters[Saml2Constants.RelayState]))
            {
                string relayState = parameters[Saml2Constants.RelayState];
                Saml2Utils.ValidateRelayState(relayState, this.ServiceProvider.RelayStateUrlList);
                queryString += "&" + Saml2Constants.RelayState;
                queryString += "=" + HttpUtility.UrlEncode(relayState);
            }

            if (this.ServiceProvider.AuthnRequestsSigned || idp.WantAuthnRequestsSigned)
            {
                if (string.IsNullOrEmpty(this.ServiceProvider.SigningCertificateAlias))
                {
                    throw new ServiceProviderUtilityException(Resources.ServiceProviderUtilitySignFailedNoCertAlias);
                }
                else
                {
                    queryString += "&" + Saml2Constants.SignatureAlgorithm;
                    queryString += "=" + HttpUtility.UrlEncode(Saml2Constants.SignatureAlgorithmRsa);
                    queryString = Saml2Utils.SignQueryString(this.ServiceProvider.SigningCertificateAlias, queryString);
                }
            }

            StringBuilder redirectUrl = new StringBuilder();
            redirectUrl.Append(ssoRedirectLocation);
            redirectUrl.Append(Saml2Utils.GetQueryStringDelimiter(ssoRedirectLocation));
            redirectUrl.Append(queryString);

            FedletLogger.Info("AuthnRequest via Redirect:\r\n" + redirectUrl);

            return redirectUrl.ToString();
        }
コード例 #6
0
        /// <summary>
        /// Gets the HTML for use of submitting the AuthnRequest with POST.
        /// </summary>
        /// <param name="authnRequest">
        /// AuthnRequest to packaged for a POST.
        /// </param>
        /// <param name="idpEntityId">Entity ID of the IDP.</param>
        /// <param name="parameters">
        /// NameVallueCollection of additional parameters.
        /// </param>
        /// <returns>
        /// HTML with auto-form submission with POST of the AuthnRequest
        /// </returns>
        public string GetAuthnRequestPostHtml(AuthnRequest authnRequest, string idpEntityId, NameValueCollection parameters)
        {
            if (authnRequest == null)
            {
                throw new ServiceProviderUtilityException(Resources.AuthnRequestIsNull);
            }

            IdentityProvider idp = (IdentityProvider)this.IdentityProviders[idpEntityId];
            if (idp == null)
            {
                throw new ServiceProviderUtilityException(Resources.ServiceProviderUtilityIdentityProviderNotFound);
            }

            string ssoPostLocation = idp.GetSingleSignOnServiceLocation(Saml2Constants.HttpPostProtocolBinding);
            if (ssoPostLocation == null)
            {
                throw new ServiceProviderUtilityException(Resources.ServiceProviderUtilityIdpSingleSignOnSvcLocNotDefined);
            }

            string relayState = null;
            if (parameters != null && !string.IsNullOrEmpty(parameters[Saml2Constants.RelayState]))
            {
                relayState = parameters[Saml2Constants.RelayState];
                Saml2Utils.ValidateRelayState(relayState, this.ServiceProvider.RelayStateUrlList);
            }

            XmlDocument authnRequestXml = (XmlDocument)authnRequest.XmlDom;
            if (this.ServiceProvider.AuthnRequestsSigned || idp.WantAuthnRequestsSigned)
            {
                if (string.IsNullOrEmpty(this.ServiceProvider.SigningCertificateAlias))
                {
                    throw new ServiceProviderUtilityException(Resources.ServiceProviderUtilitySignFailedNoCertAlias);
                }
                else
                {
                    Saml2Utils.SignXml(
                        this.ServiceProvider.SigningCertificateAlias,
                        authnRequestXml,
                        authnRequest.Id,
                        true);
                    FedletLogger.Info("Signed AuthnRequest:\r\n" + authnRequestXml.InnerXml);
                }
            }

            string packagedAuthnRequest = Saml2Utils.ConvertToBase64(authnRequestXml.InnerXml);
            string inputFieldFormat = "<input type=\"hidden\" name=\"{0}\" value=\"{1}\" />";

            StringBuilder html = new StringBuilder();
            html.Append("<html><head><title>OpenSSO - SP initiated SSO</title></head>");
            html.Append("<body onload=\"document.forms[0].submit();\">");
            html.Append("<form method=\"post\" action=\"");
            html.Append(ssoPostLocation);
            html.Append("\">");
            html.Append("<input type=\"hidden\" name=\"");
            html.Append(Saml2Constants.RequestParameter);
            html.Append("\" value=\"");
            html.Append(packagedAuthnRequest);
            html.Append("\" />");

            if (!string.IsNullOrEmpty(relayState))
            {
                html.Append(string.Format(
                                          CultureInfo.InvariantCulture,
                                          inputFieldFormat,
                                          Saml2Constants.RelayState,
                                          HttpUtility.HtmlEncode(relayState)));
            }

            html.Append("</form>");
            html.Append("</body>");
            html.Append("</html>");

            return html.ToString();
        }
コード例 #7
0
        /// <summary>
        /// Sends an AuthnRequest to the specified IDP with the given 
        /// parameters.
        /// </summary>
        /// <param name="context">
        /// HttpContext containing session, request, and response objects.
        /// </param>
        /// <param name="idpEntityId">Entity ID of the IDP.</param>
        /// <param name="parameters">
        /// NameValueCollection of varying parameters for use in the 
        /// construction of the AuthnRequest.
        /// </param>
        public void SendAuthnRequest(HttpContextBase context, string idpEntityId, NameValueCollection parameters)
        {
            IIdentityProvider idp;
            if (!IdentityProviders.TryGetValue(idpEntityId, out idp))
            {
                throw new ServiceProviderUtilityException(Resources.ServiceProviderUtilityIdentityProviderNotFound);
            }

            if (parameters == null)
            {
                parameters = new NameValueCollection();
            }

            var authnRequest = new AuthnRequest(idp, ServiceProvider, parameters, _saml2Utils);
            var xmlDoc = (XmlDocument) authnRequest.XmlDom;
            _logger.Info("AuthnRequest:\r\n{0}", xmlDoc.OuterXml);

            // Add this AuthnRequest for this user for validation on AuthnResponse
            //AuthnRequestCache.AddSentAuthnRequest(context, authnRequest);

            // Send with Redirect or Post based on the 'reqBinding' parameter.
            if (parameters[Saml2Constants.RequestBinding] == Saml2Constants.HttpPostProtocolBinding)
            {
                string postHtml = GetAuthnRequestPostHtml(authnRequest, idpEntityId, parameters);
                context.Response.Write(postHtml);
                context.Response.End();
            }
            else
            {
                string redirectUrl = GetAuthnRequestRedirectLocation(authnRequest, idpEntityId, parameters);
                context.Response.Redirect(redirectUrl, true);
            }
        }