// Since the issued token is an endorsing token it will not be used for identity checks // hence we do not need to persist the authorization policies that represent the target service. static void SerializeCachedToken(Stream stream, Uri target, Uri issuer, GenericXmlSecurityToken token) { XmlTextWriter writer = new XmlTextWriter(stream, Encoding.UTF8); writer.WriteStartElement("Entry"); writer.WriteElementString("Target", target.AbsoluteUri); writer.WriteElementString("Issuer", (issuer == null) ? "" : issuer.AbsoluteUri); writer.WriteStartElement("Token"); writer.WriteStartElement("XML"); token.TokenXml.WriteTo(writer); writer.WriteEndElement(); SymmetricSecurityKey key = (SymmetricSecurityKey)(token.SecurityKeys[0]); writer.WriteElementString("Key", Convert.ToBase64String(key.GetSymmetricKey())); writer.WriteElementString("Id", token.Id); writer.WriteElementString("ValidFrom", Convert.ToString(token.ValidFrom)); writer.WriteElementString("ValidTo", Convert.ToString(token.ValidTo)); WSSecurityTokenSerializer serializer = new WSSecurityTokenSerializer(); writer.WriteStartElement("InternalTokenReference"); serializer.WriteKeyIdentifierClause(writer, token.InternalTokenReference); writer.WriteEndElement(); writer.WriteStartElement("ExternalTokenReference"); serializer.WriteKeyIdentifierClause(writer, token.ExternalTokenReference); writer.WriteEndElement(); writer.WriteEndElement(); // token writer.WriteEndElement(); // entry writer.Flush(); stream.Flush(); }
// Methods of BodyWriter /// <summary> /// Writes out an XML representation of the instance. /// </summary> /// <param name="writer">The writer to be used to write out the XML content</param> protected override void OnWriteBodyContents(XmlDictionaryWriter writer) { // Write out the wst:RequestSecurityTokenResponse start tag writer.WriteStartElement(Constants.Trust.Elements.RequestSecurityTokenResponse, Constants.Trust.NamespaceUri); // If we have a non-null, non-empty tokenType... if (this.TokenType != null && this.TokenType.Length > 0) { // Write out the wst:TokenType start tag writer.WriteStartElement(Constants.Trust.Elements.TokenType, Constants.Trust.NamespaceUri); // Write out the tokenType string writer.WriteString(this.TokenType); writer.WriteEndElement(); // wst:TokenType } // Create a serializer that knows how to write out security tokens WSSecurityTokenSerializer ser = new WSSecurityTokenSerializer(); // If we have a requestedSecurityToken... if (this.requestedSecurityToken != null) { // Write out the wst:RequestedSecurityToken start tag writer.WriteStartElement(Constants.Trust.Elements.RequestedSecurityToken, Constants.Trust.NamespaceUri); // Write out the requested token using the serializer ser.WriteToken(writer, requestedSecurityToken); writer.WriteEndElement(); // wst:RequestedSecurityToken } // If we have a requestedAttachedReference... if ( this.requestedAttachedReference != null ) { // Write out the wst:RequestedAttachedReference start tag writer.WriteStartElement(Constants.Trust.Elements.RequestedAttachedReference, Constants.Trust.NamespaceUri); // Write out the reference using the serializer ser.WriteKeyIdentifierClause ( writer, this.requestedAttachedReference ); writer.WriteEndElement(); // wst:RequestedAttachedReference } // If we have a requestedUnattachedReference... if ( this.requestedUnattachedReference != null ) { // Write out the wst:RequestedUnattachedReference start tag writer.WriteStartElement(Constants.Trust.Elements.RequestedUnattachedReference, Constants.Trust.NamespaceUri); // Write out the reference using the serializer ser.WriteKeyIdentifierClause ( writer, this.requestedUnattachedReference ); writer.WriteEndElement(); // wst:RequestedAttachedReference } // If we have a non-null appliesTo if (this.AppliesTo != null) { // Write out the wsp:AppliesTo start tag writer.WriteStartElement(Constants.Policy.Elements.AppliesTo, Constants.Policy.NamespaceUri); // Write the appliesTo in WS-Addressing 1.0 format this.AppliesTo.WriteTo(AddressingVersion.WSAddressing10, writer); writer.WriteEndElement(); // wsp:AppliesTo } // If the requestedProofToken is non-null, then the STS is providing all the key material... if (this.requestedProofToken != null) { // Write the wst:RequestedProofToken start tag writer.WriteStartElement(Constants.Trust.Elements.RequestedProofToken, Constants.Trust.NamespaceUri); // Write the proof token using the serializer ser.WriteToken(writer, requestedProofToken); writer.WriteEndElement(); // wst:RequestedSecurityToken } // If issuerEntropy is non-null and computeKey is true, then combined entropy is being used... if(this.issuerEntropy != null && this.computeKey ) { // Write the wst:RequestedProofToken start tag writer.WriteStartElement(Constants.Trust.Elements.RequestedProofToken, Constants.Trust.NamespaceUri); // Write the wst:ComputeKey start tag writer.WriteStartElement(Constants.Trust.Elements.ComputedKey, Constants.Trust.NamespaceUri); // Write the PSHA1 algorithm value writer.WriteValue(Constants.Trust.ComputedKeyAlgorithms.PSHA1); writer.WriteEndElement(); // wst:ComputedKey writer.WriteEndElement(); // wst:RequestedSecurityToken // Write the wst:Entropy start tag writer.WriteStartElement(Constants.Trust.Elements.Entropy, Constants.Trust.NamespaceUri); // Write the issuerEntropy out using the serializer ser.WriteToken(writer, this.issuerEntropy); writer.WriteEndElement(); // wst:Entropy } writer.WriteEndElement(); // wst:RequestSecurityTokenResponse }
// Methods of BodyWriter protected override void OnWriteBodyContents(XmlDictionaryWriter writer) { writer.WriteStartElement(Constants.Trust.Elements.RequestSecurityTokenResponse, Constants.Trust.NamespaceUri); if (this.TokenType != null && this.TokenType.Length > 0) { writer.WriteStartElement(Constants.Trust.Elements.TokenType, Constants.Trust.NamespaceUri); writer.WriteString(this.TokenType); writer.WriteEndElement(); // wst:TokenType } WSSecurityTokenSerializer ser = new WSSecurityTokenSerializer(); if (this.RequestedSecurityToken != null) { writer.WriteStartElement(Constants.Trust.Elements.RequestedSecurityToken, Constants.Trust.NamespaceUri); ser.WriteToken(writer, this.RequestedSecurityToken); writer.WriteEndElement(); // wst:RequestedSecurityToken } if ( this.RequestedAttachedReference != null ) { writer.WriteStartElement(Constants.Trust.Elements.RequestedAttachedReference, Constants.Trust.NamespaceUri); ser.WriteKeyIdentifierClause ( writer, this.RequestedAttachedReference); writer.WriteEndElement(); // wst:RequestedAttachedReference } if ( this.RequestedUnattachedReference != null ) { writer.WriteStartElement(Constants.Trust.Elements.RequestedUnattachedReference, Constants.Trust.NamespaceUri); ser.WriteKeyIdentifierClause ( writer, this.RequestedUnattachedReference); writer.WriteEndElement(); // wst:RequestedAttachedReference } if (this.AppliesTo != null) { writer.WriteStartElement(Constants.Policy.Elements.AppliesTo, Constants.Policy.NamespaceUri); this.AppliesTo.WriteTo(AddressingVersion.WSAddressing10, writer); writer.WriteEndElement(); // wsp:AppliesTo } if (this.RequestedProofToken != null)// Issuer entropy; write RPT only { writer.WriteStartElement(Constants.Trust.Elements.RequestedProofToken, Constants.Trust.NamespaceUri); ser.WriteToken(writer, this.RequestedProofToken); writer.WriteEndElement(); // wst:RequestedSecurityToken } if(this.IssuerEntropy != null && this.ComputeKey) // Combined entropy; write RPT and Entropy { writer.WriteStartElement(Constants.Trust.Elements.RequestedProofToken, Constants.Trust.NamespaceUri); writer.WriteStartElement(Constants.Trust.Elements.ComputedKey, Constants.Trust.NamespaceUri); writer.WriteValue(Constants.Trust.ComputedKeyAlgorithms.PSHA1); writer.WriteEndElement(); // wst:ComputedKey writer.WriteEndElement(); // wst:RequestedSecurityToken if (this.IssuerEntropy!= null) { writer.WriteStartElement(Constants.Trust.Elements.Entropy, Constants.Trust.NamespaceUri); ser.WriteToken(writer, this.IssuerEntropy); writer.WriteEndElement(); // wst:Entropy } } writer.WriteEndElement(); // wst:RequestSecurityTokenResponse }
/// <summary> /// Build the contents of the SAML token /// </summary> /// <param name="writer"><b>XmlDictionaryWriter</b> to write the contents of this token to</param> protected override void OnWriteBodyContents(XmlDictionaryWriter writer) { // Subject SamlSubject subject = new SamlSubject(); if ( this.useKey != null ) { // Add the key and the Holder-Of-Key confirmation method subject.KeyIdentifier = this.useKey; subject.ConfirmationMethods.Add( SamlConstants.HolderOfKey ); } else { // This is a bearer token subject.ConfirmationMethods.Add( SamlConstants.SenderVouches ); } // Attributes, statements, conditions, and assertions List<SamlStatement> statements = new List<SamlStatement>(); List<SamlAttribute> attributes = GetTokenAttributes(); statements.Add(new SamlAuthenticationStatement(subject, Constants.Saml.AuthenticationMethods.Unspecified, DateTime.Now, null, null, null)); statements.Add(new SamlAttributeStatement(subject, attributes)); SamlConditions conditions = new SamlConditions(DateTime.Now, (DateTime.Now + TimeSpan.FromHours(8.0))); SamlAssertion assertion = new SamlAssertion("uuid-" + Guid.NewGuid(), Program.Issuer, DateTime.Now, conditions, null, statements); // Build the signing token SecurityToken signingToken = new X509SecurityToken(Program.SigningCertificate); SecurityKeyIdentifier keyIdentifier = new SecurityKeyIdentifier(signingToken.CreateKeyIdentifierClause<X509RawDataKeyIdentifierClause>()); SigningCredentials signingCredentials = new SigningCredentials(signingToken.SecurityKeys[0], SecurityAlgorithms.RsaSha1Signature, SecurityAlgorithms.Sha1Digest, keyIdentifier); assertion.SigningCredentials = signingCredentials; // Build the SAML token SamlSecurityToken token = new SamlSecurityToken(assertion); SecurityKeyIdentifierClause attachedReference = token.CreateKeyIdentifierClause<SamlAssertionKeyIdentifierClause>(); SecurityKeyIdentifierClause unattachedReference = token.CreateKeyIdentifierClause<SamlAssertionKeyIdentifierClause>(); // // Write the XML // //writer = XmlDictionaryWriter.CreateTextWriter(File.CreateText("output.xml").BaseStream); // RSTR writer.WriteStartElement(Constants.WSTrust.NamespaceUri.Prefix, Constants.WSTrust.Elements.RequestSecurityTokenResponse, Constants.WSTrust.NamespaceUri.Uri); if (context != null) { writer.WriteAttributeString(Constants.WSTrust.Attributes.Context, context); } // TokenType writer.WriteElementString(Constants.WSTrust.NamespaceUri.Prefix, Constants.WSTrust.Elements.TokenType, Constants.WSTrust.NamespaceUri.Uri, Constants.WSTrust.TokenTypes.Saml10Assertion); // RequestedSecurityToken (the SAML token) SecurityTokenSerializer tokenSerializer = new WSSecurityTokenSerializer(); writer.WriteStartElement(Constants.WSTrust.NamespaceUri.Prefix, Constants.WSTrust.Elements.RequestedSecurityToken, Constants.WSTrust.NamespaceUri.Uri); tokenSerializer.WriteToken(writer, token); writer.WriteEndElement(); // RequestedAttachedReference writer.WriteStartElement(Constants.WSTrust.NamespaceUri.Prefix, Constants.WSTrust.Elements.RequestedAttachedReference, Constants.WSTrust.NamespaceUri.Uri); tokenSerializer.WriteKeyIdentifierClause(writer, attachedReference); writer.WriteEndElement(); // RequestedUnattachedReference writer.WriteStartElement(Constants.WSTrust.NamespaceUri.Prefix, Constants.WSTrust.Elements.RequestedUnattachedReference, Constants.WSTrust.NamespaceUri.Uri); tokenSerializer.WriteKeyIdentifierClause(writer, unattachedReference); writer.WriteEndElement(); // RequestedDisplayToken (display token) string displayTokenNS = "http://schemas.xmlsoap.org/ws/2005/05/identity"; writer.WriteStartElement("wsid", "RequestedDisplayToken", displayTokenNS); writer.WriteStartElement("wsid", "DisplayToken", displayTokenNS); foreach (SamlAttribute attribute in attributes) { writer.WriteStartElement("wsid", "DisplayClaim", displayTokenNS); writer.WriteAttributeString("Uri", attribute.Namespace + "/" + attribute.Name); writer.WriteStartElement("wsid", "DisplayTag", displayTokenNS); writer.WriteValue(attribute.Name); writer.WriteEndElement(); writer.WriteStartElement("wsid", "Description", displayTokenNS); writer.WriteValue(attribute.Namespace + "/" + attribute.Name); writer.WriteEndElement(); foreach (string attributeValue in attribute.AttributeValues) { writer.WriteStartElement("wsid", "DisplayValue", displayTokenNS); writer.WriteValue(attributeValue); writer.WriteEndElement(); } writer.WriteEndElement(); } writer.WriteEndElement(); writer.WriteEndElement(); // RSTR End writer.WriteEndElement(); //writer.Close(); }