public void LoginWithIdentityProvider (object sender, EventArgs e) { XmlDocument xDoc = new XmlDocument (); xDoc.PreserveWhitespace = true; xDoc.Load (Assets.Open ("idp.symplified.net.metadata.xml")); Saml20MetadataDocument idpMetadata = new Saml20MetadataDocument (xDoc); Saml20Authenticator authenticator = new Saml20Authenticator ( "Symplified.Auth.Android.Sample", idpMetadata ); authenticator.Completed += (s, ee) => { if (!ee.IsAuthenticated) { this.authenticationStatus.Text = "Not authorized"; } else { SamlAccount authenticatedAccount = (SamlAccount)ee.Account; this.authenticationStatus.Text = String.Format ("Subject: {0}", authenticatedAccount.Assertion.Subject.Value); } }; var intent = authenticator.GetUI (this); StartActivityForResult (intent, 42); }
public void TestSigning_01() { Saml20MetadataDocument doc = new Saml20MetadataDocument(true); EntityDescriptor entity = doc.CreateDefaultEntity(); entity.validUntil = DateTime.Now.AddDays(14); Console.WriteLine(doc.ToXml()); }
public void TestEndpointExtraction() { XmlDocument doc = new XmlDocument(); doc.PreserveWhitespace = true; doc.Load(@"Saml20\Protocol\MetadataDocs\metadata-ADLER.xml"); Saml20MetadataDocument metadata = new Saml20MetadataDocument(doc); Assert.AreEqual(2, metadata.SLOEndpoints().Count); Assert.AreEqual(2, metadata.SSOEndpoints().Count); }
/// <summary> /// Adds the service provider with the given metadata to the list of known service providers. /// </summary> public static void AddServiceProvider(XmlDocument doc) { Saml20MetadataDocument metadata = new Saml20MetadataDocument(doc); if (MetadataDocs.ContainsKey(metadata.EntityId)) MetadataDocs.Remove(metadata.EntityId); MetadataDocs.Add(metadata.EntityId, metadata); SaveMetadata(metadata.EntityId, doc); }
/// <summary> /// Checks the signature of a message received using the redirect binding using the keys found in the /// metadata of the federation partner that sent the request. /// </summary> protected static bool CheckRedirectSignature(HttpRedirectBindingParser parser, Saml20MetadataDocument metadata) { List<KeyDescriptor> keys = metadata.GetKeys(KeyTypes.signing); // Go through the list of signing keys (usually only one) and use it to verify the REDIRECT request. foreach (KeyDescriptor key in keys) { KeyInfo keyinfo = (KeyInfo)key.KeyInfo; foreach (KeyInfoClause keyInfoClause in keyinfo) { AsymmetricAlgorithm signatureKey = XmlSignatureUtils.ExtractKey(keyInfoClause); if (signatureKey != null && parser.CheckSignature(signatureKey)) return true; } } return false; }
/// <summary> /// Initializes a new instance of the <see cref="Symplified.Auth.Saml20Authenticator"/> class. /// </summary> /// <param name="spName">Service Provider name.</param> /// <param name="idpMetadata">Identity Provider metadata.</param> public Saml20Authenticator (string spName, Saml20MetadataDocument idpMetadata) : base (PLACEHOLDER_URI, PLACEHOLDER_URI) { _spName = (string.IsNullOrEmpty (spName)) ? "symplified-mobile-sp" : spName; _idpMetadata = idpMetadata; Saml20AuthnRequest authnRequest = Saml20AuthnRequest.GetDefault (_spName); byte[] xmlBytes = UTF8Encoding.Default.GetBytes (authnRequest.GetXml ().OuterXml); string base64XmlString = SamlAccount.ToBase64ForUrlString (xmlBytes); initialUrl = new Uri ( String.Format ( "{0}&SAMLRequest={1}", _idpMetadata.SSOEndpoint (SAMLBinding.POST).Url, base64XmlString ) ); }
/// <summary> /// Initializes a new instance of the <see cref="Symplified.Auth.Saml20Authenticator"/> class. /// </summary> /// <param name="spName">Service Provider name.</param> /// <param name="idpMetadata">Identity Provider metadata.</param> public Saml20Authenticator (string spName, Saml20MetadataDocument idpMetadata) : base (PLACEHOLDER_URI, PLACEHOLDER_URI) { _spName = (string.IsNullOrEmpty (spName)) ? "symplified-mobile-sp" : spName; _idpMetadata = idpMetadata; var url = _idpMetadata.SSOEndpoint (SAMLBinding.POST).Url; var separator = url.Contains ("?") ? "&" : "?"; var authnRequest = Saml20AuthnRequest.GetDefault (_spName); var builder = new HttpRedirectBindingBuilder (); builder.Request = authnRequest.GetXml ().OuterXml; initialUrl = new Uri ( String.Format ( "{0}{1}{2}", url, separator, builder.ToQuery() ) ); }
public void TestCertificateExtraction_01() { XmlDocument doc = new XmlDocument(); doc.PreserveWhitespace = true; doc.Load(@"Saml20\Protocol\MetadataDocs\metadata-ADLER.xml"); Saml20MetadataDocument metadata = new Saml20MetadataDocument(doc); List<KeyDescriptor> keys = metadata.Keys; Assert.That(keys[0].use == KeyTypes.signing); Assert.That(keys[1].use == KeyTypes.encryption); Assert.That(metadata.GetKeys(KeyTypes.signing).Count == 1); Assert.That(metadata.GetKeys(KeyTypes.encryption).Count == 1); // The two certs in the metadata document happen to be identical, and are also // used for signing the entire document. // Extract the certificate and verify the document. KeyInfo keyinfo = (KeyInfo) keys[0].KeyInfo; Assert.That(XmlSignatureUtils.CheckSignature(doc, keyinfo)); Assert.AreEqual("ADLER_SAML20_ID", metadata.EntityId); }
private static void LoadSPMetadata() { if (!_metadataLoaded) { _metadataLoaded = true; if (!Directory.Exists(SPMetadataDir)) Directory.CreateDirectory(SPMetadataDir); foreach (string file in Directory.GetFiles(SPMetadataDir)) { string metadataString = File.ReadAllText(file); try { XmlDocument doc = new XmlDocument(); doc.PreserveWhitespace = true; doc.LoadXml(metadataString); Saml20MetadataDocument metadata = new Saml20MetadataDocument(doc); _metadataDocs.Add(metadata.EntityId, metadata); }catch { //If for some reason there is a file in the directory which does not contain //valid data we just continue to the next file continue; } } } }
public void PerformSalesforceOAuthSaml2Grant () { XmlDocument xDoc = new XmlDocument (); xDoc.PreserveWhitespace = true; xDoc.Load ("salesforce-oauthsaml2-idp-metadata.xml"); Saml20MetadataDocument idpMetadata = new Saml20MetadataDocument (xDoc); Saml20Authenticator authenticator = new Saml20Authenticator ( "Symplified.Auth.iOS.Sample", idpMetadata ); authenticator.Completed += (s, e) => { loginViewController.DismissViewController (true, null); if (!e.IsAuthenticated) { samlLoginStatusStringElement.Caption = "Not authorized"; samlLoginStatusStringElement.GetActiveCell ().BackgroundColor = UIColor.Red; } else { SamlAccount authenticatedAccount = (SamlAccount)e.Account; samlLoginStatusStringElement.Caption = authenticatedAccount.Assertion.Subject.Value; samlLoginStatusStringElement.GetActiveCell ().BackgroundColor = UIColor.Green; authenticatedAccount.GetBearerAssertionAuthorizationGrant ( new Uri ("https://login.salesforce.com/services/oauth2/token") ).ContinueWith (t => { if (!t.IsFaulted) { accessTokenStringElement.Caption = t.Result ["access_token"]; scopeStringElement.Caption = t.Result ["scope"]; BeginInvokeOnMainThread (delegate { loginViewController.ReloadData (); ListSalesforceResources (t.Result ["instance_url"], t.Result ["access_token"]); }); } else { Console.WriteLine ("error"); } }); } loginViewController.ReloadData (); }; UIViewController vc = authenticator.GetUI (); loginViewController.PresentViewController (vc, true, null); }
public void LoginWithIdentityProvider () { XmlDocument xDoc = new XmlDocument (); xDoc.PreserveWhitespace = true; xDoc.Load ("idp.symplified.net.metadata.xml"); Saml20MetadataDocument idpMetadata = new Saml20MetadataDocument (xDoc); Saml20Authenticator authenticator = new Saml20Authenticator ( "Symplified.Auth.iOS.Sample", idpMetadata ); authenticator.Completed += (s, e) => { loginViewController.DismissViewController (true, null); if (!e.IsAuthenticated) { samlLoginStatusStringElement.Caption = "Not authorized"; samlLoginStatusStringElement.GetActiveCell ().BackgroundColor = UIColor.Red; } else { SamlAccount authenticatedAccount = (SamlAccount)e.Account; samlLoginStatusStringElement.Caption = String.Format ("Name: {0}", authenticatedAccount.Assertion.Subject.Value); samlLoginStatusStringElement.GetActiveCell ().BackgroundColor = UIColor.Green; } loginViewController.ReloadData (); }; vc = authenticator.GetUI (); loginViewController.PresentViewController (vc, true, null); }