/// <summary>
/// Creates a Version 1.1 Saml Assertion
/// </summary>
/// <param name="issuer">Issuer</param>
/// <param name="subject">Subject</param>
/// <param name="attributes">Attributes</param>
/// <returns>returns a Version 1.1 Saml Assertion</returns>
private static AssertionType CreateSamlAssertion(string issuer, string recipient, string domain, string subject, Dictionary <string, string> attributes)
{
// Here we create some SAML assertion with ID and Issuer name.
AssertionType assertion = new AssertionType();
assertion.ID = "_" + Guid.NewGuid().ToString();
NameIDType issuerForAssertion = new NameIDType();
issuerForAssertion.Value = issuer.Trim();
assertion.Issuer = issuerForAssertion;
assertion.Version = "2.0";
assertion.IssueInstant = System.DateTime.UtcNow;
//Not before, not after conditions
ConditionsType conditions = new ConditionsType();
conditions.NotBefore = DateTime.UtcNow;
conditions.NotBeforeSpecified = true;
conditions.NotOnOrAfter = DateTime.UtcNow.AddMinutes(5);
conditions.NotOnOrAfterSpecified = true;
AudienceRestrictionType audienceRestriction = new AudienceRestrictionType();
audienceRestriction.Audience = new string[] { domain.Trim() };
conditions.Items = new ConditionAbstractType[] { audienceRestriction };
//Name Identifier to be used in Saml Subject
NameIDType nameIdentifier = new NameIDType();
nameIdentifier.NameQualifier = domain.Trim();
nameIdentifier.Value = subject.Trim();
SubjectConfirmationType subjectConfirmation = new SubjectConfirmationType();
SubjectConfirmationDataType subjectConfirmationData = new SubjectConfirmationDataType();
subjectConfirmation.Method = "urn:oasis:names:tc:SAML:2.0:cm:bearer";
subjectConfirmation.SubjectConfirmationData = subjectConfirmationData;
//
// Create some SAML subject.
SubjectType samlSubject = new SubjectType();
AttributeStatementType attrStatement = new AttributeStatementType();
AuthnStatementType authStatement = new AuthnStatementType();
authStatement.AuthnInstant = DateTime.UtcNow;
AuthnContextType context = new AuthnContextType();
context.ItemsElementName = new ItemsChoiceType5[] { ItemsChoiceType5.AuthnContextClassRef };
context.Items = new object[] { "AuthnContextClassRef" };
authStatement.AuthnContext = context;
samlSubject.Items = new object[] { nameIdentifier, subjectConfirmation };
assertion.Subject = samlSubject;
IPHostEntry ipEntry =
Dns.GetHostEntry(System.Environment.MachineName);
SubjectLocalityType subjectLocality = new SubjectLocalityType();
subjectLocality.Address = ipEntry.AddressList[0].ToString();
attrStatement.Items = new AttributeType[attributes.Count];
int i = 0;
// Create userName SAML attributes.
foreach (KeyValuePair <string, string> attribute in attributes)
{
AttributeType attr = new AttributeType();
attr.Name = attribute.Key;
attr.NameFormat = "urn:oasis:names:tc:SAML:2.0:attrname-format:basic";
attr.AttributeValue = new object[] { attribute.Value };
attrStatement.Items[i] = attr;
i++;
}
assertion.Conditions = conditions;
assertion.Items = new StatementAbstractType[] { authStatement, attrStatement };
return(assertion);
}
private static AssertionType CreateSamlAssertion(AuthnRequestType samlAuthRequest, string username)
{
var assertion = new AssertionType
{
Version = "2.0",
IssueInstant = DateTime.UtcNow,
ID = "_" + Guid.NewGuid(),
Issuer = new NameIDType()
{
Value = $"{_context.Request.Scheme}://{_context.Request.Host}{_context.Request.PathBase}"
}
};
//Assertion Subject
var subject = new SubjectType();
var subjectNameIdentifier = new NameIDType()
{
Value = username, Format = Saml2Constants.NameIdentifierFormats.Unspecified
};
var subjectConfirmation = new SubjectConfirmationType()
{
Method = Saml2Constants.SubjectConfirmationMethods.HolderOfKey,
SubjectConfirmationData = new SubjectConfirmationDataType()
{
NotOnOrAfter = DateTime.UtcNow.AddMinutes(ASSERTION_TIMEOUT_IN_MINUTES),
Recipient = samlAuthRequest.AssertionConsumerServiceURL,
InResponseTo = samlAuthRequest.ID
}
};
subject.Items = new object[] { subjectNameIdentifier, subjectConfirmation };
assertion.Subject = subject;
//Assertion Conditions
var conditions = new ConditionsType
{
NotBefore = DateTime.UtcNow,
NotBeforeSpecified = true,
NotOnOrAfter = DateTime.UtcNow.AddMinutes(ASSERTION_TIMEOUT_IN_MINUTES),
NotOnOrAfterSpecified = true,
//TODO: samlAuthRequest.Issuer.Value should be replaced with
Items = new ConditionAbstractType[] { new AudienceRestrictionType()
{
Audience = new string[] { samlAuthRequest.Issuer.Value }
} }
};
assertion.Conditions = conditions;
//Assertion AuthnStatement
var authStatement = new AuthnStatementType()
{
AuthnInstant = DateTime.UtcNow, SessionIndex = assertion.ID
};
var context = new AuthnContextType();
context.ItemsElementName = new[] { ItemsChoiceType5.AuthnContextClassRef };
context.Items = new object[] { "urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified" };
authStatement.AuthnContext = context;
//Assertion AttributeStatement
var attributeStatement = new AttributeStatementType();
attributeStatement.Items = new AttributeType[]
{
//Add as many attributes as you want here, these are the user details that service provider wants, we can customise the attributes required
// on the basis of service provider that requires this assertion
new AttributeType {
Name = "username", AttributeValue = username, NameFormat = "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
}
};
assertion.Items = new StatementAbstractType[] { authStatement, attributeStatement };
return(assertion);
}
/// <summary>
/// Creates a SAML 2.0 Assertion Segment for a Response
/// Simple implmenetation assuming a list of string key and value pairs
/// </summary>
/// <param name="Issuer"></param>
/// <param name="AssertionExpirationMinutes"></param>
/// <param name="Audience"></param>
/// <param name="Subject"></param>
/// <param name="Recipient"></param>
/// <param name="Attributes">Dictionary of string key, string value pairs</param>
/// <returns>Assertion to sign and include in Response</returns>
private static AssertionType CreateSAML20Assertion(string Issuer,
int AssertionExpirationMinutes,
string Audience,
string Subject,
string Recipient,
Dictionary <string, string> Attributes)
{
AssertionType NewAssertion = new AssertionType()
{
Version = "2.0",
IssueInstant = DateTime.Now,//DateTime.UtcNow,
ID = "_" + System.Guid.NewGuid().ToString()
};
// Create Issuer
NewAssertion.Issuer = new NameIDType()
{
Value = Issuer.Trim()
};
// Create Assertion Subject
SubjectType subject = new SubjectType();
NameIDType subjectNameIdentifier = new NameIDType()
{
Value = Subject.Trim(), Format = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
};
SubjectConfirmationType subjectConfirmation = new SubjectConfirmationType()
{
Method = "urn:oasis:names:tc:SAML:2.0:cm:bearer", SubjectConfirmationData = new SubjectConfirmationDataType()
{
NotOnOrAfter = DateTime.Now.AddMinutes(AssertionExpirationMinutes), Recipient = Recipient
}
}; //{ NotOnOrAfter = DateTime.UtcNow.AddMinutes(AssertionExpirationMinutes), Recipient = Recipient } };
subject.Items = new object[] { subjectNameIdentifier, subjectConfirmation };
NewAssertion.Subject = subject;
// Create Assertion Conditions
ConditionsType conditions = new ConditionsType();
conditions.NotBefore = DateTime.Now; //DateTime.UtcNow;
conditions.NotBeforeSpecified = true;
conditions.NotOnOrAfter = DateTime.Now.AddMinutes(AssertionExpirationMinutes); //DateTime.UtcNow.AddMinutes(AssertionExpirationMinutes);
conditions.NotOnOrAfterSpecified = true;
conditions.Items = new ConditionAbstractType[] { new AudienceRestrictionType()
{
Audience = new string[] { Audience.Trim() }
} };
NewAssertion.Conditions = conditions;
// Add AuthnStatement and Attributes as Items
AuthnStatementType authStatement = new AuthnStatementType()
{
AuthnInstant = DateTime.Now, SessionIndex = NewAssertion.ID
}; //{ AuthnInstant = DateTime.UtcNow, SessionIndex = NewAssertion.ID };
AuthnContextType context = new AuthnContextType();
context.ItemsElementName = new ItemsChoiceType5[] { ItemsChoiceType5.AuthnContextClassRef };
context.Items = new object[] { "urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified" };
authStatement.AuthnContext = context;
AttributeStatementType attributeStatement = new AttributeStatementType();
attributeStatement.Items = new AttributeType[Attributes.Count];
int i = 0;
foreach (KeyValuePair <string, string> attribute in Attributes)
{
attributeStatement.Items[i] = new AttributeType()
{
Name = attribute.Key,
AttributeValue = new object[] { attribute.Value },
NameFormat = "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
};
i++;
}
NewAssertion.Items = new StatementAbstractType[] { authStatement, attributeStatement };
return(NewAssertion);
}
/// <summary>
/// Creates a SAML 2.0 Assertion Segment for a Response
/// Simple implmenetation assuming a list of string key and value pairs
/// </summary>
/// <param name="issuer"></param>
/// <param name="assertionExpirationMinutes"></param>
/// <param name="audience"></param>
/// <param name="subject"></param>
/// <param name="recipient"></param>
/// <param name="attributes">Dictionary of string key, string value pairs</param>
/// <returns>Assertion to sign and include in Response</returns>
private static AssertionType CreateSaml20Assertion(string issuer,
int assertionExpirationMinutes,
string audience,
string subject,
string recipient,
Dictionary <string, string> attributes)
{
AssertionType newAssertion = new AssertionType
{
Version = "2.0",
IssueInstant = DateTime.UtcNow,
ID = "_" + Guid.NewGuid(),
Issuer = new NameIDType {
Value = issuer.Trim()
}
};
// Create Issuer
// Create Assertion Subject
SubjectType subjectType = new SubjectType();
NameIDType subjectNameIdentifier = new NameIDType {
Value = subject.Trim(), Format = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
};
SubjectConfirmationType subjectConfirmation = new SubjectConfirmationType {
Method = "urn:oasis:names:tc:SAML:2.0:cm:bearer", SubjectConfirmationData = new SubjectConfirmationDataType {
NotOnOrAfter = DateTime.UtcNow.AddMinutes(assertionExpirationMinutes), Recipient = recipient
}
};
subjectType.Items = new object[] { subjectNameIdentifier, subjectConfirmation };
newAssertion.Subject = subjectType;
// Create Assertion Conditions
ConditionsType conditions = new ConditionsType
{
NotBefore = DateTime.UtcNow,
NotBeforeSpecified = true,
NotOnOrAfter = DateTime.UtcNow.AddMinutes(assertionExpirationMinutes),
NotOnOrAfterSpecified = true,
Items = new ConditionAbstractType[] { new AudienceRestrictionType {
Audience = new[] { audience.Trim() }
} }
};
newAssertion.Conditions = conditions;
// Add AuthnStatement and Attributes as Items
AuthnStatementType authStatement = new AuthnStatementType {
AuthnInstant = DateTime.UtcNow, SessionIndex = newAssertion.ID
};
AuthnContextType context = new AuthnContextType
{
ItemsElementName = new[] { ItemsChoiceType5.AuthnContextClassRef },
Items = new object[] { "urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified" }
};
authStatement.AuthnContext = context;
AttributeStatementType attributeStatement = new AttributeStatementType
{
Items = new object[attributes.Count]
};
int i = 0;
foreach (KeyValuePair <string, string> attribute in attributes)
{
attributeStatement.Items[i] = new AttributeType
{
Name = attribute.Key,
AttributeValue = new object[] { attribute.Value },
NameFormat = "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
};
i++;
}
newAssertion.Items = new StatementAbstractType[] { authStatement, attributeStatement };
return(newAssertion);
}
