public void WriteXmlValid() { SamlAssertion a = new SamlAssertion(); SamlSubject subject = new SamlSubject( SamlConstants.UserNameNamespace, "urn:myqualifier", "myname"); SamlAttribute attr = new SamlAttribute(Claim.CreateNameClaim("myname")); SamlAttributeStatement statement = new SamlAttributeStatement(subject, new SamlAttribute [] { attr }); a.Advice = new SamlAdvice(new string [] { "urn:testadvice1" }); DateTime notBefore = DateTime.SpecifyKind(new DateTime(2000, 1, 1), DateTimeKind.Utc); DateTime notOnAfter = DateTime.SpecifyKind(new DateTime(2006, 1, 1), DateTimeKind.Utc); a.Conditions = new SamlConditions(notBefore, notOnAfter); a.Statements.Add(statement); a.Issuer = "my_hero"; StringWriter sw = new StringWriter(); string id = a.AssertionId; DateTime instant = a.IssueInstant; using (XmlDictionaryWriter dw = CreateWriter(sw)) { a.WriteXml(dw, new SamlSerializer(), null); } string expected = String.Format("<?xml version=\"1.0\" encoding=\"utf-16\"?><saml:Assertion MajorVersion=\"1\" MinorVersion=\"1\" AssertionID=\"{0}\" Issuer=\"my_hero\" IssueInstant=\"{1}\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\"><saml:Conditions NotBefore=\"{3}\" NotOnOrAfter=\"{4}\" /><saml:Advice><saml:AssertionIDReference>urn:testadvice1</saml:AssertionIDReference></saml:Advice><saml:AttributeStatement><saml:Subject><saml:NameIdentifier Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName\" NameQualifier=\"urn:myqualifier\">myname</saml:NameIdentifier></saml:Subject><saml:Attribute AttributeName=\"name\" AttributeNamespace=\"{2}\"><saml:AttributeValue>myname</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion>", id, instant.ToString("yyyy-MM-ddTHH:mm:ss.fff'Z'", CultureInfo.InvariantCulture), "http://schemas.xmlsoap.org/ws/2005/05/identity/claims", notBefore.ToString("yyyy-MM-ddTHH:mm:ss.fff'Z'", CultureInfo.InvariantCulture), notOnAfter.ToString("yyyy-MM-ddTHH:mm:ss.fff'Z'", CultureInfo.InvariantCulture)); Assert.AreEqual(expected, sw.ToString()); }
private void Snippet9() { //<snippet9> Claim c1 = Claim.CreateNameClaim("someone"); Claim c2 = Claim.CreateNameClaim("someone"); //</snippet9> }
private void CheckClaims(string claimType, string resource) { IClaimsPrincipal claimsPrincipal = Thread.CurrentPrincipal as IClaimsPrincipal; if (claimsPrincipal == null) { throw new SecurityException("Access is denied. Security principal should be a IClaimsPrincipal type."); } Claim issuerName = Claim.CreateNameClaim(ClaimsAuthorizationPolicy.IssuerName); List <Claim> issuerClaims = new List <Claim>(); issuerClaims.Add(issuerName); List <Claim> requiredClaims = new List <Claim>(); requiredClaims.Add(new Claim(claimType, resource, Rights.PossessProperty)); DefaultClaimSet claimSet = new DefaultClaimSet(new DefaultClaimSet(issuerClaims), requiredClaims); if (!claimsPrincipal.HasRequiredClaims(claimSet)) { throw new SecurityException("Access is denied. Security principal does not satisfy required claims."); } }
public void TestToString() { Assert.AreEqual( String.Concat(Rights.PossessProperty, ": ", ClaimTypes.Name), Claim.CreateNameClaim("mono").ToString(), "#1"); }
public bool Evaluate(EvaluationContext evaluationContext, ref object state) { evaluationContext.AddClaimSet(this, new DefaultClaimSet(Claim.CreateNameClaim(_principal.Identity.Name))); evaluationContext.Properties["Identities"] = new List <IIdentity>(new[] { _principal.Identity }); evaluationContext.Properties["Principal"] = _principal; return(true); }
string ICrudService.UpdateSomething() { AuthorizationContext authContext = ServiceSecurityContext.Current.AuthorizationContext; ClaimSet issuerClaimSet = null; foreach (ClaimSet cs in authContext.ClaimSets) { Claim issuerClaim = Claim.CreateNameClaim("http://www.thatindigogirl.com/samples/2006/06/issuer"); if (cs.Issuer.ContainsClaim(issuerClaim)) { issuerClaimSet = cs; } } if (issuerClaimSet == null) { throw new SecurityException("Access is denied. No claims were provided from the expected issuer."); } Claim c = new Claim("http://schemas.thatindigogirl.com/samples/2006/06/identity/claims/update", "http://schemas.thatindigogirl.com/samples/2006/06/identity/resources/application", Rights.PossessProperty); if (!issuerClaimSet.ContainsClaim(c)) { throw new SecurityException("Access is denied. Required claims not satisfied."); } return(String.Format("UpdateSomething() called by user {0}", System.Threading.Thread.CurrentPrincipal.Identity.Name)); }
SamlSecurityToken GetSamlToken() { SamlAssertion a = new SamlAssertion(); SamlSubject subject = new SamlSubject( SamlConstants.UserNameNamespace, "urn:myqualifier", "myname"); SamlAttribute attr = new SamlAttribute(Claim.CreateNameClaim("myname")); SamlAttributeStatement statement = new SamlAttributeStatement(subject, new SamlAttribute [] { attr }); a.Statements.Add(statement); a.Issuer = "my_hero"; X509Certificate2 cert = new X509Certificate2(TestResourceHelper.GetFullPathOfResource("Test/Resources/test.pfx"), "mono"); X509AsymmetricSecurityKey key = new X509AsymmetricSecurityKey(cert); a.SigningCredentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha1Signature, SecurityAlgorithms.Sha256Digest); XmlDocument doc = new XmlDocument(); XmlWriter w = doc.CreateNavigator().AppendChild(); using (XmlDictionaryWriter dw = XmlDictionaryWriter.CreateDictionaryWriter(w)) { a.WriteXml(dw, new SamlSerializer(), new MySecurityTokenSerializer()); } Console.Error.WriteLine(doc.OuterXml); return(new SamlSecurityToken(a)); }
/// <summary> /// Overrides the GetIssuedClaims from the SecurityTokenService Base Class /// to return a valid user claim for the user /// </summary> protected override Collection <SamlAttribute> GetIssuedClaims(RequestSecurityToken requestSecurityToken) { string caller = ServiceSecurityContext.Current.PrimaryIdentity.Name; // Create Name claim Collection <SamlAttribute> samlAttributes = new Collection <SamlAttribute>(); samlAttributes.Add(new SamlAttribute(Claim.CreateNameClaim(caller))); return(samlAttributes); }
public ClaimsAuthorizationPolicy() { m_id = Guid.NewGuid(); Claim c = Claim.CreateNameClaim(ClaimsAuthorizationPolicy.IssuerName); Claim[] claims = new Claim[1]; claims[0] = c; m_issuer = new DefaultClaimSet(claims); }
public CustomAuthorizationPolicy() { m_id = Guid.NewGuid(); Claim c = Claim.CreateNameClaim("http://www.thatindigogirl.com/samples/2006/07/issuer"); Claim[] claims = new Claim[1]; claims[0] = c; m_issuer = new DefaultClaimSet(claims); }
/// <summary> /// Makes calls to the specified endpoint name in app.config /// </summary> /// <param name="endpointName">The endpoint to use from app.config</param> private static void CallEndpoint(string endpointName) { Console.WriteLine("\nCalling endpoint {0}\n", endpointName); // Create a client with given client endpoint configuration CalculatorClient client = new CalculatorClient(endpointName); // Create new credentials class SamlClientCredentials samlCC = new SamlClientCredentials(); // Set the client certificate. This is the cert that will be used to sign the SAML token in the symmetric proof key case samlCC.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectName, "Alice"); // Set the service certificate. This is the cert that will be used to encrypt the proof key in the symmetric proof key case samlCC.ServiceCertificate.SetDefaultCertificate(StoreLocation.CurrentUser, StoreName.TrustedPeople, X509FindType.FindBySubjectName, "localhost"); // Create some claims to put in the SAML assertion IList <Claim> claims = new List <Claim>(); claims.Add(Claim.CreateNameClaim(samlCC.ClientCertificate.Certificate.Subject)); ClaimSet claimset = new DefaultClaimSet(claims); samlCC.Claims = claimset; // set new credentials client.ChannelFactory.Endpoint.Behaviors.Remove(typeof(ClientCredentials)); client.ChannelFactory.Endpoint.Behaviors.Add(samlCC); // Call the Add service operation. double value1 = 100.00D; double value2 = 15.99D; double result = client.Add(value1, value2); Console.WriteLine("Add({0},{1}) = {2}", value1, value2, result); // Call the Subtract service operation. value1 = 145.00D; value2 = 76.54D; result = client.Subtract(value1, value2); Console.WriteLine("Subtract({0},{1}) = {2}", value1, value2, result); // Call the Multiply service operation. value1 = 9.00D; value2 = 81.25D; result = client.Multiply(value1, value2); Console.WriteLine("Multiply({0},{1}) = {2}", value1, value2, result); // Call the Divide service operation. value1 = 22.00D; value2 = 7.00D; result = client.Divide(value1, value2); Console.WriteLine("Divide({0},{1}) = {2}", value1, value2, result); client.Close(); }
/// <summary> /// Creates a SAML token for the specified email address and security token. /// </summary> private SamlSecurityToken CreateSAMLToken( string emailAddress, X509SecurityToken issuerToken) { // Create list of confirmation strings List <string> confirmations = new List <string>(); // Add holder-of-key string to list of confirmation strings confirmations.Add("urn:oasis:names:tc:SAML:1.0:cm:bearer"); // Create SAML subject statement based on issuer member variable, confirmation string collection // local variable and proof key identifier parameter SamlSubject subject = new SamlSubject("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", null, emailAddress); // Create a list of SAML attributes List <SamlAttribute> attributes = new List <SamlAttribute>(); Claim claim = Claim.CreateNameClaim(emailAddress); attributes.Add(new SamlAttribute(claim)); // Create list of SAML statements List <SamlStatement> statements = new List <SamlStatement>(); // Add a SAML attribute statement to the list of statements. Attribute statement is based on // subject statement and SAML attributes resulting from claims statements.Add(new SamlAttributeStatement(subject, attributes)); // Create a valid from/until condition DateTime validFrom = DateTime.UtcNow; DateTime validTo = DateTime.UtcNow.AddHours(12); SamlConditions conditions = new SamlConditions(validFrom, validTo); // Create the SAML assertion SamlAssertion assertion = new SamlAssertion( "_" + Guid.NewGuid().ToString(), issuerToken.Certificate.Subject, validFrom, conditions, null, statements); SecurityKey signingKey = new System.IdentityModel.Tokens.RsaSecurityKey((RSA)issuerToken.Certificate.PrivateKey); // Set the signing credentials for the SAML assertion assertion.SigningCredentials = new SigningCredentials( signingKey, System.IdentityModel.Tokens.SecurityAlgorithms.RsaSha1Signature, System.IdentityModel.Tokens.SecurityAlgorithms.Sha1Digest, new SecurityKeyIdentifier(issuerToken.CreateKeyIdentifierClause <X509ThumbprintKeyIdentifierClause>())); return(new SamlSecurityToken(assertion)); }
/// <summary> /// Overrides the GetIssuedClaims from the SecurityTokenService Base Class /// to return a valid user claim and purchase limit claim with the appropriate purchase limit /// for the user /// </summary> protected override Collection <SamlAttribute> GetIssuedClaims(RequestSecurityToken requestSecurityToken) { string caller = ServiceSecurityContext.Current.PrimaryIdentity.Name; double purchaseLimit = GetPurchaseLimit(); // Create Name and PurchaseLimit claims Collection <SamlAttribute> samlAttributes = new Collection <SamlAttribute>(); samlAttributes.Add(new SamlAttribute(Claim.CreateNameClaim(caller))); samlAttributes.Add(new SamlAttribute(new Claim(Constants.PurchaseLimitClaim, purchaseLimit.ToString(), Rights.PossessProperty))); return(samlAttributes); }
public void CreateClaims() { Claim c; // premises Assert.AreEqual("http://schemas.xmlsoap.org/ws/2005/05/identity/right/identity", Rights.Identity, "#1"); Assert.AreEqual("http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty", Rights.PossessProperty, "#2"); c = Claim.CreateDnsClaim("123.45.6.7"); AssertClaim("Dns", c, ClaimTypes.Dns, "123.45.6.7", Rights.PossessProperty); Uri uri = new Uri("http://www.example.com"); c = Claim.CreateUriClaim(uri); AssertClaim("Uri", c, ClaimTypes.Uri, uri, Rights.PossessProperty); MailAddress mail = new MailAddress("*****@*****.**"); c = Claim.CreateMailAddressClaim(mail); AssertClaim("Mail", c, ClaimTypes.Email, mail, Rights.PossessProperty); c = Claim.CreateNameClaim("Rupert"); AssertClaim("Name", c, ClaimTypes.Name, "Rupert", Rights.PossessProperty); c = Claim.CreateSpnClaim("foo"); AssertClaim("Spn", c, ClaimTypes.Spn, "foo", Rights.PossessProperty); c = Claim.CreateUpnClaim("foo"); AssertClaim("Upn", c, ClaimTypes.Upn, "foo", Rights.PossessProperty); //SecurityIdentifier sid = new SecurityIdentifier (blah); //c = Claim.CreateWindowsSidClaim (sid); //AssertClaim ("Sid", c, ClaimTypes.Sid, blah, Rights.PossessProperty); byte [] hash = new byte [] { 1, 2, 3, 4, 5, 6, 7, 8, 9 }; c = Claim.CreateHashClaim(hash); AssertClaim("Hash", c, ClaimTypes.Hash, hash, Rights.PossessProperty); RSA rsa = RSA.Create(); c = Claim.CreateRsaClaim(rsa); AssertClaim("Rsa", c, ClaimTypes.Rsa, rsa, Rights.PossessProperty); X509Certificate2 cert = new X509Certificate2(TestResourceHelper.GetFullPathOfResource("Test/Resources/test.pfx"), "mono"); byte [] chash = cert.GetCertHash(); c = Claim.CreateThumbprintClaim(chash); AssertClaim("Thumbprint", c, ClaimTypes.Thumbprint, chash, Rights.PossessProperty); c = Claim.CreateX500DistinguishedNameClaim(cert.SubjectName); AssertClaim("X500Name", c, ClaimTypes.X500DistinguishedName, cert.SubjectName, Rights.PossessProperty); }
public UserNameClaimSet(string userName, string authType) { if (userName == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(userName)); } identity = SecurityUtils.CreateIdentity(userName, authType); List <Claim> claims = new List <Claim>(2); claims.Add(new Claim(ClaimTypes.Name, userName, Rights.Identity)); claims.Add(Claim.CreateNameClaim(userName)); Initialize(ClaimSet.System, claims); }
public UserNameClaimSet(string userName, string authType) : base(new Claim[0]) { if (userName == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("userName"); } this.identity = System.IdentityModel.SecurityUtils.CreateIdentity(userName, authType); List <Claim> claims = new List <Claim>(2) { new Claim(ClaimTypes.Name, userName, Rights.Identity), Claim.CreateNameClaim(userName) }; base.Initialize(ClaimSet.System, claims); }
public void WriteXml1() { SamlAttribute attr = new SamlAttribute(Claim.CreateNameClaim("myname")); SamlSubject subject = new SamlSubject( SamlConstants.UserNameNamespace, "urn:myqualifier", "myname"); SamlAttributeStatement s = new SamlAttributeStatement( subject, new SamlAttribute [] { attr }); StringWriter sw = new StringWriter(); using (XmlDictionaryWriter dw = CreateWriter(sw)) { s.WriteXml(dw, new SamlSerializer(), null); } Assert.AreEqual(String.Format("<?xml version=\"1.0\" encoding=\"utf-16\"?><saml:AttributeStatement xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\"><saml:Subject><saml:NameIdentifier Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName\" NameQualifier=\"urn:myqualifier\">myname</saml:NameIdentifier></saml:Subject><saml:Attribute AttributeName=\"name\" AttributeNamespace=\"{0}\"><saml:AttributeValue>myname</saml:AttributeValue></saml:Attribute></saml:AttributeStatement>", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims"), sw.ToString()); }
// Return a ClaimSet to be serialized into an issued SAML token private ClaimSet GetClaimSet(IList <ClaimTypeRequirement> claimReqs) { // Create an empty list for claims List <Claim> claims = new List <Claim>(); ClaimSet issuedClaims = null; // Iterate through all the ClaimSets in the current AuthorizationContext foreach (ClaimSet cs in OperationContext.Current.ServiceSecurityContext.AuthorizationContext.ClaimSets) { // If the issuer of the ClaimSet is this STS... if (cs.Issuer.ContainsClaim(Claim.CreateNameClaim(ClaimsAuthorizationPolicy.IssuerName))) { issuedClaims = cs; } } // NOTE: // The RST contains claim requirements. // You could check to see if the required // claims are present, but this requires a custom equality comparer // that is does not check the Resource property of the claim, // only the Right and the ClaimType should be compared since // the federation binding doesn't supply a Resource requirement //if (claimReqs != null) //{ // foreach (ClaimTypeRequirement ctr in claimReqs) // { // if (Constants.IdentityModel.ClaimTypes.PPI == ctr.ClaimType) // { // if (!ctr.IsOptional) // { // } // } // } //} // in this case, attached all issued claims foreach (Claim c in issuedClaims) { claims.Add(c); } // Create a new ClaimSet based on the claims list // and return that ClaimSet return(new DefaultClaimSet(DefaultClaimSet.System, claims)); }
/// <summary> /// If IsAuthenticated was set on the permission, /// check the thread's principal is authenticated /// If Claims WERE NOT provided, don't check them /// If Claims WERE provided, check the AuthorizationContext /// check for an issuer match, /// check that required claims are present /// </summary> public void CheckClaims() { if (this._requiredClaims == null) { return; } AuthorizationContext authContext = ServiceSecurityContext.Current.AuthorizationContext; ClaimSet issuerClaimSet = null; foreach (ClaimSet claimSet in authContext.ClaimSets) { Claim issuerClaim = Claim.CreateNameClaim(ClaimsAuthorizationPolicy.IssuerName); if (claimSet.Issuer.ContainsClaim(issuerClaim)) { issuerClaimSet = claimSet; } } if (issuerClaimSet == null) { throw new SecurityAccessDeniedException("Access is denied. No claims were provided from the expected issuer."); } bool hasClaims = true; foreach (Claim claim in _requiredClaims) { if (!issuerClaimSet.ContainsClaim(claim)) { hasClaims = false; break; } } if (!hasClaims) { throw new SecurityAccessDeniedException("Access is denied. Security principal does not satisfy required claims."); } }
public void CheckClaims(IClaimsPrincipal principal) { IPrincipal p = principal as IPrincipal; if (this.m_isAuthenticated && !p.Identity.IsAuthenticated) { throw new SecurityException("Access is denied. Security principal is not authenticated."); } if (m_issuer != null) { Claim c = Claim.CreateNameClaim(m_issuer); if (!principal.Issuer.ContainsClaim(c)) { throw new SecurityException("Access is denied. Invalid claims issuer."); } } if (this.m_requiredClaims.Count == 0) { return; } List <Claim> claims = new List <Claim>(); foreach (string s in this.m_requiredClaims) { claims.Add(new Claim(s, ClaimsAuthorizationPolicy.Resources.Application, Rights.PossessProperty)); } DefaultClaimSet claimSet = new DefaultClaimSet(claims); if (!principal.HasRequiredClaims(claimSet)) { throw new SecurityException("Access is denied. Security principal does not satisfy required claims."); } }
// Return a ClaimSet to be serialized into an issued SAML token private ClaimSet GetClaimSet(IList <ClaimTypeRequirement> claimReqs) { // Create an empty list for claims List <Claim> claims = new List <Claim>(); ClaimSet issuedClaims = null; // Iterate through all the ClaimSets in the current AuthorizationContext foreach (ClaimSet cs in OperationContext.Current.ServiceSecurityContext.AuthorizationContext.ClaimSets) { // If the issuer of the ClaimSet is this STS... if (cs.Issuer.ContainsClaim(Claim.CreateNameClaim("http://www.thatindigogirl.com/samples/2006/07/issuer"))) { issuedClaims = cs; } } if (claimReqs != null) { foreach (ClaimTypeRequirement ctr in claimReqs) { if (Constants.IdentityModel.ClaimTypes.PPI == ctr.ClaimType) { claims.Add(new Claim(ctr.ClaimType, Guid.NewGuid().ToString(), Rights.PossessProperty)); } } } // all all issued claims foreach (Claim c in issuedClaims) { claims.Add(c); } // Create a new ClaimSet based on the claims list and return that ClaimSet return(new DefaultClaimSet(DefaultClaimSet.System, claims)); }
public void ConstructorNullSubject() { SamlAttribute attr = new SamlAttribute(Claim.CreateNameClaim("myname")); new SamlAttributeStatement(null, new SamlAttribute [] { attr }); }
/// <summary> /// Create the static resources used to authorize a user given a set of claims. /// </summary> /// public AuthorizationPolicy() { // This ClaimSet uniquely represents the issuer of this policy and will qualify any set of claims. SetIssuerClaim(Claim.CreateUriClaim(new Uri(AuthorizationPolicy.IssuerUri)), Claim.CreateNameClaim(AuthorizationPolicy.IssuerName)); }
public static ClaimSet CreateIssuerClaimSet() { return(new DefaultClaimSet(Claim.CreateUriClaim(new Uri(ClaimsAuthorizationPolicy.IssuerUri)), Claim.CreateDnsClaim(ClaimsAuthorizationPolicy.IssuerName), Claim.CreateNameClaim(ClaimsAuthorizationPolicy.IssuerName))); }
static Issuer() { // This ClaimSet represents the issuer of this policy and will qualify any set of claims. Issuer.claimSet = new DefaultClaimSet(Claim.CreateUriClaim(new Uri(Issuer.IssuerUri)), Claim.CreateNameClaim(Issuer.IssuerName)); }
/// <summary> /// Creates a SAML token for the specified email address. /// </summary> public static async System.Threading.Tasks.Task <UserIdentity> CreateSAMLTokenAsync(string emailAddress) { // Normally this would be done by a server that is capable of verifying that // the user is a legimate holder of email address. Using a local certficate to // signed the SAML token is a short cut that would never be done in a real system. CertificateIdentifier userid = new CertificateIdentifier(); userid.StoreType = CertificateStoreType.X509Store; userid.StorePath = "LocalMachine\\My"; userid.SubjectName = "UA Sample Client"; X509Certificate2 certificate = await userid.Find(); X509SecurityToken signingToken = new X509SecurityToken(certificate); // Create list of confirmation strings List <string> confirmations = new List <string>(); // Add holder-of-key string to list of confirmation strings confirmations.Add("urn:oasis:names:tc:SAML:1.0:cm:bearer"); // Create SAML subject statement based on issuer member variable, confirmation string collection // local variable and proof key identifier parameter SamlSubject subject = new SamlSubject("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", null, emailAddress); // Create a list of SAML attributes List <SamlAttribute> attributes = new List <SamlAttribute>(); Claim claim = Claim.CreateNameClaim(emailAddress); attributes.Add(new SamlAttribute(claim)); // Create list of SAML statements List <SamlStatement> statements = new List <SamlStatement>(); // Add a SAML attribute statement to the list of statements. Attribute statement is based on // subject statement and SAML attributes resulting from claims statements.Add(new SamlAttributeStatement(subject, attributes)); // Create a valid from/until condition DateTime validFrom = DateTime.UtcNow; DateTime validTo = DateTime.UtcNow.AddHours(12); SamlConditions conditions = new SamlConditions(validFrom, validTo); // Create the SAML assertion SamlAssertion assertion = new SamlAssertion( "_" + Guid.NewGuid().ToString(), signingToken.Certificate.Subject, validFrom, conditions, null, statements); SecurityKey signingKey = new System.IdentityModel.Tokens.RsaSecurityKey((RSA)signingToken.Certificate.PrivateKey); // Set the signing credentials for the SAML assertion assertion.SigningCredentials = new SigningCredentials( signingKey, System.IdentityModel.Tokens.SecurityAlgorithms.RsaSha1Signature, System.IdentityModel.Tokens.SecurityAlgorithms.Sha1Digest, new SecurityKeyIdentifier(signingToken.CreateKeyIdentifierClause <X509ThumbprintKeyIdentifierClause>())); // TODO // return new UserIdentity(new SamlSecurityToken(assertion)); throw new NotImplementedException(); }
public override ClaimSet CreateClaims() { return(new DefaultClaimSet(Claim.CreateNameClaim(user))); }
public ClaimsAuthorizationPolicy() { _id = Guid.NewGuid(); _issuer = new DefaultClaimSet(Claim.CreateNameClaim(ClaimsAuthorizationPolicy.IssuerName)); }