private SAMLEngine()
{
try
{
_xmlNamespaces.Add(SAMLConstants.NS_PROTOCOL_PREFIX, SAMLConstants.NS_PROTOCOL);
_xmlNamespaces.Add(SAMLConstants.NS_ASSERT_PREFIX, SAMLConstants.NS_ASSERT);
_xmlNamespaces.Add(ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_QAALEVEL_PREFIX),
ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_QAALEVEL));
_xmlNamespaces.Add(ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTRS_PREFIX),
ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTRS));
thisIssuer = ConfigurationSettingsHelper.GetCriticalConfigSetting("SPIssuer");
validateXsd = ConfigurationSettingsHelper.GetCriticalConfigBoolSetting("SamlValidateXsdXml");
thisDestination = ConfigurationManager.AppSettings["SamlDestinationAlias"];
if (string.IsNullOrEmpty(thisDestination))
{
thisDestination = null;
}
else
{
thisDestination = thisIssuer + thisDestination;
}
validTimeframe = ConfigurationSettingsHelper.GetCriticalConfigIntSetting("SamlValidTimeframe");
int?skewClockTmp = ConfigurationSettingsHelper.GetConfigIntSetting("SamlSkewClock");
skewClock = skewClockTmp == null ? SKEW_CLOCK : (int)skewClockTmp;
int capacity = ConfigurationSettingsHelper.GetConfigIntSetting("SamlNumberStoredIds") ?? MAX_STORED_IDS;
receivedIds = new List <string>(capacity);
string tumbprint = ConfigurationSettingsHelper.GetCriticalConfigSetting("SamlCertificate");
certificate = CertificateUtils.GetCertificateFromPersonalStore(tumbprint);
if (certificate == null || !certificate.HasPrivateKey)
{
_logger.Trace("Certificate '" + tumbprint + "' not found at " +
"LocalMachine/My keystore or access to private key was denied. Certificate: " + certificate);
throw new SAMLException("Certificate '" + tumbprint + "' not found at " +
"LocalMachine/My keystore or access to private key was denied. Certificate: " + certificate);
}
citizenAttributes = CitizenAttributes.Instance;
}
catch (Exception)
{
throw;
}
}
private XmlDocument GenerateLogoutRequestMetadata(SAMLLogoutRequest context)
{
DateTime now = DateTime.UtcNow;
LogoutRequestType request = new LogoutRequestType();
request.ID = context.Id;
request.Version = SAMLConstants.SAML_VERSION;
request.IssueInstant = now;
request.Destination = context.Destination;
request.Consent = SAMLConstants.CONSENT;
request.Issuer = new NameIDType();
request.Issuer.Value = context.Issuer;
request.NameID = new NameIDType();
request.NameID.Value = ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.SP_ID);
XmlDocument doc = new XmlDocument();
doc.PreserveWhitespace = true;
// stork extensions
XmlElement qualityAuthnAssLevel = doc.CreateElement(ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_QAALEVEL_PREFIX),
"QualityAuthenticationAssuranceLevel", ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_QAALEVEL));
qualityAuthnAssLevel.InnerText = context.QAALevel;
XmlElement spSectorEl = doc.CreateElement(SAMLConstants.NS_STORK_ASSER_PREFIX,
"spSector", SAMLConstants.NS_STORK_ASSER);
spSectorEl.InnerText = ConfigurationSettingsHelper
.GetCriticalConfigIntSetting(CommonConstants.SAMLSECTOR).ToString();
XmlElement spInstitutionEl = doc.CreateElement(SAMLConstants.NS_STORK_ASSER_PREFIX,
"spInstitution", SAMLConstants.NS_STORK_ASSER);
spInstitutionEl.InnerText = ConfigurationSettingsHelper
.GetCriticalConfigSetting(CommonConstants.SAMLINSTITUTION);
XmlElement spApplicationEl = doc.CreateElement(SAMLConstants.NS_STORK_ASSER_PREFIX,
"spApplication", SAMLConstants.NS_STORK_ASSER);
spApplicationEl.InnerText = ConfigurationSettingsHelper
.GetCriticalConfigSetting(CommonConstants.SAMLAPPLICATION);
XmlElement spCountryEl = doc.CreateElement(SAMLConstants.NS_STORK_ASSER_PREFIX,
"spCountry", SAMLConstants.NS_STORK_ASSER);
spCountryEl.InnerText = ConfigurationSettingsHelper
.GetCriticalConfigSetting(CommonConstants.SAMLCOUNTRY);
XmlElement eIDSectorShareEl = doc.CreateElement(SAMLConstants.NS_STORK_PROT_PREFIX,
"eIDSectorShare", SAMLConstants.NS_STORK_PROT);
eIDSectorShareEl.InnerText = ConfigurationSettingsHelper
.GetCriticalConfigBoolSetting("SamlEIDSectorShare").ToString().ToLower();
XmlElement eIDCrossSectorShareEl = doc.CreateElement(SAMLConstants.NS_STORK_PROT_PREFIX,
"eIDCrossSectorShare", SAMLConstants.NS_STORK_PROT);
eIDCrossSectorShareEl.InnerText = ConfigurationSettingsHelper
.GetCriticalConfigBoolSetting("SamlEIDCrossSectorShare").ToString().ToLower();
XmlElement eIDCrossBorderShareEl = doc.CreateElement(SAMLConstants.NS_STORK_PROT_PREFIX,
"eIDCrossBorderShare", SAMLConstants.NS_STORK_PROT);
eIDCrossBorderShareEl.InnerText = ConfigurationSettingsHelper
.GetCriticalConfigBoolSetting("SamlEIDCrossBorderShare").ToString().ToLower();
request.Extensions = new ExtensionsType();
request.Extensions.Any = new XmlElement[] { qualityAuthnAssLevel, spSectorEl,
spInstitutionEl, spApplicationEl, spCountryEl, eIDSectorShareEl,
eIDCrossSectorShareEl, eIDCrossBorderShareEl };
MemoryStream stream = new MemoryStream();
Serialize(request, stream);
StreamReader reader = new StreamReader(stream);
stream.Seek(0, SeekOrigin.Begin);
string xml = reader.ReadToEnd();
XmlTextReader xmlReader = new XmlTextReader(new StringReader(xml));
return(Deserialize <XmlDocument>(xmlReader));
}
private XmlDocument GenerateRequestMetadata(SAMLRequest context)
{
DateTime now = DateTime.UtcNow;
AuthnRequestType request = new AuthnRequestType();
request.ID = context.Id;
request.Version = SAMLConstants.SAML_VERSION;
request.IssueInstant = now;
request.Destination = context.Destination;
request.Consent = SAMLConstants.CONSENT;
request.ForceAuthn = true;
request.IsPassive = false;
request.ProtocolBinding = SAMLConstants.PROTOCOL_BINDING;
request.AssertionConsumerServiceURL = context.AssertionConsumerServiceURL;
request.ProviderName = context.ProviderName;
request.Issuer = new NameIDType();
request.Issuer.Value = context.Issuer;
request.Issuer.Format = context.IssuerFormat;
XmlDocument doc = new XmlDocument();
doc.PreserveWhitespace = true;
XmlElement requestedAttrs = doc.CreateElement(ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTRS_PREFIX),
"RequestedAttributes", ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTRS));
foreach (AttributeElement attr in context.Attributes)
{
XmlElement requestedAttr = doc.CreateElement(ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTR_PREFIX),
"RequestedAttribute", ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTR));
requestedAttr.SetAttribute("Name", attr.AttrName);
requestedAttr.SetAttribute("NameFormat", SAMLConstants.ATTRIBUTE_NAME_FORMAT);
requestedAttr.SetAttribute("isRequired", attr.IsRequired.ToString().ToLower());
if (attr.AttrName.Equals(CommonConstants.FORCE_AUTH))
{
XmlElement attrValue = doc.CreateElement(ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTR_PREFIX),
"AttributeValue", ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTR));
attrValue.InnerText = attr.AttrValue.ToString().ToLower();
requestedAttr.AppendChild(attrValue);
}
requestedAttrs.AppendChild(requestedAttr);
}
// stork extensions
XmlElement qualityAuthnAssLevel = doc.CreateElement(ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_QAALEVEL_PREFIX),
"QualityAuthenticationAssuranceLevel", ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_QAALEVEL));
qualityAuthnAssLevel.InnerText = context.QAALevel;
XmlElement spSectorEl = doc.CreateElement(SAMLConstants.NS_STORK_ASSER_PREFIX,
"spSector", SAMLConstants.NS_STORK_ASSER);
spSectorEl.InnerText = ConfigurationSettingsHelper
.GetCriticalConfigIntSetting(CommonConstants.SAMLSECTOR).ToString();
XmlElement spInstitutionEl = doc.CreateElement(SAMLConstants.NS_STORK_ASSER_PREFIX,
"spInstitution", SAMLConstants.NS_STORK_ASSER);
spInstitutionEl.InnerText = ConfigurationSettingsHelper
.GetCriticalConfigSetting(CommonConstants.SAMLINSTITUTION);
XmlElement spApplicationEl = doc.CreateElement(SAMLConstants.NS_STORK_ASSER_PREFIX,
"spApplication", SAMLConstants.NS_STORK_ASSER);
spApplicationEl.InnerText = ConfigurationSettingsHelper
.GetCriticalConfigSetting(CommonConstants.SAMLAPPLICATION);
XmlElement spCountryEl = doc.CreateElement(SAMLConstants.NS_STORK_ASSER_PREFIX,
"spCountry", SAMLConstants.NS_STORK_ASSER);
spCountryEl.InnerText = ConfigurationSettingsHelper
.GetCriticalConfigSetting(CommonConstants.SAMLCOUNTRY);
XmlElement eIDSectorShareEl = doc.CreateElement(SAMLConstants.NS_STORK_PROT_PREFIX,
"eIDSectorShare", SAMLConstants.NS_STORK_PROT);
eIDSectorShareEl.InnerText = ConfigurationSettingsHelper
.GetCriticalConfigBoolSetting("SamlEIDSectorShare").ToString().ToLower();
XmlElement eIDCrossSectorShareEl = doc.CreateElement(SAMLConstants.NS_STORK_PROT_PREFIX,
"eIDCrossSectorShare", SAMLConstants.NS_STORK_PROT);
eIDCrossSectorShareEl.InnerText = ConfigurationSettingsHelper
.GetCriticalConfigBoolSetting("SamlEIDCrossSectorShare").ToString().ToLower();
XmlElement eIDCrossBorderShareEl = doc.CreateElement(SAMLConstants.NS_STORK_PROT_PREFIX,
"eIDCrossBorderShare", SAMLConstants.NS_STORK_PROT);
eIDCrossBorderShareEl.InnerText = ConfigurationSettingsHelper
.GetCriticalConfigBoolSetting("SamlEIDCrossBorderShare").ToString().ToLower();
request.Extensions = new ExtensionsType();
request.Extensions.Any = new XmlElement[] { qualityAuthnAssLevel, spSectorEl,
spInstitutionEl, spApplicationEl, spCountryEl, eIDSectorShareEl,
eIDCrossSectorShareEl, eIDCrossBorderShareEl, requestedAttrs };
MemoryStream stream = new MemoryStream();
Serialize(request, stream);
StreamReader reader = new StreamReader(stream);
stream.Seek(0, SeekOrigin.Begin);
string xml = reader.ReadToEnd();
XmlTextReader xmlReader = new XmlTextReader(new StringReader(xml));
return(Deserialize <XmlDocument>(xmlReader));
}
