// Initiate the SSO by sending an authentication request to the identity provider.
private void RequestLoginAtIdentityProvider()
{
// Create the authentication request.
XmlElement authnRequestXml = CreateAuthnRequest();
// Create and cache the relay state so we remember which SP resource the user wishes to access after SSO.
string spResourceURL = CreateAbsoluteURL(FormsAuthentication.GetRedirectUrl("", false));
string relayState = RelayStateCache.Add(new RelayState(spResourceURL, null));
// Send the authentication request to the identity provider over the configured binding.
switch (Configuration.SingleSignOnServiceBinding)
{
case SAMLIdentifiers.Binding.HTTPRedirect:
X509Certificate2 x509Certificate = (X509Certificate2)Application[Global.SPX509Certificate];
ServiceProvider.SendAuthnRequestByHTTPRedirect(Response, Configuration.SingleSignOnServiceURL, authnRequestXml, relayState, x509Certificate.PrivateKey);
break;
case SAMLIdentifiers.Binding.HTTPPost:
ServiceProvider.SendAuthnRequestByHTTPPost(Response, Configuration.SingleSignOnServiceURL, authnRequestXml, relayState);
// Don't send this form.
Response.End();
break;
case SAMLIdentifiers.Binding.HTTPArtifact:
// Create the artifact.
string identificationURL = CreateAbsoluteURL("~/");
HTTPArtifactType4 httpArtifact = new HTTPArtifactType4(HTTPArtifactType4.CreateSourceId(identificationURL), HTTPArtifactType4.CreateMessageHandle());
// Cache the authentication request for subsequent sending using the artifact resolution protocol.
HTTPArtifactState httpArtifactState = new HTTPArtifactState(authnRequestXml, null);
HTTPArtifactStateCache.Add(httpArtifact, httpArtifactState);
// Send the artifact.
ServiceProvider.SendArtifactByHTTPArtifact(Response, Configuration.SingleSignOnServiceURL, httpArtifact, relayState, false);
break;
default:
throw new ArgumentException("Invalid binding type");
}
}
// Send the SAML response to the SP.
private void SendSAMLResponse(SAMLResponse samlResponse, string relayState)
{
Trace.Write("IdP", "Sending SAML response");
// Serialize the SAML response for transmission.
XmlElement samlResponseXml = samlResponse.ToXml();
// Sign the SAML response.
X509Certificate2 x509Certificate = (X509Certificate2)Application[Global.IdPX509Certificate];
SAMLMessageSignature.Generate(samlResponseXml, x509Certificate.PrivateKey, x509Certificate);
switch (Configuration.AssertionConsumerServiceBinding)
{
case SAMLIdentifiers.Binding.HTTPPost:
IdentityProvider.SendSAMLResponseByHTTPPost(Response, Configuration.AssertionConsumerServiceURL, samlResponseXml, relayState);
break;
case SAMLIdentifiers.Binding.HTTPArtifact:
// Create the artifact.
string identificationURL = CreateAbsoluteURL("~/");
HTTPArtifactType4 httpArtifact = new HTTPArtifactType4(HTTPArtifactType4.CreateSourceId(identificationURL), HTTPArtifactType4.CreateMessageHandle());
// Cache the authentication request for subsequent sending using the artifact resolution protocol.
HTTPArtifactState httpArtifactState = new HTTPArtifactState(samlResponseXml, null);
HTTPArtifactStateCache.Add(httpArtifact, httpArtifactState);
// Send the artifact.
IdentityProvider.SendArtifactByHTTPArtifact(Response, Configuration.AssertionConsumerServiceURL, httpArtifact, relayState, false);
break;
default:
throw new ArgumentException("Invalid assertion consumer service binding.");
}
Trace.Write("IdP", "Sent SAML response");
}