// Initiate the SSO by sending an authentication request to the identity provider. private void RequestLoginAtIdentityProvider() { // Create the authentication request. XmlElement authnRequestXml = CreateAuthnRequest(); // Create and cache the relay state so we remember which SP resource the user wishes // to access after SSO. string spResourceURL = CreateAbsoluteURL(FormsAuthentication.GetRedirectUrl("", false)); string relayState = RelayStateCache.Add(new RelayState(spResourceURL, null)); // Send the authentication request to the identity provider over the selected binding. string idpURL = CreateSSOServiceURL(); switch (spToIdPBindingRadioButtonList.SelectedValue) { case SAMLIdentifiers.BindingURIs.HTTPRedirect: X509Certificate2 x509Certificate = (X509Certificate2)Application[Global.SPX509Certificate]; ServiceProvider.SendAuthnRequestByHTTPRedirect(Response, idpURL, authnRequestXml, relayState, x509Certificate.PrivateKey); break; case SAMLIdentifiers.BindingURIs.HTTPPost: ServiceProvider.SendAuthnRequestByHTTPPost(Response, idpURL, authnRequestXml, relayState); // Don't send this form. Response.End(); break; case SAMLIdentifiers.BindingURIs.HTTPArtifact: // Create the artifact. string identificationURL = CreateAbsoluteURL("~/"); HTTPArtifactType4 httpArtifact = new HTTPArtifactType4(HTTPArtifactType4.CreateSourceId(identificationURL), HTTPArtifactType4.CreateMessageHandle()); // Cache the authentication request for subsequent sending using the artifact resolution protocol. HTTPArtifactState httpArtifactState = new HTTPArtifactState(authnRequestXml, null); HTTPArtifactStateCache.Add(httpArtifact, httpArtifactState); // Send the artifact. ServiceProvider.SendArtifactByHTTPArtifact(Response, idpURL, httpArtifact, relayState, false); break; } }
// Send the SAML response over the specified binding. private void SendSAMLResponse(SAMLResponse samlResponse, SSOState ssoState) { Trace.Write("IdP", "Sending SAML response"); // Serialize the SAML response for transmission. XmlElement samlResponseXml = samlResponse.ToXml(); // Sign the SAML response X509Certificate2 x509Certificate = (X509Certificate2)Application[Global.IdPX509Certificate]; SAMLMessageSignature.Generate(samlResponseXml, x509Certificate.PrivateKey, x509Certificate); // Send the SAML response to the service provider. switch (ssoState.idpProtocolBinding) { case SAMLIdentifiers.Binding.HTTPPost: IdentityProvider.SendSAMLResponseByHTTPPost(Response, ssoState.assertionConsumerServiceURL, samlResponseXml, ssoState.relayState); break; case SAMLIdentifiers.Binding.HTTPArtifact: // Create the artifact. string identificationURL = CreateAbsoluteURL("~/"); HTTPArtifactType4 httpArtifact = new HTTPArtifactType4(HTTPArtifactType4.CreateSourceId(identificationURL), HTTPArtifactType4.CreateMessageHandle()); // Cache the authentication request for subsequent sending using the artifact resolution protocol. HTTPArtifactState httpArtifactState = new HTTPArtifactState(samlResponseXml, null); HTTPArtifactStateCache.Add(httpArtifact, httpArtifactState); // Send the artifact. IdentityProvider.SendArtifactByHTTPArtifact(Response, ssoState.assertionConsumerServiceURL, httpArtifact, ssoState.relayState, false); break; default: Trace.Write("IdP", "Invalid identity provider binding"); break; } Trace.Write("IdP", "Sent SAML response"); }