private void CreateSAMLResponse()
{
IDProvider config = IDProvider.GetConfig();
SAMLResponse.ID = SAMLUtility.GenerateID();
SAMLResponse.Version = SAMLUtility.VERSION;
SAMLResponse.IssueInstant = DateTime.UtcNow.AddMinutes(10);
SAMLResponse.InResponseTo = SAMLRequest.ID;
SAMLResponse.Issuer = new NameIDType();
SAMLResponse.Issuer.Value = config.id;
SAMLResponse.Status = new StatusType();
SAMLResponse.Status.StatusCode = new StatusCodeType();
// Atualiza Cookie de sistemas autenticados e configura Status
HttpCookie cookie = this.Context.Request.Cookies["SistemasLogged"];
if (cookie != null)
{
// Carrega a Entidade SYS_Sistema apartir do caminho de logout
SYS_Sistema entitySistema = new SYS_Sistema {
sis_caminhoLogout = ((NameIDType)SAMLRequest.Item).Value
};
if (SYS_SistemaBO.GetSelectBy_sis_caminho(entitySistema, SYS_SistemaBO.TypePath.logout))
{
// Remove o sistema do Cookie
cookie.Values.Remove(entitySistema.sis_id.ToString());
// Atualiza dados do Cookie
this.Context.Response.Cookies.Set(cookie);
if (!cookie.Values.AllKeys.Contains(entitySistema.sis_id.ToString()))
{
SAMLResponse.Status.StatusCode.Value = SAMLUtility.StatusCodes.Success;
SAMLResponse.Status.StatusMessage = "A solicitação foi realizada com sucesso.";
}
else
{
SAMLResponse.Status.StatusCode.Value = SAMLUtility.StatusCodes.RequestDenied;
SAMLResponse.Status.StatusMessage = "Não foi possível atender a solicitação, o sistema emissor da requisição não está autenticado.";
}
}
else
{
SAMLResponse.Status.StatusCode.Value = SAMLUtility.StatusCodes.RequestDenied;
SAMLResponse.Status.StatusMessage = "Não foi possível atender a solicitação, sistema emissor da requisição não está cadastrado corretamente.";;
}
}
else
{
SAMLResponse.Status.StatusCode.Value = SAMLUtility.StatusCodes.RequestDenied;
SAMLResponse.Status.StatusMessage = "Não foi possível atender a solicitação.";
}
HttpPostBinding binding = new HttpPostBinding(SAMLResponse, HttpUtility.UrlDecode(this.Context.Request[HttpBindingConstants.RelayState]));
binding.SendResponse(this.Context, HttpUtility.UrlDecode(this.Context.Request[HttpBindingConstants.RelayState]), SAMLTypeSSO.logout);
}
private void CreateSAMLResponse()
{
FormsIdentity id = null;
if (HttpContext.Current.User != null)
{
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
if (HttpContext.Current.User.Identity is FormsIdentity)
{
id = (FormsIdentity)HttpContext.Current.User.Identity;
}
}
}
DateTime notBefore = (id != null ? id.Ticket.IssueDate.ToUniversalTime() : DateTime.UtcNow);
DateTime notOnOrAfter = (id != null ? id.Ticket.Expiration.ToUniversalTime() : DateTime.UtcNow.AddMinutes(30));
IDProvider config = IDProvider.GetConfig();
SAMLResponse.Status = new StatusType();
SAMLResponse.Status.StatusCode = new StatusCodeType();
SAMLResponse.Status.StatusCode.Value = SAMLUtility.StatusCodes.Success;
AssertionType assert = new AssertionType();
assert.ID = SAMLUtility.GenerateID();
assert.IssueInstant = DateTime.UtcNow.AddMinutes(10);
assert.Issuer = new NameIDType();
assert.Issuer.Value = config.id;
SubjectConfirmationType subjectConfirmation = new SubjectConfirmationType();
subjectConfirmation.Method = "urn:oasis:names:tc:SAML:2.0:cm:bearer";
subjectConfirmation.SubjectConfirmationData = new SubjectConfirmationDataType();
subjectConfirmation.SubjectConfirmationData.Recipient = SAMLRequest.Issuer;
subjectConfirmation.SubjectConfirmationData.InResponseTo = SAMLRequest.Request.ID;
subjectConfirmation.SubjectConfirmationData.NotOnOrAfter = notOnOrAfter;
NameIDType nameID = new NameIDType();
nameID.Format = SAMLUtility.NameIdentifierFormats.Transient;
nameID.Value = (id != null ? id.Name : UtilBO.FormatNameFormsAuthentication(this.__SessionWEB.__UsuarioWEB.Usuario));
assert.Subject = new SubjectType();
assert.Subject.Items = new object[] { subjectConfirmation, nameID };
assert.Conditions = new ConditionsType();
assert.Conditions.NotBefore = notBefore;
assert.Conditions.NotOnOrAfter = notOnOrAfter;
assert.Conditions.NotBeforeSpecified = true;
assert.Conditions.NotOnOrAfterSpecified = true;
AudienceRestrictionType audienceRestriction = new AudienceRestrictionType();
audienceRestriction.Audience = new string[] { SAMLRequest.Issuer };
assert.Conditions.Items = new ConditionAbstractType[] { audienceRestriction };
AuthnStatementType authnStatement = new AuthnStatementType();
authnStatement.AuthnInstant = DateTime.UtcNow;
authnStatement.SessionIndex = SAMLUtility.GenerateID();
authnStatement.AuthnContext = new AuthnContextType();
authnStatement.AuthnContext.Items =
new object[] { "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" };
authnStatement.AuthnContext.ItemsElementName =
new ItemsChoiceType5[] { ItemsChoiceType5.AuthnContextClassRef };
StatementAbstractType[] statementAbstract = new StatementAbstractType[] { authnStatement };
assert.Items = statementAbstract;
SAMLResponse.Items = new object[] { assert };
string xmlResponse = SAMLUtility.SerializeToXmlString(SAMLResponse);
XmlDocument doc = new XmlDocument();
doc.LoadXml(xmlResponse);
XmlSignatureUtils.SignDocument(doc, assert.ID);
SAMLResponse = SAMLUtility.DeserializeFromXmlString <ResponseType>(doc.InnerXml);
HttpPostBinding binding = new HttpPostBinding(SAMLResponse, HttpUtility.UrlDecode(Request[HttpBindingConstants.RelayState]));
binding.SendResponse(this.Context, HttpUtility.UrlDecode(SAMLRequest.AssertionConsumerServiceURL), SAMLTypeSSO.signon);
}
