/// <summary> /// Initializes a new instance of the AuthnRequest class. /// </summary> /// <param name="identityProvider"> /// IdentityProvider to receive the AuthnRequest /// </param> /// <param name="serviceProvider"> /// ServiceProvider to issue the AuthnRequest /// </param> /// <param name="parameters"> /// NameValueCollection of varying parameters for use in the /// construction of the AuthnRequest. /// </param> public AuthnRequest(IIdentityProvider identityProvider, IServiceProvider serviceProvider, NameValueCollection parameters) { m_xml = new XmlDocument { PreserveWhitespace = true }; m_nsMgr = new XmlNamespaceManager(m_xml.NameTable); m_nsMgr.AddNamespace("saml", "urn:oasis:names:tc:SAML:2.0:assertion"); m_nsMgr.AddNamespace("samlp", "urn:oasis:names:tc:SAML:2.0:protocol"); Id = Saml2Utils.GenerateId(); IssueInstant = Saml2Utils.GenerateIssueInstant(); Issuer = serviceProvider.EntityId; if (parameters != null) { AllowCreate = Saml2Utils.GetBoolean(parameters[Saml2Constants.AllowCreate]); AssertionConsumerServiceIndex = parameters[Saml2Constants.AssertionConsumerServiceIndex]; Binding = parameters[Saml2Constants.Binding]; Consent = parameters[Saml2Constants.Consent]; Destination = parameters[Saml2Constants.Destination]; ForceAuthn = Saml2Utils.GetBoolean(parameters[Saml2Constants.ForceAuthn]); IsPassive = Saml2Utils.GetBoolean(parameters[Saml2Constants.IsPassive]); NameIDPolicyFormat = parameters[Saml2Constants.NameIDPolicyFormat]; } if (string.IsNullOrEmpty(NameIDPolicyFormat)) { NameIDPolicyFormat = Saml2Constants.NameIDPolicyFormatUnspecified; } string assertionConsumerSvcUrl = null; if (!string.IsNullOrEmpty(Binding)) { if (!string.IsNullOrEmpty(AssertionConsumerServiceIndex)) { // find assertion consumer service location by binding and index. assertionConsumerSvcUrl = serviceProvider.GetAssertionConsumerServiceLocation(Binding, AssertionConsumerServiceIndex); } else { // find assertion consumer service location by binding only, using first found. assertionConsumerSvcUrl = serviceProvider.GetAssertionConsumerServiceLocation(Binding); } } // neither index nor binding, throw exception if (string.IsNullOrEmpty(AssertionConsumerServiceIndex) && string.IsNullOrEmpty(assertionConsumerSvcUrl)) { throw new Saml2Exception(Resources.AuthnRequestAssertionConsumerServiceNotDefined); } // If destination not specified, use SSO location by binding if (string.IsNullOrEmpty(Destination)) { Destination = identityProvider.GetSingleSignOnServiceLocation(parameters[Saml2Constants.RequestBinding]); if (string.IsNullOrEmpty(Destination)) { // default to HttpRedirect Destination = identityProvider.GetSingleSignOnServiceLocation(Saml2Constants.HttpRedirectProtocolBinding); } } // Get RequestedAuthnContext if parameters are available... RequestedAuthnContext reqAuthnContext = GetRequestedAuthnContext(serviceProvider, parameters); // Generate the XML for the AuthnRequest... var rawXml = new StringBuilder(); rawXml.Append("<samlp:AuthnRequest "); rawXml.Append(" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\""); rawXml.Append(" ID=\"" + Id + "\""); rawXml.Append(" Version=\"2.0\""); rawXml.Append(" IssueInstant=\"" + IssueInstant + "\""); rawXml.Append(" IsPassive=\"" + IsPassive.ToString().ToLower() + "\""); rawXml.Append(" ForceAuthn=\"" + ForceAuthn.ToString().ToLower() + "\""); if (!String.IsNullOrEmpty(Consent)) { rawXml.Append(" Consent=\"" + Consent + "\""); } if (!String.IsNullOrEmpty(Destination)) { rawXml.Append(" Destination=\"" + Destination + "\""); } if (!String.IsNullOrEmpty(assertionConsumerSvcUrl)) { rawXml.Append(" ProtocolBinding=\"" + Binding + "\""); rawXml.Append(" AssertionConsumerServiceURL=\"" + assertionConsumerSvcUrl + "\""); } else { rawXml.Append(" AssertionConsumerServiceIndex=\"" + AssertionConsumerServiceIndex + "\""); } rawXml.Append(">"); rawXml.Append("<saml:Issuer xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">" + serviceProvider.EntityId + "</saml:Issuer>"); rawXml.Append("<samlp:NameIDPolicy Format=\"" + NameIDPolicyFormat + "\" AllowCreate=\"" + AllowCreate.ToString().ToLower() + "\" />"); if (reqAuthnContext != null) { rawXml.Append(reqAuthnContext.GenerateXmlString()); } rawXml.Append("</samlp:AuthnRequest>"); m_xml.LoadXml(rawXml.ToString()); }
/// <summary> /// Initializes a new instance of the AuthnRequest class. /// </summary> /// <param name="identityProvider"> /// IdentityProvider to receive the AuthnRequest /// </param> /// <param name="serviceProvider"> /// ServiceProvider to issue the AuthnRequest /// </param> /// <param name="parameters"> /// NameValueCollection of varying parameters for use in the /// construction of the AuthnRequest. /// </param> /// <param name="saml2Utils">Utilities class</param> public AuthnRequest(IIdentityProvider identityProvider, IServiceProvider serviceProvider, NameValueCollection parameters, Saml2Utils saml2Utils) { xml = new XmlDocument(); xml.PreserveWhitespace = true; nsMgr = new XmlNamespaceManager(xml.NameTable); nsMgr.AddNamespace("saml", "urn:oasis:names:tc:SAML:2.0:assertion"); nsMgr.AddNamespace("samlp", "urn:oasis:names:tc:SAML:2.0:protocol"); Id = saml2Utils.GenerateId(); IssueInstant = saml2Utils.GenerateIssueInstant(); Issuer = serviceProvider.EntityId; if (parameters != null) { AllowCreate = saml2Utils.GetBoolean(parameters[Saml2Constants.AllowCreate]); AssertionConsumerServiceIndex = parameters[Saml2Constants.AssertionConsumerServiceIndex]; Binding = parameters[Saml2Constants.Binding]; Consent = parameters[Saml2Constants.Consent]; Destination = parameters[Saml2Constants.Destination]; ForceAuthn = saml2Utils.GetBoolean(parameters[Saml2Constants.ForceAuthn]); IsPassive = saml2Utils.GetBoolean(parameters[Saml2Constants.IsPassive]); NameIDPolicyFormat = parameters[Saml2Constants.NameIDPolicyFormat]; } string assertionConsumerSvcUrl = null; if (!String.IsNullOrEmpty(Binding)) { if (!String.IsNullOrEmpty(AssertionConsumerServiceIndex)) { // find assertion consumer service location by binding and index. assertionConsumerSvcUrl = serviceProvider.GetAssertionConsumerServiceLocation(Binding, AssertionConsumerServiceIndex); } else { // find assertion consumer service location by binding only, using first found. assertionConsumerSvcUrl = serviceProvider.GetAssertionConsumerServiceLocation(Binding); } } // neither index nor binding, throw exception if (String.IsNullOrEmpty(AssertionConsumerServiceIndex) && String.IsNullOrEmpty(assertionConsumerSvcUrl)) { throw new Saml2Exception(Resources.AuthnRequestAssertionConsumerServiceNotDefined); } // If destination not specified, use SSO location by binding if (string.IsNullOrEmpty(Destination)) { Destination = identityProvider.GetSingleSignOnServiceLocation(parameters[Saml2Constants.RequestBinding]); if (string.IsNullOrEmpty(Destination)) { // default to HttpRedirect Destination = identityProvider.GetSingleSignOnServiceLocation(Saml2Constants.HttpRedirectProtocolBinding); } } // Get RequestedAuthnContext if parameters are available... RequestedAuthnContext reqAuthnContext = GetRequestedAuthnContext(serviceProvider, parameters); // Generate the XML for the AuthnRequest... var rawXml = new StringBuilder(); rawXml.Append("<samlp:AuthnRequest "); rawXml.Append(" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\""); rawXml.Append(" ID=\"" + Id + "\""); rawXml.Append(" Version=\"2.0\""); rawXml.Append(" IssueInstant=\"" + IssueInstant + "\""); rawXml.Append(" IsPassive=\"" + IsPassive.ToString().ToLower() + "\""); rawXml.Append(" ForceAuthn=\"" + ForceAuthn.ToString().ToLower() + "\""); if (!String.IsNullOrEmpty(Consent)) { rawXml.Append(" Consent=\"" + Consent + "\""); } if (!String.IsNullOrEmpty(Destination)) { rawXml.Append(" Destination=\"" + Destination + "\""); } if (!String.IsNullOrEmpty(assertionConsumerSvcUrl)) { rawXml.Append(" ProtocolBinding=\"" + Binding + "\""); rawXml.Append(" AssertionConsumerServiceURL=\"" + assertionConsumerSvcUrl + "\""); } else { rawXml.Append(" AssertionConsumerIndex=\"" + AssertionConsumerServiceIndex + "\""); } rawXml.Append(">"); rawXml.Append("<saml:Issuer xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">" + serviceProvider.EntityId + "</saml:Issuer>"); rawXml.Append("<samlp:NameIDPolicy Format=\"" + NameIDPolicyFormat + "\" AllowCreate=\"" + AllowCreate.ToString().ToLower() + "\" />"); if (reqAuthnContext != null) { rawXml.Append(reqAuthnContext.GenerateXmlString()); } rawXml.Append("</samlp:AuthnRequest>"); xml.LoadXml(rawXml.ToString()); }