public SamlResponse Deserialize(string spidResponse, string logOutRequestId)
{
ResponseType response = new ResponseType();
try
{
string toDeserializeSpidResponse = spidResponse.Replace(":LogoutResponse", ":Response");
_logger.LogInformation("Deserialize -> deserializing response...");
_logger.LogDebug("Deserialize -> SAML response: {0}", spidResponse);
response = XmlHelper.Deserialize <ResponseType>(toDeserializeSpidResponse);
_traceLogger.LogInformation("LogoutResp_ID: {0}|LogoutResp_IssueInstant: {1}|LogoutResp_Issuer: {2}|LogoutResp_SAML: {3}", response.ID, response.IssueInstant, response.Issuer.Value, spidResponse);
SamlResponse model = new SamlResponse()
{
Version = response.Version,
Id = response.ID,
SPRequestId = response.InResponseTo,
Issuer = response.Issuer.Value,
ResponseDate = response.IssueInstant
};
_logger.LogInformation("Deserialize -> validate response with id {0}...", model.Id);
bool signatureIsValid = Validate(spidResponse);
if (!signatureIsValid)
{
_logger.LogWarning("Deserialize -> SAML response is not valid");
model.Status = SamlResponseStatus.ValidationError;
return(model);
}
_logger.LogInformation("Deserialize -> response validated");
_logger.LogInformation("Deserialize -> mapping status code for response {0}...", model.Id);
model.Status = _samlResponseStatusMapper.Map(response.Status.StatusCode);
_logger.LogInformation("Deserialize -> response status code {0}", model.Status);
if (!model.IsValid)
{
if (!string.IsNullOrEmpty(response.Status.StatusMessage))
{
model.StatusMessage = _samlResponseStatusMessageMapper.Map(response.Status.StatusMessage);
}
_logger.LogWarning("Deserialize -> response is wrong", model.Status.ToString());
_logger.LogWarning("Deserialize -> request error status code: {0}", model.Status.ToString());
_logger.LogWarning("Deserialize -> request error status message: {0}", model.StatusMessage);
return(model);
}
if (response.InResponseTo != $"_{logOutRequestId}")
{
_logger.LogWarning("Deserialize -> response is not valid. InResponseTo: {0} - LogOutRequest Id: {1}", response.InResponseTo, logOutRequestId);
model.Status = SamlResponseStatus.ValidationError;
return(model);
}
_logger.LogInformation("Deserialize -> SAML response {0} deserialized correctly", model.Id);
return(model);
}
catch (Exception ex)
{
_logger.LogError(ex, "Deserialize -> error on deserialize response");
throw ex;
}
}
public SamlResponse Deserialize(string spidResponse, string authnRequestId)
{
ResponseType response = new ResponseType();
try
{
_logger.LogInformation("Deserialize -> deserializing response...");
_logger.LogDebug("Deserialize -> SAML response: {0}", spidResponse);
response = XmlHelper.Deserialize <ResponseType>(spidResponse);
_traceLogger.LogInformation("AuthnResp_ID: {0}|AuthnResp_IssueInstant: {1}|AuthnResp_Issuer: {2}|AuthnResp_SAML: {3}", response.ID, response.IssueInstant, response.Issuer, spidResponse);
SamlResponse model = new SamlResponse()
{
Version = response.Version,
Id = response.ID,
SPRequestId = response.InResponseTo,
Issuer = response.Issuer.Value,
ResponseDate = response.IssueInstant
};
_logger.LogInformation("Deserialize -> validate response with id {0}...", model.Id);
bool signatureIsValid = Validate(spidResponse);
if (!signatureIsValid)
{
_logger.LogWarning("Deserialize -> SAML response is not valid");
model.Status = SamlResponseStatus.ValidationError;
return(model);
}
_logger.LogInformation("Deserialize -> response validated");
_logger.LogInformation("Deserialize -> mapping status code for response {0}...", model.Id);
model.Status = _samlResponseStatusMapper.Map(response.Status.StatusCode);
_logger.LogInformation("Deserialize -> response status code {0}", model.Status);
if (!model.IsValid)
{
if (!string.IsNullOrEmpty(response.Status.StatusMessage))
{
model.StatusMessage = _samlResponseStatusMessageMapper.Map(response.Status.StatusMessage);
}
_logger.LogWarning("Deserialize -> response is wrong", model.Status.ToString());
_logger.LogWarning("Deserialize -> request error status code: {0}", model.Status.ToString());
_logger.LogWarning("Deserialize -> request error status message: {0}", model.StatusMessage);
return(model);
}
if (response.InResponseTo != $"_{authnRequestId}")
{
_logger.LogWarning("Deserialize -> response is not valid. InResponseTo: {0} - AuthnRequest Id: {1}", response.InResponseTo, authnRequestId);
model.Status = SamlResponseStatus.ValidationError;
return(model);
}
_logger.LogInformation("Deserialize -> mapping user informations for response {0}...", model.Id);
model.User = _samlUserMapper.Map(response);
_traceLogger.LogInformation("AuthnResp_ID: {0}|AuthnResp_IdpReferenceId: {1}", response.ID, model.User.IdpReferenceId);
_sessionAuthLogger.LogInformation("Autenticazione effettuata correttamente dall'utente {0} (AuthnResp_ID: {1})", model.User.IdpReferenceId, response.ID);
_logger.LogInformation("Deserialize -> SAML response {0} deserialized correctly", model.Id);
return(model);
}
catch (Exception ex)
{
_logger.LogError(ex, "Deserialize -> error on deserialize response");
throw ex;
}
}