private Saml2Configuration GetSamlConfiguration()
{
var myconfig = new Saml2Configuration
{
ServiceProvider = new ServiceProvider
{
SigningCertificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(FileEmbeddedResource("SelfHostOwinSPExample.sts_dev_certificate.pfx"), "test1234", System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.MachineKeySet),
Server = "https://localhost:44333/core",
Id = "https://localhost:44333/core"
},
AllowedAudienceUris = new System.Collections.Generic.List <Uri>(new[] { new Uri("https://localhost:44333/core") })
};
myconfig.ServiceProvider.Endpoints.AddRange(new[] {
new ServiceProviderEndpoint(EndpointType.SignOn, "/core/saml2/login", "/core"),
new ServiceProviderEndpoint(EndpointType.Logout, "/core/saml2/logout", "/core"),
new ServiceProviderEndpoint(EndpointType.Metadata, "/core/saml2/metadata")
});
var idpSource = new IdentityProviders();
idpSource.AddByMetadataDirectory("..\\..\\Metadata");
//myconfig.IdentityProviders.AddByMetadataUrl(new Uri("https://tas.fhict.nl/identity/saml2/metadata"));
idpSource.First().OmitAssertionSignatureCheck = true;
myconfig.IdentityProvidersSource = idpSource;
myconfig.LoggingFactoryType = "SAML2.Logging.DebugLoggerFactory";
return(myconfig);
}
private IdentityProviders ToIdentityProviders(IEnumerable<IdentityProvider> providers, IdentityProviderCollection config)
{
var idps = new IdentityProviders(providers)
{
Encodings = config.Encodings,
SelectionUrl = config.SelectionUrl
};
idps.AddByMetadataDirectory(config.MetadataLocation);
return idps;
}
private IdentityProviders ToIdentityProviders(IEnumerable <IdentityProvider> providers, IdentityProviderCollection config)
{
var idps = new IdentityProviders(providers)
{
Encodings = config.Encodings,
SelectionUrl = config.SelectionUrl
};
idps.AddByMetadataDirectory(config.MetadataLocation);
return(idps);
}
//[ExpectedException(typeof(Saml20Exception), ExpectedMessage = "Assertion is no longer valid.")]
public void CanDecryptFOBSAssertion()
{
// Arrange
var doc = AssertionUtil.LoadBase64EncodedXmlDocument(@"Assertions\fobs-assertion2");
var encryptedList = doc.GetElementsByTagName(EncryptedAssertion.ElementName, Saml20Constants.Assertion);
// Do some mock configuration.
var idpSource = new IdentityProviders();
var config = new Saml2Configuration
{
AllowedAudienceUris = new System.Collections.Generic.List <Uri>(),
IdentityProvidersSource = idpSource
};
config.AllowedAudienceUris.Add(new Uri("https://saml.safewhere.net"));
idpSource.AddByMetadataDirectory(@"Protocol\MetadataDocs\FOBS"); // Set it manually.
var cert = new X509Certificate2(@"Certificates\SafewhereTest_SFS.pfx", "test1234");
var encryptedAssertion = new Saml20EncryptedAssertion((RSA)cert.PrivateKey);
encryptedAssertion.LoadXml((XmlElement)encryptedList[0]);
// Act
encryptedAssertion.Decrypt();
// Retrieve metadata
var assertion = new Saml20Assertion(encryptedAssertion.Assertion.DocumentElement, null, false, TestConfiguration.Configuration);
var endp = config.IdentityProvidersSource.GetById(assertion.Issuer);
// Assert
Assert.That(encryptedList.Count == 1);
Assert.IsNotNull(endp, "Endpoint not found");
Assert.IsNotNull(endp.Metadata, "Metadata not found");
try
{
assertion.CheckValid(AssertionUtil.GetTrustedSigners(assertion.Issuer));
Assert.Fail("Verification should fail. Token does not include its signing key.");
}
catch (InvalidOperationException)
{
}
Assert.IsNull(assertion.SigningKey, "Signing key is already present on assertion. Modify test.");
//Assert.IsTrue("We have tested this next test" == "");
//Assert.That(assertion.CheckSignature(Saml20SignonHandler.GetTrustedSigners(endp.Metadata.GetKeys(KeyTypes.Signing), endp)));
//Assert.IsNotNull(assertion.SigningKey, "Signing key was not set on assertion instance.");
}
