// Send the SAML response to the SP. private void SendSAMLResponse(SAMLResponse samlResponse, string relayState) { Trace.Write("IdP", "Sending SAML response"); // Serialize the SAML response for transmission. XmlElement samlResponseXml = samlResponse.ToXml(); // Sign the SAML response. X509Certificate2 x509Certificate = (X509Certificate2)Application[Global.IdPX509Certificate]; SAMLMessageSignature.Generate(samlResponseXml, x509Certificate.PrivateKey, x509Certificate); IdentityProvider.SendSAMLResponseByHTTPPost(Response, Configuration.AssertionConsumerServiceURL, samlResponseXml, relayState); Trace.Write("IdP", "Sent SAML response"); }
// Send the SAML response over the specified binding. private void SendSAMLResponse(SAMLResponse samlResponse, SSOState ssoState) { Trace.Write("IdP", "Sending SAML response"); // Serialize the SAML response for transmission. XmlElement samlResponseXml = samlResponse.ToXml(); // Sign the SAML response X509Certificate2 x509Certificate = (X509Certificate2)Application[Global.IdPX509Certificate]; SAMLMessageSignature.Generate(samlResponseXml, x509Certificate.PrivateKey, x509Certificate); // Send the SAML response to the service provider. switch (ssoState.idpProtocolBinding) { case SAMLIdentifiers.Binding.HTTPPost: IdentityProvider.SendSAMLResponseByHTTPPost(Response, ssoState.assertionConsumerServiceURL, samlResponseXml, ssoState.relayState); break; case SAMLIdentifiers.Binding.HTTPArtifact: // Create the artifact. string identificationURL = CreateAbsoluteURL("~/"); HTTPArtifactType4 httpArtifact = new HTTPArtifactType4(HTTPArtifactType4.CreateSourceId(identificationURL), HTTPArtifactType4.CreateMessageHandle()); // Cache the authentication request for subsequent sending using the artifact resolution protocol. HTTPArtifactState httpArtifactState = new HTTPArtifactState(samlResponseXml, null); HTTPArtifactStateCache.Add(httpArtifact, httpArtifactState); // Send the artifact. IdentityProvider.SendArtifactByHTTPArtifact(Response, ssoState.assertionConsumerServiceURL, httpArtifact, ssoState.relayState, false); break; default: Trace.Write("IdP", "Invalid identity provider binding"); break; } Trace.Write("IdP", "Sent SAML response"); }
private void RedirectWithSAML(string dest) { var FBReturnToken = Session["FBReturnToken"].ToString(); SAMLResponse samlResponse = new SAMLResponse(); samlResponse.Destination = WebConfigurationManager.AppSettings["AssertionConsumerServiceURL"]; Issuer issuer = new Issuer( new Uri(Request.Url, Url.Content("~")).ToString()); samlResponse.Issuer = issuer; samlResponse.Status = new Status(SAMLIdentifiers.PrimaryStatusCodes.Success, null); samlResponse.Assertions.Add(new SAMLAssertion(FBReturnToken)); var samlResponseXml = samlResponse.ToXml(); // Sign the SAML response. X509Certificate2 x509Certificate = (X509Certificate2)HttpContext.Application[MvcApplication.DecrypterX509Certificate]; SAMLMessageSignature.Generate(samlResponseXml, x509Certificate.PrivateKey, x509Certificate); HttpResponse theResponse = (HttpResponse)HttpContext.GetService(typeof(HttpResponse)); IdentityProvider.SendSAMLResponseByHTTPPost(theResponse, WebConfigurationManager.AppSettings["AssertionConsumerServiceURL"], samlResponseXml, dest); }
private string BuildSAML() { var strIssuer = queryParameters.FirstOrDefault(i => i.Key == "issuer").Value; var member = queryParameters.FirstOrDefault(i => i.Key == "member").Value; var userEmail = queryParameters.FirstOrDefault(i => i.Key == "userEmail").Value; var cn = queryParameters.FirstOrDefault(i => i.Key == "cn").Value; var uid = queryParameters.FirstOrDefault(i => i.Key == "uid").Value; var pfxLocation = queryParameters.FirstOrDefault(i => i.Key == "pfxLocation").Value; var pfxPwd = queryParameters.FirstOrDefault(i => i.Key == "pfxPwd").Value; var samlResponse = new SAMLResponse(); samlResponse.Issuer = new Issuer(strIssuer); samlResponse.Destination = strIssuer; var samlAssertion = new SAMLAssertion(); samlAssertion.Issuer = new Issuer(strIssuer); samlAssertion.Subject = new Subject(new NameID(userEmail, null, null, SAMLIdentifiers.NameIdentifierFormats.EmailAddress, null)); samlAssertion.Conditions = new Conditions(new TimeSpan(1, 0, 0)); var authnStatement = new AuthnStatement(); authnStatement.AuthnContext = new AuthnContext(); authnStatement.AuthnContext.AuthnContextClassRef = new AuthnContextClassRef(SAMLIdentifiers.AuthnContextClasses.PasswordProtectedTransport); samlAssertion.Statements.Add(authnStatement); var attributeStatement = new AttributeStatement(); attributeStatement.Attributes.Add(new SAMLAttribute("member", SAMLIdentifiers.AttributeNameFormats.Basic, null, member)); samlAssertion.Statements.Add(attributeStatement); attributeStatement = new AttributeStatement(); attributeStatement.Attributes.Add(new SAMLAttribute("mail", SAMLIdentifiers.AttributeNameFormats.Basic, null, userEmail)); samlAssertion.Statements.Add(attributeStatement); attributeStatement = new AttributeStatement(); attributeStatement.Attributes.Add(new SAMLAttribute("cn", SAMLIdentifiers.AttributeNameFormats.Basic, null, cn)); samlAssertion.Statements.Add(attributeStatement); attributeStatement = new AttributeStatement(); attributeStatement.Attributes.Add(new SAMLAttribute("uid", SAMLIdentifiers.AttributeNameFormats.Basic, null, uid)); samlAssertion.Statements.Add(attributeStatement); samlResponse.Assertions.Add(samlAssertion); if (true) { var x509Certificate = Util.LoadSignKeyAndCertificate(pfxLocation, pfxPwd); var signedXml = new SignedXml(samlResponse.ToXml()); signedXml.SigningKey = x509Certificate.PrivateKey; var keyInfo = new KeyInfo(); keyInfo.AddClause(new KeyInfoX509Data(x509Certificate)); signedXml.KeyInfo = keyInfo; // Create a reference to be signed. var reference = new Reference(); reference.Uri = "#" + samlAssertion.ID; var env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); signedXml.AddReference(reference); signedXml.ComputeSignature(); samlResponse.Signature = signedXml.GetXml(); } var result = samlResponse.ToXml().OuterXml.ToString(); File.WriteAllText("SAMLPayload.xml", result); return(Util.EncodeToBase64(result)); }
// Send the SAML response over the specified binding. private void SendSAMLResponse(SAMLResponse samlResponse, SSOState ssoState) { Trace.Write("IdP", "Sending SAML response"); // Serialize the SAML response for transmission. XmlElement samlResponseXml = samlResponse.ToXml(); // Sign the SAML response X509Certificate2 x509Certificate = (X509Certificate2) Application[Global.IdPX509Certificate]; SAMLMessageSignature.Generate(samlResponseXml, x509Certificate.PrivateKey, x509Certificate); // Send the SAML response to the service provider. switch (ssoState.idpProtocolBinding) { case SAMLIdentifiers.Binding.HTTPPost: IdentityProvider.SendSAMLResponseByHTTPPost(Response, ssoState.assertionConsumerServiceURL, samlResponseXml, ssoState.relayState); break; case SAMLIdentifiers.Binding.HTTPArtifact: // Create the artifact. string identificationURL = CreateAbsoluteURL("~/"); HTTPArtifactType4 httpArtifact = new HTTPArtifactType4(HTTPArtifactType4.CreateSourceId(identificationURL), HTTPArtifactType4.CreateMessageHandle()); // Cache the authentication request for subsequent sending using the artifact resolution protocol. HTTPArtifactState httpArtifactState = new HTTPArtifactState(samlResponseXml, null); HTTPArtifactStateCache.Add(httpArtifact, httpArtifactState); // Send the artifact. IdentityProvider.SendArtifactByHTTPArtifact(Response, ssoState.assertionConsumerServiceURL, httpArtifact, ssoState.relayState, false); break; default: Trace.Write("IdP", "Invalid identity provider binding"); break; } Trace.Write("IdP", "Sent SAML response"); }
private static XmlElement CreateSamlResponse(string assertionConsumerServiceUrl, List <SAMLAttribute> attributes, string requestId = null, bool signAssertion = false, bool signResponse = false, bool encryptAssertion = false) { var samlResponse = new SAMLResponse { Destination = assertionConsumerServiceUrl }; var issuer = new Issuer(SAMLConfiguration.Current.IdentityProviderConfiguration.Name); var issuerX509CertificateFilePath = Path.Combine(HttpRuntime.AppDomainAppPath, SAMLConfiguration.Current.IdentityProviderConfiguration.CertificateFile); var issuerX509Certificate = new X509Certificate2(issuerX509CertificateFilePath, SAMLConfiguration.Current.IdentityProviderConfiguration.CertificatePassword); var partner = SessionHelper.Get <string>(PartnerSpSessionKey) ?? SAMLConfiguration.Current.ServiceProviderConfiguration.Name; var partnerConfig = SAMLConfiguration.Current.PartnerServiceProviderConfigurations[partner]; var partnerX509CertificateFilePath = string.Empty; var partnerX509Certificate = null as X509Certificate2; if (partnerConfig != null) { partnerX509CertificateFilePath = Path.Combine(HttpRuntime.AppDomainAppPath, partnerConfig.CertificateFile); partnerX509Certificate = new X509Certificate2(partnerX509CertificateFilePath); signAssertion = partnerConfig.SignAssertion; signResponse = partnerConfig.SignSAMLResponse; encryptAssertion = partnerConfig.EncryptAssertion; } samlResponse.Issuer = issuer; samlResponse.Status = new Status(SAMLIdentifiers.PrimaryStatusCodes.Success, null); samlResponse.IssueInstant = DateTime.Now; samlResponse.InResponseTo = requestId; var samlAssertion = new SAMLAssertion { Issuer = issuer, IssueInstant = samlResponse.IssueInstant }; var profileId = attributes.Where(a => a.Name == PortalClaimTypes.ProfileId).Select(a => a.Values[0].ToString()).FirstOrDefault(); var subject = new Subject(new NameID(profileId)); var subjectConfirmation = new SubjectConfirmation(SAMLIdentifiers.SubjectConfirmationMethods.Bearer); var subjectConfirmationData = new SubjectConfirmationData { Recipient = assertionConsumerServiceUrl }; subjectConfirmation.SubjectConfirmationData = subjectConfirmationData; subject.SubjectConfirmations.Add(subjectConfirmation); samlAssertion.Subject = subject; var conditions = new Conditions(DateTime.Now, DateTime.Now.AddDays(1)); var audienceRestriction = new AudienceRestriction(); audienceRestriction.Audiences.Add(new Audience(partner)); conditions.ConditionsList.Add(audienceRestriction); samlAssertion.Conditions = conditions; var authnStatement = new AuthnStatement { AuthnContext = new AuthnContext(), AuthnInstant = samlResponse.IssueInstant }; authnStatement.AuthnContext.AuthnContextClassRef = new AuthnContextClassRef(SAMLIdentifiers.AuthnContextClasses.X509); samlAssertion.Statements.Add(authnStatement); attributes.ForEach(a => { var attributeStatement = new AttributeStatement(); attributeStatement.Attributes.Add(a); samlAssertion.Statements.Add(attributeStatement); }); var samlAssertionXml = samlAssertion.ToXml(); if (signAssertion) { SAMLAssertionSignature.Generate(samlAssertionXml, issuerX509Certificate.PrivateKey, issuerX509Certificate); } if (encryptAssertion) { var encryptedAssertion = new EncryptedAssertion(samlAssertionXml, partnerX509Certificate); samlResponse.Assertions.Add(encryptedAssertion.ToXml()); } else { samlResponse.Assertions.Add(samlAssertionXml); } var samlResponseXml = samlResponse.ToXml(); if (signResponse) { SAMLMessageSignature.Generate(samlResponseXml, issuerX509Certificate.PrivateKey, issuerX509Certificate); } return(samlResponseXml); }
// Send the SAML response to the SP. private void SendSAMLResponse(SAMLResponse samlResponse, string relayState, string samlService) { Trace.Write("IdP", "Sending SAML response"); // Serialize the SAML response for transmission. XmlElement samlResponseXml = samlResponse.ToXml(); // Sign the SAML response. X509Certificate2 x509Certificate = (X509Certificate2)HttpContext.Application[FB.StrawPortal.MvcApplication.IdPX509Certificate]; SAMLMessageSignature.Generate(samlResponseXml, x509Certificate.PrivateKey, x509Certificate); //IdentityProvider.SendSAMLResponseByHTTPPost(Response, WebConfigurationManager.AppSettings["AssertionConsumerServiceURL"], samlResponseXml, relayState); ComponentSpace.SAML2.Bindings.HTTPPostBinding.SendResponse(Response.OutputStream, samlService, samlResponseXml, relayState); Trace.Write("IdP", "Sent SAML response"); }
private static string BuildSAMLRequest(IList <string> attributes) { var strIssuer = "https://sso.staging.gnohie.org/MirthSignOn-idp/ssoresp"; var samlResponse = new SAMLResponse(); samlResponse.Issuer = new Issuer(strIssuer); samlResponse.Destination = strIssuer; var samlAssertion = new SAMLAssertion(); samlAssertion.Issuer = new Issuer(strIssuer); samlAssertion.Subject = new Subject(new NameID(attributes.ElementAt(1), null, null, SAMLIdentifiers.NameIdentifierFormats.EmailAddress, null)); samlAssertion.Conditions = new Conditions(new TimeSpan(1, 0, 0)); var authnStatement = new AuthnStatement(); authnStatement.AuthnContext = new AuthnContext(); authnStatement.AuthnContext.AuthnContextClassRef = new AuthnContextClassRef(SAMLIdentifiers.AuthnContextClasses.PasswordProtectedTransport); samlAssertion.Statements.Add(authnStatement); var attributeStatement = new AttributeStatement(); attributeStatement.Attributes.Add(new SAMLAttribute("member", SAMLIdentifiers.AttributeNameFormats.Basic, null, attributes.ElementAt(0))); samlAssertion.Statements.Add(attributeStatement); attributeStatement = new AttributeStatement(); attributeStatement.Attributes.Add(new SAMLAttribute("mail", SAMLIdentifiers.AttributeNameFormats.Basic, null, attributes.ElementAt(1))); samlAssertion.Statements.Add(attributeStatement); attributeStatement = new AttributeStatement(); attributeStatement.Attributes.Add(new SAMLAttribute("cn", SAMLIdentifiers.AttributeNameFormats.Basic, null, attributes.ElementAt(2))); samlAssertion.Statements.Add(attributeStatement); attributeStatement = new AttributeStatement(); attributeStatement.Attributes.Add(new SAMLAttribute("uid", SAMLIdentifiers.AttributeNameFormats.Basic, null, attributes.ElementAt(3))); samlAssertion.Statements.Add(attributeStatement); samlResponse.Assertions.Add(samlAssertion); if (true) { var x509Certificate = Util.LoadSignKeyAndCertificate(); var signedXml = new SignedXml(samlResponse.ToXml()); signedXml.SigningKey = x509Certificate.PrivateKey; var keyInfo = new KeyInfo(); keyInfo.AddClause(new KeyInfoX509Data(x509Certificate)); signedXml.KeyInfo = keyInfo; // Create a reference to be signed. var reference = new Reference(); reference.Uri = "#" + samlAssertion.ID; var env = new XmlDsigEnvelopedSignatureTransform(); reference.AddTransform(env); signedXml.AddReference(reference); signedXml.ComputeSignature(); samlResponse.Signature = signedXml.GetXml(); } //samlResponse.Status = new Status(SAMLIdentifiers.PrimaryStatusCodes.Success, null); var result = samlResponse.ToXml().OuterXml.ToString(); File.WriteAllText("SAMLPayload.xml", result); return(Util.EncodeToBase64(result)); }
private void BuildSamlRequest() { ClientScript.RegisterStartupScript(typeof(Page), "OpaqueDivider", @" <script language=""javascript""> <!-- var dividerID = '" + this.SamlAgentDiv.ClientID + @"'; var divider = document.getElementById(dividerID); divider.style.visibility = 'visible'; //--> </script>" ); //Creating SAML response X509Certificate2 vendorCertificate = GetVendorCertificate(); X509Certificate2 selerixCertificate = GetSelerixCertificate(); //string assertionConsumerServiceURL = "SamlResponse.aspx"; string assertionConsumerServiceURL = "http://localhost:49000/login.aspx?Path=SAML_TEST"; string audienceName = "whatever audience"; SAMLResponse samlResponse = new SAMLResponse(); samlResponse.Destination = assertionConsumerServiceURL; Issuer issuer = new Issuer("Vendor"); samlResponse.Issuer = issuer; samlResponse.Status = new Status(SAMLIdentifiers.PrimaryStatusCodes.Success, null); SAMLAssertion samlAssertion = new SAMLAssertion(); samlAssertion.Issuer = issuer; Subject subject = null; //subject = new Subject(new EncryptedID(new NameID(this._EmailText.Text), selerixCertificate, new EncryptionMethod(EncryptedXml.XmlEncTripleDESUrl))); subject = new Subject(new NameID(this._EmailText.Text)); SubjectConfirmation subjectConfirmation = new SubjectConfirmation(SAMLIdentifiers.SubjectConfirmationMethods.Bearer); SubjectConfirmationData subjectConfirmationData = new SubjectConfirmationData(); subjectConfirmationData.Recipient = assertionConsumerServiceURL; subjectConfirmationData.NotOnOrAfter = DateTime.UtcNow.AddHours(1); subjectConfirmation.SubjectConfirmationData = subjectConfirmationData; subject.SubjectConfirmations.Add(subjectConfirmation); samlAssertion.Subject = subject; Conditions conditions = new Conditions(new TimeSpan(1, 0, 0)); AudienceRestriction audienceRestriction = new AudienceRestriction(); audienceRestriction.Audiences.Add(new Audience(audienceName)); conditions.ConditionsList.Add(audienceRestriction); samlAssertion.Conditions = conditions; AuthnStatement authnStatement = new AuthnStatement(); authnStatement.AuthnContext = new AuthnContext(); authnStatement.AuthnContext.AuthnContextClassRef = new AuthnContextClassRef(SAMLIdentifiers.AuthnContextClasses.Unspecified); samlAssertion.Statements.Add(authnStatement); AttributeStatement attributeStatement = new AttributeStatement(); Transmittal transmittal = BuildTransmittal(); if (transmittal != null && !string.IsNullOrEmpty(this._FirstName.Text) && !string.IsNullOrEmpty(this._LastName.Text)) { attributeStatement.Attributes.Add(new SAMLAttribute("Transmittal", SAMLIdentifiers.AttributeNameFormats.Basic, null, SerializationHelper.SerializeToString(transmittal))); } samlAssertion.Statements.Add(attributeStatement); // EncryptedAssertion encryptedAssertion = new EncryptedAssertion(samlAssertion, selerixCertificate, new EncryptionMethod(EncryptedXml.XmlEncTripleDESUrl)); // samlResponse.Assertions.Add(encryptedAssertion); samlResponse.Assertions.Add(samlAssertion); //Created SAML response //Sending SAML response // Serialize the SAML response for transmission. XmlElement samlResponseXml = samlResponse.ToXml(); // Sign the SAML response. SAMLMessageSignature.Generate(samlResponseXml, vendorCertificate.PrivateKey, vendorCertificate); HttpContext.Current.Response.AddHeader("Cache-Control", "no-cache"); HttpContext.Current.Response.AddHeader("Pragma", "no-cache"); IdentityProvider.SendSAMLResponseByHTTPPost(HttpContext.Current.Response, assertionConsumerServiceURL, samlResponseXml, "");// for test purposes }
/// <summary> /// Handles the Click event of the submitButton control. /// </summary> /// <param name="sender">The source of the event.</param> /// <param name="e">The <see cref="System.EventArgs"/> instance containing the event data.</param> private void submitButton_Click(object sender, EventArgs e) { Transmittal transmittal = null; string employeeID = this._EmployeeID.Text; if (!string.IsNullOrEmpty(this._XMLText.Text)) { try { transmittal = (Transmittal)SerializationHelper.DeserializeFromString(this._XMLText.Text, typeof(Transmittal)); } catch (Exception exception) { this._XMLText.Text = exception.Message; Exception inner = exception.InnerException; while (inner != null) { this._XMLText.Text += "\n" + inner.Message; inner = inner.InnerException; } this._XMLText.Text = PrepareSourceCode(this._XMLText.Text); } } if (!string.IsNullOrEmpty(employeeID) && transmittal != null && transmittal.Applicants != null && transmittal.Applicants.Count > 0) { transmittal.Applicants[0].EmployeeIdent = employeeID; } Session["Transmittal"] = transmittal; //Creating SAML responce X509Certificate2 vendorCertificate = GetVendorCertificate(); X509Certificate2 selerixCertificate = GetSelerixCertificate(); string assertionConsumerServiceURL = "SamlResponse.aspx"; string audienceName = "whatever audience"; SAMLResponse samlResponse = new SAMLResponse(); samlResponse.Destination = assertionConsumerServiceURL; Issuer issuer = new Issuer("Vendor"); samlResponse.Issuer = issuer; samlResponse.Status = new Status(SAMLIdentifiers.PrimaryStatusCodes.Success, null); SAMLAssertion samlAssertion = new SAMLAssertion(); samlAssertion.Issuer = issuer; Subject subject = null; // subject = new Subject(new EncryptedID(new NameID(employeeID), selerixCertificate, new EncryptionMethod(EncryptedXml.XmlEncTripleDESUrl))); //employee ID subject = new Subject(new NameID(employeeID)); //employee ID SubjectConfirmation subjectConfirmation = new SubjectConfirmation(SAMLIdentifiers.SubjectConfirmationMethods.Bearer); SubjectConfirmationData subjectConfirmationData = new SubjectConfirmationData(); subjectConfirmationData.Recipient = assertionConsumerServiceURL; subjectConfirmationData.NotOnOrAfter = DateTime.UtcNow.AddHours(1); subjectConfirmation.SubjectConfirmationData = subjectConfirmationData; subject.SubjectConfirmations.Add(subjectConfirmation); samlAssertion.Subject = subject; Conditions conditions = new Conditions(new TimeSpan(1, 0, 0)); AudienceRestriction audienceRestriction = new AudienceRestriction(); audienceRestriction.Audiences.Add(new Audience(audienceName)); conditions.ConditionsList.Add(audienceRestriction); samlAssertion.Conditions = conditions; AuthnStatement authnStatement = new AuthnStatement(); authnStatement.AuthnContext = new AuthnContext(); authnStatement.AuthnContext.AuthnContextClassRef = new AuthnContextClassRef(SAMLIdentifiers.AuthnContextClasses.Unspecified); samlAssertion.Statements.Add(authnStatement); AttributeStatement attributeStatement = new AttributeStatement(); if (transmittal != null) { attributeStatement.Attributes.Add(new SAMLAttribute("Transmittal", SAMLIdentifiers.AttributeNameFormats.Basic, null, SerializationHelper.SerializeToString(transmittal))); if (transmittal.Applicants != null && transmittal.Applicants.Count > 0) { transmittal.Applicants[0].EmployeeIdent = employeeID; } } //Check for Transmittal Options for (int i = 0; i < _TransmittalOptionsList.Items.Count; i++) { string answer = "no"; if (_TransmittalOptionsList.Items[i].Selected) { answer = "yes"; } if (_TransmittalOptionsList.Items[i].Value == "HeaderAndFooter") { attributeStatement.Attributes.Add(new SAMLAttribute("HeaderAndFooter", SAMLIdentifiers.AttributeNameFormats.Basic, null, answer)); } else if (_TransmittalOptionsList.Items[i].Value == "Sidebar") { attributeStatement.Attributes.Add(new SAMLAttribute("Sidebar", SAMLIdentifiers.AttributeNameFormats.Basic, null, answer)); } else if (_TransmittalOptionsList.Items[i].Value == "PersonalInfo") { attributeStatement.Attributes.Add(new SAMLAttribute("PersonalInfo", SAMLIdentifiers.AttributeNameFormats.Basic, null, answer)); } else if (_TransmittalOptionsList.Items[i].Value == "Welcome") { attributeStatement.Attributes.Add(new SAMLAttribute("Welcome", SAMLIdentifiers.AttributeNameFormats.Basic, null, answer)); } else if (_TransmittalOptionsList.Items[i].Value == "Review") { attributeStatement.Attributes.Add(new SAMLAttribute("Review", SAMLIdentifiers.AttributeNameFormats.Basic, null, answer)); } } samlAssertion.Statements.Add(attributeStatement); // EncryptedAssertion encryptedAssertion = new EncryptedAssertion(samlAssertion, selerixCertificate, new EncryptionMethod(EncryptedXml.XmlEncTripleDESUrl)); // samlResponse.Assertions.Add(encryptedAssertion); samlResponse.Assertions.Add(samlAssertion); //Created SAML response //Sending SAML response // Serialize the SAML response for transmission. XmlElement samlResponseXml = samlResponse.ToXml(); // Sign the SAML response. SAMLMessageSignature.Generate(samlResponseXml, vendorCertificate.PrivateKey, vendorCertificate); HttpContext.Current.Response.AddHeader("Cache-Control", "no-cache"); HttpContext.Current.Response.AddHeader("Pragma", "no-cache"); IdentityProvider.SendSAMLResponseByHTTPPost(HttpContext.Current.Response, assertionConsumerServiceURL, samlResponseXml, "");// for test purposes }