/// <summary>
/// Creates an artifact for the LogoutRequest and redirects the user to the IdP.
/// </summary>
/// <param name="destination">The destination of the request.</param>
/// <param name="request">The logout request.</param>
/// <param name="relayState">The query string relay state value (relayState) to add to the communication</param>
public void RedirectFromLogout(IdentityProviderEndpoint destination, Saml20LogoutRequest request, string relayState, Action<string, object> cacheInsert)
{
var index = (short)config.ServiceProvider.Endpoints.DefaultLogoutEndpoint.Index;
var doc = request.GetXml();
XmlSignatureUtils.SignDocument(doc, request.Request.Id, config.ServiceProvider.SigningCertificate);
ArtifactRedirect(destination, index, doc, relayState, cacheInsert);
}
private string LogoutRequestForIdp(IdentityProvider identityProvider, Saml20LogoutRequest request, IOwinContext context, Saml2Configuration config)
{
var logger = SAML2.Logging.LoggerProvider.LoggerFor(typeof(SamlMessage));
var destination = IdpSelectionUtil.DetermineEndpointConfiguration(BindingType.Redirect, identityProvider.Endpoints.DefaultLogoutEndpoint, identityProvider.Metadata.IDPSLOEndpoints);
request.Destination = destination.Url;
if (destination.Binding == BindingType.Redirect)
{
// do not set the Reason for DigiD
//request.Reason = Saml20Constants.Reasons.User;
context.Set(IdpTempSessionKey, identityProvider.Id);
var identity = context.Request.User.Identity as ClaimsIdentity;
var nameId = identity.Claims.Single(c => c.Type == ClaimTypes.NameID).Value;
request.SubjectToLogOut.Value = nameId;
var builder = new HttpRedirectBindingBuilder
{
Request = request.GetXml().OuterXml,
SigningKey = config.ServiceProvider.SigningCertificate.PrivateKey
};
var redirectUrl = destination.Url + (destination.Url.Contains("?") ? "&" : "?") + builder.ToQuery();
logger.DebugFormat(TraceMessages.LogoutRequestSent, identityProvider.Id, "REDIRECT", redirectUrl);
return(redirectUrl);
}
throw new NotImplementedException();
}
/// <summary>
/// Build a LogoutRequest and send it to the Federation Partner with the given entity ID.
/// </summary>
/// <param name="entityID"></param>
private static void CreateLogoutRequest(string entityID)
{
User user = UserSessionsHandler.CurrentUser;
Saml20LogoutRequest request = new Saml20LogoutRequest();
request.Issuer = IDPConfig.ServerBaseUrl;
request.SessionIndex = Guid.NewGuid().ToString("N");
request.SubjectToLogOut = new NameID();
request.SubjectToLogOut.Format = Saml20Constants.NameIdentifierFormats.Unspecified;
request.SubjectToLogOut.Value = user.Username;
Saml20MetadataDocument metadata = GetMetadata(entityID);
// HTTPRedirect(SAMLAction.SAMLRequest, metadata.SLOEndpoint(SAMLBinding.REDIRECT), request.GetXml());
HttpPostBindingBuilder builder = new HttpPostBindingBuilder(metadata.SLOEndpoint(SAMLBinding.POST));
builder.Action = SAMLAction.SAMLRequest;
//builder.Response = assertionDoc.OuterXml;
string xmloutput = request.GetXml().OuterXml;
TextWriter tw = new StreamWriter("C:\\temp\\idp.txt", true);
tw.WriteLine(xmloutput);
tw.Close();
builder.Response = xmloutput;
builder.GetPage().ProcessRequest(HttpContext.Current);
HttpContext.Current.Response.End();
}
/// <summary>
/// Creates an artifact for the LogoutRequest and redirects the user to the IdP.
/// </summary>
/// <param name="destination">The destination of the request.</param>
/// <param name="request">The logout request.</param>
/// <param name="relayState">The query string relay state value to add to the communication</param>
public void RedirectFromLogout(IdentityProviderEndpoint destination, Saml20LogoutRequest request, string relayState)
{
var index = (short)config.ServiceProvider.Endpoints.DefaultLogoutEndpoint.Index;
var doc = request.GetXml();
XmlSignatureUtils.SignDocument(doc, request.Request.Id, config.ServiceProvider.SigningCertificate);
ArtifactRedirect(destination, index, doc, relayState);
}
/// <summary>
/// Creates an artifact for the LogoutRequest and redirects the user to the IdP.
/// </summary>
/// <param name="destination">The destination of the request.</param>
/// <param name="request">The logout request.</param>
/// <param name="relayState">The query string relay state value to add to the communication</param>
public void RedirectFromLogout(IDPEndPointElement destination, Saml20LogoutRequest request, string relayState)
{
SAML20FederationConfig config = SAML20FederationConfig.GetConfig();
Int16 index = (Int16)config.ServiceProvider.LogoutEndpoint.endPointIndex;
XmlDocument doc = request.GetXml();
XmlSignatureUtils.SignDocument(doc, request.Request.ID);
ArtifactRedirect(destination, index, doc, relayState);
}
/// <summary>
/// Creates an artifact for the LogoutRequest and redirects the user to the IdP.
/// </summary>
/// <param name="destination">The destination of the request.</param>
/// <param name="request">The logout request.</param>
/// <param name="relayState">The query string relay state value to add to the communication</param>
public void RedirectFromLogout(IDPEndPointElement destination, Saml20LogoutRequest request, string relayState)
{
SAML20FederationConfig config = SAML20FederationConfig.GetConfig();
Int16 index = (Int16)config.ServiceProvider.LogoutEndpoint.endPointIndex;
XmlDocument doc = request.GetXml();
XmlSignatureUtils.SignDocument(doc, request.Request.ID);
ArtifactRedirect(destination, index, doc, relayState);
}
/// <summary>
/// Creates an artifact for the LogoutRequest and redirects the user to the IdP.
/// </summary>
/// <param name="destination">The destination of the request.</param>
/// <param name="request">The logout request.</param>
/// <param name="relayState">The query string relay state value to add to the communication</param>
public void RedirectFromLogout(IdentityProviderEndpointElement destination, Saml20LogoutRequest request, string relayState)
{
var config = Saml2Config.GetConfig();
var index = (short)config.ServiceProvider.Endpoints.LogoutEndpoint.Index;
var doc = request.GetXml();
XmlSignatureUtils.SignDocument(doc, request.Request.Id);
ArtifactRedirect(destination, index, doc, relayState);
}
/// <summary>
/// Creates an artifact for the LogoutRequest and redirects the user to the IdP.
/// </summary>
/// <param name="idpEndPoint">The IdP endpoint</param>
/// <param name="destination">The destination of the request.</param>
/// <param name="request">The logout request.</param>
/// <param name="relayState">The query string relay state value to add to the communication</param>
public void RedirectFromLogout(IDPEndPoint idpEndPoint, IDPEndPointElement destination, Saml20LogoutRequest request, string relayState)
{
SAML20FederationConfig config = SAML20FederationConfig.GetConfig();
Int16 index = (Int16)config.ServiceProvider.LogoutEndpoint.endPointIndex;
XmlDocument doc = request.GetXml();
var signingCertificate = FederationConfig.GetConfig().GetFirstValidCertificate();
var shaHashingAlgorithm = SignatureProviderFactory.ValidateShaHashingAlgorithm(idpEndPoint.ShaHashingAlgorithm);
var signatureProvider = SignatureProviderFactory.CreateFromShaHashingAlgorithmName(shaHashingAlgorithm);
signatureProvider.SignAssertion(doc, request.Request.ID, signingCertificate);
ArtifactRedirect(destination, index, doc, relayState);
}
private void TransferClient(IDPEndPoint endpoint, HttpContext context)
{
Trace.TraceMethodCalled(GetType(), "TransferClient()");
Saml20LogoutRequest request = Saml20LogoutRequest.GetDefault();
AuditLogging.AssertionId = request.ID;
AuditLogging.IdpId = endpoint.Id;
// Determine which endpoint to use from the configuration file or the endpoint metadata.
IDPEndPointElement destination =
DetermineEndpointConfiguration(SAMLBinding.REDIRECT, endpoint.SLOEndpoint, endpoint.metadata.SLOEndpoints());
request.Destination = destination.Url;
string nameIdFormat = context.Session[IDPNameIdFormat].ToString();
request.SubjectToLogOut.Format = nameIdFormat;
if (destination.Binding == SAMLBinding.POST)
{
HttpPostBindingBuilder builder = new HttpPostBindingBuilder(destination);
request.Destination = destination.Url;
request.Reason = Saml20Constants.Reasons.User;
request.SubjectToLogOut.Value = context.Session[IDPNameId].ToString();
request.SessionIndex = context.Session[IDPSessionIdKey].ToString();
XmlDocument requestDocument = request.GetXml();
XmlSignatureUtils.SignDocument(requestDocument, request.ID);
builder.Request = requestDocument.OuterXml;
if(Trace.ShouldTrace(TraceEventType.Information))
Trace.TraceData(TraceEventType.Information, string.Format(Tracing.SendLogoutRequest, "POST", endpoint.Id, requestDocument.OuterXml));
AuditLogging.logEntry(Direction.OUT, Operation.LOGOUTREQUEST, "Binding: POST");
builder.GetPage().ProcessRequest(context);
context.Response.End();
return;
}
if(destination.Binding == SAMLBinding.REDIRECT)
{
HttpRedirectBindingBuilder builder = new HttpRedirectBindingBuilder();
builder.signingKey = FederationConfig.GetConfig().SigningCertificate.GetCertificate().PrivateKey;
request.Destination = destination.Url;
request.Reason = Saml20Constants.Reasons.User;
request.SubjectToLogOut.Value = context.Session[IDPNameId].ToString();
request.SessionIndex = context.Session[IDPSessionIdKey].ToString();
builder.Request = request.GetXml().OuterXml;
string redirectUrl = destination.Url + "?" + builder.ToQuery();
if (Trace.ShouldTrace(TraceEventType.Information))
Trace.TraceData(TraceEventType.Information, string.Format(Tracing.SendLogoutRequest, "REDIRECT", endpoint.Id, redirectUrl));
AuditLogging.logEntry(Direction.OUT, Operation.LOGOUTREQUEST, "Binding: Redirect");
context.Response.Redirect(redirectUrl, true);
return;
}
if(destination.Binding == SAMLBinding.ARTIFACT)
{
if (Trace.ShouldTrace(TraceEventType.Information))
Trace.TraceData(TraceEventType.Information, string.Format(Tracing.SendLogoutRequest, "ARTIFACT", endpoint.Id, string.Empty));
request.Destination = destination.Url;
request.Reason = Saml20Constants.Reasons.User;
request.SubjectToLogOut.Value = context.Session[IDPNameId].ToString();
request.SessionIndex = context.Session[IDPSessionIdKey].ToString();
HttpArtifactBindingBuilder builder = new HttpArtifactBindingBuilder(context);
AuditLogging.logEntry(Direction.OUT, Operation.LOGOUTREQUEST, "Method: Artifact");
builder.RedirectFromLogout(destination, request, Guid.NewGuid().ToString("N"));
}
HandleError(context, Resources.BindingError);
}