/// <summary>
/// Loads the current message as an artifact response.
/// </summary>
private void LoadArtifactResponse()
{
if (_artifactResponse == null)
{
_artifactResponse = Serialization.Deserialize <ArtifactResponse>(new XmlNodeReader(SamlMessage));
_artifactResponse.Any = (XmlElement)SamlMessage.GetElementsByTagName(Response.ELEMENT_NAME, Saml2Constants.PROTOCOL)[0];
}
}
/// <summary>
/// Gets the status of the current message.
/// </summary>
/// <returns></returns>
public Status GetStatus()
{
XmlElement status = (XmlElement)SamlMessage.GetElementsByTagName(Status.ELEMENT_NAME, Saml20Constants.PROTOCOL)[0];
Status result = null;
if (status != null)
{
result = Serialization.Deserialize <Status>(new XmlNodeReader(status));
}
return(result);
}
internal static void PropagateStandardElements(XmlElement element, SamlMessage message)
{
element.SetAttribute($"xmlns:{SamlAuthenticationDefaults.SamlAssertionNsPrefix}", SamlAuthenticationDefaults.SamlAssertionNamespace);
element.SetAttribute($"xmlns:{SamlAuthenticationDefaults.SamlProtocolNsPrefix}", SamlAuthenticationDefaults.SamlProtocolNamespace);
element.SetAttribute("ID", $"_{Guid.NewGuid():N}");
element.SetAttribute("Version", "2.0");
//Does the Standardportal differ from SAML-Standard?
element.SetAttribute("IssueInstant", DateTime.UtcNow.ToString("o", CultureInfo.InvariantCulture));
element.SetAttribute("Destination", message.Destination);
var issuerElement = element.OwnerDocument.CreateElement(SamlAuthenticationDefaults.SamlAssertionNsPrefix, "Issuer", SamlAuthenticationDefaults.SamlAssertionNamespace);
issuerElement.InnerText = message.Issuer;
element.AppendChild(issuerElement);
}
internal static void ParseStandardElements(XmlElement element, SamlMessage message)
{
message.Id = element.GetAttribute("ID");
var issueInstantNode = element.SelectSingleNode("@IssueInstant", NamespaceManager);
if (issueInstantNode == null || string.IsNullOrEmpty(issueInstantNode.InnerText))
{
throw new ParsingException("Attribute 'IssueInstant' missing");
}
if (!DateTime.TryParse(issueInstantNode.InnerText, out var issueInstant))
{
throw new ParsingException("Issue instant cannot be parsed");
}
message.IssueInstant = issueInstant;
message.Destination = element.GetAttribute("Destination");
message.Issuer = element.GetElementsByTagName("Issuer", SamlAuthenticationDefaults.SamlAssertionNamespace)[0].InnerText;
}
/// <summary>
/// Invokes the login procedure (2nd leg of SP-Initiated login). Analagous to Saml20SignonHandler from ASP.Net DLL
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public async Task <AuthenticationTicket> Invoke(IOwinContext context)
{
Logger.Debug(TraceMessages.SignOnHandlerCalled);
ExceptionDispatchInfo authFailedEx = null;
try {
var messageReceivedNotification = new MessageReceivedNotification <SamlMessage, SamlAuthenticationOptions>(context, options)
{
ProtocolMessage = new SamlMessage(context, configuration, null)
};
await options.Notifications.MessageReceived(messageReceivedNotification);
if (messageReceivedNotification.HandledResponse)
{
return(null); // GetHandledResponseTicket()
}
if (messageReceivedNotification.Skipped)
{
return(null);
}
var requestParams = await HandleResponse(context);
var assertion = context.Get <Saml20Assertion>("Saml2:assertion");
var securityTokenReceivedNotification = new SecurityTokenReceivedNotification <SamlMessage, SamlAuthenticationOptions>(context, options)
{
ProtocolMessage = new SamlMessage(context, configuration, assertion)
};
await options.Notifications.SecurityTokenReceived(securityTokenReceivedNotification);
if (securityTokenReceivedNotification.HandledResponse)
{
return(null); // GetHandledResponseTicket();
}
if (securityTokenReceivedNotification.Skipped)
{
return(null);
}
var ticket = await GetAuthenticationTicket(context, requestParams);
var securityTokenValidatedNotification = new SecurityTokenValidatedNotification <SamlMessage, SamlAuthenticationOptions>(context, options)
{
AuthenticationTicket = ticket,
ProtocolMessage = new SamlMessage(context, configuration, assertion)
};
await options.Notifications.SecurityTokenValidated(securityTokenValidatedNotification);
if (securityTokenValidatedNotification.HandledResponse)
{
return(null); // GetHandledResponseTicket();
}
if (securityTokenValidatedNotification.Skipped)
{
return(null); // null;
}
// Flow possible changes
ticket = securityTokenValidatedNotification.AuthenticationTicket;
context.Authentication.AuthenticationResponseGrant = new AuthenticationResponseGrant(ticket.Identity, ticket.Properties);
return(ticket);
}
catch (Exception ex) {
authFailedEx = ExceptionDispatchInfo.Capture(ex);
}
if (authFailedEx != null)
{
Logger.Error("Exception occurred while processing message: " + authFailedEx.SourceException);
var message = new SamlMessage(context, configuration, context.Get <Saml20Assertion>("Saml2:assertion"));
var authenticationFailedNotification = new AuthenticationFailedNotification <SamlMessage, SamlAuthenticationOptions>(context, options)
{
ProtocolMessage = message,
Exception = authFailedEx.SourceException
};
await options.Notifications.AuthenticationFailed(authenticationFailedNotification);
if (authenticationFailedNotification.HandledResponse)
{
return(null);//GetHandledResponseTicket();
}
if (authenticationFailedNotification.Skipped)
{
return(null); //null
}
authFailedEx.Throw();
}
return(null);
}
/// <summary>
/// Gets the status of the current message.
/// </summary>
/// <returns>The <see cref="Status"/>.</returns>
public Status GetStatus()
{
var status = (XmlElement)SamlMessage.GetElementsByTagName(Status.ElementName, Saml20Constants.Protocol)[0];
return(status != null?Serialization.Deserialize <Status>(new XmlNodeReader(status)) : null);
}
