/// <summary> /// Adds Signature to redirect request url /// </summary> /// <param name="redirectUrl">redirect Url</param> /// <param name="sigAlgorithm">sginature alogorithm used for signing</param> private static void AddSignatureToRequest(UrlBuilder redirectUrl, SignMessage.SignatureAlgorithm sigAlgorithm) { switch (sigAlgorithm) { case SignMessage.SignatureAlgorithm.Sha1: redirectUrl.AddOrUpdateParameter("SigAlg", "http://www.w3.org/2000/09/xmldsig#rsa-sha1"); break; case SignMessage.SignatureAlgorithm.Sha256: redirectUrl.AddOrUpdateParameter("SigAlg", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"); break; case SignMessage.SignatureAlgorithm.Sha384: redirectUrl.AddOrUpdateParameter("SigAlg", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"); break; case SignMessage.SignatureAlgorithm.Sha512: redirectUrl.AddOrUpdateParameter("SigAlg", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"); break; } }
/// <summary> /// Gets SamlSigned RedirectUrl /// </summary> /// <param name="destination"></param> /// <param name="samlPayLoad"></param> /// <param name="relayStateInput"></param> /// <param name="signatureAlogrithm"></param> /// <param name="certSubject"></param> /// <returns></returns> public static UrlBuilder GetSamlSignedRedirectUrl ( string destination, string samlPayLoad, string relayStateInput, string signatureAlogrithm, string certSubject ) { UrlBuilder redirectUrl = new UrlBuilder() { Uri = new Uri(destination) }; // Add the request parameters to the URL builder redirectUrl.AddOrUpdateParameter("SAMLRequest", samlPayLoad.RedirectEncode()); if (!string.IsNullOrWhiteSpace(relayStateInput)) { redirectUrl.AddOrUpdateParameter("RelayState", relayStateInput.RedirectEncode()); } // Save signature algorithm SignMessage.SignatureAlgorithm sigAlgorithm = (SignMessage.SignatureAlgorithm)Enum.Parse(typeof(SignMessage.SignatureAlgorithm), signatureAlogrithm, true); AddSignatureToRequest(redirectUrl, sigAlgorithm); X509Certificate2 samlEncryptionAndSigningKey = SignMessage.GetSamlEncryptionAndSigningKey(certSubject); string signature = SignMessage.SignDetached(redirectUrl.GetQueryString(), samlEncryptionAndSigningKey, sigAlgorithm); redirectUrl.AddOrUpdateParameter("Signature", signature); string signedSamlRedirectMessage = redirectUrl.ToString(); return(redirectUrl); }