public void ValidateJsonWebToken(string tokenString, SsoSettings settings, IList<string> audiences) { try { TokenString = tokenString; SecurityToken securityToken; _log.DebugFormat("JWT Validation securityAlgorithm={0}, audience[0]={1}, audience[1]={2}", settings.ValidationType, audiences[0], audiences[1]); switch (settings.ValidationType) { case ValidationTypes.RSA_SHA256: RSACryptoServiceProvider publicOnly = new RSACryptoServiceProvider(); //"<RSAKeyValue><Modulus>zeyPa4SwRb0IO+KMq20760ZmaUvy/qzecdOkRUNdNpdUe1E72Xt1WkAcWNu24/UeS3pETu08rVTqHJUMfhHcSKgL7LAk/MMj2inGFxop1LipGZSnqZhnjsfj1ERJL5eXs1O9hqyAcXvY4A2wo67qqv/lbHLKTW59W+YQkbIOVR4nQlbh1lK1TIY+oqK0J/5Ileb4QfERn0Rv/J/K0fy6VzLmVt+kg9MRNxYwnVsC3m5/kIu1fw3OpZxcaCC68SRqLLb/UXmaJM8NXYKkAkHKxT4DQqSk6KbFSQG6qi49Q34akohekzxjxmmGeoO5tsFCuMJofKAsBKKtOkLPaJD2rQ==</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>" publicOnly.FromXmlString(settings.PublicKey); securityToken = new RsaSecurityToken(publicOnly); break; case ValidationTypes.HMAC_SHA256: //var key = "zeyPa4SwRb0IO+KMq20760ZmaUvy/qzecdOkRUNdNpdUe1E72Xu24/UeS3pETu"; securityToken = new System.ServiceModel.Security.Tokens.BinarySecretSecurityToken(GetBytes(settings.PublicKey)); break; case ValidationTypes.X509: var certificate = new Certificate(); certificate.LoadCertificate(settings.PublicKey); securityToken = new X509SecurityToken(certificate.cert); break; default: _log.ErrorFormat("ValidationType has wrong value: {0}", settings.ValidationType); throw new ArgumentException("ValidationType has wrong value"); } TokenValidationParameters validationParams = new TokenValidationParameters(); validationParams.ValidIssuer = settings.Issuer; validationParams.ValidAudiences = audiences; validationParams.ValidateIssuer = true; validationParams.ValidateIssuerSigningKey = true; validationParams.ValidateAudience = true; validationParams.ValidateActor = true; validationParams.IssuerSigningToken = securityToken; JwtSecurityTokenHandler recipientTokenHandler = new JwtSecurityTokenHandler(); recipientTokenHandler.TokenLifetimeInMinutes = MAX_CLOCK_SKEW; SecurityToken validatedToken = null; ClaimsPrincipalReceived = recipientTokenHandler.ValidateToken(TokenString, validationParams, out validatedToken); JwtSecurityToken = validatedToken; } catch (Exception e) { _log.ErrorFormat("JWT Validation error. {0}", e); } }
public SamlResponse(SsoSettings ssoSettings) { _ssoSettings = ssoSettings; _certificate = new Certificate(); _certificate.LoadCertificate(_ssoSettings.PublicKey); }
public string SaveSettings(string serializeSettings) { if (Context.User != null && Context.User.Identity != null) { var userInfo = CoreContext.UserManager.GetUsers(((IUserAccount)Context.User.Identity).ID); if (userInfo != Constants.LostUser && userInfo.IsAdmin()) { try { if (string.IsNullOrWhiteSpace(serializeSettings)) { _log.ErrorFormat("SSO settings are null or empty."); return Resource.SsoSettingsAreEmpty; } Settings = (SsoSettings)JavaScriptDeserializer.DeserializeFromJson(serializeSettings, typeof(SsoSettings)); if (Settings == null) { _log.ErrorFormat("Wrong SSO settings were received from client."); return Resource.SsoSettingsWrongSerialization; } var messageAction = Settings.EnableSso ? MessageAction.SSOEnabled : MessageAction.SSODisabled; if (Settings.EnableSso) { if (!(string.IsNullOrWhiteSpace(Settings.Issuer) || CheckUri(Settings.Issuer))) { _log.ErrorFormat("Wrong Issuer URL: {0}", Settings.Issuer); return string.Format(Resource.SsoSettingsWrongURL, Settings.Issuer); } else { Settings.Issuer = Settings.Issuer.Trim(); } if (!(string.IsNullOrWhiteSpace(Settings.SsoEndPoint) || CheckUri(Settings.SsoEndPoint))) { _log.ErrorFormat("Wrong SsoEndPoint URL: {0}", Settings.SsoEndPoint); return string.Format(Resource.SsoSettingsWrongURL, Settings.SsoEndPoint); } else { Settings.SsoEndPoint = Settings.SsoEndPoint.Trim(); } if (!string.IsNullOrWhiteSpace(Settings.SloEndPoint) && !CheckUri(Settings.SloEndPoint)) { _log.ErrorFormat("Wrong SloEndPoint URL: {0}", Settings.SloEndPoint); return string.Format(Resource.SsoSettingsWrongURL, Settings.SloEndPoint); } else { Settings.SloEndPoint = Settings.SloEndPoint.Trim(); } if (string.IsNullOrWhiteSpace(Settings.PublicKey)) { _log.ErrorFormat("Wrong PublicKey: {0}", Settings.PublicKey); return Resource.SsoSettingsWrongPublicKey; } else { Settings.PublicKey = Settings.PublicKey.Trim(); } if (Settings.TokenType != TokenTypes.SAML && Settings.TokenType != TokenTypes.JWT) { _log.ErrorFormat("Wrong token type: {0}", Settings.TokenType); return Resource.SsoSettingsWrongTokenType; } if ((Settings.ValidationType != ValidationTypes.HMAC_SHA256 && Settings.ValidationType != ValidationTypes.RSA_SHA256 && Settings.ValidationType != ValidationTypes.X509)) { _log.ErrorFormat("Wrong validaion type: {0}", Settings.ValidationType); return Resource.SsoSettingsWrongValidationType; } if (Settings.TokenType == TokenTypes.SAML && Settings.ValidationType != ValidationTypes.X509) { Settings.ValidationType = ValidationTypes.X509; } } if (!SettingsManager.Instance.SaveSettings(Settings, TenantProvider.CurrentTenantID)) { _log.ErrorFormat("Can't save SSO settings."); return Resource.SsoSettingsCantSaveSettings; } MessageService.Send(HttpContext.Current.Request, messageAction); } catch(Exception e) { _log.ErrorFormat("Save SSO setting error: {0}.", e); return Resource.SsoSettingsUnexpectedError; } return string.Empty; } } _log.ErrorFormat("Insufficient Access Rights by saving sso settings!"); throw new SecurityException(); }
protected void Page_Load(object sender, EventArgs e) { AjaxPro.Utility.RegisterTypeForAjax(typeof(SingleSignOnSettings), Page); Page.RegisterBodyScripts(ResolveUrl("~/usercontrols/management/singlesignonsettings/js/singlesignonsettings.js")); Settings = SettingsManager.Instance.LoadSettings<SsoSettings>(TenantProvider.CurrentTenantID); }
public SamlRequest(SsoSettings ssoSettings) { _ssoSettings = ssoSettings; _id = "_" + Guid.NewGuid().ToString(); _issueInstant = DateTime.Now.ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ss.fffZ"); }