private static SamlDetail ExtractInformation(XmlDocument doc) { var detail = new SamlDetail(); var conditionsElement = doc.SelectSingleNode("//*[local-name()='Conditions']"); if (conditionsElement != null) { detail.NotBefore = XmlConvert.ToDateTime(conditionsElement.Attributes["NotBefore"].Value, XmlDateTimeSerializationMode.Utc); detail.NotOnOrAfter = XmlConvert.ToDateTime(conditionsElement.Attributes["NotOnOrAfter"].Value, XmlDateTimeSerializationMode.Utc); } var nameIdElement = doc.SelectSingleNode("//*[local-name()='Subject']/*[local-name()='NameID']"); if (nameIdElement == null) { ThrowAndLog("NameID Claim Policy not configured correctly."); } detail.SubjectNameId = nameIdElement.InnerText; var issuerElement = doc.SelectSingleNode("//*[local-name()='Issuer']"); detail.Issuer = issuerElement.InnerText; var audienceElements = doc.SelectNodes("//*[local-name()='Conditions']/*[local-name()='AudienceRestriction']/*[local-name()='Audience']"); detail.AudienceRestrictions = new List <string>(); if (audienceElements != null) { foreach (var audienceElement in audienceElements) { detail.AudienceRestrictions.Add(((XmlNode)audienceElement).InnerText); } } return(detail); }
private bool VerifyAudience(SamlDetail information) { if (string.IsNullOrEmpty(_audienceRestriction)) { return(true); } return(information.AudienceRestrictions.Contains(_audienceRestriction)); }
private static bool VerifyAllowedDateTimeRange(SamlDetail detail) { var utcnow = DateTime.UtcNow.TruncateToSecond(); var notBefore = detail.NotBefore.TruncateToSecond(); var notOnOrAfter = detail.NotOnOrAfter.TruncateToSecond(); var notBeforeSubtract5Second = notBefore.Subtract(TimeSpan.FromSeconds(5)); Logger.InfoFormat($"utcnow: {utcnow}, notBefore: {notBefore}, notOnOrAfter: {notOnOrAfter}, notBeforeSubtract5Second <= utcnow: {notBeforeSubtract5Second <= utcnow}, utcnow < notOnOrAfter: {utcnow < notOnOrAfter}"); return(notBeforeSubtract5Second <= utcnow && utcnow < notOnOrAfter); }
private bool VerifyAudience(SamlDetail information) { if (string.IsNullOrEmpty(_audienceRestriction)) return true; return information.AudienceRestrictions.Contains(_audienceRestriction); }
private static bool VerifyAllowedDateTimeRange(SamlDetail detail) { var utcnow = DateTime.UtcNow.TruncateTo(DateTimeUtils.DateTruncate.Second); var notBefore = detail.NotBefore.TruncateTo(DateTimeUtils.DateTruncate.Second); var notOnOrAfter = detail.NotOnOrAfter.TruncateTo(DateTimeUtils.DateTruncate.Second); var notBeforeSubtract5Second = notBefore.Subtract(TimeSpan.FromSeconds(5)); Logger.InfoFormat("utcnow: {0}, notBefore: {1}, notOnOrAfter: {2}, notBeforeSubtract5Second <= utcnow: {3}, utcnow < notOnOrAfter: {4}", utcnow, notBefore, notOnOrAfter, notBeforeSubtract5Second <= utcnow, utcnow < notOnOrAfter); return notBeforeSubtract5Second <= utcnow && utcnow < notOnOrAfter; }
private static SamlDetail ExtractInformation(XmlDocument doc) { var detail = new SamlDetail(); var conditionsElement = doc.SelectSingleNode("//*[local-name()='Conditions']"); if (conditionsElement != null) { detail.NotBefore = XmlConvert.ToDateTime(conditionsElement.Attributes["NotBefore"].Value, XmlDateTimeSerializationMode.Utc); detail.NotOnOrAfter = XmlConvert.ToDateTime(conditionsElement.Attributes["NotOnOrAfter"].Value, XmlDateTimeSerializationMode.Utc); } var nameIdElement = doc.SelectSingleNode("//*[local-name()='Subject']/*[local-name()='NameID']"); if (nameIdElement == null) { ThrowAndLog("NameID Claim Policy not configured correctly."); } detail.SubjectNameId = nameIdElement.InnerText; var issuerElement = doc.SelectSingleNode("//*[local-name()='Issuer']"); detail.Issuer = issuerElement.InnerText; var audienceElements = doc.SelectNodes("//*[local-name()='Conditions']/*[local-name()='AudienceRestriction']/*[local-name()='Audience']"); detail.AudienceRestrictions = new List<string>(); if (audienceElements != null) { foreach (var audienceElement in audienceElements) detail.AudienceRestrictions.Add(((XmlNode)audienceElement).InnerText); } return detail; }