private static SamlDetail ExtractInformation(XmlDocument doc)
{
var detail = new SamlDetail();
var conditionsElement = doc.SelectSingleNode("//*[local-name()='Conditions']");
if (conditionsElement != null)
{
detail.NotBefore = XmlConvert.ToDateTime(conditionsElement.Attributes["NotBefore"].Value, XmlDateTimeSerializationMode.Utc);
detail.NotOnOrAfter = XmlConvert.ToDateTime(conditionsElement.Attributes["NotOnOrAfter"].Value, XmlDateTimeSerializationMode.Utc);
}
var nameIdElement = doc.SelectSingleNode("//*[local-name()='Subject']/*[local-name()='NameID']");
if (nameIdElement == null)
{
ThrowAndLog("NameID Claim Policy not configured correctly.");
}
detail.SubjectNameId = nameIdElement.InnerText;
var issuerElement = doc.SelectSingleNode("//*[local-name()='Issuer']");
detail.Issuer = issuerElement.InnerText;
var audienceElements = doc.SelectNodes("//*[local-name()='Conditions']/*[local-name()='AudienceRestriction']/*[local-name()='Audience']");
detail.AudienceRestrictions = new List <string>();
if (audienceElements != null)
{
foreach (var audienceElement in audienceElements)
{
detail.AudienceRestrictions.Add(((XmlNode)audienceElement).InnerText);
}
}
return(detail);
}
private bool VerifyAudience(SamlDetail information)
{
if (string.IsNullOrEmpty(_audienceRestriction))
{
return(true);
}
return(information.AudienceRestrictions.Contains(_audienceRestriction));
}
private static bool VerifyAllowedDateTimeRange(SamlDetail detail)
{
var utcnow = DateTime.UtcNow.TruncateToSecond();
var notBefore = detail.NotBefore.TruncateToSecond();
var notOnOrAfter = detail.NotOnOrAfter.TruncateToSecond();
var notBeforeSubtract5Second = notBefore.Subtract(TimeSpan.FromSeconds(5));
Logger.InfoFormat($"utcnow: {utcnow}, notBefore: {notBefore}, notOnOrAfter: {notOnOrAfter}, notBeforeSubtract5Second <= utcnow: {notBeforeSubtract5Second <= utcnow}, utcnow < notOnOrAfter: {utcnow < notOnOrAfter}");
return(notBeforeSubtract5Second <= utcnow && utcnow < notOnOrAfter);
}
private bool VerifyAudience(SamlDetail information)
{
if (string.IsNullOrEmpty(_audienceRestriction))
return true;
return information.AudienceRestrictions.Contains(_audienceRestriction);
}
private static bool VerifyAllowedDateTimeRange(SamlDetail detail)
{
var utcnow = DateTime.UtcNow.TruncateTo(DateTimeUtils.DateTruncate.Second);
var notBefore = detail.NotBefore.TruncateTo(DateTimeUtils.DateTruncate.Second);
var notOnOrAfter = detail.NotOnOrAfter.TruncateTo(DateTimeUtils.DateTruncate.Second);
var notBeforeSubtract5Second = notBefore.Subtract(TimeSpan.FromSeconds(5));
Logger.InfoFormat("utcnow: {0}, notBefore: {1}, notOnOrAfter: {2}, notBeforeSubtract5Second <= utcnow: {3}, utcnow < notOnOrAfter: {4}", utcnow, notBefore, notOnOrAfter, notBeforeSubtract5Second <= utcnow, utcnow < notOnOrAfter);
return notBeforeSubtract5Second <= utcnow && utcnow < notOnOrAfter;
}
private static SamlDetail ExtractInformation(XmlDocument doc)
{
var detail = new SamlDetail();
var conditionsElement = doc.SelectSingleNode("//*[local-name()='Conditions']");
if (conditionsElement != null)
{
detail.NotBefore = XmlConvert.ToDateTime(conditionsElement.Attributes["NotBefore"].Value, XmlDateTimeSerializationMode.Utc);
detail.NotOnOrAfter = XmlConvert.ToDateTime(conditionsElement.Attributes["NotOnOrAfter"].Value, XmlDateTimeSerializationMode.Utc);
}
var nameIdElement = doc.SelectSingleNode("//*[local-name()='Subject']/*[local-name()='NameID']");
if (nameIdElement == null)
{
ThrowAndLog("NameID Claim Policy not configured correctly.");
}
detail.SubjectNameId = nameIdElement.InnerText;
var issuerElement = doc.SelectSingleNode("//*[local-name()='Issuer']");
detail.Issuer = issuerElement.InnerText;
var audienceElements = doc.SelectNodes("//*[local-name()='Conditions']/*[local-name()='AudienceRestriction']/*[local-name()='Audience']");
detail.AudienceRestrictions = new List<string>();
if (audienceElements != null)
{
foreach (var audienceElement in audienceElements)
detail.AudienceRestrictions.Add(((XmlNode)audienceElement).InnerText);
}
return detail;
}
