/// <summary>
/// Validate AttributeStatement.
/// </summary>
/// <remarks>
/// [SAML2.0 standard] section 2.7.3
/// </remarks>
/// <param name="statement">The statement.</param>
private void ValidateAttributeStatement(AttributeStatement statement)
{
if (statement.Items == null || statement.Items.Length == 0)
{
throw new Saml20FormatException("AttributeStatement MUST contain at least one Attribute or EncryptedAttribute");
}
foreach (var o in statement.Items)
{
if (o == null)
{
throw new Saml20FormatException("null-Attributes are not supported");
}
if (o is SamlAttribute)
{
_attributeValidator.ValidateAttribute((SamlAttribute)o);
}
else if (o is EncryptedElement)
{
_attributeValidator.ValidateEncryptedAttribute((EncryptedElement)o);
}
else
{
throw new Saml20FormatException(string.Format("Subelement {0} of AttributeStatement is not supported", o.GetType()));
}
}
}
public void ThrowsExceptionWhenAttributeElementEmptyName()
{
// Arrange
var statement = new AttributeStatement();
var validator = new Saml20StatementValidator();
statement.Items = new object[] { new SamlAttribute() };
// Act
validator.ValidateStatement(statement);
}
public void ThrowsExceptionWhenNullAttributeList()
{
// Arrange
var statement = new AttributeStatement();
var validator = new Saml20StatementValidator();
statement.Items = null;
// Act
validator.ValidateStatement(statement);
}
/// <summary>
/// Merges the modified attributes into <code>AttributeStatement</code> of the assertion.
/// </summary>
private void InsertAttributes()
{
if (_assertionAttributes == null)
{
return;
}
// Generate the new AttributeStatement
var attributeStatement = new AttributeStatement();
var statements = new List<object>(_encryptedAssertionAttributes.Count + _assertionAttributes.Count);
statements.AddRange(_assertionAttributes.ToArray());
statements.AddRange(_encryptedAssertionAttributes.ToArray());
attributeStatement.Items = statements.ToArray();
var list = XmlAssertion.GetElementsByTagName(AttributeStatement.ElementName, Saml20Constants.Assertion);
if (list.Count > 0)
{
// Remove the old AttributeStatement.
XmlAssertion.RemoveChild(list[0]);
// FIX _samlAssertion.DocumentElement.RemoveChild(list[0]);
}
// Only insert a new AttributeStatement if there are attributes.
if (statements.Count > 0)
{
// Convert the new AttributeStatement to the Document Object Model and make a silent prayer that one day we will
// be able to make this transition in a more elegant way.
var attributeStatementDoc = Serialization.Serialize(attributeStatement);
var attr = XmlAssertion.OwnerDocument.ImportNode(attributeStatementDoc.DocumentElement, true);
// Insert the new statement.
XmlAssertion.AppendChild(attr);
}
_encryptedAssertionAttributes = null;
_assertionAttributes = null;
}
/// <summary>
/// Assembles our basic test assertion
/// </summary>
/// <returns>The <see cref="Assertion"/>.</returns>
public static Assertion GetBasicAssertion()
{
var assertion = new Assertion
{
Issuer = new NameId(),
Id = "_b8977dc86cda41493fba68b32ae9291d",
IssueInstant = DateTime.UtcNow,
Version = "2.0"
};
assertion.Issuer.Value = GetBasicIssuer();
assertion.Subject = new Subject();
var subjectConfirmation = new SubjectConfirmation
{
Method = SubjectConfirmation.BearerMethod,
SubjectConfirmationData =
new SubjectConfirmationData
{
NotOnOrAfter = new DateTime(2008, 12, 31, 12, 0, 0, 0),
Recipient = "http://borger.dk"
}
};
assertion.Subject.Items = new object[] { subjectConfirmation };
assertion.Conditions = new Conditions { NotOnOrAfter = new DateTime(2008, 12, 31, 12, 0, 0, 0) };
var audienceRestriction = new AudienceRestriction { Audience = GetAudiences().Select(u => u.ToString()).ToList() };
assertion.Conditions.Items = new List<ConditionAbstract>(new ConditionAbstract[] { audienceRestriction });
AuthnStatement authnStatement;
{
authnStatement = new AuthnStatement();
assertion.Items = new StatementAbstract[] { authnStatement };
authnStatement.AuthnInstant = new DateTime(2008, 1, 8);
authnStatement.SessionIndex = "70225885";
authnStatement.AuthnContext = new AuthnContext
{
Items = new object[]
{
"urn:oasis:names:tc:SAML:2.0:ac:classes:X509",
"http://www.safewhere.net/authncontext/declref"
},
ItemsElementName = new[]
{
AuthnContextType.AuthnContextClassRef,
AuthnContextType.AuthnContextDeclRef
}
};
}
AttributeStatement attributeStatement;
{
attributeStatement = new AttributeStatement();
var surName = new SamlAttribute
{
FriendlyName = "SurName",
Name = "urn:oid:2.5.4.4",
NameFormat = SamlAttribute.NameformatUri,
AttributeValue = new[] { "Fry" }
};
var commonName = new SamlAttribute
{
FriendlyName = "CommonName",
Name = "urn:oid:2.5.4.3",
NameFormat = SamlAttribute.NameformatUri,
AttributeValue = new[] { "Philip J. Fry" }
};
var userName = new SamlAttribute
{
Name = "urn:oid:0.9.2342.19200300.100.1.1",
NameFormat = SamlAttribute.NameformatUri,
AttributeValue = new[] { "fry" }
};
var email = new SamlAttribute
{
FriendlyName = "Email",
Name = "urn:oid:0.9.2342.19200300.100.1.3",
NameFormat = SamlAttribute.NameformatUri,
AttributeValue = new[] { "*****@*****.**" }
};
attributeStatement.Items = new object[] { surName, commonName, userName, email };
}
assertion.Items = new StatementAbstract[] { authnStatement, attributeStatement };
return assertion;
}
