public void AttributeStatement_Invalid_Attribute() { Assertion saml20Assertion = AssertionUtil.GetBasicAssertion(); List<StatementAbstract> statements = new List<StatementAbstract>(saml20Assertion.Items); AttributeStatement sas = new AttributeStatement(); sas.Items = new object[1] { new SamlAttribute() }; statements.Add(sas); saml20Assertion.Items = statements.ToArray(); CreateSaml20Token(saml20Assertion); }
private void ValidateAttributeStatement(AttributeStatement attributeStatement) { foreach (object attribute in attributeStatement.Items) { if (attribute is EncryptedElement) throw new DKSaml20FormatException("The DK-SAML 2.0 profile does not allow encrypted attributes."); if (!(attribute is SamlAttribute)) throw new NotImplementedException(string.Format("Unable to handle attribute of type \"{0}\"", attribute.GetType().FullName)); AttributeValidator.ValidateAttribute((SamlAttribute) attribute); } }
/// <summary> /// [SAML2.0std] section 2.7.3 /// </summary> /// <param name="statement"></param> private void ValidateAttributeStatement(AttributeStatement statement) { if (statement.Items == null || statement.Items.Length == 0) throw new Saml20FormatException("AttributeStatement MUST contain at least one Attribute or EncryptedAttribute"); foreach (object o in statement.Items) { if (o == null) throw new Saml20FormatException("null-Attributes are not supported"); if (o is SamlAttribute) AttributeValidator.ValidateAttribute((SamlAttribute) o); else if (o is EncryptedElement) AttributeValidator.ValidateEncryptedAttribute((EncryptedElement)o); else throw new Saml20FormatException(string.Format("Subelement {0} of AttributeStatement is not supported", o.GetType())); } }
/// <summary> /// Merges the modified attributes into <code>AttributeStatement</code> of the assertion. /// </summary> private void InsertAttributes() { if (_assertionAttributes == null) return; // Generate the new AttributeStatement AttributeStatement attributeStatement = new AttributeStatement(); List<object> statements = new List<object>(_encryptedAssertionAttributes.Count + _assertionAttributes.Count); statements.AddRange(_assertionAttributes.ToArray()); statements.AddRange(_encryptedAssertionAttributes.ToArray()); attributeStatement.Items = statements.ToArray(); XmlNodeList list = _samlAssertion.GetElementsByTagName(AttributeStatement.ELEMENT_NAME, Saml20Constants.ASSERTION); if (list.Count > 0) // Remove the old AttributeStatement. _samlAssertion.RemoveChild(list[0]);//FIX _samlAssertion.DocumentElement.RemoveChild(list[0]); // Only insert a new AttributeStatement if there are attributes. if (statements.Count > 0) { // Convert the new AttributeStatement to the Document Object Model and make a silent prayer that one day we will // be able to make this transition in a more elegant way. XmlDocument attributeStatementDoc = Serialization.Serialize(attributeStatement); XmlNode attr = _samlAssertion.OwnerDocument.ImportNode(attributeStatementDoc.DocumentElement, true); // Insert the new statement. _samlAssertion.AppendChild(attr); } _encryptedAssertionAttributes = null; _assertionAttributes = null; }
/// <summary> /// Assembles our basic test assertion /// </summary> /// <returns></returns> public static Assertion GetBasicAssertion() { Assertion assertion = new Assertion(); { assertion.Issuer = new NameID(); assertion.ID = "_b8977dc86cda41493fba68b32ae9291d"; assertion.IssueInstant = DateTime.UtcNow; assertion.Version = "2.0"; assertion.Issuer.Value = GetBasicIssuer(); } { assertion.Subject = new Subject(); SubjectConfirmation subjectConfirmation = new SubjectConfirmation(); subjectConfirmation.Method = SubjectConfirmation.BEARER_METHOD; subjectConfirmation.SubjectConfirmationData = new SubjectConfirmationData(); subjectConfirmation.SubjectConfirmationData.NotOnOrAfter = new DateTime(2008, 12, 31, 12, 0, 0, 0); subjectConfirmation.SubjectConfirmationData.Recipient = "http://borger.dk"; assertion.Subject.Items = new object[] { subjectConfirmation }; } { assertion.Conditions = new Conditions(); assertion.Conditions.NotOnOrAfter = new DateTime(2008, 12, 31, 12, 0, 0, 0); AudienceRestriction audienceRestriction = new AudienceRestriction(); audienceRestriction.Audience = GetAudiences(); assertion.Conditions.Items = new List<ConditionAbstract>(new ConditionAbstract[] { audienceRestriction }); } AuthnStatement authnStatement; { authnStatement = new AuthnStatement(); assertion.Items = new StatementAbstract[] { authnStatement }; authnStatement.AuthnInstant = new DateTime(2008, 1, 8); authnStatement.SessionIndex = "70225885"; authnStatement.AuthnContext = new AuthnContext(); authnStatement.AuthnContext.Items = new object[] { "urn:oasis:names:tc:SAML:2.0:ac:classes:X509", "http://www.safewhere.net/authncontext/declref" }; authnStatement.AuthnContext.ItemsElementName = new ItemsChoiceType5[] { ItemsChoiceType5.AuthnContextClassRef, ItemsChoiceType5.AuthnContextDeclRef}; } AttributeStatement attributeStatement; { attributeStatement = new AttributeStatement(); SamlAttribute surName = new SamlAttribute(); surName.FriendlyName = "SurName"; surName.Name = "urn:oid:2.5.4.4"; surName.NameFormat = SamlAttribute.NAMEFORMAT_URI; surName.AttributeValue = new string[] { "Fry" }; SamlAttribute commonName = new SamlAttribute(); commonName.FriendlyName = "CommonName"; commonName.Name = "urn:oid:2.5.4.3"; commonName.NameFormat = SamlAttribute.NAMEFORMAT_URI; commonName.AttributeValue = new string[] { "Philip J. Fry" }; SamlAttribute userName = new SamlAttribute(); userName.Name = "urn:oid:0.9.2342.19200300.100.1.1"; userName.NameFormat = SamlAttribute.NAMEFORMAT_URI; userName.AttributeValue = new string[] { "fry" }; SamlAttribute eMail = new SamlAttribute(); eMail.FriendlyName = "Email"; eMail.Name = "urn:oid:0.9.2342.19200300.100.1.3"; eMail.NameFormat = SamlAttribute.NAMEFORMAT_URI; eMail.AttributeValue = new string[] { "*****@*****.**" }; attributeStatement.Items = new object[] { surName, commonName, userName, eMail }; } assertion.Items = new StatementAbstract[] { authnStatement, attributeStatement }; return assertion; }
private Assertion CreateAssertion(User user, string receiver) { Assertion assertion = new Assertion(); { // Subject element assertion.Subject = new Subject(); assertion.ID = "id" + Guid.NewGuid().ToString("N"); assertion.IssueInstant = DateTime.Now.AddMinutes(10); assertion.Issuer = new NameID(); assertion.Issuer.Value = IDPConfig.ServerBaseUrl; SubjectConfirmation subjectConfirmation = new SubjectConfirmation(); subjectConfirmation.Method = SubjectConfirmation.BEARER_METHOD; subjectConfirmation.SubjectConfirmationData = new SubjectConfirmationData(); subjectConfirmation.SubjectConfirmationData.NotOnOrAfter = DateTime.Now.AddHours(1); subjectConfirmation.SubjectConfirmationData.Recipient = receiver; NameID nameId = new NameID(); nameId.Format = Saml20Constants.NameIdentifierFormats.Persistent; nameId.Value = user.ppid; assertion.Subject.Items = new object[] { nameId, subjectConfirmation }; } { // Conditions element assertion.Conditions = new Conditions(); assertion.Conditions.Items = new List<ConditionAbstract>(); assertion.Conditions.NotOnOrAfter = DateTime.Now.AddHours(1); AudienceRestriction audienceRestriction = new AudienceRestriction(); audienceRestriction.Audience = new List<string>(); audienceRestriction.Audience.Add(receiver); assertion.Conditions.Items.Add(audienceRestriction); } List<StatementAbstract> statements = new List<StatementAbstract>(2); { // AuthnStatement element AuthnStatement authnStatement = new AuthnStatement(); authnStatement.AuthnInstant = DateTime.Now; authnStatement.SessionIndex = Convert.ToString(new Random().Next()); authnStatement.AuthnContext = new AuthnContext(); authnStatement.AuthnContext.Items = new object[] {"urn:oasis:names:tc:SAML:2.0:ac:classes:X509"}; // Wow! Setting the AuthnContext is .... verbose. authnStatement.AuthnContext.ItemsElementName = new ItemsChoiceType5[] { ItemsChoiceType5.AuthnContextClassRef }; statements.Add(authnStatement); } { // Generate attribute list. AttributeStatement attributeStatement = new AttributeStatement(); List<SamlAttribute> attributes = new List<SamlAttribute>(user.Attributes.Count); foreach (KeyValuePair<string, string> att in user.Attributes) { SamlAttribute attribute = new SamlAttribute(); attribute.Name = att.Key; attribute.AttributeValue = new string[] { att.Value }; attribute.NameFormat = SamlAttribute.NAMEFORMAT_BASIC; attributes.Add(attribute); } attributeStatement.Items = attributes.ToArray(); statements.Add(attributeStatement); } assertion.Items = statements.ToArray(); return assertion; }