public void ValidateSubjectConfirmation(SubjectConfirmation subjectConfirmation) { if (subjectConfirmation == null) throw new ArgumentNullException("subjectConfirmation"); if (!Saml20Utils.ValidateRequiredString(subjectConfirmation.Method)) throw new Saml20FormatException("Method attribute of SubjectConfirmation MUST contain at least one non-whitespace character"); if (!Uri.IsWellFormedUriString(subjectConfirmation.Method, UriKind.Absolute)) throw new Saml20FormatException("SubjectConfirmation element has Method attribute which is not a wellformed absolute uri."); if (subjectConfirmation.Method == Saml20Constants.SubjectConfirmationMethods.HolderOfKey) KeyInfoValidator.ValidateKeyInfo(subjectConfirmation.SubjectConfirmationData); if (subjectConfirmation.Item != null) { if (subjectConfirmation.Item is NameID) NameIdValidator.ValidateNameID((NameID)subjectConfirmation.Item); else if (subjectConfirmation.Item is EncryptedElement) NameIdValidator.ValidateEncryptedID((EncryptedElement)subjectConfirmation.Item); else throw new Saml20FormatException(String.Format("Identifier of type {0} is not supported for SubjectConfirmation", subjectConfirmation.Item.GetType())); } else if (subjectConfirmation.SubjectConfirmationData != null) SubjectConfirmationDataValidator.ValidateSubjectConfirmationData(subjectConfirmation.SubjectConfirmationData); }
public void ValidateSubjectConfirmation(SubjectConfirmation subjectConfirmation) { if (subjectConfirmation.Method == SubjectConfirmation.BEARER_METHOD) { if (subjectConfirmation.SubjectConfirmationData == null) throw new DKSaml20FormatException("The DK-SAML 2.0 Profile requires that the bearer \"SubjectConfirmation\" element contains a \"SubjectConfirmationData\" element."); if (!Saml20Utils.ValidateRequiredString(subjectConfirmation.SubjectConfirmationData.Recipient)) throw new DKSaml20FormatException("The DK-SAML 2.0 Profile requires that the \"SubjectConfirmationData\" element contains the \"Recipient\" attribute."); if (!subjectConfirmation.SubjectConfirmationData.NotOnOrAfter.HasValue) throw new DKSaml20FormatException("The DK-SAML 2.0 Profile requires that the \"SubjectConfirmationData\" element contains the \"NotOnOrAfter\" attribute."); if (subjectConfirmation.SubjectConfirmationData.NotBefore.HasValue) throw new DKSaml20FormatException("The DK-SAML 2.0 Profile disallows the use of the \"NotBefore\" attribute of the \"SubjectConfirmationData\" element."); } }
/// <summary> /// Assembles our basic test assertion /// </summary> /// <returns></returns> public static Assertion GetBasicAssertion() { Assertion assertion = new Assertion(); { assertion.Issuer = new NameID(); assertion.ID = "_b8977dc86cda41493fba68b32ae9291d"; assertion.IssueInstant = DateTime.UtcNow; assertion.Version = "2.0"; assertion.Issuer.Value = GetBasicIssuer(); } { assertion.Subject = new Subject(); SubjectConfirmation subjectConfirmation = new SubjectConfirmation(); subjectConfirmation.Method = SubjectConfirmation.BEARER_METHOD; subjectConfirmation.SubjectConfirmationData = new SubjectConfirmationData(); subjectConfirmation.SubjectConfirmationData.NotOnOrAfter = new DateTime(2008, 12, 31, 12, 0, 0, 0); subjectConfirmation.SubjectConfirmationData.Recipient = "http://borger.dk"; assertion.Subject.Items = new object[] { subjectConfirmation }; } { assertion.Conditions = new Conditions(); assertion.Conditions.NotOnOrAfter = new DateTime(2008, 12, 31, 12, 0, 0, 0); AudienceRestriction audienceRestriction = new AudienceRestriction(); audienceRestriction.Audience = GetAudiences(); assertion.Conditions.Items = new List<ConditionAbstract>(new ConditionAbstract[] { audienceRestriction }); } AuthnStatement authnStatement; { authnStatement = new AuthnStatement(); assertion.Items = new StatementAbstract[] { authnStatement }; authnStatement.AuthnInstant = new DateTime(2008, 1, 8); authnStatement.SessionIndex = "70225885"; authnStatement.AuthnContext = new AuthnContext(); authnStatement.AuthnContext.Items = new object[] { "urn:oasis:names:tc:SAML:2.0:ac:classes:X509", "http://www.safewhere.net/authncontext/declref" }; authnStatement.AuthnContext.ItemsElementName = new ItemsChoiceType5[] { ItemsChoiceType5.AuthnContextClassRef, ItemsChoiceType5.AuthnContextDeclRef}; } AttributeStatement attributeStatement; { attributeStatement = new AttributeStatement(); SamlAttribute surName = new SamlAttribute(); surName.FriendlyName = "SurName"; surName.Name = "urn:oid:2.5.4.4"; surName.NameFormat = SamlAttribute.NAMEFORMAT_URI; surName.AttributeValue = new string[] { "Fry" }; SamlAttribute commonName = new SamlAttribute(); commonName.FriendlyName = "CommonName"; commonName.Name = "urn:oid:2.5.4.3"; commonName.NameFormat = SamlAttribute.NAMEFORMAT_URI; commonName.AttributeValue = new string[] { "Philip J. Fry" }; SamlAttribute userName = new SamlAttribute(); userName.Name = "urn:oid:0.9.2342.19200300.100.1.1"; userName.NameFormat = SamlAttribute.NAMEFORMAT_URI; userName.AttributeValue = new string[] { "fry" }; SamlAttribute eMail = new SamlAttribute(); eMail.FriendlyName = "Email"; eMail.Name = "urn:oid:0.9.2342.19200300.100.1.3"; eMail.NameFormat = SamlAttribute.NAMEFORMAT_URI; eMail.AttributeValue = new string[] { "*****@*****.**" }; attributeStatement.Items = new object[] { surName, commonName, userName, eMail }; } assertion.Items = new StatementAbstract[] { authnStatement, attributeStatement }; return assertion; }
private Assertion CreateAssertion(User user, string receiver) { Assertion assertion = new Assertion(); { // Subject element assertion.Subject = new Subject(); assertion.ID = "id" + Guid.NewGuid().ToString("N"); assertion.IssueInstant = DateTime.Now.AddMinutes(10); assertion.Issuer = new NameID(); assertion.Issuer.Value = IDPConfig.ServerBaseUrl; SubjectConfirmation subjectConfirmation = new SubjectConfirmation(); subjectConfirmation.Method = SubjectConfirmation.BEARER_METHOD; subjectConfirmation.SubjectConfirmationData = new SubjectConfirmationData(); subjectConfirmation.SubjectConfirmationData.NotOnOrAfter = DateTime.Now.AddHours(1); subjectConfirmation.SubjectConfirmationData.Recipient = receiver; NameID nameId = new NameID(); nameId.Format = Saml20Constants.NameIdentifierFormats.Persistent; nameId.Value = user.ppid; assertion.Subject.Items = new object[] { nameId, subjectConfirmation }; } { // Conditions element assertion.Conditions = new Conditions(); assertion.Conditions.Items = new List<ConditionAbstract>(); assertion.Conditions.NotOnOrAfter = DateTime.Now.AddHours(1); AudienceRestriction audienceRestriction = new AudienceRestriction(); audienceRestriction.Audience = new List<string>(); audienceRestriction.Audience.Add(receiver); assertion.Conditions.Items.Add(audienceRestriction); } List<StatementAbstract> statements = new List<StatementAbstract>(2); { // AuthnStatement element AuthnStatement authnStatement = new AuthnStatement(); authnStatement.AuthnInstant = DateTime.Now; authnStatement.SessionIndex = Convert.ToString(new Random().Next()); authnStatement.AuthnContext = new AuthnContext(); authnStatement.AuthnContext.Items = new object[] {"urn:oasis:names:tc:SAML:2.0:ac:classes:X509"}; // Wow! Setting the AuthnContext is .... verbose. authnStatement.AuthnContext.ItemsElementName = new ItemsChoiceType5[] { ItemsChoiceType5.AuthnContextClassRef }; statements.Add(authnStatement); } { // Generate attribute list. AttributeStatement attributeStatement = new AttributeStatement(); List<SamlAttribute> attributes = new List<SamlAttribute>(user.Attributes.Count); foreach (KeyValuePair<string, string> att in user.Attributes) { SamlAttribute attribute = new SamlAttribute(); attribute.Name = att.Key; attribute.AttributeValue = new string[] { att.Value }; attribute.NameFormat = SamlAttribute.NAMEFORMAT_BASIC; attributes.Add(attribute); } attributeStatement.Items = attributes.ToArray(); statements.Add(attributeStatement); } assertion.Items = statements.ToArray(); return assertion; }
public void SubjectConfirmationWrongMethod() { SubjectConfirmation sct = new SubjectConfirmation(); sct.Method = "malformed uri"; Saml20SubjectConfirmationValidator validator = new Saml20SubjectConfirmationValidator(); validator.ValidateSubjectConfirmation(sct); }
public void SubjectConfirmationEmptyMethod() { SubjectConfirmation sct = new SubjectConfirmation(); sct.Method = " "; Saml20SubjectConfirmationValidator validator = new Saml20SubjectConfirmationValidator(); validator.ValidateSubjectConfirmation(sct); }
public void SubjectConfirmationData_Method_HolderOfKey_Valid() { SubjectConfirmation subjectConfirmation = new SubjectConfirmation(); subjectConfirmation.Method = Saml20Constants.SubjectConfirmationMethods.HolderOfKey; subjectConfirmation.SubjectConfirmationData = new SubjectConfirmationData(); XmlDocument doc = new XmlDocument(); XmlElement elem = doc.CreateElement("ds", "KeyInfo", Saml20Constants.XMLDSIG); elem.AppendChild((doc.CreateElement("lalala"))); subjectConfirmation.SubjectConfirmationData.AnyElements = new XmlElement[] { elem }; Saml20SubjectConfirmationValidator validator = new Saml20SubjectConfirmationValidator(); validator.ValidateSubjectConfirmation(subjectConfirmation); }
public void SubjectConfirmationData_Method_HolderOfKey_Invalid_NoKeyInfo() { SubjectConfirmation subjectConfirmation = new SubjectConfirmation(); subjectConfirmation.Method = Saml20Constants.SubjectConfirmationMethods.HolderOfKey; subjectConfirmation.SubjectConfirmationData = new SubjectConfirmationData(); Saml20SubjectConfirmationValidator validator = new Saml20SubjectConfirmationValidator(); validator.ValidateSubjectConfirmation(subjectConfirmation); }