public void LoginWithIdentityProvider (object sender, EventArgs e)
{
XmlDocument xDoc = new XmlDocument ();
xDoc.PreserveWhitespace = true;
xDoc.Load (Assets.Open ("idp.symplified.net.metadata.xml"));
Saml20MetadataDocument idpMetadata = new Saml20MetadataDocument (xDoc);
Saml20Authenticator authenticator = new Saml20Authenticator (
"Symplified.Auth.Android.Sample",
idpMetadata
);
authenticator.Completed += (s, ee) => {
if (!ee.IsAuthenticated) {
this.authenticationStatus.Text = "Not authorized";
}
else {
SamlAccount authenticatedAccount = (SamlAccount)ee.Account;
this.authenticationStatus.Text = String.Format ("Subject: {0}", authenticatedAccount.Assertion.Subject.Value);
}
};
var intent = authenticator.GetUI (this);
StartActivityForResult (intent, 42);
}
public void TestSigning_01()
{
Saml20MetadataDocument doc = new Saml20MetadataDocument(true);
EntityDescriptor entity = doc.CreateDefaultEntity();
entity.validUntil = DateTime.Now.AddDays(14);
Console.WriteLine(doc.ToXml());
}
public void TestEndpointExtraction()
{
XmlDocument doc = new XmlDocument();
doc.PreserveWhitespace = true;
doc.Load(@"Saml20\Protocol\MetadataDocs\metadata-ADLER.xml");
Saml20MetadataDocument metadata = new Saml20MetadataDocument(doc);
Assert.AreEqual(2, metadata.SLOEndpoints().Count);
Assert.AreEqual(2, metadata.SSOEndpoints().Count);
}
/// <summary>
/// Adds the service provider with the given metadata to the list of known service providers.
/// </summary>
public static void AddServiceProvider(XmlDocument doc)
{
Saml20MetadataDocument metadata = new Saml20MetadataDocument(doc);
if (MetadataDocs.ContainsKey(metadata.EntityId))
MetadataDocs.Remove(metadata.EntityId);
MetadataDocs.Add(metadata.EntityId, metadata);
SaveMetadata(metadata.EntityId, doc);
}
/// <summary>
/// Checks the signature of a message received using the redirect binding using the keys found in the
/// metadata of the federation partner that sent the request.
/// </summary>
protected static bool CheckRedirectSignature(HttpRedirectBindingParser parser, Saml20MetadataDocument metadata)
{
List<KeyDescriptor> keys = metadata.GetKeys(KeyTypes.signing);
// Go through the list of signing keys (usually only one) and use it to verify the REDIRECT request.
foreach (KeyDescriptor key in keys)
{
KeyInfo keyinfo = (KeyInfo)key.KeyInfo;
foreach (KeyInfoClause keyInfoClause in keyinfo)
{
AsymmetricAlgorithm signatureKey = XmlSignatureUtils.ExtractKey(keyInfoClause);
if (signatureKey != null && parser.CheckSignature(signatureKey))
return true;
}
}
return false;
}
/// <summary>
/// Initializes a new instance of the <see cref="Symplified.Auth.Saml20Authenticator"/> class.
/// </summary>
/// <param name="spName">Service Provider name.</param>
/// <param name="idpMetadata">Identity Provider metadata.</param>
public Saml20Authenticator (string spName, Saml20MetadataDocument idpMetadata) :
base (PLACEHOLDER_URI, PLACEHOLDER_URI)
{
_spName = (string.IsNullOrEmpty (spName)) ? "symplified-mobile-sp" : spName;
_idpMetadata = idpMetadata;
Saml20AuthnRequest authnRequest = Saml20AuthnRequest.GetDefault (_spName);
byte[] xmlBytes = UTF8Encoding.Default.GetBytes (authnRequest.GetXml ().OuterXml);
string base64XmlString = SamlAccount.ToBase64ForUrlString (xmlBytes);
initialUrl = new Uri (
String.Format (
"{0}&SAMLRequest={1}", _idpMetadata.SSOEndpoint (SAMLBinding.POST).Url, base64XmlString
)
);
}
/// <summary>
/// Initializes a new instance of the <see cref="Symplified.Auth.Saml20Authenticator"/> class.
/// </summary>
/// <param name="spName">Service Provider name.</param>
/// <param name="idpMetadata">Identity Provider metadata.</param>
public Saml20Authenticator (string spName, Saml20MetadataDocument idpMetadata) :
base (PLACEHOLDER_URI, PLACEHOLDER_URI)
{
_spName = (string.IsNullOrEmpty (spName)) ? "symplified-mobile-sp" : spName;
_idpMetadata = idpMetadata;
var url = _idpMetadata.SSOEndpoint (SAMLBinding.POST).Url;
var separator = url.Contains ("?") ? "&" : "?";
var authnRequest = Saml20AuthnRequest.GetDefault (_spName);
var builder = new HttpRedirectBindingBuilder ();
builder.Request = authnRequest.GetXml ().OuterXml;
initialUrl = new Uri (
String.Format (
"{0}{1}{2}", url, separator, builder.ToQuery()
)
);
}
public void TestCertificateExtraction_01()
{
XmlDocument doc = new XmlDocument();
doc.PreserveWhitespace = true;
doc.Load(@"Saml20\Protocol\MetadataDocs\metadata-ADLER.xml");
Saml20MetadataDocument metadata = new Saml20MetadataDocument(doc);
List<KeyDescriptor> keys = metadata.Keys;
Assert.That(keys[0].use == KeyTypes.signing);
Assert.That(keys[1].use == KeyTypes.encryption);
Assert.That(metadata.GetKeys(KeyTypes.signing).Count == 1);
Assert.That(metadata.GetKeys(KeyTypes.encryption).Count == 1);
// The two certs in the metadata document happen to be identical, and are also
// used for signing the entire document.
// Extract the certificate and verify the document.
KeyInfo keyinfo = (KeyInfo) keys[0].KeyInfo;
Assert.That(XmlSignatureUtils.CheckSignature(doc, keyinfo));
Assert.AreEqual("ADLER_SAML20_ID", metadata.EntityId);
}
private static void LoadSPMetadata()
{
if (!_metadataLoaded)
{
_metadataLoaded = true;
if (!Directory.Exists(SPMetadataDir))
Directory.CreateDirectory(SPMetadataDir);
foreach (string file in Directory.GetFiles(SPMetadataDir))
{
string metadataString = File.ReadAllText(file);
try
{
XmlDocument doc = new XmlDocument();
doc.PreserveWhitespace = true;
doc.LoadXml(metadataString);
Saml20MetadataDocument metadata = new Saml20MetadataDocument(doc);
_metadataDocs.Add(metadata.EntityId, metadata);
}catch
{
//If for some reason there is a file in the directory which does not contain
//valid data we just continue to the next file
continue;
}
}
}
}
public void PerformSalesforceOAuthSaml2Grant ()
{
XmlDocument xDoc = new XmlDocument ();
xDoc.PreserveWhitespace = true;
xDoc.Load ("salesforce-oauthsaml2-idp-metadata.xml");
Saml20MetadataDocument idpMetadata = new Saml20MetadataDocument (xDoc);
Saml20Authenticator authenticator = new Saml20Authenticator (
"Symplified.Auth.iOS.Sample",
idpMetadata
);
authenticator.Completed += (s, e) => {
loginViewController.DismissViewController (true, null);
if (!e.IsAuthenticated) {
samlLoginStatusStringElement.Caption = "Not authorized";
samlLoginStatusStringElement.GetActiveCell ().BackgroundColor = UIColor.Red;
}
else {
SamlAccount authenticatedAccount = (SamlAccount)e.Account;
samlLoginStatusStringElement.Caption = authenticatedAccount.Assertion.Subject.Value;
samlLoginStatusStringElement.GetActiveCell ().BackgroundColor = UIColor.Green;
authenticatedAccount.GetBearerAssertionAuthorizationGrant (
new Uri ("https://login.salesforce.com/services/oauth2/token")
).ContinueWith (t => {
if (!t.IsFaulted) {
accessTokenStringElement.Caption = t.Result ["access_token"];
scopeStringElement.Caption = t.Result ["scope"];
BeginInvokeOnMainThread (delegate {
loginViewController.ReloadData ();
ListSalesforceResources (t.Result ["instance_url"], t.Result ["access_token"]);
});
}
else {
Console.WriteLine ("error");
}
});
}
loginViewController.ReloadData ();
};
UIViewController vc = authenticator.GetUI ();
loginViewController.PresentViewController (vc, true, null);
}
public void LoginWithIdentityProvider ()
{
XmlDocument xDoc = new XmlDocument ();
xDoc.PreserveWhitespace = true;
xDoc.Load ("idp.symplified.net.metadata.xml");
Saml20MetadataDocument idpMetadata = new Saml20MetadataDocument (xDoc);
Saml20Authenticator authenticator = new Saml20Authenticator (
"Symplified.Auth.iOS.Sample",
idpMetadata
);
authenticator.Completed += (s, e) => {
loginViewController.DismissViewController (true, null);
if (!e.IsAuthenticated) {
samlLoginStatusStringElement.Caption = "Not authorized";
samlLoginStatusStringElement.GetActiveCell ().BackgroundColor = UIColor.Red;
}
else {
SamlAccount authenticatedAccount = (SamlAccount)e.Account;
samlLoginStatusStringElement.Caption = String.Format ("Name: {0}", authenticatedAccount.Assertion.Subject.Value);
samlLoginStatusStringElement.GetActiveCell ().BackgroundColor = UIColor.Green;
}
loginViewController.ReloadData ();
};
vc = authenticator.GetUI ();
loginViewController.PresentViewController (vc, true, null);
}
