/// <summary>
        /// Creates a saml authentication request
        /// </summary>
        /// <param name="authnRequest">contains the authentication request properties</param>
        /// <param name="signAlgorithm">algorithm to sign the saml request</param>
        /// <returns>signed saml request</returns>
        public string CreateSamlAuthnRequest(Saml2AuthnRequest authnRequest,
                                             Cryptography.SigningAlgorithm signAlgorithm = Cryptography.SigningAlgorithm.SHA1withRSA)
        {
            if (!initialized)
            {
                throw new SamlCommunicationException("Init must be called first", SamlCommunicationType.SAMLCOMMUNICATION);
            }

            // load signing certificate
            X509Certificate2 signingCertificate = certificate; // LoadCertificate();
            // set creation time
            TimeZone localZone = TimeZone.CurrentTimeZone;

            authnRequest.IssueInstant = localZone.ToUniversalTime(DateTime.Now);
            // make id -> hash the authn request make it unique
            byte[] hash = crypto.Hash(authnRequest.ToXML(), Cryptography.HashTypes.SHA256);
            authnRequest.ID = Convert.ToBase64String(hash);

            // set signing algorithm
            string signingAlgorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";

            if (signAlgorithm == Cryptography.SigningAlgorithm.SHA256withRSA)
            {
                signingAlgorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"; // TODO correct algorithm
            }
            string original;
            string deflated = serializer.Deflate(authnRequest.ToXML(), out original);

            // todo store authn request in storage!
            archiver.SetObjectToArchive(authnRequest.ID, Convert.ToBase64String(Encoding.UTF8.GetBytes(authnRequest.ToXML())));

            // SAMLResponse=value&RelayState=value&SigAlg=value
            string toSign = "SAMLRequest=" + WebUtility.UrlEncode(deflated)         // HttpUtility if in Webproject
                            + "&RelayState=" + WebUtility.UrlEncode(authnRequest.ID)
                            + "&SigAlg=" + WebUtility.UrlEncode(signingAlgorithm);

            string signature = crypto.SignString(toSign, signingCertificate, signAlgorithm);
            string request   = authnRequest.Destination + "?" + toSign + "&Signature=" + WebUtility.UrlEncode(signature);

            LogService.Log(LogService.LogType.Info, "CreateSamlAuthnRequest - authnRequest created: '" + request + "'");

            return(request);
        }
        public void CreateAuthnRequstTest()
        {
            string            xmlString = ReadFile(xmlFilename);
            Saml2Serializer   saml      = new Saml2Serializer();
            Cryptography      crypto    = new Cryptography();
            Saml2AuthnRequest authn     = new Saml2AuthnRequest();

            AuthnRequest authnRequest = saml.ConvertXMLToAuthnRequestObject(xmlString);

            authn.AssertionConsumerServiceURL    = authnRequest.AssertionConsumerServiceURL;
            authn.AttributeConsumingServiceIndex = authnRequest.AttributeConsumingServiceIndex;
            authn.Destination  = authnRequest.Destination;
            authn.ForceAuthn   = authnRequest.ForceAuthn;
            authn.Issuer       = authnRequest.Issuer;
            authn.ProviderName = "HybridIssuer";

            TimeZone localZone = TimeZone.CurrentTimeZone;

            authn.IssueInstant = localZone.ToUniversalTime(DateTime.Now);
            authn.ID           = "65464-6546-6454889-3313";

            string original;
            string zipped = saml.Deflate(authn.ToXML(), out original);

            string sigAlg = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";

            // SAMLResponse=value&RelayState=value&SigAlg=value
            string toSign = "SAMLRequest=" + HttpUtility.UrlEncode(zipped, Encoding.UTF8)
                            + "&RelayState=" + HttpUtility.UrlEncode("34bad366-f60b-4491-a462-230ea22423ad", Encoding.UTF8)
                            + "&SigAlg=" + HttpUtility.UrlEncode(sigAlg, Encoding.UTF8);

            //byte[] sig = saml.SignXML(xmlString);
            //string signature = Convert.ToBase64String(sig);

            string keystorePath     = AppDomain.CurrentDomain.BaseDirectory + "\\Keys\\hybridissuer.pfx";
            string keystorePassword = "******";
            string friendlyName     = "hybridissuer";
            SamlCertificateController certController = new SamlCertificateController();
            X509Certificate2          cert           = certController.GetCertificate(friendlyName, keystorePath, keystorePassword);

            string signature = crypto.SignString(toSign, cert, Cryptography.SigningAlgorithm.SHA1withRSA);
            string request   = authnRequest.Destination + "?" + toSign + "&Signature=" + HttpUtility.UrlEncode(signature, Encoding.UTF8);
        }