private string GetDecryptedSamlToken() { var encryptedSamlToken = GetSamlTokenXml(); var decryptedSamlToken = ""; using (var reader = new StringReader(encryptedSamlToken)) { using (var xmlReader = XmlReader.Create(reader)) { var samlHandler = new Saml2SecurityTokenHandler { Configuration = new SecurityTokenHandlerConfiguration { ServiceTokenResolver = new X509CertificateStoreTokenResolver() } }; var token = samlHandler.ReadToken(xmlReader); using (var writer = new StringWriter()) { using (var xmlWriter = XmlWriter.Create(writer)) { samlHandler.WriteToken(xmlWriter, token); } decryptedSamlToken = writer.GetStringBuilder().ToString(); } } } return(decryptedSamlToken); }
private static SecurityToken GetBootstrapToken() { string rawToken = Saml20Identity.Current["urn:liberty:disco:2006-08:DiscoveryEPR"][0].AttributeValue[0]; byte[] raw = Convert.FromBase64String(rawToken); using (var memoryStream = new MemoryStream(raw)) { string content; using (StreamReader reader = new StreamReader(memoryStream, Encoding.Unicode)) { content = reader.ReadToEnd(); } } SecurityToken bootstrapToken; using (var memoryStream = new MemoryStream(raw)) { using (var streamReader = new StreamReader(memoryStream)) { using (var xmlTextReader = new XmlTextReader(streamReader)) { SecurityTokenHandler handler = new Saml2SecurityTokenHandler(); handler.Configuration = new SecurityTokenHandlerConfiguration(); bootstrapToken = handler.ReadToken(xmlTextReader); } } } return(bootstrapToken); }
public void LoginAction(AbstractEndpointHandler handler, HttpContext context, Saml20Assertion assertion) { if (handler == null) { Logging.Instance.Error("SamlPrincipalAction - LogOnAction handler is null"); throw new ArgumentNullException("handler"); } if (context == null) { Logging.Instance.Error("SamlPrincipalAction - LogOnAction context is null"); throw new ArgumentNullException("context"); } if (assertion == null) { Logging.Instance.Error("SamlPrincipalAction - LogOnAction assertion is null"); throw new ArgumentNullException("assertion"); } Saml2SecurityTokenHandler securityTokenHandler = this.sessionAuthModule.FederationConfiguration.IdentityConfiguration.SecurityTokenHandlers[ typeof(Saml2SecurityToken)] as Saml2SecurityTokenHandler; //Generate bootstraptoken from assertion xml if (securityTokenHandler != null) { var assertionXml = assertion.XmlAssertion; using (System.IO.StringReader reader = new System.IO.StringReader(assertionXml.OuterXml)) { XmlReader xReader = XmlReader.Create(reader); var bootstraptoken = securityTokenHandler.ReadToken(xReader); HttpContext.Current.Session["boostraptoken"] = bootstraptoken; } } BuildClaimsPrincipal(assertion); }
static void TransportTransportMessageReceived(object sender, TransportMessageReceivedEventArgs e) { if (!ConfigureClaimFlow.Flow) { return; } if (!e.Message.Headers.ContainsKey(SecurityTokenKey)) { return; } var serializedToken = e.Message.Headers[SecurityTokenKey]; var certificate = ExtractCertificate(serializedToken); var handler = new Saml2SecurityTokenHandler(new SamlSecurityTokenRequirement()); var tokens = new List <SecurityToken> { new X509SecurityToken(certificate) }; var resolver = SecurityTokenResolver.CreateDefaultSecurityTokenResolver(tokens.AsReadOnly(), false); handler.Configuration = new SecurityTokenHandlerConfiguration { IssuerTokenResolver = resolver, IssuerNameRegistry = new InternalIssuerNameRegistry(), CertificateValidator = X509CertificateValidator.None }; using (var reader = XmlReader.Create(new StringReader(serializedToken))) { var bootstrapToken = handler.ReadToken(reader); handler.Configuration.AudienceRestriction.AudienceMode = AudienceUriMode.Never; handler.Configuration.MaxClockSkew = TimeSpan.MaxValue; var collection = handler.ValidateToken(bootstrapToken); Thread.CurrentPrincipal = new ClaimsPrincipal(collection); } }
private Saml2SecurityToken ParseToken(string token, Saml2SecurityTokenHandler samlHandler) { using (var reader = new StringReader(token)) { using (var xmlReader = XmlReader.Create(reader)) { //Parses the token, as well as decrypting it return((Saml2SecurityToken)samlHandler.ReadToken(xmlReader)); } } }
public static Saml2Assertion MakeNemIdAssertion(X509Certificate2 certificate) { var doc = Global.SignedTokenXml(); Saml2Assertion sa; using (var rd = doc.CreateReader()) { var s2sth = new Saml2SecurityTokenHandler { /*Configuration = new SecurityTokenHandlerConfiguration * { * IssuerTokenResolver = new Saml2IssuerTokenResolver() * }*/ }; var s2st = s2sth.ReadToken(rd) as Saml2SecurityToken; sa = s2st.Assertion; } var ass = new Saml2Assertion(new Saml2NameIdentifier(sa.Issuer.Value)) { Conditions = new Saml2Conditions { NotOnOrAfter = DateTime.Now + TimeSpan.FromHours(8), NotBefore = DateTime.Now }, Subject = new Saml2Subject(new Saml2NameIdentifier(certificate.SubjectName.Name)) }; ass.Subject.SubjectConfirmations.Add(new Saml2SubjectConfirmation(new Uri("urn:oasis:names:tc:SAML:2.0:cm:bearer")) { SubjectConfirmationData = new Saml2SubjectConfirmationData { NotOnOrAfter = DateTime.Now + TimeSpan.FromHours(8), Recipient = new Uri("https://staging.fmk-online.dk/fmk/saml/SAMLAssertionConsumer") } }); var q = from att in sa.Statements.OfType <Saml2AttributeStatement>().First().Attributes select new Saml2Attribute(att.Name, att.Values.First()) { NameFormat = att.NameFormat }; ass.Statements.Add(new Saml2AttributeStatement(q)); ass.Statements.Add(new Saml2AuthenticationStatement(new Saml2AuthenticationContext(new Uri("element:urn:oasis:names:tc:SAML:2.0:ac:classes:X509")), DateTime.Now)); /*var secClause = new X509RawDataKeyIdentifierClause(certificate); * var issuerKeyIdentifier = new SecurityKeyIdentifier(secClause); * issuerKeyIdentifier.Add(secClause);*/ ass.SigningCredentials = new X509SigningCredentials(certificate); //, SignedXml.XmlDsigRSASHA1Url, SignedXml.XmlDsigSHA1Url); return(ass); }
/// <summary> /// Authenticates the specified message. /// </summary> /// <returns> /// Returns <see cref="T:System.Collections.ObjectModel.ReadOnlyCollection`1"/>. /// </returns> /// <param name="authPolicy">The authorization policy.</param><param name="listenUri">The URI at which the message was received.</param><param name="message">The message to be authenticated.</param> public override ReadOnlyCollection <IAuthorizationPolicy> Authenticate(ReadOnlyCollection <IAuthorizationPolicy> authPolicy, Uri listenUri, ref Message message) { if (WebOperationContext.Current != null && WebOperationContext.Current.IncomingRequest.Headers["fedAuth"] != null) { var tokenString = WebOperationContext.Current.IncomingRequest.Headers["fedAuth"]; var handler = new Saml2SecurityTokenHandler(); var token = handler.ReadToken(tokenString); var identities = handler.ValidateToken(token); var principal = new ClaimsPrincipal(identities); Thread.CurrentPrincipal = principal; } return(base.Authenticate(authPolicy, listenUri, ref message)); }
public void TempAssertionTest1() { //ARRANGE var foo = new StreamReader(@"D:\Dan\Software\ECA-Interenational\Temp\Base64.txt"); var base64 = foo.ReadToEnd(); var boo = Convert.FromBase64String(base64); var requestFromBase64 = Encoding.UTF8.GetString(boo); var reader = XmlReader.Create(new StringReader(requestFromBase64)); var reader1 = XmlReader.Create(new StringReader(requestFromBase64)); reader1.MoveToContent(); var signatureManager = new XmlSignatureManager(); var document = new XmlDocument { PreserveWhitespace = false }; //document.Load(@"D:\Dan\Software\ECA-Interenational\Temp\TestResponse.xml"); var xml = reader1.ReadOuterXml(); document.LoadXml(xml); var assertion = (XmlElement)document.GetElementsByTagName("Assertion", Saml20Constants.Assertion)[0]; var signEl = document.GetElementsByTagName("Signature", "http://www.w3.org/2000/09/xmldsig#") .Cast <XmlElement>() .First(x => x.ParentNode == document.DocumentElement); var certEl = (XmlElement)signEl.GetElementsByTagName("X509Certificate", "http://www.w3.org/2000/09/xmldsig#")[0]; var dcert2 = new X509Certificate2(Convert.FromBase64String(certEl.InnerText)); //var document1 = new XmlDocument(); //document1.LoadXml(assertion.OuterXml); var handler = new Saml2SecurityTokenHandler(); var config = this.GetConfiguration(); handler.Configuration = config; //var reader = XmlReader.Create(new StringReader(document.OuterXml)); //var reader = XmlReader.Create(@"D:\Dan\Software\ECA-Interenational\Temp\TestResponse.xml", new XmlReaderSettings { }); this.MoveToToken(reader); //var reader1 = XmlReader.Create(new StringReader(document1.OuterXml)); var token = handler.ReadToken(reader); //var token1 = handler.ReadToken(reader1); //ACT //var isValid = signatureManager.VerifySignature(document1, signEl, dcert2.PublicKey.Key); var isValid = signatureManager.VerifySignature(document, signEl, dcert2.PublicKey.Key); //ASSERT Assert.True(isValid); }
private void RunValidationTests(SecurityTokenDescriptor tokenDescriptor, SecurityToken securityToken, SecurityKey key, int iterations, bool display = true) { // Create jwts using wif // Create Saml2 tokens // Create Saml tokens DateTime started; string validating = "Validating, signed: '{0}', '{1}' Tokens. Time: '{2}'"; SetReturnSecurityTokenResolver str = new Test.SetReturnSecurityTokenResolver(securityToken, key); SecurityTokenHandlerConfiguration tokenHandlerConfiguration = new SecurityTokenHandlerConfiguration() { IssuerTokenResolver = str, SaveBootstrapContext = true, CertificateValidator = AlwaysSucceedCertificateValidator.New, AudienceRestriction = new AudienceRestriction(AudienceUriMode.Never), IssuerNameRegistry = new SetNameIssuerNameRegistry(Issuers.GotJwt), }; Saml2SecurityTokenHandler samlTokenHandler = new Saml2SecurityTokenHandler(); Saml2SecurityToken token = samlTokenHandler.CreateToken(tokenDescriptor) as Saml2SecurityToken; StringBuilder sb = new StringBuilder(); XmlWriter writer = XmlWriter.Create(sb); samlTokenHandler.WriteToken(writer, token); writer.Flush(); writer.Close(); string tokenXml = sb.ToString(); samlTokenHandler.Configuration = tokenHandlerConfiguration; started = DateTime.UtcNow; for (int i = 0; i < iterations; i++) { StringReader sr = new StringReader(tokenXml); XmlDictionaryReader reader = XmlDictionaryReader.CreateDictionaryReader(XmlReader.Create(sr)); reader.MoveToContent(); SecurityToken saml2Token = samlTokenHandler.ReadToken(reader); samlTokenHandler.ValidateToken(saml2Token); } if (display) { Console.WriteLine(string.Format(validating, "Saml2SecurityTokenHandler", iterations, DateTime.UtcNow - started)); } JwtSecurityTokenHandler jwtTokenHandler = new JwtSecurityTokenHandler(); JwtSecurityToken jwt = jwtTokenHandler.CreateToken(tokenDescriptor) as JwtSecurityToken; jwtTokenHandler.Configuration = tokenHandlerConfiguration; started = DateTime.UtcNow; for (int i = 0; i < iterations; i++) { jwtTokenHandler.ValidateToken(jwt.RawData); } if (display) { Console.WriteLine(string.Format(validating, "JwtSecurityTokenHandle - ValidateToken( jwt.RawData )", iterations, DateTime.UtcNow - started)); } jwt = jwtTokenHandler.CreateToken(tokenDescriptor) as JwtSecurityToken; sb = new StringBuilder(); writer = XmlWriter.Create(sb); jwtTokenHandler.WriteToken(writer, jwt); writer.Flush(); writer.Close(); tokenXml = sb.ToString(); started = DateTime.UtcNow; for (int i = 0; i < iterations; i++) { StringReader sr = new StringReader(tokenXml); XmlDictionaryReader reader = XmlDictionaryReader.CreateDictionaryReader(XmlReader.Create(sr)); reader.MoveToContent(); SecurityToken jwtToken = jwtTokenHandler.ReadToken(reader); jwtTokenHandler.ValidateToken(jwtToken); } if (display) { Console.WriteLine(string.Format(validating, "JwtSecurityTokenHandle - ReadToken( reader ), ValidateToken( jwtToken )", iterations, DateTime.UtcNow - started)); } started = DateTime.UtcNow; for (int i = 0; i < iterations; i++) { StringReader sr = new StringReader(tokenXml); XmlDictionaryReader reader = XmlDictionaryReader.CreateDictionaryReader(XmlReader.Create(sr)); reader.MoveToContent(); JwtSecurityToken jwtToken = jwtTokenHandler.ReadToken(reader) as JwtSecurityToken; jwtTokenHandler.ValidateToken(jwtToken.RawData); } if (display) { Console.WriteLine(string.Format(validating, "JwtSecurityTokenHandle - ReadToken( reader ), ValidateToken( jwtToken.RawData )", iterations, DateTime.UtcNow - started)); } }
static void TransportTransportMessageReceived(object sender, TransportMessageReceivedEventArgs e) { if (!ConfigureClaimFlow.Flow) return; if (!e.Message.Headers.ContainsKey(SecurityTokenKey)) return; var serializedToken = e.Message.Headers[SecurityTokenKey]; var certificate = ExtractCertificate(serializedToken); var handler = new Saml2SecurityTokenHandler(new SamlSecurityTokenRequirement()); var tokens = new List<SecurityToken> {new X509SecurityToken(certificate)}; var resolver = SecurityTokenResolver.CreateDefaultSecurityTokenResolver(tokens.AsReadOnly(), false); handler.Configuration = new SecurityTokenHandlerConfiguration { IssuerTokenResolver = resolver, IssuerNameRegistry = new InternalIssuerNameRegistry(), CertificateValidator = X509CertificateValidator.None }; using (var reader = XmlReader.Create(new StringReader(serializedToken))) { var bootstrapToken = handler.ReadToken(reader); handler.Configuration.AudienceRestriction.AudienceMode = AudienceUriMode.Never; handler.Configuration.MaxClockSkew = TimeSpan.MaxValue; var collection = handler.ValidateToken(bootstrapToken); Thread.CurrentPrincipal = new ClaimsPrincipal(collection); } }