public IActionResult Result()
{
// Check if saml token is provide..., if so, security check , referrer, and signiture.
if (!Request.Form.TryGetValue("SAMLResponse", out m_samlResponse) &&
!String.IsNullOrEmpty(m_samlResponse))
{
ViewBag.HasSaml = false;
}
else
{
//decode base64
ViewBag.HasSaml = true;
byte[] data = Convert.FromBase64String(m_samlResponse);
string decodedString = Encoding.UTF8.GetString(data);
ViewBag.SamlToken = decodedString;
SamlToken token = new SamlToken(decodedString);
ViewBag.TokenStatus = token.Status;
}
//If the check failed, or not presented, redirect to login module;
// else get user info, and create principle and policy for authorization step;
return(View());
}
public override void Run()
{
System.Net.ServicePointManager.SecurityProtocol |=
System.Net.SecurityProtocolType.Tls12;
Console.WriteLine("\n\n#### Example: Login to vCenter server with "
+ "external Platform Services Controller");
VapiAuthenticationHelper vapiAuthHelper =
new VapiAuthenticationHelper();
SetupSslTrustForServer();
Console.WriteLine("\nStep 1: Connect to the lookup service on the "
+ "Platform Services Controller node.");
LookupServiceHelper lookupServiceHelper = new LookupServiceHelper(
LookupServiceUrl);
Console.WriteLine("\nStep 2: Discover the Single Sign-On service "
+ "URL from lookup service.");
String ssoUrl = lookupServiceHelper.FindSsoUrl();
Console.WriteLine("\nStep 3: Connect to the Single Sign-On URL and"
+ " retrieve the SAML bearer token.");
SamlToken samlBearerToken = SsoHelper.GetSamlBearerToken(ssoUrl,
UserName, Password);
Console.WriteLine("\nStep 4. Login to vAPI services using the "
+ "SAML bearer token.");
StubConfiguration sessionStubConfig =
vapiAuthHelper.LoginBySamlBearerToken(Server,
samlBearerToken);
Console.WriteLine("\nStep 5: Perform certain tasks using the vAPI "
+ "services.");
Console.WriteLine("\nListing all tags on the vCenter Server ...");
Tag taggingService =
vapiAuthHelper.StubFactory.CreateStub <Tag>(sessionStubConfig);
List <string> tagList = taggingService.List();
if (!tagList.Any())
{
Console.WriteLine("\nNo tags found !");
}
else
{
Console.WriteLine("\nTag Name\tTag Description");
foreach (string tagId in tagList)
{
Console.WriteLine(
taggingService.Get(tagId).GetName()
+ "\t" + taggingService.Get(tagId).GetDescription());
}
}
vapiAuthHelper.Logout();
}
public override void Run()
{
System.Net.ServicePointManager.SecurityProtocol |=
System.Net.SecurityProtocolType.Tls12;
Console.WriteLine("\n\n#### Example: Login to vCenter server with "
+ "embedded Platform Services Controller");
VapiAuthenticationHelper vapiAuthHelper =
new VapiAuthenticationHelper();
/*
* Since the platform services controller is embedded, the sso
* server is the same as the vcenter server.
*/
String ssoUrl = "https://" + Server + SSO_PATH;
SetupSslTrustForServer();
Console.WriteLine("\nStep 1: Connect to the Single Sign-On URL "
+ "and retrieve the SAML bearer token.");
SamlToken samlBearerToken = SsoHelper.GetSamlBearerToken(ssoUrl,
UserName, Password);
Console.WriteLine("\nStep 2. Login to vAPI services using the "
+ "SAML bearer token.");
StubConfiguration sessionStubConfig =
vapiAuthHelper.LoginBySamlBearerToken(Server,
samlBearerToken);
Console.WriteLine("\nStep 3: Perform certain tasks using the vAPI "
+ "services.");
Console.WriteLine("\nListing all tags on the vCenter Server ...");
Tag taggingService =
vapiAuthHelper.StubFactory.CreateStub <Tag>(sessionStubConfig);
List <string> tagList = taggingService.List();
if (!tagList.Any())
{
Console.WriteLine("\nNo tags found !");
}
else
{
Console.WriteLine("\nTag Name\tTag Description");
foreach (string tagId in tagList)
{
Console.WriteLine(
taggingService.Get(tagId).GetName()
+ "\t" + taggingService.Get(tagId).GetDescription());
}
}
vapiAuthHelper.Logout();
}
public override void Run()
{
System.Net.ServicePointManager.SecurityProtocol |=
System.Net.SecurityProtocolType.Tls12;
Console.WriteLine("\n\n#### Example: Login to vCenter server with "
+ "external Platform Services Controller");
VapiAuthenticationHelper vapiAuthHelper =
new VapiAuthenticationHelper();
SetupSslTrustForServer();
Console.WriteLine("\nStep 1: Connect to the lookup service on the "
+ "Platform Services Controller node.");
LookupServiceHelper lookupServiceHelper = new LookupServiceHelper(
LookupServiceUrl);
Console.WriteLine("\nStep 2: Discover the Single Sign-On service "
+ "URL from lookup service.");
String ssoUrl = lookupServiceHelper.FindSsoUrl();
Console.WriteLine("\nStep 3: Connect to the Single Sign-On URL and"
+ " retrieve the SAML bearer token.");
SamlToken samlBearerToken = SsoHelper.GetSamlBearerToken(ssoUrl,
UserName, Password);
Console.WriteLine("\nStep 4. Login to vAPI services using the "
+ "SAML bearer token.");
StubConfiguration sessionStubConfig =
vapiAuthHelper.LoginBySamlBearerToken(Server,
samlBearerToken);
Console.WriteLine("\nStep 5: Perform certain tasks using the vAPI "
+ "services.");
Datacenter datacenterService =
vapiAuthHelper.StubFactory.CreateStub <Datacenter>(
sessionStubConfig);
List <DatacenterTypes.Summary> dcList =
datacenterService.List(new DatacenterTypes.FilterSpec());
Console.WriteLine("\nList of datacenters on the vcenter server:");
foreach (DatacenterTypes.Summary dcSummary in dcList)
{
Console.WriteLine(dcSummary);
}
vapiAuthHelper.Logout();
}
/// <summary>
/// Creates a session with the server using SAML Bearer Token
/// </summary>
/// <param name="server">hostname of the server to login</param>
/// <param name="username">username for login</param>
/// <param name="password">password for login</param>
/// <returns>the stub configuration configured with an authenticated
/// session
/// </returns>
public StubConfiguration LoginBySamlBearerToken(string server,
SamlToken samlBearerToken)
{
if (this.sessionSvc != null)
{
throw new Exception("Session already created");
}
StubFactory = CreateApiStubFactory(server);
// Create a SAML security context using SAML bearer token
ExecutionContext.SecurityContext samlSecurityContext = new SamlTokenSecurityContext(
samlBearerToken, null);
/*
* Create a stub configuration with username/password security
* context
*/
StubConfiguration stubConfig = new StubConfiguration();
stubConfig.SetSecurityContext(samlSecurityContext);
// Create a session stub using the stub configuration.
Session session =
StubFactory.CreateStub <Session>(stubConfig);
// Login and create a session
char[] sessionId = session.Create();
/*
* Initialize a session security context from the generated
* session id
*/
SessionSecurityContext sessionSecurityContext =
new SessionSecurityContext(sessionId);
// Update the stub configuration to use the session id
stubConfig.SetSecurityContext(sessionSecurityContext);
/*
* Create a stub for the session service using the authenticated
* session
*/
this.sessionSvc =
StubFactory.CreateStub <Session>(stubConfig);
return(stubConfig);
}
public override void Run()
{
System.Net.ServicePointManager.SecurityProtocol |=
System.Net.SecurityProtocolType.Tls12;
Console.WriteLine("\n\n#### Example: Login to vCenter server with "
+ "embedded Platform Services Controller");
VapiAuthenticationHelper vapiAuthHelper =
new VapiAuthenticationHelper();
/*
* Since the platform services controller is embedded, the sso
* server is the same as the vcenter server.
*/
String ssoUrl = "https://" + Server + SSO_PATH;
SetupSslTrustForServer();
Console.WriteLine("\nStep 1: Connect to the Single Sign-On URL "
+ "and retrieve the SAML bearer token.");
SamlToken samlBearerToken = SsoHelper.GetSamlBearerToken(ssoUrl,
UserName, Password);
Console.WriteLine("\nStep 2. Login to vAPI services using the "
+ "SAML bearer token.");
StubConfiguration sessionStubConfig =
vapiAuthHelper.LoginBySamlBearerToken(Server,
samlBearerToken);
Console.WriteLine("\nStep 3: Perform certain tasks using the vAPI "
+ "services.");
Datacenter datacenterService =
vapiAuthHelper.StubFactory.CreateStub <Datacenter>(
sessionStubConfig);
List <DatacenterTypes.Summary> dcList =
datacenterService.List(new DatacenterTypes.FilterSpec());
Console.WriteLine("\nList of datacenters on the vcenter server:");
foreach (DatacenterTypes.Summary dcSummary in dcList)
{
Console.WriteLine(dcSummary);
}
vapiAuthHelper.Logout();
}
public ISamlToken VerifyToken(IRequest request, string[] tokenString)
{
var token = (new TokenFormatter()).Parse(tokenString);
_requestsVerifier.VerifyAgeAndRepeatOnNewRequest(token.Nonce);
ISamlToken result = null;
try {
result = new SamlToken(token.SamlToken);
} catch (Exception exc) {
throw new AuthException(exc.Message, exc);
}
token.VerifyBodyHash(request);
token.VerifySignature(request, result.ConfirmationCertificate);
return(result);
}
public static SamlToken GetSamlBearerToken(
string ssoUrl, string ssoUserName, string ssoPassword)
{
var binding = VimAuthenticationHelper.GetCustomBinding();
var address = new EndpointAddress(ssoUrl);
var stsServiceClient =
new STSService_PortTypeClient(binding, address);
stsServiceClient.ClientCredentials.UserName.UserName = ssoUserName;
stsServiceClient.ClientCredentials.UserName.Password = ssoPassword;
RequestSecurityTokenType tokenType =
new RequestSecurityTokenType();
/**
* For this request we need at least the following element in the
* RequestSecurityTokenType set
*
* 1. Lifetime - represented by LifetimeType which specifies the
* lifetime for the token to be issued
*
* 2. Tokentype - "urnoasisnamestcSAML20assertion", which is the
* class that models the requested token
*
* 3. RequestType -
* "httpdocsoasisopenorgwssxwstrust200512Issue", as we want
* to get a token issued
*
* 4. KeyType -
* "httpdocsoasisopenorgwssxwstrust200512Bearer",
* representing the kind of key the token will have. There are two
* options namely bearer and holder-of-key
*
* 5. SignatureAlgorithm -
* "httpwwww3org200104xmldsigmorersasha256", representing the
* algorithm used for generating signature
*
* 6. Renewing - represented by the RenewingType which specifies
* whether the token is renewable or not
*/
tokenType.TokenType =
TokenTypeEnum.urnoasisnamestcSAML20assertion;
tokenType.RequestType =
RequestTypeEnum.httpdocsoasisopenorgwssxwstrust200512Issue;
tokenType.KeyType =
KeyTypeEnum.httpdocsoasisopenorgwssxwstrust200512Bearer;
tokenType.SignatureAlgorithm =
SignatureAlgorithmEnum.httpwwww3org200104xmldsigmorersasha256;
tokenType.Delegatable = true;
tokenType.DelegatableSpecified = true;
LifetimeType lifetime = new LifetimeType();
AttributedDateTime created = new AttributedDateTime();
String createdDate = String.Format(dateFormat,
DateTime.Now.ToUniversalTime());
created.Value = createdDate;
lifetime.Created = created;
AttributedDateTime expires = new AttributedDateTime();
TimeSpan duration = new TimeSpan(1, 10, 10);
String expireDate = String.Format(dateFormat,
DateTime.Now.Add(duration).ToUniversalTime());
expires.Value = expireDate;
lifetime.Expires = expires;
tokenType.Lifetime = lifetime;
RenewingType renewing = new RenewingType();
renewing.Allow = false;
renewing.OK = true;
tokenType.Renewing = renewing;
RequestSecurityTokenResponseCollectionType responseToken =
stsServiceClient.Issue(tokenType);
RequestSecurityTokenResponseType rstResponse =
responseToken.RequestSecurityTokenResponse;
XmlElement samlTokenXml = rstResponse.RequestedSecurityToken;
SamlToken samlToken = new SamlToken(samlTokenXml);
return(samlToken);
}