public IActionResult Result() { // Check if saml token is provide..., if so, security check , referrer, and signiture. if (!Request.Form.TryGetValue("SAMLResponse", out m_samlResponse) && !String.IsNullOrEmpty(m_samlResponse)) { ViewBag.HasSaml = false; } else { //decode base64 ViewBag.HasSaml = true; byte[] data = Convert.FromBase64String(m_samlResponse); string decodedString = Encoding.UTF8.GetString(data); ViewBag.SamlToken = decodedString; SamlToken token = new SamlToken(decodedString); ViewBag.TokenStatus = token.Status; } //If the check failed, or not presented, redirect to login module; // else get user info, and create principle and policy for authorization step; return(View()); }
public override void Run() { System.Net.ServicePointManager.SecurityProtocol |= System.Net.SecurityProtocolType.Tls12; Console.WriteLine("\n\n#### Example: Login to vCenter server with " + "external Platform Services Controller"); VapiAuthenticationHelper vapiAuthHelper = new VapiAuthenticationHelper(); SetupSslTrustForServer(); Console.WriteLine("\nStep 1: Connect to the lookup service on the " + "Platform Services Controller node."); LookupServiceHelper lookupServiceHelper = new LookupServiceHelper( LookupServiceUrl); Console.WriteLine("\nStep 2: Discover the Single Sign-On service " + "URL from lookup service."); String ssoUrl = lookupServiceHelper.FindSsoUrl(); Console.WriteLine("\nStep 3: Connect to the Single Sign-On URL and" + " retrieve the SAML bearer token."); SamlToken samlBearerToken = SsoHelper.GetSamlBearerToken(ssoUrl, UserName, Password); Console.WriteLine("\nStep 4. Login to vAPI services using the " + "SAML bearer token."); StubConfiguration sessionStubConfig = vapiAuthHelper.LoginBySamlBearerToken(Server, samlBearerToken); Console.WriteLine("\nStep 5: Perform certain tasks using the vAPI " + "services."); Console.WriteLine("\nListing all tags on the vCenter Server ..."); Tag taggingService = vapiAuthHelper.StubFactory.CreateStub <Tag>(sessionStubConfig); List <string> tagList = taggingService.List(); if (!tagList.Any()) { Console.WriteLine("\nNo tags found !"); } else { Console.WriteLine("\nTag Name\tTag Description"); foreach (string tagId in tagList) { Console.WriteLine( taggingService.Get(tagId).GetName() + "\t" + taggingService.Get(tagId).GetDescription()); } } vapiAuthHelper.Logout(); }
public override void Run() { System.Net.ServicePointManager.SecurityProtocol |= System.Net.SecurityProtocolType.Tls12; Console.WriteLine("\n\n#### Example: Login to vCenter server with " + "embedded Platform Services Controller"); VapiAuthenticationHelper vapiAuthHelper = new VapiAuthenticationHelper(); /* * Since the platform services controller is embedded, the sso * server is the same as the vcenter server. */ String ssoUrl = "https://" + Server + SSO_PATH; SetupSslTrustForServer(); Console.WriteLine("\nStep 1: Connect to the Single Sign-On URL " + "and retrieve the SAML bearer token."); SamlToken samlBearerToken = SsoHelper.GetSamlBearerToken(ssoUrl, UserName, Password); Console.WriteLine("\nStep 2. Login to vAPI services using the " + "SAML bearer token."); StubConfiguration sessionStubConfig = vapiAuthHelper.LoginBySamlBearerToken(Server, samlBearerToken); Console.WriteLine("\nStep 3: Perform certain tasks using the vAPI " + "services."); Console.WriteLine("\nListing all tags on the vCenter Server ..."); Tag taggingService = vapiAuthHelper.StubFactory.CreateStub <Tag>(sessionStubConfig); List <string> tagList = taggingService.List(); if (!tagList.Any()) { Console.WriteLine("\nNo tags found !"); } else { Console.WriteLine("\nTag Name\tTag Description"); foreach (string tagId in tagList) { Console.WriteLine( taggingService.Get(tagId).GetName() + "\t" + taggingService.Get(tagId).GetDescription()); } } vapiAuthHelper.Logout(); }
public override void Run() { System.Net.ServicePointManager.SecurityProtocol |= System.Net.SecurityProtocolType.Tls12; Console.WriteLine("\n\n#### Example: Login to vCenter server with " + "external Platform Services Controller"); VapiAuthenticationHelper vapiAuthHelper = new VapiAuthenticationHelper(); SetupSslTrustForServer(); Console.WriteLine("\nStep 1: Connect to the lookup service on the " + "Platform Services Controller node."); LookupServiceHelper lookupServiceHelper = new LookupServiceHelper( LookupServiceUrl); Console.WriteLine("\nStep 2: Discover the Single Sign-On service " + "URL from lookup service."); String ssoUrl = lookupServiceHelper.FindSsoUrl(); Console.WriteLine("\nStep 3: Connect to the Single Sign-On URL and" + " retrieve the SAML bearer token."); SamlToken samlBearerToken = SsoHelper.GetSamlBearerToken(ssoUrl, UserName, Password); Console.WriteLine("\nStep 4. Login to vAPI services using the " + "SAML bearer token."); StubConfiguration sessionStubConfig = vapiAuthHelper.LoginBySamlBearerToken(Server, samlBearerToken); Console.WriteLine("\nStep 5: Perform certain tasks using the vAPI " + "services."); Datacenter datacenterService = vapiAuthHelper.StubFactory.CreateStub <Datacenter>( sessionStubConfig); List <DatacenterTypes.Summary> dcList = datacenterService.List(new DatacenterTypes.FilterSpec()); Console.WriteLine("\nList of datacenters on the vcenter server:"); foreach (DatacenterTypes.Summary dcSummary in dcList) { Console.WriteLine(dcSummary); } vapiAuthHelper.Logout(); }
/// <summary> /// Creates a session with the server using SAML Bearer Token /// </summary> /// <param name="server">hostname of the server to login</param> /// <param name="username">username for login</param> /// <param name="password">password for login</param> /// <returns>the stub configuration configured with an authenticated /// session /// </returns> public StubConfiguration LoginBySamlBearerToken(string server, SamlToken samlBearerToken) { if (this.sessionSvc != null) { throw new Exception("Session already created"); } StubFactory = CreateApiStubFactory(server); // Create a SAML security context using SAML bearer token ExecutionContext.SecurityContext samlSecurityContext = new SamlTokenSecurityContext( samlBearerToken, null); /* * Create a stub configuration with username/password security * context */ StubConfiguration stubConfig = new StubConfiguration(); stubConfig.SetSecurityContext(samlSecurityContext); // Create a session stub using the stub configuration. Session session = StubFactory.CreateStub <Session>(stubConfig); // Login and create a session char[] sessionId = session.Create(); /* * Initialize a session security context from the generated * session id */ SessionSecurityContext sessionSecurityContext = new SessionSecurityContext(sessionId); // Update the stub configuration to use the session id stubConfig.SetSecurityContext(sessionSecurityContext); /* * Create a stub for the session service using the authenticated * session */ this.sessionSvc = StubFactory.CreateStub <Session>(stubConfig); return(stubConfig); }
public override void Run() { System.Net.ServicePointManager.SecurityProtocol |= System.Net.SecurityProtocolType.Tls12; Console.WriteLine("\n\n#### Example: Login to vCenter server with " + "embedded Platform Services Controller"); VapiAuthenticationHelper vapiAuthHelper = new VapiAuthenticationHelper(); /* * Since the platform services controller is embedded, the sso * server is the same as the vcenter server. */ String ssoUrl = "https://" + Server + SSO_PATH; SetupSslTrustForServer(); Console.WriteLine("\nStep 1: Connect to the Single Sign-On URL " + "and retrieve the SAML bearer token."); SamlToken samlBearerToken = SsoHelper.GetSamlBearerToken(ssoUrl, UserName, Password); Console.WriteLine("\nStep 2. Login to vAPI services using the " + "SAML bearer token."); StubConfiguration sessionStubConfig = vapiAuthHelper.LoginBySamlBearerToken(Server, samlBearerToken); Console.WriteLine("\nStep 3: Perform certain tasks using the vAPI " + "services."); Datacenter datacenterService = vapiAuthHelper.StubFactory.CreateStub <Datacenter>( sessionStubConfig); List <DatacenterTypes.Summary> dcList = datacenterService.List(new DatacenterTypes.FilterSpec()); Console.WriteLine("\nList of datacenters on the vcenter server:"); foreach (DatacenterTypes.Summary dcSummary in dcList) { Console.WriteLine(dcSummary); } vapiAuthHelper.Logout(); }
public ISamlToken VerifyToken(IRequest request, string[] tokenString) { var token = (new TokenFormatter()).Parse(tokenString); _requestsVerifier.VerifyAgeAndRepeatOnNewRequest(token.Nonce); ISamlToken result = null; try { result = new SamlToken(token.SamlToken); } catch (Exception exc) { throw new AuthException(exc.Message, exc); } token.VerifyBodyHash(request); token.VerifySignature(request, result.ConfirmationCertificate); return(result); }
public static SamlToken GetSamlBearerToken( string ssoUrl, string ssoUserName, string ssoPassword) { var binding = VimAuthenticationHelper.GetCustomBinding(); var address = new EndpointAddress(ssoUrl); var stsServiceClient = new STSService_PortTypeClient(binding, address); stsServiceClient.ClientCredentials.UserName.UserName = ssoUserName; stsServiceClient.ClientCredentials.UserName.Password = ssoPassword; RequestSecurityTokenType tokenType = new RequestSecurityTokenType(); /** * For this request we need at least the following element in the * RequestSecurityTokenType set * * 1. Lifetime - represented by LifetimeType which specifies the * lifetime for the token to be issued * * 2. Tokentype - "urnoasisnamestcSAML20assertion", which is the * class that models the requested token * * 3. RequestType - * "httpdocsoasisopenorgwssxwstrust200512Issue", as we want * to get a token issued * * 4. KeyType - * "httpdocsoasisopenorgwssxwstrust200512Bearer", * representing the kind of key the token will have. There are two * options namely bearer and holder-of-key * * 5. SignatureAlgorithm - * "httpwwww3org200104xmldsigmorersasha256", representing the * algorithm used for generating signature * * 6. Renewing - represented by the RenewingType which specifies * whether the token is renewable or not */ tokenType.TokenType = TokenTypeEnum.urnoasisnamestcSAML20assertion; tokenType.RequestType = RequestTypeEnum.httpdocsoasisopenorgwssxwstrust200512Issue; tokenType.KeyType = KeyTypeEnum.httpdocsoasisopenorgwssxwstrust200512Bearer; tokenType.SignatureAlgorithm = SignatureAlgorithmEnum.httpwwww3org200104xmldsigmorersasha256; tokenType.Delegatable = true; tokenType.DelegatableSpecified = true; LifetimeType lifetime = new LifetimeType(); AttributedDateTime created = new AttributedDateTime(); String createdDate = String.Format(dateFormat, DateTime.Now.ToUniversalTime()); created.Value = createdDate; lifetime.Created = created; AttributedDateTime expires = new AttributedDateTime(); TimeSpan duration = new TimeSpan(1, 10, 10); String expireDate = String.Format(dateFormat, DateTime.Now.Add(duration).ToUniversalTime()); expires.Value = expireDate; lifetime.Expires = expires; tokenType.Lifetime = lifetime; RenewingType renewing = new RenewingType(); renewing.Allow = false; renewing.OK = true; tokenType.Renewing = renewing; RequestSecurityTokenResponseCollectionType responseToken = stsServiceClient.Issue(tokenType); RequestSecurityTokenResponseType rstResponse = responseToken.RequestSecurityTokenResponse; XmlElement samlTokenXml = rstResponse.RequestedSecurityToken; SamlToken samlToken = new SamlToken(samlTokenXml); return(samlToken); }