/// <summary>
/// Subject of the assertion is the bearer of the assertion
/// </summary>
/// <param name="notBefore">A time instant before which the subject cannot be confirmed.</param>
/// <param name="notOnAfter">A time instant at which the subject can no longer be confirmed.</param>
/// <param name="recipient">URI specifying the entity or location to which an attesting entity can present the assertion.</param>
/// <param name="inResponseTo">The ID of a SAML protocol message in response to which an attesting entity can present the assertion.</param>
/// <returns></returns>
public SubjectBuilder AddSubjectConfirmationBearer(DateTime?notBefore, DateTime?notOnAfter, string recipient = null, string inResponseTo = null)
{
var data = new SubjectConfirmationDataType
{
InResponseTo = inResponseTo,
Recipient = recipient
};
if (notBefore != null)
{
data.NotBefore = notBefore.Value;
data.NotBeforeSpecified = true;
}
if (notOnAfter != null)
{
data.NotOnOrAfter = notOnAfter.Value;
data.NotOnOrAfterSpecified = true;
}
var subjectConfirmation = new SubjectConfirmationType
{
Method = Constants.ConfirmationMethodIdentifiers.Bearer,
SubjectConfirmationData = data
};
AddSubjectConfirmation(subjectConfirmation);
return(this);
}
private static void ValidateKeyInfo(SubjectConfirmationDataType subjectConfirmationData, ServiceProviderModel serviceProvider)
{
if (subjectConfirmationData == null)
{
throw new Exception("SubjectConfirmationData cannot be null");
}
if (string.IsNullOrEmpty(subjectConfirmationData.InResponseTo))
{
throw new ArgumentNullException(nameof(subjectConfirmationData.InResponseTo));
}
if (subjectConfirmationData.InResponseTo != SamlHelper.AuthnRequestID)
{
throw new Exception("Saml Response is not in reference to Saml Request");
}
if (default(DateTime) == subjectConfirmationData.NotOnOrAfter)
{
throw new Exception($"{nameof(subjectConfirmationData.NotOnOrAfter)} in Saml Response is invalid");
}
if (DateTime.UtcNow >= subjectConfirmationData.NotOnOrAfter)
{
throw new Exception("Saml Response has been expired");
}
if (string.IsNullOrEmpty(subjectConfirmationData.Recipient))
{
throw new ArgumentNullException(nameof(subjectConfirmationData.Recipient));
}
if (subjectConfirmationData.Recipient != serviceProvider.AssertionConsumerServiceUrl)
{
throw new Exception("Invalid saml recipient");
}
}
/// <summary>
/// Creates a Version 1.1 Saml Assertion
/// </summary>
/// <param name="issuer">Issuer</param>
/// <param name="subject">Subject</param>
/// <param name="attributes">Attributes</param>
/// <returns>returns a Version 1.1 Saml Assertion</returns>
private static AssertionType CreateSamlAssertion(string issuer, string recipient, string domain, string subject, Dictionary <string, string> attributes)
{
// Here we create some SAML assertion with ID and Issuer name.
AssertionType assertion = new AssertionType();
assertion.ID = "_" + Guid.NewGuid().ToString();
NameIDType issuerForAssertion = new NameIDType();
issuerForAssertion.Value = issuer.Trim();
assertion.Issuer = issuerForAssertion;
assertion.Version = "2.0";
assertion.IssueInstant = System.DateTime.UtcNow;
//Not before, not after conditions
ConditionsType conditions = new ConditionsType();
conditions.NotBefore = DateTime.UtcNow;
conditions.NotBeforeSpecified = true;
conditions.NotOnOrAfter = DateTime.UtcNow.AddMinutes(5);
conditions.NotOnOrAfterSpecified = true;
AudienceRestrictionType audienceRestriction = new AudienceRestrictionType();
audienceRestriction.Audience = new string[] { domain.Trim() };
conditions.Items = new ConditionAbstractType[] { audienceRestriction };
//Name Identifier to be used in Saml Subject
NameIDType nameIdentifier = new NameIDType();
nameIdentifier.NameQualifier = domain.Trim();
nameIdentifier.Value = subject.Trim();
SubjectConfirmationType subjectConfirmation = new SubjectConfirmationType();
SubjectConfirmationDataType subjectConfirmationData = new SubjectConfirmationDataType();
subjectConfirmation.Method = "urn:oasis:names:tc:SAML:2.0:cm:bearer";
subjectConfirmation.SubjectConfirmationData = subjectConfirmationData;
//
// Create some SAML subject.
SubjectType samlSubject = new SubjectType();
AttributeStatementType attrStatement = new AttributeStatementType();
AuthnStatementType authStatement = new AuthnStatementType();
authStatement.AuthnInstant = DateTime.UtcNow;
AuthnContextType context = new AuthnContextType();
context.ItemsElementName = new ItemsChoiceType5[] { ItemsChoiceType5.AuthnContextClassRef };
context.Items = new object[] { "AuthnContextClassRef" };
authStatement.AuthnContext = context;
samlSubject.Items = new object[] { nameIdentifier, subjectConfirmation };
assertion.Subject = samlSubject;
IPHostEntry ipEntry =
Dns.GetHostEntry(System.Environment.MachineName);
SubjectLocalityType subjectLocality = new SubjectLocalityType();
subjectLocality.Address = ipEntry.AddressList[0].ToString();
attrStatement.Items = new AttributeType[attributes.Count];
int i = 0;
// Create userName SAML attributes.
foreach (KeyValuePair <string, string> attribute in attributes)
{
AttributeType attr = new AttributeType();
attr.Name = attribute.Key;
attr.NameFormat = "urn:oasis:names:tc:SAML:2.0:attrname-format:basic";
attr.AttributeValue = new object[] { attribute.Value };
attrStatement.Items[i] = attr;
i++;
}
assertion.Conditions = conditions;
assertion.Items = new StatementAbstractType[] { authStatement, attrStatement };
return(assertion);
}
