Exemplo n.º 1
0
        public void ValidateJsonWebToken(string tokenString, SsoSettings settings, IList<string> audiences)
        {
            try
            {

                TokenString = tokenString;
                SecurityToken securityToken;
                _log.DebugFormat("JWT Validation securityAlgorithm={0}, audience[0]={1}, audience[1]={2}", settings.ValidationType, audiences[0], audiences[1]);

                switch (settings.ValidationType)
                {
                    case ValidationTypes.RSA_SHA256:
                        RSACryptoServiceProvider publicOnly = new RSACryptoServiceProvider();
                        //"<RSAKeyValue><Modulus>zeyPa4SwRb0IO+KMq20760ZmaUvy/qzecdOkRUNdNpdUe1E72Xt1WkAcWNu24/UeS3pETu08rVTqHJUMfhHcSKgL7LAk/MMj2inGFxop1LipGZSnqZhnjsfj1ERJL5eXs1O9hqyAcXvY4A2wo67qqv/lbHLKTW59W+YQkbIOVR4nQlbh1lK1TIY+oqK0J/5Ileb4QfERn0Rv/J/K0fy6VzLmVt+kg9MRNxYwnVsC3m5/kIu1fw3OpZxcaCC68SRqLLb/UXmaJM8NXYKkAkHKxT4DQqSk6KbFSQG6qi49Q34akohekzxjxmmGeoO5tsFCuMJofKAsBKKtOkLPaJD2rQ==</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>"
                        publicOnly.FromXmlString(settings.PublicKey);
                        securityToken = new RsaSecurityToken(publicOnly);
                        break;
                    case ValidationTypes.HMAC_SHA256:
                        //var key = "zeyPa4SwRb0IO+KMq20760ZmaUvy/qzecdOkRUNdNpdUe1E72Xu24/UeS3pETu";
                        securityToken = new System.ServiceModel.Security.Tokens.BinarySecretSecurityToken(GetBytes(settings.PublicKey));
                        break;
                    case ValidationTypes.X509:
                        var certificate = new Certificate();
                        certificate.LoadCertificate(settings.PublicKey);
                        securityToken = new X509SecurityToken(certificate.cert);
                        break;
                    default:
                        _log.ErrorFormat("ValidationType has wrong value: {0}", settings.ValidationType);
                        throw new ArgumentException("ValidationType has wrong value");
                }
                TokenValidationParameters validationParams = new TokenValidationParameters();
                validationParams.ValidIssuer = settings.Issuer;
                validationParams.ValidAudiences = audiences;
                validationParams.ValidateIssuer = true;
                validationParams.ValidateIssuerSigningKey = true;
                validationParams.ValidateAudience = true;
                validationParams.ValidateActor = true;
                validationParams.IssuerSigningToken = securityToken;

                JwtSecurityTokenHandler recipientTokenHandler = new JwtSecurityTokenHandler();
                recipientTokenHandler.TokenLifetimeInMinutes = MAX_CLOCK_SKEW;
                SecurityToken validatedToken = null;
                ClaimsPrincipalReceived = recipientTokenHandler.ValidateToken(TokenString, validationParams, out validatedToken);
                JwtSecurityToken = validatedToken;
            }
            catch (Exception e)
            {
                _log.ErrorFormat("JWT Validation error. {0}", e);
            }
        }
Exemplo n.º 2
0
 public SamlResponse(SsoSettings ssoSettings)
 {
     _ssoSettings = ssoSettings;
     _certificate = new Certificate();
     _certificate.LoadCertificate(_ssoSettings.PublicKey);
 }
        public string SaveSettings(string serializeSettings)
        {
            if (Context.User != null && Context.User.Identity != null)
            {
                var userInfo = CoreContext.UserManager.GetUsers(((IUserAccount)Context.User.Identity).ID);
                if (userInfo != Constants.LostUser && userInfo.IsAdmin())
                {
                    try
                    {
                        if (string.IsNullOrWhiteSpace(serializeSettings))
                        {
                            _log.ErrorFormat("SSO settings are null or empty.");
                            return Resource.SsoSettingsAreEmpty;
                        }
                        Settings = (SsoSettings)JavaScriptDeserializer.DeserializeFromJson(serializeSettings, typeof(SsoSettings));
                        if (Settings == null)
                        {
                            _log.ErrorFormat("Wrong SSO settings were received from client.");
                            return Resource.SsoSettingsWrongSerialization;
                        }

                        var messageAction = Settings.EnableSso ? MessageAction.SSOEnabled : MessageAction.SSODisabled;
                        if (Settings.EnableSso)
                        {
                            if (!(string.IsNullOrWhiteSpace(Settings.Issuer) || CheckUri(Settings.Issuer)))
                            {
                                _log.ErrorFormat("Wrong Issuer URL: {0}", Settings.Issuer);
                                return string.Format(Resource.SsoSettingsWrongURL, Settings.Issuer);
                            }
                            else
                            {
                                Settings.Issuer = Settings.Issuer.Trim();
                            }
                            if (!(string.IsNullOrWhiteSpace(Settings.SsoEndPoint) || CheckUri(Settings.SsoEndPoint)))
                            {
                                _log.ErrorFormat("Wrong SsoEndPoint URL: {0}", Settings.SsoEndPoint);
                                return string.Format(Resource.SsoSettingsWrongURL, Settings.SsoEndPoint);
                            }
                            else
                            {
                                Settings.SsoEndPoint = Settings.SsoEndPoint.Trim();
                            }
                            if (!string.IsNullOrWhiteSpace(Settings.SloEndPoint) && !CheckUri(Settings.SloEndPoint))
                            {
                                _log.ErrorFormat("Wrong SloEndPoint URL: {0}", Settings.SloEndPoint);
                                return string.Format(Resource.SsoSettingsWrongURL, Settings.SloEndPoint);
                            }
                            else
                            {
                                Settings.SloEndPoint = Settings.SloEndPoint.Trim();
                            }
                            if (string.IsNullOrWhiteSpace(Settings.PublicKey))
                            {
                                _log.ErrorFormat("Wrong PublicKey: {0}", Settings.PublicKey);
                                return Resource.SsoSettingsWrongPublicKey;
                            }
                            else
                            {
                                Settings.PublicKey = Settings.PublicKey.Trim();
                            }
                            if (Settings.TokenType != TokenTypes.SAML && Settings.TokenType != TokenTypes.JWT)
                            {
                                _log.ErrorFormat("Wrong token type: {0}", Settings.TokenType);
                                return Resource.SsoSettingsWrongTokenType;
                            }
                            if ((Settings.ValidationType != ValidationTypes.HMAC_SHA256 && Settings.ValidationType != ValidationTypes.RSA_SHA256
                                 && Settings.ValidationType != ValidationTypes.X509))
                            {
                                _log.ErrorFormat("Wrong validaion type: {0}", Settings.ValidationType);
                                return Resource.SsoSettingsWrongValidationType;
                            }
                            if (Settings.TokenType == TokenTypes.SAML && Settings.ValidationType != ValidationTypes.X509)
                            {
                                Settings.ValidationType = ValidationTypes.X509;
                            }
                        }

                        if (!SettingsManager.Instance.SaveSettings(Settings, TenantProvider.CurrentTenantID))
                        {
                            _log.ErrorFormat("Can't save SSO settings.");
                            return Resource.SsoSettingsCantSaveSettings;
                        }

                        MessageService.Send(HttpContext.Current.Request, messageAction);
                    }
                    catch(Exception e)
                    {
                        _log.ErrorFormat("Save SSO setting error: {0}.", e);
                        return Resource.SsoSettingsUnexpectedError;
                    }
                    return string.Empty;
                }
            }
            _log.ErrorFormat("Insufficient Access Rights by saving sso settings!");
            throw new SecurityException();
        }
 protected void Page_Load(object sender, EventArgs e)
 {
     AjaxPro.Utility.RegisterTypeForAjax(typeof(SingleSignOnSettings), Page);
     Page.RegisterBodyScripts(ResolveUrl("~/usercontrols/management/singlesignonsettings/js/singlesignonsettings.js"));
     Settings = SettingsManager.Instance.LoadSettings<SsoSettings>(TenantProvider.CurrentTenantID);
 }
Exemplo n.º 5
0
 public SamlRequest(SsoSettings ssoSettings)
 {
     _ssoSettings = ssoSettings;
     _id = "_" + Guid.NewGuid().ToString();
     _issueInstant = DateTime.Now.ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ss.fffZ");
 }