private SAMLAuthnResponse CreateAuthnResponse(string strIssuer, string strResponseString, string strRelayState)
{
return(new SAMLAuthnResponse
{
// Response-String with SAML Assertion
SAMLResponse = strResponseString,
// RelayState as submitted in the AuthnRequest
RelayState = strRelayState,
// Target URL for the AuthnResponse
SAMLAssertionConsumerServiceURL = SingleSignOnConfiguration.GetAssertionConsumerServiceURLByRequestIssuer(strIssuer)
});
}
private XElement CreateResponseElement(string strRequestId, string strIssuerURN)
{
string strIssueInstantTimeStamp = UserContext.Current.Now.ToUniversalTime().ToString("O");
/* <saml2p:Response Destination="https://feds.eiam.admin.ch/adfs/ls/"
* ID="Response_f21ccc44a172149d99dce0b83b059918808bf460"
* InResponseTo="id-6250a3ec-0a4a-4305-ab59-6397c0d93da4"
* IssueInstant="2015-01-12T17:34:26.875Z"
* Version="2.0"
* xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"> */
return(new XElement(SAML_PROTOCOL_NAMESPACE + "Response",
new XAttribute("Destination", SingleSignOnConfiguration.GetAssertionConsumerServiceURLByRequestIssuer(strIssuerURN)),
new XAttribute("ID", string.Format("Response_{0}", Guid.NewGuid())),
new XAttribute("InResponseTo", strRequestId),
new XAttribute("IssueInstant", strIssueInstantTimeStamp),
new XAttribute("Version", "2.0"),
new XAttribute(XNamespace.Xmlns + SAML_PROTOCOL_NAMESPACE_PREFIX, SAML_PROTOCOL_NAMESPACE)));
}
private SAMLAuthnResponse CreateSuccessResponse(string strRequestId, string strIssuerURN, string strRelayState, params SAMLAssertionAttribute[] additionalAttributes)
{
string strIssueInstantTimeStamp = UserContext.Current.Now.ToUniversalTime().ToString("O");
string strValidUntilTimeStamp = UserContext.Current.Now.AddMinutes(5).ToUniversalTime().ToString("O");
XNamespace nsXmlSchema = "http://www.w3.org/2001/XMLSchema";
XNamespace nsXmlSchemaInstance = "http://www.w3.org/2001/XMLSchema-instance";
string strAssertionElementName = "Assertion";
// Response - Root-Element
XElement elementResponse = CreateResponseElement(strRequestId, strIssuerURN);
// Response Issuer
// <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">http://www.partnerweb.ch/AKXYZ/</saml2:Issuer>
XElement elementResponseIssuer = new XElement(SAML_ASSERTION_NAMESPACE + "Issuer", SystemSettings <SingleSignOnSystemSettings> .Current.SamlServiceEntityId,
new XAttribute(XNamespace.Xmlns + SAML_ASSERTION_NAMESPACE_PREFIX, SAML_ASSERTION_NAMESPACE));
elementResponse.Add(elementResponseIssuer);
// Status Element
elementResponse.Add(CreateStatusElement(SAMLTopLevelStatusCode.SAML_TOPLEVEL_STATUSCODE_SUCCESS));
// Assertion Element
string strAssertionId = string.Format("{0}_{1}", strAssertionElementName, Guid.NewGuid());
XElement elementResponseAssertion =
new XElement(SAML_ASSERTION_NAMESPACE + strAssertionElementName,
new XAttribute("ID", strAssertionId),
new XAttribute("IssueInstant", strIssueInstantTimeStamp),
new XAttribute("Version", "2.0"),
new XAttribute(XNamespace.Xmlns + SAML_ASSERTION_NAMESPACE_PREFIX, SAML_ASSERTION_NAMESPACE),
new XAttribute(XNamespace.Xmlns + "xs", nsXmlSchema),
new XElement(SAML_ASSERTION_NAMESPACE + "Issuer", SystemSettings <SingleSignOnSystemSettings> .Current.SamlServiceEntityId)
);
// Subject Element
XElement elementAssertionSubject =
new XElement(SAML_ASSERTION_NAMESPACE + "Subject",
new XElement(SAML_ASSERTION_NAMESPACE + "NameID", UserContext.Current.Login,
new XAttribute("Format", SAML_ASSERTION_SUBJECT_NAMEID_FORMAT)),
new XElement(SAML_ASSERTION_NAMESPACE + "SubjectConfirmation",
new XAttribute("Method", SAML_ASSERTION_SUBJECT_CONFIRMATION_METHOD),
new XElement(SAML_ASSERTION_NAMESPACE + "SubjectConfirmationData",
new XAttribute("InResponseTo", strRequestId),
new XAttribute("NotOnOrAfter", strValidUntilTimeStamp),
new XAttribute("Recipient", SingleSignOnConfiguration.GetAssertionConsumerServiceURLByRequestIssuer(strIssuerURN)))));
elementResponseAssertion.Add(elementAssertionSubject);
// Conditions Element
XElement elementAssertionConditions =
new XElement(SAML_ASSERTION_NAMESPACE + "Conditions",
new XAttribute("NotBefore", strIssueInstantTimeStamp),
new XAttribute("NotOnOrAfter", strValidUntilTimeStamp),
new XElement(SAML_ASSERTION_NAMESPACE + "AudienceRestriction",
new XElement(SAML_ASSERTION_NAMESPACE + "Audience", strIssuerURN)));
elementResponseAssertion.Add(elementAssertionConditions);
// AuthnStatement Element
XElement elementAssertionAuthnStatement =
new XElement(SAML_ASSERTION_NAMESPACE + "AuthnStatement",
new XAttribute("AuthnInstant", strIssueInstantTimeStamp),
new XElement(SAML_ASSERTION_NAMESPACE + "AuthnContext",
new XElement(SAML_ASSERTION_NAMESPACE + "AuthnContextClassRef", SAML_ASSERTION_AUTHNCONTEXTCLASSREF)));
elementResponseAssertion.Add(elementAssertionAuthnStatement);
// AttributeStatement Element
XElement elementAssertionAttributeStatement =
new XElement(SAML_ASSERTION_NAMESPACE + "AttributeStatement",
new XElement(SAML_ASSERTION_NAMESPACE + "Attribute",
new XAttribute("Name", GIVEN_NAME_ASSERTION_ATTRIBUTE_NAME),
new XElement(SAML_ASSERTION_NAMESPACE + "AttributeValue", UserContext.Current.FirstName,
new XAttribute(XNamespace.Xmlns + "xsi", nsXmlSchemaInstance),
new XAttribute(nsXmlSchemaInstance + "Type", "xs:string")
)
),
new XElement(SAML_ASSERTION_NAMESPACE + "Attribute",
new XAttribute("Name", SURNAME_ASSERTION_ATTRIBUTE_NAME),
new XElement(SAML_ASSERTION_NAMESPACE + "AttributeValue", UserContext.Current.LastName,
new XAttribute(XNamespace.Xmlns + "xsi", nsXmlSchemaInstance),
new XAttribute(nsXmlSchemaInstance + "Type", "xs:string")
)
),
new XElement(SAML_ASSERTION_NAMESPACE + "Attribute",
new XAttribute("Name", NAME_ASSERTION_ATTRIBUTE_NAME),
new XElement(SAML_ASSERTION_NAMESPACE + "AttributeValue", UserContext.Current.Login,
new XAttribute(XNamespace.Xmlns + "xsi", nsXmlSchemaInstance),
new XAttribute(nsXmlSchemaInstance + "Type", "xs:string")
)
),
new XElement(SAML_ASSERTION_NAMESPACE + "Attribute",
new XAttribute("Name", EMAIL_ADDRESS_ASSERTION_ATTRIBUTE_NAME),
new XElement(SAML_ASSERTION_NAMESPACE + "AttributeValue", UserContext.Current.EMail,
new XAttribute(XNamespace.Xmlns + "xsi", nsXmlSchemaInstance),
new XAttribute(nsXmlSchemaInstance + "Type", "xs:string")
)
),
new XElement(SAML_ASSERTION_NAMESPACE + "Attribute",
new XAttribute("Name", COMPANY_SUBNR_ASSERTION_ATTRIBUTE_NAME),
new XElement(SAML_ASSERTION_NAMESPACE + "AttributeValue", UserContext.Current.CompanySubNr,
new XAttribute(XNamespace.Xmlns + "xsi", nsXmlSchemaInstance),
new XAttribute(nsXmlSchemaInstance + "Type", "xs:string")
)
),
new XElement(SAML_ASSERTION_NAMESPACE + "Attribute",
new XAttribute("Name", SPCD_ASSERTION_ATTRIBUTE_NAME),
new XElement(SAML_ASSERTION_NAMESPACE + "AttributeValue", UserContext.Current.SpCd,
new XAttribute(XNamespace.Xmlns + "xsi", nsXmlSchemaInstance),
new XAttribute(nsXmlSchemaInstance + "Type", "xs:string")
)
)
);
if (additionalAttributes != null)
{
// Add Attributes to the <AttributeStatement /> element
foreach (SAMLAssertionAttribute samlAssertionAttribute in additionalAttributes)
{
elementAssertionAttributeStatement.Add(
new XElement(SAML_ASSERTION_NAMESPACE + "Attribute",
new XAttribute("Name", samlAssertionAttribute.Name),
new XElement(SAML_ASSERTION_NAMESPACE + "AttributeValue", samlAssertionAttribute.Value,
new XAttribute(XNamespace.Xmlns + "xsi", nsXmlSchemaInstance),
new XAttribute(nsXmlSchemaInstance + "Type", "xs:string")
)
)
);
}
}
// Add AttributeStatement Element to Assertion Element
elementResponseAssertion.Add(elementAssertionAttributeStatement);
// Add Assertion Element to the Response Element
elementResponse.Add(elementResponseAssertion);
// Create Response
XDocument samlResponseXml = new XDocument(elementResponse);
// Sign Assertion Element
string strSignedXmlResponseString = CreateSignedDocumentString(samlResponseXml, strAssertionElementName, SAML_ASSERTION_NAMESPACE_PREFIX, SAML_ASSERTION_NAMESPACE.NamespaceName,
"#" + strAssertionId);
return(CreateAuthnResponse(strIssuerURN, strSignedXmlResponseString, strRelayState));
}
