public AssertionData(AssertionType assertion)
            {
                // Find the attribute statement within the assertion
                AttributeStatementType ast = null;
                foreach (StatementAbstractType sat in assertion.Items)
                {
                    if (sat.GetType().Equals(typeof(AttributeStatementType)))
                    {
                        ast = (AttributeStatementType)sat;
                    }
                }

                if (ast == null)
                {
                    throw new ApplicationException("Invalid SAML Assertion: Missing Attribute Values");
                }

                SAMLAttributes = new Dictionary<string, string>();

                // Do what needs to be done to pull specific attributes out for sending on
                // For now assuming this is a simple list of string key and string values
                foreach (AttributeType at in ast.Items)
                {
                    SAMLAttributes.Add(at.Name, at.AttributeValue.ToString());
                    //switch (at.Name)
                    //{
                    //    case "UserID":
                    //        if (at.AttributeValue.Length > 0) UserID = at.AttributeValue[0].ToString();
                    //        break;
                    //    case "UserFirstName":
                    //        if (at.AttributeValue.Length > 0) UserFirstName = int.Parse(at.AttributeValue[0].ToString());
                    //        break;
                    //    case "UserLastName":
                    //        if (at.AttributeValue.Length > 0) UserLastName = at.AttributeValue[0].ToString();
                    //        break;
                    //    case "UserDisplayName":
                    //        if (at.AttributeValue.Length > 0) UserDisplayName = at.AttributeValue[0].ToString();
                    //        break;
                    //    case "UserEmail":
                    //        if (at.AttributeValue.Length > 0) UserEmail = at.AttributeValue[0].ToString();
                    //        break;
                    //    case "GroupID":
                    //        if (at.AttributeValue.Length > 0) GroupID = int.Parse(at.AttributeValue[0].ToString());
                    //        break;
                    //}
                }
            }
Exemplo n.º 2
0
        /// <summary>
        /// Creates a SAML 2.0 Assertion Segment for a Response
        /// Simple implmenetation assuming a list of string key and value pairs
        /// </summary>
        /// <param name="Issuer"></param>
        /// <param name="AssertionExpirationMinutes"></param>
        /// <param name="Audience"></param>
        /// <param name="Subject"></param>
        /// <param name="Recipient"></param>
        /// <param name="Attributes">Dictionary of string key, string value pairs</param>
        /// <returns>Assertion to sign and include in Response</returns>
        private static AssertionType CreateSAML20Assertion(string Issuer,
            int AssertionExpirationMinutes,
            string Audience,
            string Subject,
            string Recipient,
            Dictionary<string, string> Attributes)
        {
            var NewAssertion = new AssertionType
            {
                Version = "2.0",
                IssueInstant = DateTime.UtcNow,
                ID = "_" + Guid.NewGuid().ToString(),
                Issuer = new NameIDType() {Value = Issuer.Trim()}
            };

            // Create Issuer

            // Create Assertion Subject
            var subject = new SubjectType();
            var subjectNameIdentifier = new NameIDType() { Value = Subject.Trim(), Format = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" };
            var subjectConfirmation = new SubjectConfirmationType() { Method = "urn:oasis:names:tc:SAML:2.0:cm:bearer", SubjectConfirmationData = new SubjectConfirmationDataType() { NotOnOrAfter = DateTime.UtcNow.AddMinutes(AssertionExpirationMinutes), Recipient = Recipient } };
            subject.Items = new object[] { subjectNameIdentifier, subjectConfirmation };
            NewAssertion.Subject = subject;

            // Create Assertion Conditions
            var conditions = new ConditionsType
            {
                NotBefore = DateTime.UtcNow,
                NotBeforeSpecified = true,
                NotOnOrAfter = DateTime.UtcNow.AddMinutes(AssertionExpirationMinutes),
                NotOnOrAfterSpecified = true,
                Items =
                    new ConditionAbstractType[]
                    {new AudienceRestrictionType() {Audience = new string[] {Audience.Trim()}}}
            };
            NewAssertion.Conditions = conditions;

            // Add AuthnStatement and Attributes as Items
            var authStatement = new AuthnStatementType() { AuthnInstant = DateTime.UtcNow, SessionIndex = NewAssertion.ID };
            var context = new AuthnContextType();
            context.ItemsElementName = new[] { ItemsChoiceType5.AuthnContextClassRef };
            context.Items = new object[] { "urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified" };
            authStatement.AuthnContext = context;

            var attributeStatement = new AttributeStatementType();
            attributeStatement.Items = new AttributeType[Attributes.Count];
            int i = 0;
            foreach (KeyValuePair<string, string> attribute in Attributes)
            {
                attributeStatement.Items[i] = new AttributeType()
                {
                    Name = attribute.Key,
                    AttributeValue = new object[] { attribute.Value },
                    NameFormat = "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
                };
                i++;
            }

            NewAssertion.Items = new StatementAbstractType[] { authStatement, attributeStatement };

            return NewAssertion;
        }