/// <summary> /// Initializes a new instance of the AttributeQueryRequest class. /// </summary> /// <param name="identityProvider"> /// IdentityProvider of the AttributeQueryRequest /// </param> /// <param name="serviceProvider"> /// ServiceProvider of the AttributeQueryRequest /// </param> /// <param name="parameters"> /// NameValueCollection of varying parameters for use in the /// construction of the AttributeQueryRequest. /// </param> /// <param name="attributes"> /// List of SamlAttribute to query /// </param> public AttributeQueryRequest(IdentityProvider identityProvider, ServiceProvider serviceProvider, NameValueCollection parameters, List <SamlAttribute> attributes) { try { this.xml = new XmlDocument(); this.xml.PreserveWhitespace = true; this.X509SubjectName = false; this.nsMgr = new XmlNamespaceManager(this.xml.NameTable); this.nsMgr.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#"); this.nsMgr.AddNamespace("saml", "urn:oasis:names:tc:SAML:2.0:assertion"); this.nsMgr.AddNamespace("samlp", "urn:oasis:names:tc:SAML:2.0:protocol"); string subjectNameId = null; if (parameters != null) { subjectNameId = parameters[Saml2Constants.SubjectNameId]; this.X509SubjectName = Saml2Utils.GetBoolean(parameters[Saml2Constants.X509SubjectName]); } if (string.IsNullOrWhiteSpace(subjectNameId)) { throw new Saml2Exception(Resources.AttributeQueryRequestSubjectNameIdNotDefined); } else if (serviceProvider == null) { throw new Saml2Exception(Resources.AttributeQueryRequestServiceProviderIsNull); } else if (identityProvider == null) { throw new Saml2Exception(Resources.AttributeQueryRequestIdentityProviderIsNull); } else if (attributes == null || attributes.Count == 0) { throw new Saml2Exception(Resources.AttributeQueryRequestIsEmpty); } StringBuilder rawXml = new StringBuilder(); rawXml.Append("<samlp:AttributeQuery xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\""); rawXml.Append(" ID=\"" + Saml2Utils.GenerateId() + "\""); rawXml.Append(" Version=\"2.0\""); rawXml.Append(" IssueInstant=\"" + Saml2Utils.GenerateIssueInstant() + "\">"); rawXml.Append("<saml:Issuer>" + serviceProvider.EntityId + "</saml:Issuer>"); rawXml.Append("<saml:Subject>"); rawXml.Append("<saml:NameID"); if (this.X509SubjectName) { rawXml.Append(" Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName\""); } else { rawXml.Append(" Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:transient\""); } rawXml.Append(" SPNameQualifier=\"" + serviceProvider.EntityId + "\""); rawXml.Append(" NameQualifier=\"" + identityProvider.EntityId + "\">" + subjectNameId + "</saml:NameID>"); rawXml.Append("</saml:Subject>"); foreach (SamlAttribute attr in attributes) { if (attr != null) { rawXml.Append(attr.ToString()); } } rawXml.Append("</samlp:AttributeQuery>"); this.xml.LoadXml(rawXml.ToString()); } catch (ArgumentNullException ane) { throw new Saml2Exception(Resources.AttributeQueryRequestNullArgument, ane); } catch (XmlException xe) { throw new Saml2Exception(Resources.AttributeQueryRequestXmlException, xe); } }
/// <summary> /// Initializes a new instance of the AuthnRequest class. /// </summary> /// <param name="identityProvider"> /// IdentityProvider to receive the AuthnRequest /// </param> /// <param name="serviceProvider"> /// ServiceProvider to issue the AuthnRequest /// </param> /// <param name="parameters"> /// NameValueCollection of varying parameters for use in the /// construction of the AuthnRequest. /// </param> public AuthnRequest(IdentityProvider identityProvider, ServiceProvider serviceProvider, NameValueCollection parameters) { this.xml = new XmlDocument(); this.xml.PreserveWhitespace = true; this.nsMgr = new XmlNamespaceManager(this.xml.NameTable); this.nsMgr.AddNamespace("saml", "urn:oasis:names:tc:SAML:2.0:assertion"); this.nsMgr.AddNamespace("samlp", "urn:oasis:names:tc:SAML:2.0:protocol"); this.Id = Saml2Utils.GenerateId(); this.IssueInstant = Saml2Utils.GenerateIssueInstant(); this.Issuer = serviceProvider.EntityId; if (parameters != null) { this.AllowCreate = Saml2Utils.GetBoolean(parameters[Saml2Constants.AllowCreate]); this.AssertionConsumerServiceIndex = parameters[Saml2Constants.AssertionConsumerServiceIndex]; this.Binding = parameters[Saml2Constants.Binding]; this.Consent = parameters[Saml2Constants.Consent]; this.Destination = parameters[Saml2Constants.Destination]; this.ForceAuthn = Saml2Utils.GetBoolean(parameters[Saml2Constants.ForceAuthn]); this.IsPassive = Saml2Utils.GetBoolean(parameters[Saml2Constants.IsPassive]); } string assertionConsumerSvcUrl = null; if (!String.IsNullOrEmpty(this.Binding)) { if (!String.IsNullOrEmpty(this.AssertionConsumerServiceIndex)) { // find assertion consumer service location by binding and index. assertionConsumerSvcUrl = serviceProvider.GetAssertionConsumerServiceLocation(this.Binding, this.AssertionConsumerServiceIndex); } else { // find assertion consumer service location by binding only, using first found. assertionConsumerSvcUrl = serviceProvider.GetAssertionConsumerServiceLocation(this.Binding); } } // neither index nor binding, throw exception if (String.IsNullOrEmpty(this.AssertionConsumerServiceIndex) && String.IsNullOrEmpty(assertionConsumerSvcUrl)) { throw new Saml2Exception(Resources.AuthnRequestAssertionConsumerServiceNotDefined); } // If destination not specified, use SSO location by binding if (string.IsNullOrEmpty(this.Destination)) { this.Destination = identityProvider.GetSingleSignOnServiceLocation(parameters[Saml2Constants.RequestBinding]); if (string.IsNullOrEmpty(this.Destination)) { // default to HttpRedirect this.Destination = identityProvider.GetSingleSignOnServiceLocation(Saml2Constants.HttpRedirectProtocolBinding); } } // Get RequestedAuthnContext if parameters are available... RequestedAuthnContext reqAuthnContext = GetRequestedAuthnContext(serviceProvider, parameters); // Get Scoping if available... Scoping scoping = GetScoping(serviceProvider); // Generate the XML for the AuthnRequest... StringBuilder rawXml = new StringBuilder(); rawXml.Append("<samlp:AuthnRequest"); rawXml.Append(" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\""); rawXml.Append(" xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\""); rawXml.Append(" ID=\"" + this.Id + "\""); rawXml.Append(" Version=\"2.0\""); rawXml.Append(" IssueInstant=\"" + this.IssueInstant + "\""); rawXml.Append(" IsPassive=\"" + (this.IsPassive ? "true" : "false") + "\""); rawXml.Append(" ForceAuthn=\"" + (this.ForceAuthn ? "true" : "false") + "\""); if (!String.IsNullOrEmpty(this.Consent)) { rawXml.Append(" Consent=\"" + this.Consent + "\""); } if (!String.IsNullOrEmpty(this.Destination)) { rawXml.Append(" Destination=\"" + this.Destination + "\""); } if (!String.IsNullOrEmpty(assertionConsumerSvcUrl)) { rawXml.Append(" ProtocolBinding=\"" + this.Binding + "\""); rawXml.Append(" AssertionConsumerServiceURL=\"" + assertionConsumerSvcUrl + "\""); } else { rawXml.Append(" AssertionConsumerIndex=\"" + this.AssertionConsumerServiceIndex + "\""); } rawXml.Append(">"); rawXml.Append("<saml:Issuer>" + serviceProvider.EntityId + "</saml:Issuer>"); rawXml.Append("<samlp:NameIDPolicy AllowCreate=\"" + (this.AllowCreate ? "true" : "false") + "\" />"); if (reqAuthnContext != null) { rawXml.Append(reqAuthnContext.GenerateXmlString()); } if (scoping != null) { rawXml.Append(scoping.GenerateXmlString()); } rawXml.Append("</samlp:AuthnRequest>"); this.xml.LoadXml(rawXml.ToString()); }
/// <summary> /// Initializes a new instance of the AuthnRequest class. /// </summary> /// <param name="identityProvider"> /// IdentityProvider to receive the AuthnRequest /// </param> /// <param name="serviceProvider"> /// ServiceProvider to issue the AuthnRequest /// </param> /// <param name="parameters"> /// NameValueCollection of varying parameters for use in the /// construction of the AuthnRequest. /// </param> /// <param name="saml2Utils">Utilities class</param> public AuthnRequest(IIdentityProvider identityProvider, IServiceProvider serviceProvider, NameValueCollection parameters, Saml2Utils saml2Utils) { xml = new XmlDocument(); xml.PreserveWhitespace = true; nsMgr = new XmlNamespaceManager(xml.NameTable); nsMgr.AddNamespace("saml", "urn:oasis:names:tc:SAML:2.0:assertion"); nsMgr.AddNamespace("samlp", "urn:oasis:names:tc:SAML:2.0:protocol"); Id = saml2Utils.GenerateId(); IssueInstant = saml2Utils.GenerateIssueInstant(); Issuer = serviceProvider.EntityId; if (parameters != null) { AllowCreate = saml2Utils.GetBoolean(parameters[Saml2Constants.AllowCreate]); AssertionConsumerServiceIndex = parameters[Saml2Constants.AssertionConsumerServiceIndex]; Binding = parameters[Saml2Constants.Binding]; Consent = parameters[Saml2Constants.Consent]; Destination = parameters[Saml2Constants.Destination]; ForceAuthn = saml2Utils.GetBoolean(parameters[Saml2Constants.ForceAuthn]); IsPassive = saml2Utils.GetBoolean(parameters[Saml2Constants.IsPassive]); NameIDPolicyFormat = parameters[Saml2Constants.NameIDPolicyFormat]; } string assertionConsumerSvcUrl = null; if (!String.IsNullOrEmpty(Binding)) { if (!String.IsNullOrEmpty(AssertionConsumerServiceIndex)) { // find assertion consumer service location by binding and index. assertionConsumerSvcUrl = serviceProvider.GetAssertionConsumerServiceLocation(Binding, AssertionConsumerServiceIndex); } else { // find assertion consumer service location by binding only, using first found. assertionConsumerSvcUrl = serviceProvider.GetAssertionConsumerServiceLocation(Binding); } } // neither index nor binding, throw exception if (String.IsNullOrEmpty(AssertionConsumerServiceIndex) && String.IsNullOrEmpty(assertionConsumerSvcUrl)) { throw new Saml2Exception(Resources.AuthnRequestAssertionConsumerServiceNotDefined); } // If destination not specified, use SSO location by binding if (string.IsNullOrEmpty(Destination)) { Destination = identityProvider.GetSingleSignOnServiceLocation(parameters[Saml2Constants.RequestBinding]); if (string.IsNullOrEmpty(Destination)) { // default to HttpRedirect Destination = identityProvider.GetSingleSignOnServiceLocation(Saml2Constants.HttpRedirectProtocolBinding); } } // Get RequestedAuthnContext if parameters are available... RequestedAuthnContext reqAuthnContext = GetRequestedAuthnContext(serviceProvider, parameters); // Generate the XML for the AuthnRequest... var rawXml = new StringBuilder(); rawXml.Append("<samlp:AuthnRequest "); rawXml.Append(" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\""); rawXml.Append(" ID=\"" + Id + "\""); rawXml.Append(" Version=\"2.0\""); rawXml.Append(" IssueInstant=\"" + IssueInstant + "\""); rawXml.Append(" IsPassive=\"" + IsPassive.ToString().ToLower() + "\""); rawXml.Append(" ForceAuthn=\"" + ForceAuthn.ToString().ToLower() + "\""); if (!String.IsNullOrEmpty(Consent)) { rawXml.Append(" Consent=\"" + Consent + "\""); } if (!String.IsNullOrEmpty(Destination)) { rawXml.Append(" Destination=\"" + Destination + "\""); } if (!String.IsNullOrEmpty(assertionConsumerSvcUrl)) { rawXml.Append(" ProtocolBinding=\"" + Binding + "\""); rawXml.Append(" AssertionConsumerServiceURL=\"" + assertionConsumerSvcUrl + "\""); } else { rawXml.Append(" AssertionConsumerIndex=\"" + AssertionConsumerServiceIndex + "\""); } rawXml.Append(">"); rawXml.Append("<saml:Issuer xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">" + serviceProvider.EntityId + "</saml:Issuer>"); rawXml.Append("<samlp:NameIDPolicy Format=\"" + NameIDPolicyFormat + "\" AllowCreate=\"" + AllowCreate.ToString().ToLower() + "\" />"); if (reqAuthnContext != null) { rawXml.Append(reqAuthnContext.GenerateXmlString()); } rawXml.Append("</samlp:AuthnRequest>"); xml.LoadXml(rawXml.ToString()); }