public void AttributeStatement_Invalid_Attribute()
        {
            Assertion saml20Assertion = AssertionUtil.GetBasicAssertion();
            List<StatementAbstract> statements = new List<StatementAbstract>(saml20Assertion.Items);
            AttributeStatement sas = new AttributeStatement();
            sas.Items = new object[1] { new SamlAttribute() };
            statements.Add(sas);

            saml20Assertion.Items = statements.ToArray();

            CreateSaml20Token(saml20Assertion);
        }
        private void ValidateAttributeStatement(AttributeStatement attributeStatement)
        {
            foreach (object attribute in attributeStatement.Items)
            {
                if (attribute is EncryptedElement)
                    throw new DKSaml20FormatException("The DK-SAML 2.0 profile does not allow encrypted attributes.");

                if (!(attribute is SamlAttribute))
                    throw new NotImplementedException(string.Format("Unable to handle attribute of type \"{0}\"", attribute.GetType().FullName));

                AttributeValidator.ValidateAttribute((SamlAttribute) attribute);
            }
        }
        /// <summary>
        /// [SAML2.0std] section 2.7.3
        /// </summary>
        /// <param name="statement"></param>
        private void ValidateAttributeStatement(AttributeStatement statement)
        {
            if (statement.Items == null || statement.Items.Length == 0)
                throw new Saml20FormatException("AttributeStatement MUST contain at least one Attribute or EncryptedAttribute");

            foreach (object o in statement.Items)
            {
                if (o == null)
                    throw new Saml20FormatException("null-Attributes are not supported");

                if (o is SamlAttribute)
                    AttributeValidator.ValidateAttribute((SamlAttribute) o);
                else if (o is EncryptedElement)
                    AttributeValidator.ValidateEncryptedAttribute((EncryptedElement)o);
                else
                    throw new Saml20FormatException(string.Format("Subelement {0} of AttributeStatement is not supported", o.GetType()));
            }
        }
        /// <summary>
        /// Merges the modified attributes into <code>AttributeStatement</code> of the assertion.
        /// </summary>
        private void InsertAttributes()
        {
            if (_assertionAttributes == null)
                return;

            // Generate the new AttributeStatement
            AttributeStatement attributeStatement = new AttributeStatement();
            List<object> statements = new List<object>(_encryptedAssertionAttributes.Count + _assertionAttributes.Count);
            statements.AddRange(_assertionAttributes.ToArray());
            statements.AddRange(_encryptedAssertionAttributes.ToArray());
            attributeStatement.Items = statements.ToArray();

            XmlNodeList list =
                _samlAssertion.GetElementsByTagName(AttributeStatement.ELEMENT_NAME, Saml20Constants.ASSERTION);

            if (list.Count > 0) // Remove the old AttributeStatement.
                _samlAssertion.RemoveChild(list[0]);//FIX _samlAssertion.DocumentElement.RemoveChild(list[0]);

            // Only insert a new AttributeStatement if there are attributes.
            if (statements.Count > 0)
            {
                // Convert the new AttributeStatement to the Document Object Model and make a silent prayer that one day we will
                // be able to make this transition in a more elegant way.
                XmlDocument attributeStatementDoc = Serialization.Serialize(attributeStatement);
                XmlNode attr = _samlAssertion.OwnerDocument.ImportNode(attributeStatementDoc.DocumentElement, true);
                // Insert the new statement.
                _samlAssertion.AppendChild(attr);
            }

            _encryptedAssertionAttributes = null;
            _assertionAttributes = null;
        }
Exemplo n.º 5
0
        /// <summary>
        /// Assembles our basic test assertion
        /// </summary>
        /// <returns></returns>
        public static Assertion GetBasicAssertion()
        {
            Assertion assertion = new Assertion();

            {
                assertion.Issuer = new NameID();
                assertion.ID = "_b8977dc86cda41493fba68b32ae9291d";
                assertion.IssueInstant = DateTime.UtcNow;

                assertion.Version = "2.0";
                assertion.Issuer.Value = GetBasicIssuer();
            }

            {
                assertion.Subject = new Subject();
                SubjectConfirmation subjectConfirmation = new SubjectConfirmation();
                subjectConfirmation.Method = SubjectConfirmation.BEARER_METHOD;
                subjectConfirmation.SubjectConfirmationData = new SubjectConfirmationData();
                subjectConfirmation.SubjectConfirmationData.NotOnOrAfter = new DateTime(2008, 12, 31, 12, 0, 0, 0);
                subjectConfirmation.SubjectConfirmationData.Recipient = "http://borger.dk";
                assertion.Subject.Items = new object[] { subjectConfirmation };
            }

            {
                assertion.Conditions = new Conditions();
                assertion.Conditions.NotOnOrAfter = new DateTime(2008, 12, 31, 12, 0, 0, 0);
                AudienceRestriction audienceRestriction = new AudienceRestriction();
                audienceRestriction.Audience = GetAudiences();
                assertion.Conditions.Items = new List<ConditionAbstract>(new ConditionAbstract[] { audienceRestriction });
            }

            AuthnStatement authnStatement;

            {
                authnStatement = new AuthnStatement();
                assertion.Items = new StatementAbstract[] { authnStatement };
                authnStatement.AuthnInstant = new DateTime(2008, 1, 8);
                authnStatement.SessionIndex = "70225885";
                authnStatement.AuthnContext = new AuthnContext();
                authnStatement.AuthnContext.Items = new object[] { "urn:oasis:names:tc:SAML:2.0:ac:classes:X509", "http://www.safewhere.net/authncontext/declref" };
                authnStatement.AuthnContext.ItemsElementName = new ItemsChoiceType5[] { ItemsChoiceType5.AuthnContextClassRef, ItemsChoiceType5.AuthnContextDeclRef};
            }

            AttributeStatement attributeStatement;
            {
                attributeStatement = new AttributeStatement();
                SamlAttribute surName = new SamlAttribute();
                surName.FriendlyName = "SurName";
                surName.Name = "urn:oid:2.5.4.4";
                surName.NameFormat = SamlAttribute.NAMEFORMAT_URI;
                surName.AttributeValue = new string[] { "Fry" };

                SamlAttribute commonName = new SamlAttribute();
                commonName.FriendlyName = "CommonName";
                commonName.Name = "urn:oid:2.5.4.3";
                commonName.NameFormat = SamlAttribute.NAMEFORMAT_URI;
                commonName.AttributeValue = new string[] { "Philip J. Fry" };

                SamlAttribute userName = new SamlAttribute();
                userName.Name = "urn:oid:0.9.2342.19200300.100.1.1";
                userName.NameFormat = SamlAttribute.NAMEFORMAT_URI;
                userName.AttributeValue = new string[] { "fry" };

                SamlAttribute eMail = new SamlAttribute();
                eMail.FriendlyName = "Email";
                eMail.Name = "urn:oid:0.9.2342.19200300.100.1.3";
                eMail.NameFormat = SamlAttribute.NAMEFORMAT_URI;
                eMail.AttributeValue = new string[] { "*****@*****.**" };

                attributeStatement.Items = new object[] { surName, commonName, userName, eMail };
            }

            assertion.Items = new StatementAbstract[] { authnStatement, attributeStatement };

            return assertion;
        }
        private Assertion CreateAssertion(User user, string receiver)
        {
            Assertion assertion = new Assertion();

            { // Subject element
                assertion.Subject = new Subject();
                assertion.ID = "id" + Guid.NewGuid().ToString("N");
                assertion.IssueInstant = DateTime.Now.AddMinutes(10);

                assertion.Issuer = new NameID();
                assertion.Issuer.Value = IDPConfig.ServerBaseUrl;

                SubjectConfirmation subjectConfirmation = new SubjectConfirmation();
                subjectConfirmation.Method = SubjectConfirmation.BEARER_METHOD;
                subjectConfirmation.SubjectConfirmationData = new SubjectConfirmationData();
                subjectConfirmation.SubjectConfirmationData.NotOnOrAfter = DateTime.Now.AddHours(1);
                subjectConfirmation.SubjectConfirmationData.Recipient = receiver;

                NameID nameId = new NameID();
                nameId.Format = Saml20Constants.NameIdentifierFormats.Persistent;
                nameId.Value = user.ppid;

                assertion.Subject.Items = new object[] { nameId, subjectConfirmation };
            }

            { // Conditions element
                assertion.Conditions = new Conditions();
                assertion.Conditions.Items = new List<ConditionAbstract>();

                assertion.Conditions.NotOnOrAfter = DateTime.Now.AddHours(1);

                AudienceRestriction audienceRestriction = new AudienceRestriction();
                audienceRestriction.Audience = new List<string>();
                audienceRestriction.Audience.Add(receiver);
                assertion.Conditions.Items.Add(audienceRestriction);
            }

            List<StatementAbstract> statements = new List<StatementAbstract>(2);
            { // AuthnStatement element
                AuthnStatement authnStatement = new AuthnStatement();
                authnStatement.AuthnInstant = DateTime.Now;
                authnStatement.SessionIndex = Convert.ToString(new Random().Next());

                authnStatement.AuthnContext = new AuthnContext();

                authnStatement.AuthnContext.Items =
                    new object[] {"urn:oasis:names:tc:SAML:2.0:ac:classes:X509"};

                // Wow! Setting the AuthnContext is .... verbose.
                authnStatement.AuthnContext.ItemsElementName =
                    new ItemsChoiceType5[] { ItemsChoiceType5.AuthnContextClassRef };

                statements.Add(authnStatement);
            }

            { // Generate attribute list.
                AttributeStatement attributeStatement = new AttributeStatement();

                List<SamlAttribute> attributes = new List<SamlAttribute>(user.Attributes.Count);
                foreach (KeyValuePair<string, string> att in user.Attributes)
                {
                    SamlAttribute attribute = new SamlAttribute();
                    attribute.Name = att.Key;
                    attribute.AttributeValue = new string[] { att.Value };
                    attribute.NameFormat = SamlAttribute.NAMEFORMAT_BASIC;
                    attributes.Add(attribute);
                }
                attributeStatement.Items = attributes.ToArray();

                statements.Add(attributeStatement);
            }

            assertion.Items = statements.ToArray();

            return assertion;
        }