/// <summary>
/// Peticion de autenticacion SAML
/// </summary>
/// <param name="reqPath">ruta de retorno</param>
/// <returns>Peticion SAML XML codificado en b64 </returns>
public string GetSamLoginRequest(string reqPath)
{
try
{
SAMLRequest request = new SAMLRequest();
request.Destination = ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.SPEPS);
request.AssertionConsumerServiceURL = ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.SP_RETURN_URL) + "?reqPath=" + reqPath;
request.Alias = ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.CPEPS);
request.ProviderName = ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.PROVIDERNAME);
request.Issuer = ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.SAMLISSUER);
request.QAALevel = ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.QAALEVEL);
request.Id = "_" + Guid.NewGuid().ToString();
request.AddAttribute("eIdentifier", true);
request.AddAttribute("givenName", true);
request.AddAttribute("surname", true);
request.AddAttribute("inheritedFamilyName", false);
request.AddAttribute("eMail", false);
SAMLEngine samlEngine = SAMLEngine.Instance;
samlEngine.Init();
XmlDocument xml = samlEngine.GenerateRequest(request);
_logger.Trace("Peticion SAML2: {0} ;", xml.OuterXml);
string b64 = Convert.ToBase64String(Encoding.UTF8.GetBytes(xml.OuterXml));
return b64;
}
catch (Exception e)
{
_logger.Error(e);
throw;
}
}
public XmlDocument GenerateRequest(SAMLRequest request)
{
try
{
XmlDocument xmlRequest = GenerateRequestMetadata(request);
xmlRequest.PreserveWhitespace = true;
SignatureUtils.SignDocument(xmlRequest, request.Id, certificate,
xmlRequest.GetElementsByTagName("Issuer", SAMLConstants.NS_ASSERT).Item(0));
return(xmlRequest);
}
catch (Exception ex)
{
throw new SAMLException("EXCEPTION GenerateRequest", ex);
}
}
private XmlDocument GenerateRequestMetadata(SAMLRequest context)
{
DateTime now = DateTime.UtcNow;
AuthnRequestType request = new AuthnRequestType();
request.ID = context.Id;
request.Version = SAMLConstants.SAML_VERSION;
request.IssueInstant = now;
request.Destination = context.Destination;
request.Consent = SAMLConstants.CONSENT;
request.ForceAuthn = true;
request.IsPassive = false;
request.ProtocolBinding = SAMLConstants.PROTOCOL_BINDING;
request.AssertionConsumerServiceURL = context.AssertionConsumerServiceURL;
request.ProviderName = context.ProviderName;
request.Issuer = new NameIDType();
request.Issuer.Value = context.Issuer;
request.Issuer.Format = context.IssuerFormat;
XmlDocument doc = new XmlDocument();
doc.PreserveWhitespace = true;
XmlElement requestedAttrs = doc.CreateElement(ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTRS_PREFIX),
"RequestedAttributes", ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTRS));
foreach (AttributeElement attr in context.Attributes)
{
XmlElement requestedAttr = doc.CreateElement(ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTR_PREFIX),
"RequestedAttribute", ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTR));
requestedAttr.SetAttribute("Name", attr.AttrName);
requestedAttr.SetAttribute("NameFormat", SAMLConstants.ATTRIBUTE_NAME_FORMAT);
requestedAttr.SetAttribute("isRequired", attr.IsRequired.ToString().ToLower());
if (attr.AttrName.Equals(CommonConstants.FORCE_AUTH))
{
XmlElement attrValue = doc.CreateElement(ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTR_PREFIX),
"AttributeValue", ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTR));
attrValue.InnerText = attr.AttrValue.ToString().ToLower();
requestedAttr.AppendChild(attrValue);
}
requestedAttrs.AppendChild(requestedAttr);
}
// stork extensions
XmlElement qualityAuthnAssLevel = doc.CreateElement(ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_QAALEVEL_PREFIX),
"QualityAuthenticationAssuranceLevel", ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_QAALEVEL));
qualityAuthnAssLevel.InnerText = context.QAALevel;
XmlElement spSectorEl = doc.CreateElement(SAMLConstants.NS_STORK_ASSER_PREFIX,
"spSector", SAMLConstants.NS_STORK_ASSER);
spSectorEl.InnerText = ConfigurationSettingsHelper
.GetCriticalConfigIntSetting(CommonConstants.SAMLSECTOR).ToString();
XmlElement spInstitutionEl = doc.CreateElement(SAMLConstants.NS_STORK_ASSER_PREFIX,
"spInstitution", SAMLConstants.NS_STORK_ASSER);
spInstitutionEl.InnerText = ConfigurationSettingsHelper
.GetCriticalConfigSetting(CommonConstants.SAMLINSTITUTION);
XmlElement spApplicationEl = doc.CreateElement(SAMLConstants.NS_STORK_ASSER_PREFIX,
"spApplication", SAMLConstants.NS_STORK_ASSER);
spApplicationEl.InnerText = ConfigurationSettingsHelper
.GetCriticalConfigSetting(CommonConstants.SAMLAPPLICATION);
XmlElement spCountryEl = doc.CreateElement(SAMLConstants.NS_STORK_ASSER_PREFIX,
"spCountry", SAMLConstants.NS_STORK_ASSER);
spCountryEl.InnerText = ConfigurationSettingsHelper
.GetCriticalConfigSetting(CommonConstants.SAMLCOUNTRY);
XmlElement eIDSectorShareEl = doc.CreateElement(SAMLConstants.NS_STORK_PROT_PREFIX,
"eIDSectorShare", SAMLConstants.NS_STORK_PROT);
eIDSectorShareEl.InnerText = ConfigurationSettingsHelper
.GetCriticalConfigBoolSetting("SamlEIDSectorShare").ToString().ToLower();
XmlElement eIDCrossSectorShareEl = doc.CreateElement(SAMLConstants.NS_STORK_PROT_PREFIX,
"eIDCrossSectorShare", SAMLConstants.NS_STORK_PROT);
eIDCrossSectorShareEl.InnerText = ConfigurationSettingsHelper
.GetCriticalConfigBoolSetting("SamlEIDCrossSectorShare").ToString().ToLower();
XmlElement eIDCrossBorderShareEl = doc.CreateElement(SAMLConstants.NS_STORK_PROT_PREFIX,
"eIDCrossBorderShare", SAMLConstants.NS_STORK_PROT);
eIDCrossBorderShareEl.InnerText = ConfigurationSettingsHelper
.GetCriticalConfigBoolSetting("SamlEIDCrossBorderShare").ToString().ToLower();
request.Extensions = new ExtensionsType();
request.Extensions.Any = new XmlElement[] { qualityAuthnAssLevel, spSectorEl,
spInstitutionEl, spApplicationEl, spCountryEl, eIDSectorShareEl,
eIDCrossSectorShareEl, eIDCrossBorderShareEl, requestedAttrs };
MemoryStream stream = new MemoryStream();
Serialize(request, stream);
StreamReader reader = new StreamReader(stream);
stream.Seek(0, SeekOrigin.Begin);
string xml = reader.ReadToEnd();
XmlTextReader xmlReader = new XmlTextReader(new StringReader(xml));
return(Deserialize <XmlDocument>(xmlReader));
}
