/// <summary> /// Assertion is addressed to one or more specific audiences. /// </summary> /// <param name="audiences">URI reference that identifies an intended audience.</param> /// <returns></returns> public ConditionsBuilder AddAudienceRestriction(params string[] audiences) { var audienceRestriction = new AudienceRestrictionType { Audience = audiences }; _conditions.Items = _conditions.Items.Add(audienceRestriction); return(this); }
private void CreateSAMLResponse() { FormsIdentity id = null; if (HttpContext.Current.User != null) { if (HttpContext.Current.User.Identity.IsAuthenticated) { if (HttpContext.Current.User.Identity is FormsIdentity) { id = (FormsIdentity)HttpContext.Current.User.Identity; } } } DateTime notBefore = (id != null ? id.Ticket.IssueDate.ToUniversalTime() : DateTime.UtcNow); DateTime notOnOrAfter = (id != null ? id.Ticket.Expiration.ToUniversalTime() : DateTime.UtcNow.AddMinutes(30)); IDProvider config = IDProvider.GetConfig(); SAMLResponse.Status = new StatusType(); SAMLResponse.Status.StatusCode = new StatusCodeType(); SAMLResponse.Status.StatusCode.Value = SAMLUtility.StatusCodes.Success; AssertionType assert = new AssertionType(); assert.ID = SAMLUtility.GenerateID(); assert.IssueInstant = DateTime.UtcNow.AddMinutes(10); assert.Issuer = new NameIDType(); assert.Issuer.Value = config.id; SubjectConfirmationType subjectConfirmation = new SubjectConfirmationType(); subjectConfirmation.Method = "urn:oasis:names:tc:SAML:2.0:cm:bearer"; subjectConfirmation.SubjectConfirmationData = new SubjectConfirmationDataType(); subjectConfirmation.SubjectConfirmationData.Recipient = SAMLRequest.Issuer; subjectConfirmation.SubjectConfirmationData.InResponseTo = SAMLRequest.Request.ID; subjectConfirmation.SubjectConfirmationData.NotOnOrAfter = notOnOrAfter; NameIDType nameID = new NameIDType(); nameID.Format = SAMLUtility.NameIdentifierFormats.Transient; nameID.Value = (id != null ? id.Name : UtilBO.FormatNameFormsAuthentication(this.__SessionWEB.__UsuarioWEB.Usuario)); assert.Subject = new SubjectType(); assert.Subject.Items = new object[] { subjectConfirmation, nameID }; assert.Conditions = new ConditionsType(); assert.Conditions.NotBefore = notBefore; assert.Conditions.NotOnOrAfter = notOnOrAfter; assert.Conditions.NotBeforeSpecified = true; assert.Conditions.NotOnOrAfterSpecified = true; AudienceRestrictionType audienceRestriction = new AudienceRestrictionType(); audienceRestriction.Audience = new string[] { SAMLRequest.Issuer }; assert.Conditions.Items = new ConditionAbstractType[] { audienceRestriction }; AuthnStatementType authnStatement = new AuthnStatementType(); authnStatement.AuthnInstant = DateTime.UtcNow; authnStatement.SessionIndex = SAMLUtility.GenerateID(); authnStatement.AuthnContext = new AuthnContextType(); authnStatement.AuthnContext.Items = new object[] { "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" }; authnStatement.AuthnContext.ItemsElementName = new ItemsChoiceType5[] { ItemsChoiceType5.AuthnContextClassRef }; StatementAbstractType[] statementAbstract = new StatementAbstractType[] { authnStatement }; assert.Items = statementAbstract; SAMLResponse.Items = new object[] { assert }; string xmlResponse = SAMLUtility.SerializeToXmlString(SAMLResponse); XmlDocument doc = new XmlDocument(); doc.LoadXml(xmlResponse); XmlSignatureUtils.SignDocument(doc, assert.ID); SAMLResponse = SAMLUtility.DeserializeFromXmlString <ResponseType>(doc.InnerXml); HttpPostBinding binding = new HttpPostBinding(SAMLResponse, HttpUtility.UrlDecode(Request[HttpBindingConstants.RelayState])); binding.SendResponse(this.Context, HttpUtility.UrlDecode(SAMLRequest.AssertionConsumerServiceURL), SAMLTypeSSO.signon); }
/// <summary> /// Creates a Version 1.1 Saml Assertion /// </summary> /// <param name="issuer">Issuer</param> /// <param name="subject">Subject</param> /// <param name="attributes">Attributes</param> /// <returns>returns a Version 1.1 Saml Assertion</returns> private static AssertionType CreateSamlAssertion(string issuer, string recipient, string domain, string subject, Dictionary <string, string> attributes) { // Here we create some SAML assertion with ID and Issuer name. AssertionType assertion = new AssertionType(); assertion.ID = "_" + Guid.NewGuid().ToString(); NameIDType issuerForAssertion = new NameIDType(); issuerForAssertion.Value = issuer.Trim(); assertion.Issuer = issuerForAssertion; assertion.Version = "2.0"; assertion.IssueInstant = System.DateTime.UtcNow; //Not before, not after conditions ConditionsType conditions = new ConditionsType(); conditions.NotBefore = DateTime.UtcNow; conditions.NotBeforeSpecified = true; conditions.NotOnOrAfter = DateTime.UtcNow.AddMinutes(5); conditions.NotOnOrAfterSpecified = true; AudienceRestrictionType audienceRestriction = new AudienceRestrictionType(); audienceRestriction.Audience = new string[] { domain.Trim() }; conditions.Items = new ConditionAbstractType[] { audienceRestriction }; //Name Identifier to be used in Saml Subject NameIDType nameIdentifier = new NameIDType(); nameIdentifier.NameQualifier = domain.Trim(); nameIdentifier.Value = subject.Trim(); SubjectConfirmationType subjectConfirmation = new SubjectConfirmationType(); SubjectConfirmationDataType subjectConfirmationData = new SubjectConfirmationDataType(); subjectConfirmation.Method = "urn:oasis:names:tc:SAML:2.0:cm:bearer"; subjectConfirmation.SubjectConfirmationData = subjectConfirmationData; // // Create some SAML subject. SubjectType samlSubject = new SubjectType(); AttributeStatementType attrStatement = new AttributeStatementType(); AuthnStatementType authStatement = new AuthnStatementType(); authStatement.AuthnInstant = DateTime.UtcNow; AuthnContextType context = new AuthnContextType(); context.ItemsElementName = new ItemsChoiceType5[] { ItemsChoiceType5.AuthnContextClassRef }; context.Items = new object[] { "AuthnContextClassRef" }; authStatement.AuthnContext = context; samlSubject.Items = new object[] { nameIdentifier, subjectConfirmation }; assertion.Subject = samlSubject; IPHostEntry ipEntry = Dns.GetHostEntry(System.Environment.MachineName); SubjectLocalityType subjectLocality = new SubjectLocalityType(); subjectLocality.Address = ipEntry.AddressList[0].ToString(); attrStatement.Items = new AttributeType[attributes.Count]; int i = 0; // Create userName SAML attributes. foreach (KeyValuePair <string, string> attribute in attributes) { AttributeType attr = new AttributeType(); attr.Name = attribute.Key; attr.NameFormat = "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"; attr.AttributeValue = new object[] { attribute.Value }; attrStatement.Items[i] = attr; i++; } assertion.Conditions = conditions; assertion.Items = new StatementAbstractType[] { authStatement, attrStatement }; return(assertion); }
/// <summary> /// /// </summary> /// <param name="context"></param> /// <returns></returns> private XmlDocument GenerateResponseMetadata(SAMLContext context, string id) { DateTime now = DateTime.UtcNow; MemoryStream stream = new MemoryStream(); StreamReader reader; XmlTextReader xmlReader; ResponseType response = new ResponseType(); response.ID = id; response.InResponseTo = context.RequestID; response.Version = SAMLConstants.SAML_VERSION; response.IssueInstant = now; response.Destination = context.AssertionConsumer; response.Consent = SAMLConstants.CONSENT; response.Issuer = new NameIDType(); response.Issuer.Value = thisIssuer; response.Issuer.Format = SAMLConstants.ThisIssuerFormat; response.Status = new StatusType(); response.Status.StatusCode = new StatusCodeType(); response.Status.StatusCode.Value = SAMLConstants.StatusCode.statusCode[context.StatusCode]; if (context.StatusCode != SAMLConstants.StatusCode.SUCCESS) { response.Status.StatusCode.StatusCode = new StatusCodeType(); response.Status.StatusCode.StatusCode.Value = SAMLConstants.StatusCode.statusCode[context.SubStatusCode]; response.Status.StatusMessage = context.StatusMessage; } AssertionType assertion = new AssertionType(); assertion.ID = "_" + Guid.NewGuid().ToString(); assertion.Version = SAMLConstants.SAML_VERSION; assertion.IssueInstant = now; assertion.Issuer = new NameIDType(); assertion.Issuer.Value = thisIssuer; assertion.Issuer.Format = SAMLConstants.ThisIssuerFormat; assertion.Subject = new SubjectType(); NameIDType nameId = new NameIDType(); nameId.Format = "urn:oasis:names:tc:SAML:1.1:nameid- format:unspecified"; //nameId.NameQualifier = "http://C-PEPS.gov.xx"; nameId.Value = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"; SubjectConfirmationType subjectConfirmation = new SubjectConfirmationType(); subjectConfirmation.Method = "urn:oasis:names:tc:SAML:2.0:cm:bearer"; subjectConfirmation.SubjectConfirmationData = new SubjectConfirmationDataType(); subjectConfirmation.SubjectConfirmationData.Address = context.SubjectAddress; subjectConfirmation.SubjectConfirmationData.InResponseTo = context.RequestID; //subjectConfirmation.SubjectConfirmationData.NotBeforeString = "2010-02-03T17:06:18.099Z"; subjectConfirmation.SubjectConfirmationData.NotOnOrAfterString = String.Format("{0:yyyy-MM-ddTHH:mm:ssZ}", now.AddMinutes(validTimeframe)); subjectConfirmation.SubjectConfirmationData.Recipient = context.Issuer; assertion.Subject.Items = new object[] { nameId, subjectConfirmation }; assertion.Conditions = new ConditionsType(); assertion.Conditions.NotBeforeString = String.Format("{0:yyyy-MM-ddTHH:mm:ssZ}", now); assertion.Conditions.NotOnOrAfterString = String.Format("{0:yyyy-MM-ddTHH:mm:ssZ}", now.AddMinutes(validTimeframe)); AudienceRestrictionType audience = new AudienceRestrictionType(); audience.Audience = new string[] { context.Issuer }; // FIXME assertion.Conditions.Items = new ConditionAbstractType[] { audience, new OneTimeUseType() }; AuthnStatementType authnStatement = new AuthnStatementType(); authnStatement.AuthnInstant = now; authnStatement.AuthnContext = new AuthnContextType(); List <AttributeElement> attributes = context.GetAttributes(); object[] attributesDescription = new AttributeType[attributes.Count]; AttributeType attr; XmlAttribute statusAttr; int i = 0; foreach (AttributeElement element in attributes) { attr = new AttributeType(); attr.Name = element.AttrName; attr.NameFormat = element.NameFormat; if (context.StatusCode == SAMLConstants.StatusCode.SUCCESS) { if (element.AttrStatus == SAMLConstants.AttributeStatus.AVAILABLE && element.AttrValue != null) { attr.AttributeValue = new object[] { element.AttrValue } } ; if (element.AttrStatus >= 0) { statusAttr = new XmlDocument(). CreateAttribute(SAMLConstants.ATTRIBUTE_STATUS_STR, SAMLConstants.NS_STORK_ASSER); statusAttr.Value = element.Status; attr.AnyAttr = new XmlAttribute[] { statusAttr }; } } attributesDescription[i++] = attr; } AttributeStatementType attributeStatement = new AttributeStatementType(); attributeStatement.Items = attributesDescription; assertion.Items = new StatementAbstractType[] { authnStatement, attributeStatement }; response.Items = new object[] { assertion }; stream = new MemoryStream(); Serialize(response, stream); reader = new StreamReader(stream); stream.Seek(0, SeekOrigin.Begin); xmlReader = new XmlTextReader(new StringReader(reader.ReadToEnd())); return(Deserialize <XmlDocument>(xmlReader)); }