/// <summary>
/// Builds an authentication request.
/// </summary>
/// <returns>The authentication request.</returns>
private AuthnRequest BuildAuthenticationRequest()
{
// Create some URLs to identify the service provider to the identity provider.
// As we're using the same endpoint for the different bindings, add a query string parameter
// to identify the binding.
string issuerUrl = Util.GetAbsoluteUrl(this, "~/");
string assertionConsumerServiceUrl = string.Format("{0}?{1}={2}", Util.GetAbsoluteUrl(this, "~/AssertionService.aspx"), Util.BindingVarName, HttpUtility.UrlEncode(idpToSPBindingList.SelectedValue));
// Create the authentication request.
AuthnRequest authnRequest = new AuthnRequest();
authnRequest.Destination = WebConfigurationManager.AppSettings["SingleSignonIdProviderUrl"];
authnRequest.Issuer = new Issuer(issuerUrl);
authnRequest.ForceAuthn = false;
authnRequest.NameIdPolicy = new NameIdPolicy(null, null, true);
authnRequest.ProtocolBinding = idpToSPBindingList.SelectedValue;
authnRequest.AssertionConsumerServiceUrl = assertionConsumerServiceUrl;
// Don't sign if using HTTP redirect as the generated query string is too long for most browsers.
if (spToIdPBindingList.SelectedValue != SamlBindingUri.HttpRedirect)
{
// Sign the authentication request.
X509Certificate2 x509Certificate = (X509Certificate2)Application[Global.SPCertKey];
authnRequest.Sign(x509Certificate);
}
return(authnRequest);
}
/// <summary>
/// Gets the authentication request.
/// </summary>
/// <param name="page">The page object.</param>
/// <returns>The authentication request object.</returns>
public static AuthnRequest GetAuthnRequest(Page page)
{
// Create the authentication request.
AuthnRequest authnRequest = new AuthnRequest();
authnRequest.Destination = Global.SingleSignOnServiceURL;
authnRequest.Issuer = new Issuer(GetAbsoluteUrl(page, "~/"));
authnRequest.ForceAuthn = false;
authnRequest.NameIdPolicy = new NameIdPolicy(null, null, true);
if (Global.SingleSignOnServiceBinding != SamlBinding.HttpRedirect)
{
// Sign the authentication request if the SSO service binding is not HTTP Redirect.
// Get the certificate.
X509Certificate2 x509Certificate = (X509Certificate2)page.Application[Global.SpCertKey];
// Sign the SAML request.
authnRequest.Sign(x509Certificate);
}
return authnRequest;
}
/// <summary>
/// Gets the authentication request.
/// </summary>
/// <param name="page">The page object.</param>
/// <returns>The authentication request object.</returns>
public static AuthnRequest GetAuthnRequest(Page page)
{
// Create the authentication request.
AuthnRequest authnRequest = new AuthnRequest();
authnRequest.Destination = Global.SingleSignOnServiceURL;
authnRequest.Issuer = new Issuer(GetAbsoluteUrl(page, "~/"));
authnRequest.ForceAuthn = false;
authnRequest.NameIdPolicy = new NameIdPolicy(null, null, true);
if (Global.SingleSignOnServiceBinding != SamlBinding.HttpRedirect)
{
// Sign the authentication request if the SSO service binding is not HTTP Redirect.
// Get the certificate.
X509Certificate2 x509Certificate = (X509Certificate2)page.Application[Global.SpCertKey];
// Sign the SAML request.
authnRequest.Sign(x509Certificate);
}
return(authnRequest);
}
/// <summary>
/// Gets the authentication request.
/// </summary>
/// <param name="page">The page object.</param>
/// <returns>The authentication request object.</returns>
public static AuthnRequest GetAuthnRequest(Page page)
{
// Create the authentication request.
AuthnRequest authnRequest = new AuthnRequest();
authnRequest.Destination = Global.SingleSignOnServiceURL;
authnRequest.Issuer = new Issuer(GetAbsoluteUrl(page, "~/"));
authnRequest.RequestedAuthnContext = new RequestedAuthnContext();
authnRequest.RequestedAuthnContext.Comparison = SamlAuthenticationContextComparison.Exact;
authnRequest.RequestedAuthnContext.AuthenticationContexts.Add(new AuthnContextClassRef(SamlAuthenticationContext.PasswordProtectedTransport));
authnRequest.ForceAuthn = false;
authnRequest.NameIdPolicy = new NameIdPolicy(null, null, true);
if (Global.SingleSignOnServiceBinding != SamlBinding.HttpRedirect)
{
// Sign the authentication request if the SSO service binding is not HTTP Redirect.
// Get the certificate.
X509Certificate2 x509Certificate = (X509Certificate2)page.Application[Global.SpCertKey];
// Sign the SAML request.
authnRequest.Sign(x509Certificate);
}
return authnRequest;
}
