Пример #1
0
        private SAMLEngine()
        {
            try
            {
                _xmlNamespaces.Add(SAMLConstants.NS_PROTOCOL_PREFIX, SAMLConstants.NS_PROTOCOL);
                _xmlNamespaces.Add(SAMLConstants.NS_ASSERT_PREFIX, SAMLConstants.NS_ASSERT);
                _xmlNamespaces.Add(ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_QAALEVEL_PREFIX),
                                   ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_QAALEVEL));
                _xmlNamespaces.Add(ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTRS_PREFIX),
                                   ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTRS));

                thisIssuer  = ConfigurationSettingsHelper.GetCriticalConfigSetting("SPIssuer");
                validateXsd = ConfigurationSettingsHelper.GetCriticalConfigBoolSetting("SamlValidateXsdXml");

                thisDestination = ConfigurationManager.AppSettings["SamlDestinationAlias"];
                if (string.IsNullOrEmpty(thisDestination))
                {
                    thisDestination = null;
                }
                else
                {
                    thisDestination = thisIssuer + thisDestination;
                }
                validTimeframe = ConfigurationSettingsHelper.GetCriticalConfigIntSetting("SamlValidTimeframe");
                int?skewClockTmp = ConfigurationSettingsHelper.GetConfigIntSetting("SamlSkewClock");
                skewClock = skewClockTmp == null ? SKEW_CLOCK : (int)skewClockTmp;

                int capacity = ConfigurationSettingsHelper.GetConfigIntSetting("SamlNumberStoredIds") ?? MAX_STORED_IDS;
                receivedIds = new List <string>(capacity);

                string tumbprint = ConfigurationSettingsHelper.GetCriticalConfigSetting("SamlCertificate");
                certificate = CertificateUtils.GetCertificateFromPersonalStore(tumbprint);
                if (certificate == null || !certificate.HasPrivateKey)
                {
                    _logger.Trace("Certificate '" + tumbprint + "' not found at " +
                                  "LocalMachine/My keystore or access to private key was denied. Certificate: " + certificate);
                    throw new SAMLException("Certificate '" + tumbprint + "' not found at " +
                                            "LocalMachine/My keystore or access to private key was denied. Certificate: " + certificate);
                }

                citizenAttributes = CitizenAttributes.Instance;
            }
            catch (Exception)
            {
                throw;
            }
        }
Пример #2
0
        private XmlDocument GenerateLogoutRequestMetadata(SAMLLogoutRequest context)
        {
            DateTime          now     = DateTime.UtcNow;
            LogoutRequestType request = new LogoutRequestType();

            request.ID           = context.Id;
            request.Version      = SAMLConstants.SAML_VERSION;
            request.IssueInstant = now;
            request.Destination  = context.Destination;
            request.Consent      = SAMLConstants.CONSENT;
            request.Issuer       = new NameIDType();
            request.Issuer.Value = context.Issuer;
            request.NameID       = new NameIDType();
            request.NameID.Value = ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.SP_ID);

            XmlDocument doc = new XmlDocument();

            doc.PreserveWhitespace = true;

            // stork extensions
            XmlElement qualityAuthnAssLevel = doc.CreateElement(ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_QAALEVEL_PREFIX),
                                                                "QualityAuthenticationAssuranceLevel", ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_QAALEVEL));

            qualityAuthnAssLevel.InnerText = context.QAALevel;
            XmlElement spSectorEl = doc.CreateElement(SAMLConstants.NS_STORK_ASSER_PREFIX,
                                                      "spSector", SAMLConstants.NS_STORK_ASSER);

            spSectorEl.InnerText = ConfigurationSettingsHelper
                                   .GetCriticalConfigIntSetting(CommonConstants.SAMLSECTOR).ToString();
            XmlElement spInstitutionEl = doc.CreateElement(SAMLConstants.NS_STORK_ASSER_PREFIX,
                                                           "spInstitution", SAMLConstants.NS_STORK_ASSER);

            spInstitutionEl.InnerText = ConfigurationSettingsHelper
                                        .GetCriticalConfigSetting(CommonConstants.SAMLINSTITUTION);
            XmlElement spApplicationEl = doc.CreateElement(SAMLConstants.NS_STORK_ASSER_PREFIX,
                                                           "spApplication", SAMLConstants.NS_STORK_ASSER);

            spApplicationEl.InnerText = ConfigurationSettingsHelper
                                        .GetCriticalConfigSetting(CommonConstants.SAMLAPPLICATION);
            XmlElement spCountryEl = doc.CreateElement(SAMLConstants.NS_STORK_ASSER_PREFIX,
                                                       "spCountry", SAMLConstants.NS_STORK_ASSER);

            spCountryEl.InnerText = ConfigurationSettingsHelper
                                    .GetCriticalConfigSetting(CommonConstants.SAMLCOUNTRY);
            XmlElement eIDSectorShareEl = doc.CreateElement(SAMLConstants.NS_STORK_PROT_PREFIX,
                                                            "eIDSectorShare", SAMLConstants.NS_STORK_PROT);

            eIDSectorShareEl.InnerText = ConfigurationSettingsHelper
                                         .GetCriticalConfigBoolSetting("SamlEIDSectorShare").ToString().ToLower();
            XmlElement eIDCrossSectorShareEl = doc.CreateElement(SAMLConstants.NS_STORK_PROT_PREFIX,
                                                                 "eIDCrossSectorShare", SAMLConstants.NS_STORK_PROT);

            eIDCrossSectorShareEl.InnerText = ConfigurationSettingsHelper
                                              .GetCriticalConfigBoolSetting("SamlEIDCrossSectorShare").ToString().ToLower();
            XmlElement eIDCrossBorderShareEl = doc.CreateElement(SAMLConstants.NS_STORK_PROT_PREFIX,
                                                                 "eIDCrossBorderShare", SAMLConstants.NS_STORK_PROT);

            eIDCrossBorderShareEl.InnerText = ConfigurationSettingsHelper
                                              .GetCriticalConfigBoolSetting("SamlEIDCrossBorderShare").ToString().ToLower();

            request.Extensions     = new ExtensionsType();
            request.Extensions.Any = new XmlElement[] { qualityAuthnAssLevel, spSectorEl,
                                                        spInstitutionEl, spApplicationEl, spCountryEl, eIDSectorShareEl,
                                                        eIDCrossSectorShareEl, eIDCrossBorderShareEl };

            MemoryStream stream = new MemoryStream();

            Serialize(request, stream);

            StreamReader reader = new StreamReader(stream);

            stream.Seek(0, SeekOrigin.Begin);
            string        xml       = reader.ReadToEnd();
            XmlTextReader xmlReader = new XmlTextReader(new StringReader(xml));

            return(Deserialize <XmlDocument>(xmlReader));
        }
Пример #3
0
        private XmlDocument GenerateRequestMetadata(SAMLRequest context)
        {
            DateTime         now     = DateTime.UtcNow;
            AuthnRequestType request = new AuthnRequestType();

            request.ID                          = context.Id;
            request.Version                     = SAMLConstants.SAML_VERSION;
            request.IssueInstant                = now;
            request.Destination                 = context.Destination;
            request.Consent                     = SAMLConstants.CONSENT;
            request.ForceAuthn                  = true;
            request.IsPassive                   = false;
            request.ProtocolBinding             = SAMLConstants.PROTOCOL_BINDING;
            request.AssertionConsumerServiceURL = context.AssertionConsumerServiceURL;
            request.ProviderName                = context.ProviderName;
            request.Issuer                      = new NameIDType();
            request.Issuer.Value                = context.Issuer;
            request.Issuer.Format               = context.IssuerFormat;

            XmlDocument doc = new XmlDocument();

            doc.PreserveWhitespace = true;
            XmlElement requestedAttrs = doc.CreateElement(ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTRS_PREFIX),
                                                          "RequestedAttributes", ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTRS));

            foreach (AttributeElement attr in context.Attributes)
            {
                XmlElement requestedAttr = doc.CreateElement(ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTR_PREFIX),
                                                             "RequestedAttribute", ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTR));
                requestedAttr.SetAttribute("Name", attr.AttrName);
                requestedAttr.SetAttribute("NameFormat", SAMLConstants.ATTRIBUTE_NAME_FORMAT);
                requestedAttr.SetAttribute("isRequired", attr.IsRequired.ToString().ToLower());
                if (attr.AttrName.Equals(CommonConstants.FORCE_AUTH))
                {
                    XmlElement attrValue = doc.CreateElement(ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTR_PREFIX),
                                                             "AttributeValue", ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTR));
                    attrValue.InnerText = attr.AttrValue.ToString().ToLower();
                    requestedAttr.AppendChild(attrValue);
                }
                requestedAttrs.AppendChild(requestedAttr);
            }

            // stork extensions
            XmlElement qualityAuthnAssLevel = doc.CreateElement(ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_QAALEVEL_PREFIX),
                                                                "QualityAuthenticationAssuranceLevel", ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_QAALEVEL));

            qualityAuthnAssLevel.InnerText = context.QAALevel;
            XmlElement spSectorEl = doc.CreateElement(SAMLConstants.NS_STORK_ASSER_PREFIX,
                                                      "spSector", SAMLConstants.NS_STORK_ASSER);

            spSectorEl.InnerText = ConfigurationSettingsHelper
                                   .GetCriticalConfigIntSetting(CommonConstants.SAMLSECTOR).ToString();
            XmlElement spInstitutionEl = doc.CreateElement(SAMLConstants.NS_STORK_ASSER_PREFIX,
                                                           "spInstitution", SAMLConstants.NS_STORK_ASSER);

            spInstitutionEl.InnerText = ConfigurationSettingsHelper
                                        .GetCriticalConfigSetting(CommonConstants.SAMLINSTITUTION);
            XmlElement spApplicationEl = doc.CreateElement(SAMLConstants.NS_STORK_ASSER_PREFIX,
                                                           "spApplication", SAMLConstants.NS_STORK_ASSER);

            spApplicationEl.InnerText = ConfigurationSettingsHelper
                                        .GetCriticalConfigSetting(CommonConstants.SAMLAPPLICATION);
            XmlElement spCountryEl = doc.CreateElement(SAMLConstants.NS_STORK_ASSER_PREFIX,
                                                       "spCountry", SAMLConstants.NS_STORK_ASSER);

            spCountryEl.InnerText = ConfigurationSettingsHelper
                                    .GetCriticalConfigSetting(CommonConstants.SAMLCOUNTRY);
            XmlElement eIDSectorShareEl = doc.CreateElement(SAMLConstants.NS_STORK_PROT_PREFIX,
                                                            "eIDSectorShare", SAMLConstants.NS_STORK_PROT);

            eIDSectorShareEl.InnerText = ConfigurationSettingsHelper
                                         .GetCriticalConfigBoolSetting("SamlEIDSectorShare").ToString().ToLower();
            XmlElement eIDCrossSectorShareEl = doc.CreateElement(SAMLConstants.NS_STORK_PROT_PREFIX,
                                                                 "eIDCrossSectorShare", SAMLConstants.NS_STORK_PROT);

            eIDCrossSectorShareEl.InnerText = ConfigurationSettingsHelper
                                              .GetCriticalConfigBoolSetting("SamlEIDCrossSectorShare").ToString().ToLower();
            XmlElement eIDCrossBorderShareEl = doc.CreateElement(SAMLConstants.NS_STORK_PROT_PREFIX,
                                                                 "eIDCrossBorderShare", SAMLConstants.NS_STORK_PROT);

            eIDCrossBorderShareEl.InnerText = ConfigurationSettingsHelper
                                              .GetCriticalConfigBoolSetting("SamlEIDCrossBorderShare").ToString().ToLower();

            request.Extensions     = new ExtensionsType();
            request.Extensions.Any = new XmlElement[] { qualityAuthnAssLevel, spSectorEl,
                                                        spInstitutionEl, spApplicationEl, spCountryEl, eIDSectorShareEl,
                                                        eIDCrossSectorShareEl, eIDCrossBorderShareEl, requestedAttrs };

            MemoryStream stream = new MemoryStream();

            Serialize(request, stream);

            StreamReader reader = new StreamReader(stream);

            stream.Seek(0, SeekOrigin.Begin);
            string        xml       = reader.ReadToEnd();
            XmlTextReader xmlReader = new XmlTextReader(new StringReader(xml));

            return(Deserialize <XmlDocument>(xmlReader));
        }